[Arquivado] Internet cai após um tempo.

[MateusMTS 0]

De uns dias pra ca minha net fica caindo após um tempo ae eu desligo o hoteador e reinicio o pc e ligo o hoteador e a internet volta ao normal más apos um tempo ela cai denovo.

 

Log HijackThis v2.0.4 :

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:38:52, on 30/11/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16930)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Windows\SysWOW64\explorer.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Users\Rosana\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/search?q={searchTerms}

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oquefazernainternet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/search?q={searchTerms}

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oquefazernainternet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oquefazernainternet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazernainternet.com/q/%s

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (file missing)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: D'Accord Music Software BR Toolbar - {c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad} - C:\Program Files (x86)\D'Accord_Music_Software_BR\tbD'Ac.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)

O3 - Toolbar: (no name) - !{949A7FED-30B4-433e-9718-23EC99A126B0} - (no file)

O3 - Toolbar: (no name) - !{c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad} - (no file)

O3 - Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

O3 - Toolbar: (no name) - !{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - (no file)

O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Rosana\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [microsoft] C:\Users\Rosana\AppData\Roaming\Microsoft\microsoft.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MarbleStation] C:\NetmarbleGlobal\MarbleStation\GlbMSLauncher.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

O15 - Trusted Zone: *.clonewarsadventures.com

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - AppInit_DLLs: LoaderDLL.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 11035 bytes

 

 

[DigRam 144]

Boa Tarde! MateusMTS

 

|- Baixe: < > ( ... by OldTimer Tools )

 

|- Salve-o no desktop!

|- Duplo clique em OTL.exe >> Executar.

|- Ps: Tendo dificuldades ao executar OTL.exe,delete o arquivo e baixe-o daqui ou aqui.

 

 

|- Configure a ferramenta,segundo a screenshot!

|- Em "Exame Extra do Registro",assinale "Nenhum".

 

*crack* /s 
*keygen* /s 
*serial* /s 
*AutoKMS* /s
*loader* /s
%SYSTEMDRIVE%\*.*
%APPDATA%\Local\*.
%APPDATA%\*.exe /s
%APPDATA%\*.
%systemdrive%\drivers\*.exe
%USERPROFILE%\AppData\Local\*.*
%USERPROFILE%\AppData\Roaming\*.*
%systemroot%\system32\drivers\*.* /90
%systemroot%\assembly\tmp\*.* /S /MD5
%systemroot%\assembly\temp\*.* /S /MD5
%systemroot%\assembly\GAC\*.* /S /MD5
%systemroot%\assembly\GAC_32\*.* /S /MD5
%systemroot%\assembly\GAC_64\*.* /S /MD5
%systemroot%\system32\config\systemprofile\AppData\Local\*.*
%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*
%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
/md5start
services.exe
/md5stop
regedit /e c:\registrybackup.reg /c
%systemroot%\system32\tasks\*.* /s /64
%windir%\tasks\*.* /s

|- Copie estas informações que estão no Code,para o Bloco de Notas.

|- Salve-as em Meus Documentos ou desktop,com o nome scan. << Texto!

|- Clique na área "Exames Personalizados/Correções".

 

 

|- Clique em Ok para procurar um arquivo com exame personalizado.

|- Clique "Abrir". ( scan.txt )

 

 

|- Após colar as informações na área branca,clique em

 

|- Concluindo,poste o relatório: OTL.txt << Link ao relatório!

 

 

|- Para enviar,acesse: < MyFile.tk >

 

|- Ou acesse: < >

 

|- Maiores informações: < |Link| >

 

Abraços!

[MateusMTS 0]

O Log que o sr pediu: http://myfile.tk/3/6147OTL.Txt

[DigRam 144]

O Log que o sr pediu: http://myfile.tk/3/6147OTL.Txt

Boa Tarde! MateusMTS

 

|- Baixe: < > ( ... par Xplode )

 

|- Ao acessar,clique na imagem: < >

 

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como

|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".

 

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt

 

A+

[MateusMTS 0]

Relatorio: http://myfile.tk/3/8586AdwCleaner_S1_.txt :thumbsup:

[DigRam 144]

Boa Tarde! MateusMTS

 

|- Baixe: < > ( ... de Thisisu )

 

|- Salve-o no desktop!

|- Para Windows 7,clique direto em JRT.exe e execute-o como

|- Aguarde a conclusão e poste o relatório. ( JRT.txt )

 

A+

[MateusMTS 0]

Boa Tarde SR.DigRam O JRT Log: http://myfile.tk/3/JRT.txt

 

O SR está me ajudando bastante^^.

Estou muito agradecido.

[DigRam 144]

Boa Tarde! MateusMTS

 

|- Como está o computador? Tudo Ok?

 

|- Baixe: < > ( ... par Nicolas Coolman )

 

|- Salve-o no desktop!

|- Desabilite seu antivírus!

|- Caso utilize o Avast,estabeleça esta configuração à SandBox.

|- Para Windows Vista ou 7,clique direito e execute o arquivo como

|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

 

 

|- Além do relatório,teremos no desktop: ZHP_uninstall, MBRCheck, ZHPDiag, ZHPFix

 

 

|- Poste e/ou cole aqui,o link que será gerado,logo após o relatório.

