Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Edvan

[Resolvido] &nbsplog para analise

Recommended Posts

Minha prima esta com o netebook dela muito lento, o avast pegou alguns virus no scan em modo de segurança, Malwarebytes pegou outros 2 no scan rapido, so queria saber se ainda tem virus para remover.

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 09:02:27, on 24/11/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16455)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\snuvcdsm.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Lingoes\Translator2\Lingoes.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 177.21.160.235:3128

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe

O4 - HKLM\..\Run: [sNUVCDSM] C:\Windows\snuvcdsm.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Lingoes] C:\Program Files\Lingoes\Translator2\Lingoes.exe -minimize

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

 

--

End of file - 7583 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Edvan

 

|- Baixe: < adwcleaner_logo.jpg > ( ... par Xplode )

 

|- Ao acessar,clique na imagem: < AdwCleaner_Tlcharger.jpg >

 

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como Executar_Administrador.jpg

|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".

 

AdwCleaner_Delete.jpg

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt

 

-/-

 

|- Baixe: | ZHPDiag2 | *ºº* < NicolasCoolman.jpg > *ºº* ( ... de Nicolas Coolman )

 

|- Salve-o no desktop!

 

ZHPDiag2.jpg

 

|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

 

ZHPDiag_Installation.jpg

 

|- Confirme todos os passos,ao instalar ZHPDiag.

|- Conclua a instalação,clicando em "Termine".

 

ZHPDiag_MBRCheck.jpg

 

|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:

 

|- <1> MBRCheck

|- <2> ZHPDiag2

|- <3> ZHPFix

 

ZHPDiag_cones.jpg

 

|- Clique no ícone do pergaminho. ( ZHPScript )

 

ZHPDiag_Update.jpg

 

|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )

|- Habilite todas as opções de diagnóstico,clicando em "Options".

 

ZHPDiag_All.jpg

 

|- Clique em All.

|- Desmarque,à seguir,as caixinhas de n° O45,O61,O62,O65,O82.

 

|- ZHPDiag_30days.jpg

 

|- Clique em "Calendar" e escolha 30 dias!

 

ZHPDiag_UAC.jpg

 

|- Clique no botão UAC,para desabilitar essa proteção.

 

ZHPDiag_Lupa.jpg

 

|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )

|- Ao concluir,clique em "Save Report".

|- Salve-o em um local conveniente! ( ZHPDiag.txt )

|- Ps: Não poste,diretamente,esse arquivo texto.

 

|- Envie-o à Pjjoint.malekal,clicando na seta azul! < ZHPDiag_Pjjoint-1.jpg >

 

|- Ou acesse: Cjoint_Logo.jpg

 

|- Ou acesse: abmdaZsE.jpg

 

|- Maiores informações: < |Link| >

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

link http://cjoint.com/12nv/BKAdgCfhvea.htm

 

# AdwCleaner v2.009 - Logfile created 11/25/2012 at 22:29:17

# Updated 24/11/2012 by Xplode

# Operating system : Windows 7 Ultimate (32 bits)

# User : Paulinho - PAULINHO-PC

# Boot Mode : Normal

# Running from : C:\Users\Paulinho\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

 

***** [Registry] *****

 

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16421

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v15.0.1 (pt-BR)

 

Profile name : default

File : C:\Users\Paulinho\AppData\Roaming\Mozilla\Firefox\Profiles\2ukk6rf8.default\prefs.js

 

[OK] File is clean.

 

-\\ Google Chrome v23.0.1271.64

 

File : C:\Users\Paulinho\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[s1].txt - [832 octets] - [25/11/2012 22:29:17]

 

########## EOF - C:\AdwCleaner[s1].txt - [891 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Edvan

 

|- Feche programas/pastas que estejam abertos.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

 

ZHPFix_Logo.jpg

 

|- Dê um duplo clique em ZHPFix.

|- Selecione e copie estas informações,que estão no Code,para o "Bloco de Notas".

 