 

|- Ou acesse:

 

|- Ou acesse:

 

|- Maiores informações: < |Link| >

 

A+

[MateusMTS 0]

Boa tarde meu PC está cada vez + otimo^^.

 

http://myfile.tk/3/MBRCheck_11.30.12_17.27.13.txt

[DigRam 144]

Boa tarde meu PC está cada vez + otimo^^.

 

http://myfile.tk/3/MBRCheck_11.30.12_17.27.13.txt

Boa Tarde! MateusMTS

 

Rapport de ZHPDiag v1.31.31 par Nicolas Coolman, Update du 19/10/2012

Run by Helena at 21/11/2012 15:22:29

Web site : http://nicolascoolman.skyrock.com/

State :

UAC : Not Found or deactivate by user

-------

-------

|- O relatório que postou está incorreto! Eis o cabeçalho correto,de um relatório de ZHPDiag,para exemplificar.

 

A+

[MateusMTS 0]

http://myfile.tk/3/2695ZHPDiag.txt esse ta correto?

[DigRam 144]

http://myfile.tk/3/2695ZHPDiag.txt esse ta correto?

Boa Noite! MateusMTS

 

|- O relatório veio correto!

 

-/-

 

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

 

 

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão no Code,para o "Bloco de Notas".

 

P2 - FPN: [HKCU] [vitzo.com/VDownloader] - (...) -- C:\Program Files (x86)\VDownloader\Addons\npVDownloader.dll (.not file.)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: (no name) [64Bits] - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} Orphean Key
O2 - BHO: (no name) [64Bits] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} Orphean Key     
O2 - BHO: (no name) [64Bits] - {5C255C8A-E604-49b4-9D64-90988571CECB} Orphean Key     
O2 - BHO: (no name) [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Orphean Key     
O2 - BHO: (no name) [64Bits] - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Orphean Key     
O2 - BHO: (no name) [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} Orphean Key     
O2 - BHO: (no name) [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} Orphean Key     
O2 - BHO: (no name) [64Bits] - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} Orphean Key     
O4 - HKCU\..\Run: [microsoft] . (...) -- C:\Users\Rosana\AppData\Roaming\Microsoft\microsoft.exe
O4 - HKUS\S-1-5-21-3251023081-4183311539-1761357683-1000\..\Run: [microsoft] . (...) -- C:\Users\Rosana\AppData\Roaming\Microsoft\microsoft.exe
O4 - Global Startup: C:\Users\Rosana\Desktop\Mendes DLL Injector v1.1 - Atalho.lnk . (...)  -- C:\Users\Rosana\Desktop\fail\Mendes DLL Injector v1.1.exe (.not file.)
[MD5.0B8D0B6BE7C1BCD1B845BB01E42BCE89] [sPRF][18/05/2012] (...) -- C:\Users\Rosana\AppData\Roaming\logs.dat   [18362]    => Infection Diverse (Bifrose.Trace)
[MD5.00000000000000000000000000000000] [APT] [Game_Booster_AutoUpdate] (...) -- C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{1DE82984-F9B7-45C3-A094-825A94DC91F3}] (...) -- C:\Users\Rosana\Desktop\Poow\PowerTool By QueVeio.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{41449AA9-78F7-4280-921A-96962C9D71AE}] (...) -- C:\Users\Rosana\Desktop\Turkojan4.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{7583E52C-1C9B-4D7C-B5BA-7AD4EB1AC52D}] (...) -- C:\Users\Rosana\Downloads\CombatArms_BR_2.1109.02_Downloader.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{7CF2EEA4-DB5E-4103-9E5B-1E8A4547D3E2}] (...) -- C:\Program Files (x86)\Photoshop CS3\Tradutor Photoshop CS3 csforum.com.br BY Fdo0.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{9764CF2F-499D-4C61-9B6B-D2A9CF5D0676}] (...) -- C:\Program Files (x86)\InstallShield Installation Information\{284A25AA-96B4-449D-BBA0-D0C97A5E213E}\setup.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{98DB3D77-A32C-473D-AC8F-40356FE5F3A5}] (...) -- C:\Nova pasta\setup.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{A2EC9C4E-37E5-4B9A-AC90-D9A555C94D38}] (...) -- C:\Users\Rosana\Downloads\CombatArms_BR_2.1109.02_Downloader.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{AACFA6AE-AD92-4395-ACE2-6F48B99E3110}] (...) -- C:\Program Files (x86)\FREEYO~1\UNWISE.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{CA6C6621-B375-46BA-8A6E-EF41DBE5CFAB}] (...) -- C:\Users\Rosana\Downloads\Public_DLL_Loader_Setup1_3(1).exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{DCDEAFD3-CE13-423B-9CCB-88E7CE82DD61}] (...) -- C:\Users\Rosana\Downloads\vcredist_x64(1).exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{F06C05AF-2B8A-4268-828B-046B3BD84F40}] (...) -- C:\Users\Rosana\Downloads\Megacubo_8.0.9c.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{F7AF2ABA-40E6-453E-A352-C0380B6D7703}] (...) -- C:\Users\Rosana\Downloads\CombatArms_BR_2.1109.02_Downloader.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{F92DAB37-0B16-40AB-AFC1-527F849317DA}] (...) -- C:\Users\Rosana\Downloads\DrDeleteexeandSourceRARSFX.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{FA30F361-A031-45B4-9D45-ED6674EF40BB}] (...) -- C:\Users\Rosana\Downloads\Public_DLL_Loader_Setup1_3.exe (.not file.)
O43 - CFD: 08/02/2012 - 15:26:04 - [0] ----D C:\Users\Rosana\AppData\Local\._LiveCode_
O43 - CFD: 05/11/2011 - 13:53:55 - [0] ----D C:\Users\Rosana\AppData\Local\Dados de aplicativos
O43 - CFD: 05/11/2011 - 13:53:55 - [0] ----D C:\Users\Rosana\AppData\Local\Histórico
O43 - CFD: 09/09/2012 - 09:07:13 - [0] ----D C:\Users\Rosana\AppData\Local\SCE
O47 - AAKE:Key Export SP - "C:\Level Up! Games\Combat Arms\CombatArms.exe" [Enabled] .(...) -- C:\Level Up! Games\Combat Arms\CombatArms.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Level Up! Games\Combat Arms\Engine.exe" [Enabled] .(...) -- C:\Level Up! Games\Combat Arms\Engine.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\DATAMNGR  [Key] . (...) -- C:\Program Files (x86)\WI3C8A~1\Datamngr\DATAMN~1.exe (.not file.)  
O53 - SMSR:HKLM\...\startupreg\facemoods  [Key] . (...) -- C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (.not file.)    => facemoods.com facemoods Toolbar
O87 - FAEL: "TCP Query User{4551EE38-676D-49ED-81E5-A452F801F8F8}E:\easysetupassistant\wr741n\easysetupassistant.exe" |In - Public - P6 - TRUE | .(...) -- E:\easysetupassistant\wr741n\easysetupassistant.exe (.not file.)
O87 - FAEL: "UDP Query User{5813417B-5B86-41A3-8F17-369C0E6E2A62}E:\easysetupassistant\wr741n\easysetupassistant.exe" |In - Public - P17 - TRUE | .(...) -- E:\easysetupassistant\wr741n\easysetupassistant.exe (.not file.)