O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Orphean Key
O3 - Toolbar: (no name) - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (...) --  (.not file.)     
O4 - HKCU\..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe (.not file.) 
O4 - HKUS\S-1-5-21-1691553684-88960645-3161956319-1000\..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe (.not file.)     
O43 - CFD: 07/03/2010 - 00:08:19 - [0] ----D C:\Users\Paulinho\AppData\Local\Dados de aplicativos
O43 - CFD: 07/03/2010 - 00:08:19 - [0] ----D C:\Users\Paulinho\AppData\Local\Histórico
O43 - CFD: 30/06/2012 - 00:12:17 - [0] ----D C:\Users\Paulinho\AppData\Local\{01729AD4-33C5-4828-9BF5-0DC2376F3FF8}
O43 - CFD: 19/10/2012 - 06:26:39 - [0] ----D C:\Users\Paulinho\AppData\Local\{029662B9-59E6-4B4A-9963-C488F23AA419}
O43 - CFD: 07/08/2012 - 10:33:38 - [0] ----D C:\Users\Paulinho\AppData\Local\{04771549-D24B-467E-A822-7C2195D7C13D}
O43 - CFD: 30/08/2012 - 09:24:28 - [0] ----D C:\Users\Paulinho\AppData\Local\{077B4429-08C2-4BD7-895D-CD7785BE741D}
O43 - CFD: 31/10/2012 - 19:15:29 - [0] ----D C:\Users\Paulinho\AppData\Local\{08EEAA66-E813-4D9D-A3A4-FED75E848900}
O43 - CFD: 24/06/2012 - 21:19:36 - [0] ----D C:\Users\Paulinho\AppData\Local\{097FB1E5-B1DC-4485-A988-14D4C61DFEE4}
O43 - CFD: 29/09/2012 - 11:47:55 - [0] ----D C:\Users\Paulinho\AppData\Local\{09DA1E72-865C-46D7-9B2A-A5B52ED51917}
O43 - CFD: 08/08/2012 - 18:59:39 - [0] ----D C:\Users\Paulinho\AppData\Local\{0ACB8580-5B27-4395-A63D-8391DD7A706B}
O43 - CFD: 25/10/2012 - 21:07:40 - [0] ----D C:\Users\Paulinho\AppData\Local\{0B389BB4-30BA-4A51-BA4F-4227E1C11B6F}
O43 - CFD: 20/06/2012 - 09:01:39 - [0] ----D C:\Users\Paulinho\AppData\Local\{0B6B78AE-9E1E-4DE3-BFB6-0867C2E9258D}
O43 - CFD: 20/06/2012 - 23:31:38 - [0] ----D C:\Users\Paulinho\AppData\Local\{0BE4E9FF-2CA2-49A7-B665-2EF9C8C88812}
O43 - CFD: 06/08/2012 - 12:32:02 - [0] ----D C:\Users\Paulinho\AppData\Local\{0C592C0E-841D-492B-81E5-C69DAC881CD2}
O43 - CFD: 20/10/2012 - 09:59:31 - [0] ----D C:\Users\Paulinho\AppData\Local\{0C98B5B0-061F-4EEE-A791-5D6E2FB6E3F0}
O43 - CFD: 22/06/2012 - 23:16:46 - [0] ----D C:\Users\Paulinho\AppData\Local\{0DF0995C-0F54-488F-B000-CA90DA03FACC}
O43 - CFD: 09/07/2012 - 17:29:46 - [0] ----D C:\Users\Paulinho\AppData\Local\{0E7FC270-B324-4443-87BF-F62AB877DC1E}
O43 - CFD: 09/08/2012 - 12:19:03 - [0] ----D C:\Users\Paulinho\AppData\Local\{0F55CBCD-7149-40F5-82C0-BA1AAAFF2C17}
O43 - CFD: 06/07/2012 - 17:48:23 - [0] ----D C:\Users\Paulinho\AppData\Local\{10ABE1E5-75C9-4231-ADAA-445C0D9BA978}
O43 - CFD: 05/07/2012 - 15:04:25 - [0] ----D C:\Users\Paulinho\AppData\Local\{16234F63-ED86-4E3A-9595-C722BD9FECF1}
O43 - CFD: 28/07/2012 - 11:10:36 - [0] ----D C:\Users\Paulinho\AppData\Local\{192D3490-49F3-4F83-AC31-E5B645E6D1D6}
O43 - CFD: 02/08/2012 - 15:30:52 - [0] ----D C:\Users\Paulinho\AppData\Local\{1D839E0A-137D-4437-9781-5B6809D9ED75}
O43 - CFD: 20/07/2012 - 13:04:04 - [0] ----D C:\Users\Paulinho\AppData\Local\{2001F032-A9BD-4542-A89A-BE8F04A22F62}
O43 - CFD: 30/07/2012 - 12:30:00 - [0] ----D C:\Users\Paulinho\AppData\Local\{220460AB-A378-42EF-A0B8-647848906B98}
O43 - CFD: 05/10/2012 - 18:49:56 - [0] ----D C:\Users\Paulinho\AppData\Local\{23D462A7-61A6-4D87-9491-0EEADD70163F}
O43 - CFD: 02/07/2012 - 10:16:30 - [0] ----D C:\Users\Paulinho\AppData\Local\{243F86E4-2A1A-4EA6-A299-306851C1F8A1}
O43 - CFD: 07/09/2012 - 14:23:08 - [0] ----D C:\Users\Paulinho\AppData\Local\{26A82BF9-A3CD-4752-91B6-BE5C807EDA5D}
O43 - CFD: 27/09/2012 - 17:43:16 - [0] ----D C:\Users\Paulinho\AppData\Local\{2798720A-F969-4F99-BE84-86642E0CF723}
O43 - CFD: 17/09/2012 - 20:14:53 - [0] ----D C:\Users\Paulinho\AppData\Local\{279D8C8F-92FA-4FD7-8874-1495CDBE6949}
O43 - CFD: 21/11/2012 - 18:17:19 - [0] ----D C:\Users\Paulinho\AppData\Local\{28DDE07C-60DE-459B-B2CB-334AD1FF4893}
O43 - CFD: 30/07/2012 - 12:30:15 - [0] ----D C:\Users\Paulinho\AppData\Local\{2A2893FF-9CED-4405-9544-FC83A988344D}
O43 - CFD: 13/07/2012 - 09:37:23 - [0] ----D C:\Users\Paulinho\AppData\Local\{2C99B737-185D-4001-9476-B27F524002FD}
O43 - CFD: 12/11/2012 - 00:30:41 - [0] ----D C:\Users\Paulinho\AppData\Local\{2E1BE87C-1A33-4265-BE74-C09FFC4373F1}
O43 - CFD: 28/06/2012 - 19:14:09 - [0] ----D C:\Users\Paulinho\AppData\Local\{2E7D10BE-245A-4337-86D4-31DD4871C120}
O43 - CFD: 22/06/2012 - 09:39:23 - [0] ----D C:\Users\Paulinho\AppData\Local\{2F63F592-EC4B-4CA5-8D9B-67F5080B12C9}
O43 - CFD: 19/07/2012 - 22:13:28 - [0] ----D C:\Users\Paulinho\AppData\Local\{3089BC17-B80C-4C4B-8910-7C4ABE2A9A3D}
O43 - CFD: 19/07/2012 - 22:12:43 - [0] ----D C:\Users\Paulinho\AppData\Local\{318269B8-1AB2-4A65-A5A4-04DA4767E861}
O43 - CFD: 31/10/2012 - 19:19:22 - [0] ----D C:\Users\Paulinho\AppData\Local\{324CC111-CAE9-44C7-95C9-854063E81511}
O43 - CFD: 25/06/2012 - 10:40:27 - [0] ----D C:\Users\Paulinho\AppData\Local\{327FCC34-DF5D-446D-B30B-159CA61DE7FD}
O43 - CFD: 30/06/2012 - 12:50:25 - [0] ----D C:\Users\Paulinho\AppData\Local\{34C1D748-5AEA-4D90-896C-26DF6FCD56C4}
O43 - CFD: 29/08/2012 - 10:30:22 - [0] ----D C:\Users\Paulinho\AppData\Local\{356327BC-F576-417B-90AD-9079AF1FF611}
O43 - CFD: 10/08/2012 - 14:21:40 - [0] ----D C:\Users\Paulinho\AppData\Local\{358DC017-B1AF-4E8E-BCAF-519BC5E00335}
O43 - CFD: 07/07/2012 - 09:19:57 - [0] ----D C:\Users\Paulinho\AppData\Local\{36E29C44-29A4-4788-9D2B-B659F2ED6233}
O43 - CFD: 24/09/2012 - 10:54:28 - [0] ----D C:\Users\Paulinho\AppData\Local\{380D9D49-D2D8-40B0-B3BB-B23B861D8906}
O43 - CFD: 31/07/2012 - 09:47:20 - [0] ----D C:\Users\Paulinho\AppData\Local\{391DB217-FBB8-4AE7-86ED-537467115FBD}
O43 - CFD: 01/07/2012 - 15:29:49 - [0] ----D C:\Users\Paulinho\AppData\Local\{39396336-39D0-4D5C-AA8E-00016258C581}
O43 - CFD: 25/06/2012 - 10:40:53 - [0] ----D C:\Users\Paulinho\AppData\Local\{3AD86645-9CC7-426D-8241-1679B2BD2AD6}
O43 - CFD: 22/10/2012 - 22:16:22 - [0] ----D C:\Users\Paulinho\AppData\Local\{3C5FD6AF-5742-4741-98D6-4E9C792A297B}
O43 - CFD: 23/11/2012 - 18:28:16 - [0] ----D C:\Users\Paulinho\AppData\Local\{3D326944-8639-4823-8978-AD81045B3C92}
O43 - CFD: 21/06/2012 - 21:48:25 - [0] ----D C:\Users\Paulinho\AppData\Local\{3E860B15-CE73-4A6E-ADAF-6421CD0C9833}
O43 - CFD: 18/08/2012 - 09:21:52 - [0] ----D C:\Users\Paulinho\AppData\Local\{4113C324-7ACF-41B1-9282-1E0EE53B4BE7}
O43 - CFD: 05/07/2012 - 15:06:16 - [0] ----D C:\Users\Paulinho\AppData\Local\{4323D86A-E8BE-4E12-B114-76B8BF93B8A0}
O43 - CFD: 12/07/2012 - 15:35:31 - [0] ----D C:\Users\Paulinho\AppData\Local\{441605E1-3B1A-4D81-9F22-6F16DF42893E}
O43 - CFD: 02/07/2012 - 10:14:43 - [0] ----D C:\Users\Paulinho\AppData\Local\{4778B3DF-300B-40A3-9010-EBD4F5FEA900}
O43 - CFD: 24/07/2012 - 10:00:07 - [0] ----D C:\Users\Paulinho\AppData\Local\{48EC0625-9614-462F-8923-232C54624E96}
O43 - CFD: 31/10/2012 - 19:39:56 - [0] ----D C:\Users\Paulinho\AppData\Local\{4A3D310E-0B1F-4F2F-8B8C-EC16DB8F6B1B}
O43 - CFD: 30/06/2012 - 00:09:59 - [0] ----D C:\Users\Paulinho\AppData\Local\{4ABF4CAC-F02A-44CC-82B8-4044DDD8A645}
O43 - CFD: 14/10/2012 - 22:44:43 - [0] ----D C:\Users\Paulinho\AppData\Local\{4B19E367-3DB5-4436-ADB7-880FA9737D69}
O43 - CFD: 16/10/2012 - 06:13:33 - [0] ----D C:\Users\Paulinho\AppData\Local\{4C236518-8E91-4496-8603-C6A5EA72EBCF}
O43 - CFD: 24/11/2012 - 08:23:46 - [0] ----D C:\Users\Paulinho\AppData\Local\{4C38E127-BBA1-4601-812F-7597F9E84556}
O43 - CFD: 20/08/2012 - 09:39:18 - [0] ----D C:\Users\Paulinho\AppData\Local\{50BF165D-6370-43D3-B4A8-497B66E7C04C}
O43 - CFD: 24/09/2012 - 20:52:27 - [0] ----D C:\Users\Paulinho\AppData\Local\{510870B5-A721-4B61-940D-18E8C355EBE7}
O43 - CFD: 14/07/2012 - 12:04:32 - [0] ----D C:\Users\Paulinho\AppData\Local\{52804740-FD6A-4ACD-905B-E7BA23EEAE57}
O43 - CFD: 20/09/2012 - 12:51:11 - [0] ----D C:\Users\Paulinho\AppData\Local\{546E6B9D-398C-4427-BD1B-7EA9BAE9C8B1}
O43 - CFD: 18/07/2012 - 09:37:53 - [0] ----D C:\Users\Paulinho\AppData\Local\{54928D25-0913-4496-AB6F-42AE4432BFD8}
O43 - CFD: 22/07/2012 - 20:39:25 - [0] ----D C:\Users\Paulinho\AppData\Local\{5540FFE1-C848-402B-80F3-55A0307881A6}
O43 - CFD: 29/06/2012 - 10:37:42 - [0] ----D C:\Users\Paulinho\AppData\Local\{573B1810-FD8C-4FB6-A866-8FBD6BFA2528}
O43 - CFD: 06/08/2012 - 12:33:53 - [0] ----D C:\Users\Paulinho\AppData\Local\{57601605-C816-48C7-85D3-C0A652EDA47F}
O43 - CFD: 08/07/2012 - 11:02:23 - [0] ----D C:\Users\Paulinho\AppData\Local\{589063D2-5EAB-4844-8F98-DC8B9F40E037}
O43 - CFD: 25/08/2012 - 08:56:01 - [0] ----D C:\Users\Paulinho\AppData\Local\{59B2B3FA-2A37-4BBB-A5DE-500902EBFB3D}
O43 - CFD: 18/10/2012 - 13:18:59 - [0] ----D C:\Users\Paulinho\AppData\Local\{5AF8E3B6-0EBA-430F-97A1-9C5509767DF7}
O43 - CFD: 22/08/2012 - 16:53:12 - [0] ----D C:\Users\Paulinho\AppData\Local\{5D49D65C-044E-429B-A04E-179E85E6A095}
O43 - CFD: 23/06/2012 - 11:17:47 - [0] ----D C:\Users\Paulinho\AppData\Local\{5DDEAA32-5A43-4FA5-9200-705444273777}
O43 - CFD: 27/06/2012 - 20:36:55 - [0] ----D C:\Users\Paulinho\AppData\Local\{5EBD3A08-1908-4210-B57B-EDC077581F53}
O43 - CFD: 13/10/2012 - 13:27:20 - [0] ----D C:\Users\Paulinho\AppData\Local\{5F85DB15-2E6A-4C23-A175-F3A05BDE2DA7}
O43 - CFD: 19/07/2012 - 08:16:25 - [0] ----D C:\Users\Paulinho\AppData\Local\{61009499-AF6D-43B8-B404-33B783137DAE}
O43 - CFD: 16/10/2012 - 21:34:04 - [0] ----D C:\Users\Paulinho\AppData\Local\{623B0320-4CEB-4778-85D2-45C8490C45E0}
O43 - CFD: 07/07/2012 - 21:38:32 - [0] ----D C:\Users\Paulinho\AppData\Local\{648263D5-A95C-465D-BF27-708CF79DC074}
O43 - CFD: 27/06/2012 - 20:36:39 - [0] ----D C:\Users\Paulinho\AppData\Local\{64DDAF09-1A13-429B-8490-900978E26A90}
O43 - CFD: 29/08/2012 - 10:40:29 - [0] ----D C:\Users\Paulinho\AppData\Local\{68BF2DAF-B717-43C8-B79D-3D083D868BEE}
O43 - CFD: 11/08/2012 - 07:40:53 - [0] ----D C:\Users\Paulinho\AppData\Local\{6BE33BF9-7A2C-4F9B-945E-17AD9B1119F0}
O43 - CFD: 14/07/2012 - 12:04:46 - [0] ----D C:\Users\Paulinho\AppData\Local\{6C51E634-3026-4FDB-ACA5-A223D7AD2AFB}
O43 - CFD: 01/10/2012 - 07:44:46 - [0] ----D C:\Users\Paulinho\AppData\Local\{6D155D05-28F0-4E02-B205-06D5ED80C568}
O43 - CFD: 01/11/2012 - 14:19:52 - [0] ----D C:\Users\Paulinho\AppData\Local\{6E2D0352-09A7-4520-88C3-5C910EEA09B7}
O43 - CFD: 20/06/2012 - 09:01:00 - [0] ----D C:\Users\Paulinho\AppData\Local\{6F6439D7-6EE7-4530-B6C5-33D75956A533}
O43 - CFD: 28/07/2012 - 11:12:48 - [0] ----D C:\Users\Paulinho\AppData\Local\{703A8413-2C0A-45B6-B0A4-5FE0F1331E23}
O43 - CFD: 24/11/2012 - 22:29:26 - [0] ----D C:\Users\Paulinho\AppData\Local\{70589A8B-0B78-43F0-B88C-B63A95E50CE8}
O43 - CFD: 21/08/2012 - 15:41:09 - [0] ----D C:\Users\Paulinho\AppData\Local\{73BFC504-3A59-40C7-AA55-7F913556D06F}
O43 - CFD: 12/07/2012 - 15:35:44 - [0] ----D C:\Users\Paulinho\AppData\Local\{741D4605-57A8-4B48-A002-E1C5109D8379}
O43 - CFD: 04/10/2012 - 19:03:00 - [0] ----D C:\Users\Paulinho\AppData\Local\{745489C1-4240-4CE5-AA1D-20917B2381A7}
O43 - CFD: 09/08/2012 - 12:18:03 - [0] ----D C:\Users\Paulinho\AppData\Local\{74B2E67F-A407-4B63-A51A-11C1572F379E}
O43 - CFD: 15/10/2012 - 13:57:21 - [0] ----D C:\Users\Paulinho\AppData\Local\{75381444-2005-45E6-9653-E6408CCC93DE}
O43 - CFD: 27/07/2012 - 08:23:39 - [0] ----D C:\Users\Paulinho\AppData\Local\{76124217-5000-4B10-9CE8-1D6009D8EC7E}
O43 - CFD: 28/09/2012 - 12:06:05 - [0] ----D C:\Users\Paulinho\AppData\Local\{76CC9E2C-57B4-420C-A452-B2FF3F2BE45C}
O43 - CFD: 14/09/2012 - 15:53:03 - [0] ----D C:\Users\Paulinho\AppData\Local\{78B337F1-3B0A-4047-B353-19681C7CCBB6}
O43 - CFD: 27/08/2012 - 22:53:13 - [0] ----D C:\Users\Paulinho\AppData\Local\{79264E8F-1A83-4C08-AE3F-6563247441A8}
O43 - CFD: 04/08/2012 - 08:33:46 - [0] ----D C:\Users\Paulinho\AppData\Local\{792B2218-0947-4DE9-9258-7FE9387BBF78}
O43 - CFD: 17/09/2012 - 08:14:09 - [0] ----D C:\Users\Paulinho\AppData\Local\{7A94A908-569D-461D-993B-08EDE984A380}
O43 - CFD: 08/08/2012 - 09:41:28 - [0] ----D C:\Users\Paulinho\AppData\Local\{7B5AB0A5-776A-4F10-AC4C-55C833F22D8B}
O43 - CFD: 27/09/2012 - 13:24:55 - [0] ----D C:\Users\Paulinho\AppData\Local\{7BF03A1E-0742-4D6E-AA8C-13458BC099FD}
O43 - CFD: 28/06/2012 - 19:13:53 - [0] ----D C:\Users\Paulinho\AppData\Local\{7C0337AB-347A-4D0A-87C9-1DEB0CE351BC}
O43 - CFD: 18/08/2012 - 09:22:08 - [0] ----D C:\Users\Paulinho\AppData\Local\{7C959C9F-FED3-421D-8D31-675E131CED0C}
O43 - CFD: 31/07/2012 - 09:45:28 - [0] ----D C:\Users\Paulinho\AppData\Local\{7E66F251-66EB-45D7-9CF3-A4390E638AD9}
O43 - CFD: 15/09/2012 - 15:20:12 - [0] ----D C:\Users\Paulinho\AppData\Local\{7F613D49-30CF-477C-81CB-A22CF7E2315D}
O43 - CFD: 23/11/2012 - 19:14:20 - [0] ----D C:\Users\Paulinho\AppData\Local\{815A2BA2-C2F4-40BA-9FAF-238219334F34}
O43 - CFD: 30/06/2012 - 12:51:30 - [0] ----D C:\Users\Paulinho\AppData\Local\{8239E92A-95B7-4201-BD90-718E9017661D}
O43 - CFD: 22/10/2012 - 06:25:10 - [0] ----D C:\Users\Paulinho\AppData\Local\{84C50364-51C9-4866-8EFF-4DB0F883000D}
O43 - CFD: 23/07/2012 - 12:01:26 - [0] ----D C:\Users\Paulinho\AppData\Local\{86134C0B-05D7-4BFF-9BA9-525314D3506E}
O43 - CFD: 27/06/2012 - 08:35:22 - [0] ----D C:\Users\Paulinho\AppData\Local\{8A8AB617-A7D4-4288-B0D8-55C376A96512}
O43 - CFD: 26/06/2012 - 11:35:24 - [0] ----D C:\Users\Paulinho\AppData\Local\{8BBFB7AF-1C72-416B-A66E-0CC094C3B375}
O43 - CFD: 27/08/2012 - 10:52:33 - [0] ----D C:\Users\Paulinho\AppData\Local\{914F3EEE-A140-4258-86FD-B1C160D6CF71}
O43 - CFD: 26/09/2012 - 13:41:22 - [0] ----D C:\Users\Paulinho\AppData\Local\{92CEF6DF-8692-491C-8F09-96799D74238C}
O43 - CFD: 08/07/2012 - 11:00:47 - [0] ----D C:\Users\Paulinho\AppData\Local\{94707523-AA6F-4D5C-879E-99EB97668CE8}
O43 - CFD: 26/10/2012 - 09:08:21 - [0] ----D C:\Users\Paulinho\AppData\Local\{95317F6B-F627-440F-AE2E-22B3ECB4C383}
O43 - CFD: 24/07/2012 - 09:59:04 - [0] ----D C:\Users\Paulinho\AppData\Local\{95700B86-0E51-46F3-B9BF-8EC09F233215}
O43 - CFD: 03/09/2012 - 11:50:14 - [0] ----D C:\Users\Paulinho\AppData\Local\{959D4A13-B035-4120-AD3B-0DBBF7347BFD}
O43 - CFD: 17/08/2012 - 12:58:59 - [0] ----D C:\Users\Paulinho\AppData\Local\{992819A4-03BE-4B3D-96DE-C772876C854C}
O43 - CFD: 14/08/2012 - 14:17:41 - [0] ----D C:\Users\Paulinho\AppData\Local\{9A505D92-8071-4AFD-8B44-9A53E2314A13}
O43 - CFD: 28/08/2012 - 12:30:07 - [0] ----D C:\Users\Paulinho\AppData\Local\{9AF71867-1D8B-4E9A-8A81-5C087E10A67B}
O43 - CFD: 02/07/2012 - 22:17:57 - [0] ----D C:\Users\Paulinho\AppData\Local\{9AFA04CE-2E53-469F-B963-F31972EA45B2}
O43 - CFD: 05/09/2012 - 18:48:12 - [0] ----D C:\Users\Paulinho\AppData\Local\{A384CE9D-752D-410E-95A1-67A5FEEDE70A}
O43 - CFD: 30/09/2012 - 15:52:06 - [0] ----D C:\Users\Paulinho\AppData\Local\{A7EEAB92-EE63-4FEB-94E2-78401010E2C3}
O43 - CFD: 11/08/2012 - 07:41:20 - [0] ----D C:\Users\Paulinho\AppData\Local\{A9D0C3FF-6A98-4625-A403-D3C4C95A9557}
O43 - CFD: 26/06/2012 - 11:35:50 - [0] ----D C:\Users\Paulinho\AppData\Local\{ABAE578B-E26C-481C-A2E4-681D84A540AB}
O43 - CFD: 23/10/2012 - 07:17:03 - [0] ----D C:\Users\Paulinho\AppData\Local\{ACB71224-87C3-45C3-A9AC-F33984B79B85}
O43 - CFD: 25/11/2012 - 22:14:03 - [0] ----D C:\Users\Paulinho\AppData\Local\{AD7B2471-2013-4300-B24C-F68AA1AF0343}
O43 - CFD: 21/06/2012 - 13:30:16 - [0] ----D C:\Users\Paulinho\AppData\Local\{B1859E51-822B-48D9-8408-9C9983E01A7B}
O43 - CFD: 11/10/2012 - 09:20:23 - [0] ----D C:\Users\Paulinho\AppData\Local\{B3F541FD-211B-468C-939A-4FA4A3415F77}
O43 - CFD: 12/09/2012 - 21:16:52 - [0] ----D C:\Users\Paulinho\AppData\Local\{B57984B7-CE86-4DCC-B3DF-2227485F50E1}
O43 - CFD: 13/07/2012 - 09:37:38 - [0] ----D C:\Users\Paulinho\AppData\Local\{B5C7BB62-FBE8-4757-9B92-6800F9723402}
O43 - CFD: 04/09/2012 - 13:24:06 - [0] ----D C:\Users\Paulinho\AppData\Local\{B7131011-FFD7-4D82-8CC1-2D06C80AB728}
O43 - CFD: 24/06/2012 - 21:19:21 - [0] ----D C:\Users\Paulinho\AppData\Local\{BB6959CE-2334-47C5-A6B5-5CD983B3AC6D}
O43 - CFD: 25/09/2012 - 13:44:09 - [0] ----D C:\Users\Paulinho\AppData\Local\{BBBB0641-B5B1-4E28-B622-1C05F5D78975}
O43 - CFD: 27/06/2012 - 08:35:37 - [0] ----D C:\Users\Paulinho\AppData\Local\{BC21E47F-660C-4A4A-A4B5-CADD12450CFF}
O43 - CFD: 04/09/2012 - 18:42:54 - [0] ----D C:\Users\Paulinho\AppData\Local\{BD073797-B821-4EDF-9C58-EFA4AE64911C}
O43 - CFD: 16/08/2012 - 06:43:06 - [0] ----D C:\Users\Paulinho\AppData\Local\{BD3F2389-C1BA-426D-BD05-85E1CC5D9600}
O43 - CFD: 30/10/2012 - 19:41:34 - [0] ----D C:\Users\Paulinho\AppData\Local\{BDA2F089-1CCB-4919-8278-F121B4EFDCB9}
O43 - CFD: 10/10/2012 - 12:03:06 - [0] ----D C:\Users\Paulinho\AppData\Local\{BE2AF2DA-4DDF-4FD8-BD7A-1B65A40AB191}
O43 - CFD: 07/07/2012 - 09:19:40 - [0] ----D C:\Users\Paulinho\AppData\Local\{C09C1488-D524-41C0-A32F-5414D097FA50}
O43 - CFD: 29/08/2012 - 18:33:18 - [0] ----D C:\Users\Paulinho\AppData\Local\{C32FF46B-6CB1-4E8E-A670-06F70CFD8DC0}
O43 - CFD: 14/08/2012 - 14:17:26 - [0] ----D C:\Users\Paulinho\AppData\Local\{C6158795-91A6-4F64-8852-51DEEF77FE3A}
O43 - CFD: 06/07/2012 - 08:44:48 - [0] ----D C:\Users\Paulinho\AppData\Local\{C992E062-375C-4CD6-A358-274E3D3D5384}
O43 - CFD: 19/07/2012 - 08:15:22 - [0] ----D C:\Users\Paulinho\AppData\Local\{CB608C38-E8A8-4E52-9096-552D2BCDF82F}
O43 - CFD: 23/07/2012 - 12:00:27 - [0] ----D C:\Users\Paulinho\AppData\Local\{CB6EF8BB-3110-47F8-8801-FA2C9E76D909}
O43 - CFD: 28/09/2012 - 15:24:53 - [0] ----D C:\Users\Paulinho\AppData\Local\{CBD0BBED-AD18-4EEF-879B-5940CAE8E85B}
O43 - CFD: 02/08/2012 - 15:32:19 - [0] ----D C:\Users\Paulinho\AppData\Local\{CF8BD57B-C432-4756-AD31-DE1F015614BD}
O43 - CFD: 29/06/2012 - 10:36:26 - [0] ----D C:\Users\Paulinho\AppData\Local\{D68A2BB4-1165-4F01-B539-1A9FED219887}
O43 - CFD: 24/09/2012 - 11:11:49 - [0] ----D C:\Users\Paulinho\AppData\Local\{D9CA2376-63D8-462D-9BE5-4681ECDF61B0}
O43 - CFD: 04/08/2012 - 08:35:44 - [0] ----D C:\Users\Paulinho\AppData\Local\{D9E0B2FB-B2B1-49A1-99B6-970CAB392824}
O43 - CFD: 22/07/2012 - 20:40:29 - [0] ----D C:\Users\Paulinho\AppData\Local\{D9E15101-C9F0-4B59-8748-DEA30ACB90D5}
O43 - CFD: 28/08/2012 - 14:18:35 - [0] ----D C:\Users\Paulinho\AppData\Local\{DA0CE226-26A1-4DB0-BB06-3E48C5ADA831}
O43 - CFD: 17/08/2012 - 12:59:13 - [0] ----D C:\Users\Paulinho\AppData\Local\{DA77870A-B983-4B48-AC8A-30DA6A804B18}
O43 - CFD: 05/09/2012 - 06:47:31 - [0] ----D C:\Users\Paulinho\AppData\Local\{DB400CFC-1ECA-4D36-A161-3BBCC85F7636}
O43 - CFD: 22/09/2012 - 19:28:32 - [0] ----D C:\Users\Paulinho\AppData\Local\{DEEB52F6-82DE-441A-83D9-2D0F51E7ADAD}
O43 - CFD: 20/07/2012 - 13:03:05 - [0] ----D C:\Users\Paulinho\AppData\Local\{E1FDC636-D3D4-483E-A799-CB4FFF3CE6A0}
O43 - CFD: 16/08/2012 - 06:43:47 - [0] ----D C:\Users\Paulinho\AppData\Local\{E24BE7FB-6A2E-4D43-A90A-770CAAB4C99B}
O43 - CFD: 27/07/2012 - 08:24:53 - [0] ----D C:\Users\Paulinho\AppData\Local\{E475D5E1-897F-4E54-95EB-8AD27E0BAD1C}
O43 - CFD: 13/09/2012 - 10:02:47 - [0] ----D C:\Users\Paulinho\AppData\Local\{E7029FDD-6188-4733-AE2A-FD42C2FD44B3}
O43 - CFD: 03/10/2012 - 17:35:06 - [0] ----D C:\Users\Paulinho\AppData\Local\{EA974B80-7C3A-47AD-949E-E23642A6E589}
O43 - CFD: 18/07/2012 - 09:37:39 - [0] ----D C:\Users\Paulinho\AppData\Local\{EC3CF1A0-FB76-4015-BA66-34E84A2977A7}
O43 - CFD: 04/07/2012 - 14:58:01 - [0] ----D C:\Users\Paulinho\AppData\Local\{EC70AB46-63F1-4CB3-A2DA-CA4BF0573586}
O43 - CFD: 02/07/2012 - 22:18:11 - [0] ----D C:\Users\Paulinho\AppData\Local\{EEB218B3-7A66-4617-A2C3-A7FA281552C7}
O43 - CFD: 14/10/2012 - 10:43:55 - [0] ----D C:\Users\Paulinho\AppData\Local\{F2DCAA44-E887-4CB8-AF9B-950847838386}
O43 - CFD: 28/06/2012 - 10:38:11 - [0] ----D C:\Users\Paulinho\AppData\Local\{FB1197FE-A490-4FAF-8B99-309675FD060D}
O43 - CFD: 01/11/2012 - 14:36:00 - [0] ----D C:\Users\Paulinho\AppData\Local\{FBD82CDE-AC24-4818-BBEB-81B34839C816}
O43 - CFD: 29/10/2012 - 09:02:36 - [0] ----D C:\Users\Paulinho\AppData\Local\{FC11BB6E-1195-402E-93DB-8022E3833B75}
O43 - CFD: 21/06/2012 - 09:40:34 - [0] ----D C:\Users\Paulinho\AppData\Local\{FF4B2480-F7F8-4BFA-A4C4-86674FEC6B6E}
O44 - LFC:[MD5.1A169E19BB0A4B4143AABD5F2A110E0F] - 24/11/2012 - 09:02:27 ---A- . (...) -- C:\hijackthis.log   [7584]
O51 - MPSK:{c82ef5e0-f1de-11e1-a192-00235a5a329e}\AutoRun\command. (...) -- D:\Windows\Install.exe (.not file.)    => Infection MSN
O51 - MPSK:{31ee7bdf-7a08-11df-a4fd-00235a5a329e}\AutoRun\command. (...) -- D:\AutoRun.exe (.not file.)     
O51 - MPSK:{3c3a41a5-334f-11df-9ad6-806e6f6e6963}\AutoRun\command. (...) -- D:\AutoRun.exe (.not file.)     
O51 - MPSK:{5019434a-2a2d-11df-941a-806e6f6e6963}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)     
O51 - MPSK:{5019438d-2a2d-11df-941a-00235a5a329e}\AutoRun\command. (...) -- D:\AutoRun.exe (.not file.)     
O51 - MPSK:{543ce2f7-e793-11e0-8143-00235a5a329e}\AutoRun\command. (...) -- D:\AutoRun.exe (.not file.)     
O51 - MPSK:{543ce30a-e793-11e0-8143-00235a5a329e}\AutoRun\command. (...) -- D:\AutoRun.exe (.not file.)     
O51 - MPSK:{f7832dfc-6ea6-11df-a2dc-00235a5a329e}\AutoRun\command. (...) -- D:\AutoRun.exe (.not file.)     

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

proxyfix
emptytemp
emptyflash
firewallraz
sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

ZHPDiag_PasteClipboard.jpg

 

|- Clique no menu,"Paste ClipBoard".

|- Clique em "GO" -> Oui.

 

ZHPFix_GO.jpg

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Rapport de ZHPFix 1.3.07 par Nicolas Coolman, Update du 13/11/2012

Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-26-11-2012-11-12-00.txt

Run by Paulinho at 26/11/2012 11:09:34

Windows 7 Ultimate Edition, 32-bit (Build 7600)

 

 

 

========== Registry Key ==========

DELETED Key: CLSID BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

DELETED CLSID MPSK: {c82ef5e0-f1de-11e1-a192-00235a5a329e}

DELETED CLSID MPSK: {31ee7bdf-7a08-11df-a4fd-00235a5a329e}

DELETED CLSID MPSK: {3c3a41a5-334f-11df-9ad6-806e6f6e6963}

DELETED CLSID MPSK: {5019434a-2a2d-11df-941a-806e6f6e6963}

DELETED CLSID MPSK: {5019438d-2a2d-11df-941a-00235a5a329e}

DELETED CLSID MPSK: {543ce2f7-e793-11e0-8143-00235a5a329e}

DELETED CLSID MPSK: {543ce30a-e793-11e0-8143-00235a5a329e}

DELETED CLSID MPSK: {f7832dfc-6ea6-11df-a2dc-00235a5a329e}

 

========== Registry Value ==========

DELETED Toolbar: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

DELETED RunValue: RocketDock

NOT FOUND RunValue: RocketDock

DELETED [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

No Value in Standard Profile Register Key FirewallRaz :

No Value in Domain Profile Register Key FirewallRaz :

DELETED FirewallRaz (None) : {6E06E03D-7431-4921-87FC-C189A3059F7D}

 

========== Repertory ==========

NOT FOUND C:\Users\Paulinho\AppData\Local\Dados de aplicativos

NOT FOUND C:\Users\Paulinho\AppData\Local\Histórico

DELETED Folder: C:\Users\Paulinho\AppData\Local\{01729AD4-33C5-4828-9BF5-0DC2376F3FF8}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{029662B9-59E6-4B4A-9963-C488F23AA419}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{04771549-D24B-467E-A822-7C2195D7C13D}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{077B4429-08C2-4BD7-895D-CD7785BE741D}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{08EEAA66-E813-4D9D-A3A4-FED75E848900}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{097FB1E5-B1DC-4485-A988-14D4C61DFEE4}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{09DA1E72-865C-46D7-9B2A-A5B52ED51917}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{0ACB8580-5B27-4395-A63D-8391DD7A706B}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{0B389BB4-30BA-4A51-BA4F-4227E1C11B6F}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{0B6B78AE-9E1E-4DE3-BFB6-0867C2E9258D}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{0BE4E9FF-2CA2-49A7-B665-2EF9C8C88812}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{0C592C0E-841D-492B-81E5-C69DAC881CD2}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{0C98B5B0-061F-4EEE-A791-5D6E2FB6E3F0}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{0DF0995C-0F54-488F-B000-CA90DA03FACC}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{0E7FC270-B324-4443-87BF-F62AB877DC1E}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{0F55CBCD-7149-40F5-82C0-BA1AAAFF2C17}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{10ABE1E5-75C9-4231-ADAA-445C0D9BA978}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{16234F63-ED86-4E3A-9595-C722BD9FECF1}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{192D3490-49F3-4F83-AC31-E5B645E6D1D6}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{1D839E0A-137D-4437-9781-5B6809D9ED75}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{2001F032-A9BD-4542-A89A-BE8F04A22F62}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{220460AB-A378-42EF-A0B8-647848906B98}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{23D462A7-61A6-4D87-9491-0EEADD70163F}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{243F86E4-2A1A-4EA6-A299-306851C1F8A1}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{26A82BF9-A3CD-4752-91B6-BE5C807EDA5D}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{2798720A-F969-4F99-BE84-86642E0CF723}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{279D8C8F-92FA-4FD7-8874-1495CDBE6949}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{28DDE07C-60DE-459B-B2CB-334AD1FF4893}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{2A2893FF-9CED-4405-9544-FC83A988344D}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{2C99B737-185D-4001-9476-B27F524002FD}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{2E1BE87C-1A33-4265-BE74-C09FFC4373F1}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{2E7D10BE-245A-4337-86D4-31DD4871C120}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{2F63F592-EC4B-4CA5-8D9B-67F5080B12C9}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{3089BC17-B80C-4C4B-8910-7C4ABE2A9A3D}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{318269B8-1AB2-4A65-A5A4-04DA4767E861}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{324CC111-CAE9-44C7-95C9-854063E81511}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{327FCC34-DF5D-446D-B30B-159CA61DE7FD}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{34C1D748-5AEA-4D90-896C-26DF6FCD56C4}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{356327BC-F576-417B-90AD-9079AF1FF611}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{358DC017-B1AF-4E8E-BCAF-519BC5E00335}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{36E29C44-29A4-4788-9D2B-B659F2ED6233}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{380D9D49-D2D8-40B0-B3BB-B23B861D8906}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{391DB217-FBB8-4AE7-86ED-537467115FBD}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{39396336-39D0-4D5C-AA8E-00016258C581}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{3AD86645-9CC7-426D-8241-1679B2BD2AD6}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{3C5FD6AF-5742-4741-98D6-4E9C792A297B}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{3D326944-8639-4823-8978-AD81045B3C92}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{3E860B15-CE73-4A6E-ADAF-6421CD0C9833}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{4113C324-7ACF-41B1-9282-1E0EE53B4BE7}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{4323D86A-E8BE-4E12-B114-76B8BF93B8A0}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{441605E1-3B1A-4D81-9F22-6F16DF42893E}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{4778B3DF-300B-40A3-9010-EBD4F5FEA900}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{48EC0625-9614-462F-8923-232C54624E96}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{4A3D310E-0B1F-4F2F-8B8C-EC16DB8F6B1B}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{4ABF4CAC-F02A-44CC-82B8-4044DDD8A645}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{4B19E367-3DB5-4436-ADB7-880FA9737D69}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{4C236518-8E91-4496-8603-C6A5EA72EBCF}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{4C38E127-BBA1-4601-812F-7597F9E84556}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{50BF165D-6370-43D3-B4A8-497B66E7C04C}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{510870B5-A721-4B61-940D-18E8C355EBE7}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{52804740-FD6A-4ACD-905B-E7BA23EEAE57}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{546E6B9D-398C-4427-BD1B-7EA9BAE9C8B1}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{54928D25-0913-4496-AB6F-42AE4432BFD8}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{5540FFE1-C848-402B-80F3-55A0307881A6}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{573B1810-FD8C-4FB6-A866-8FBD6BFA2528}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{57601605-C816-48C7-85D3-C0A652EDA47F}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{589063D2-5EAB-4844-8F98-DC8B9F40E037}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{59B2B3FA-2A37-4BBB-A5DE-500902EBFB3D}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{5AF8E3B6-0EBA-430F-97A1-9C5509767DF7}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{5D49D65C-044E-429B-A04E-179E85E6A095}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{5DDEAA32-5A43-4FA5-9200-705444273777}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{5EBD3A08-1908-4210-B57B-EDC077581F53}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{5F85DB15-2E6A-4C23-A175-F3A05BDE2DA7}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{61009499-AF6D-43B8-B404-33B783137DAE}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{623B0320-4CEB-4778-85D2-45C8490C45E0}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{648263D5-A95C-465D-BF27-708CF79DC074}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{64DDAF09-1A13-429B-8490-900978E26A90}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{68BF2DAF-B717-43C8-B79D-3D083D868BEE}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{6BE33BF9-7A2C-4F9B-945E-17AD9B1119F0}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{6C51E634-3026-4FDB-ACA5-A223D7AD2AFB}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{6D155D05-28F0-4E02-B205-06D5ED80C568}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{6E2D0352-09A7-4520-88C3-5C910EEA09B7}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{6F6439D7-6EE7-4530-B6C5-33D75956A533}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{703A8413-2C0A-45B6-B0A4-5FE0F1331E23}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{70589A8B-0B78-43F0-B88C-B63A95E50CE8}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{73BFC504-3A59-40C7-AA55-7F913556D06F}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{741D4605-57A8-4B48-A002-E1C5109D8379}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{745489C1-4240-4CE5-AA1D-20917B2381A7}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{74B2E67F-A407-4B63-A51A-11C1572F379E}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{75381444-2005-45E6-9653-E6408CCC93DE}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{76124217-5000-4B10-9CE8-1D6009D8EC7E}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{76CC9E2C-57B4-420C-A452-B2FF3F2BE45C}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{78B337F1-3B0A-4047-B353-19681C7CCBB6}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{79264E8F-1A83-4C08-AE3F-6563247441A8}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{792B2218-0947-4DE9-9258-7FE9387BBF78}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{7A94A908-569D-461D-993B-08EDE984A380}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{7B5AB0A5-776A-4F10-AC4C-55C833F22D8B}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{7BF03A1E-0742-4D6E-AA8C-13458BC099FD}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{7C0337AB-347A-4D0A-87C9-1DEB0CE351BC}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{7C959C9F-FED3-421D-8D31-675E131CED0C}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{7E66F251-66EB-45D7-9CF3-A4390E638AD9}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{7F613D49-30CF-477C-81CB-A22CF7E2315D}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{815A2BA2-C2F4-40BA-9FAF-238219334F34}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{8239E92A-95B7-4201-BD90-718E9017661D}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{84C50364-51C9-4866-8EFF-4DB0F883000D}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{86134C0B-05D7-4BFF-9BA9-525314D3506E}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{8A8AB617-A7D4-4288-B0D8-55C376A96512}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{8BBFB7AF-1C72-416B-A66E-0CC094C3B375}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{914F3EEE-A140-4258-86FD-B1C160D6CF71}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{92CEF6DF-8692-491C-8F09-96799D74238C}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{94707523-AA6F-4D5C-879E-99EB97668CE8}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{95317F6B-F627-440F-AE2E-22B3ECB4C383}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{95700B86-0E51-46F3-B9BF-8EC09F233215}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{959D4A13-B035-4120-AD3B-0DBBF7347BFD}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{992819A4-03BE-4B3D-96DE-C772876C854C}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{9A505D92-8071-4AFD-8B44-9A53E2314A13}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{9AF71867-1D8B-4E9A-8A81-5C087E10A67B}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{9AFA04CE-2E53-469F-B963-F31972EA45B2}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{A384CE9D-752D-410E-95A1-67A5FEEDE70A}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{A7EEAB92-EE63-4FEB-94E2-78401010E2C3}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{A9D0C3FF-6A98-4625-A403-D3C4C95A9557}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{ABAE578B-E26C-481C-A2E4-681D84A540AB}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{ACB71224-87C3-45C3-A9AC-F33984B79B85}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{AD7B2471-2013-4300-B24C-F68AA1AF0343}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{B1859E51-822B-48D9-8408-9C9983E01A7B}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{B3F541FD-211B-468C-939A-4FA4A3415F77}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{B57984B7-CE86-4DCC-B3DF-2227485F50E1}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{B5C7BB62-FBE8-4757-9B92-6800F9723402}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{B7131011-FFD7-4D82-8CC1-2D06C80AB728}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{BB6959CE-2334-47C5-A6B5-5CD983B3AC6D}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{BBBB0641-B5B1-4E28-B622-1C05F5D78975}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{BC21E47F-660C-4A4A-A4B5-CADD12450CFF}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{BD073797-B821-4EDF-9C58-EFA4AE64911C}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{BD3F2389-C1BA-426D-BD05-85E1CC5D9600}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{BDA2F089-1CCB-4919-8278-F121B4EFDCB9}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{BE2AF2DA-4DDF-4FD8-BD7A-1B65A40AB191}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{C09C1488-D524-41C0-A32F-5414D097FA50}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{C32FF46B-6CB1-4E8E-A670-06F70CFD8DC0}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{C6158795-91A6-4F64-8852-51DEEF77FE3A}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{C992E062-375C-4CD6-A358-274E3D3D5384}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{CB608C38-E8A8-4E52-9096-552D2BCDF82F}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{CB6EF8BB-3110-47F8-8801-FA2C9E76D909}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{CBD0BBED-AD18-4EEF-879B-5940CAE8E85B}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{CF8BD57B-C432-4756-AD31-DE1F015614BD}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{D68A2BB4-1165-4F01-B539-1A9FED219887}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{D9CA2376-63D8-462D-9BE5-4681ECDF61B0}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{D9E0B2FB-B2B1-49A1-99B6-970CAB392824}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{D9E15101-C9F0-4B59-8748-DEA30ACB90D5}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{DA0CE226-26A1-4DB0-BB06-3E48C5ADA831}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{DA77870A-B983-4B48-AC8A-30DA6A804B18}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{DB400CFC-1ECA-4D36-A161-3BBCC85F7636}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{DEEB52F6-82DE-441A-83D9-2D0F51E7ADAD}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{E1FDC636-D3D4-483E-A799-CB4FFF3CE6A0}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{E24BE7FB-6A2E-4D43-A90A-770CAAB4C99B}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{E475D5E1-897F-4E54-95EB-8AD27E0BAD1C}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{E7029FDD-6188-4733-AE2A-FD42C2FD44B3}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{EA974B80-7C3A-47AD-949E-E23642A6E589}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{EC3CF1A0-FB76-4015-BA66-34E84A2977A7}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{EC70AB46-63F1-4CB3-A2DA-CA4BF0573586}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{EEB218B3-7A66-4617-A2C3-A7FA281552C7}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{F2DCAA44-E887-4CB8-AF9B-950847838386}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{FB1197FE-A490-4FAF-8B99-309675FD060D}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{FBD82CDE-AC24-4818-BBEB-81B34839C816}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{FC11BB6E-1195-402E-93DB-8022E3833B75}

DELETED Folder: C:\Users\Paulinho\AppData\Local\{FF4B2480-F7F8-4BFA-A4C4-86674FEC6B6E}

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== File ==========

NOT FOUND File: c:\program files\rocketdock\rocketdock.exe

DELETED File: c:\hijackthis.log

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== Restoration ==========

Restore System Point created succefully

 

 

========== Summary ==========

9 : Registry Key

13 : Registry Value

169 : Repertory

4 : File

1 : Restoration

 

 

End of clean in 04mn 39s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 26/11/2012 11:12:00 [16530]

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Edvan

 

|- Desinstale: C:\Program Files\Lingoes <<

 

-/-

 

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

 

|- Abra o HijackThis e dê Fix nesta entrada.

 

AdwCleaner_Uninstall2.jpg

 

|- Abra a ferramenta AdwCleaner e clique em "Uninstall".

 

ZHP_uninstall_zps01617da3.jpg

 

|- Desinstale ZHPDiag,clicando em "ZHP_uninstall".

|- Poste HijackThis atualizado.

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites
|- Desinstale: C:\Program Files\Lingoes

 

Esse programa ela usa, o Lingoes é um excelente dicionário e tradutor de termos do inglês para vários idiomas.

 

http://www.baixaki.com.br/download/lingoes.htm#ixzz2DMpihoqw

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:36:01, on 26/11/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16455)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\snuvcdsm.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Lingoes\Translator2\Lingoes.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\system32\wuauclt.exe

C:\Users\Paulinho\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paulinho\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paulinho\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paulinho\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paulinho\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paulinho\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paulinho\AppData\Local\Google\Chrome\Application\chrome.exe

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 177.21.160.235:3128

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe

O4 - HKLM\..\Run: [sNUVCDSM] C:\Windows\snuvcdsm.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Lingoes] C:\Program Files\Lingoes\Translator2\Lingoes.exe -minimize

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

 

--

End of file - 6997 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Edvan

 

Esse programa ela usa, o Lingoes é um excelente dicionário e tradutor de termos do inglês para vários idiomas.

 

http://www.baixaki.c...m#ixzz2DMpihoqw

|- Se for para traduzir sites,utilize o Bing Translator em lugar do software instalado.

 

-------

-------

O4 - HKCU\..\Run: [Lingoes] C:\Program Files\Lingoes\Translator2\Lingoes.exe -minimize

-------

-------

 

|- Caso deseje mantê-lo,pode retirá-lo ao ser carregado o Windows.

 

-------

-------

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 177.21.160.235:3128

-------

-------

 

|- Ps: Se não utiliza Proxy,abra o HijackThis e dê Fix nesta entrada.

 

-/-

 

|- Execute escaneamento online em | hh3lp9.jpg |

|- Utilize o navegador "Internet Explorer",para essa tarefa!

 

th_Nod32.gif

 

|- Siga,conforme a imagem,essa verificação ou scan.

 

abmL2O1b.jpg

 

|- Ao concluir,clique em "List of found threats" >> "Export to text file"

|- Salve esse texto no desktop,com o nome: Esetlog

|- Ps: Caso nada seja detectado,não teremos relatório ou lista presente.

|- Poste o relatório que estará no desktop! ( Esetlog.txt )

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desinstalei o Lingoes.

 

O scan do Eset não rolou deu problema no IE.

http://www.eset.com/us/online-scanner/

 

Rodei o scan do bitdefender e não pegou nenhum malware.

http://www.bitdefender.com/scanner/online/free.html

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:26:05, on 27/11/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16455)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\snuvcdsm.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\TeamViewer\Version7\TeamViewer.exe

C:\Users\Paulinho\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paulinho\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paulinho\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paulinho\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paulinho\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paulinho\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paulinho\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe

O4 - HKLM\..\Run: [sNUVCDSM] C:\Windows\snuvcdsm.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

 

--

End of file - 7268 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Edvan

 

|- Reduziu-se a lentidão?

 

< StartUpLite >

 

|- Caso queira,otimize a inicialização com o StartUpLite.

|- Tudo Ok?

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

tudo ok, mais uma vez obrigado.. :grin:

 

Pode fechar o tópico! :thumbsup:

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.