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified     
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv]
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Facemoods]

C:\Users\Rosana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif

proxyfix
emptytemp
emptyflash
firewallraz
sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

 

|- Clique no menu,"Paste ClipBoard".

|- Clique em "GO" -> Oui.

 

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

A+

[MateusMTS 0]

Rapport de ZHPFix 1.3.05 par Nicolas Coolman, Update du 09/10/2012
Fichier d'export Registre : 
Run by Rosana at 30/11/2012 23:03:19
Windows 7 Business Edition, 64-bit  (Build 7600)
Web site : http://nicolascoolman.skyrock.com/



========== Registry Key ==========
NOT FOUND Key: Mozilla Plugin: vitzo.com/VDownloader
NOT FOUND Key: CLSID BHO: {7b523e7c-f096-4e36-a0cb-7efeb5c675c1}
NOT FOUND Key: CLSID BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
NOT FOUND Key: CLSID BHO: {5C255C8A-E604-49b4-9D64-90988571CECB}
NOT FOUND Key: CLSID BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
NOT FOUND Key: CLSID BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
NOT FOUND Key: CLSID BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6}
NOT FOUND Key: CLSID BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9}
NOT FOUND Key: CLSID BHO: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}
DELETED Key*:  StartupReg: DATAMNGR
DELETED Key*:  StartupReg: facemoods
DELETED Key: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv
NOT FOUND Key: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Facemoods

========== Registry Value ==========
DELETED RunValue: microsoft
NOT FOUND RunValue: microsoft
DELETED AAKE KeyValue: C:\Level Up! Games\Combat Arms\CombatArms.exe
DELETED AAKE KeyValue: C:\Level Up! Games\Combat Arms\Engine.exe
NOT FOUND TCP Query User{4551EE38-676D-49ED-81E5-A452F801F8F8}E:/easysetupassistant/wr741n/easysetupassistant.exe
NOT FOUND UDP Query User{5813417B-5B86-41A3-8F17-369C0E6E2A62}E:/easysetupassistant/wr741n/easysetupassistant.exe
ProxyFix : Proxy killed successfully
DELETED ProxyServer Value
DELETED ProxyEnable Value
DELETED EnableHttp1_1 Value
DELETED ProxyHttp1.1 Value
DELETED ProxyOverride Value
No Value in Standard Profile Register Key FirewallRaz : 
No Value in Domain Profile Register Key FirewallRaz : 
DELETED FirewallRaz (None) : {6C3CFCD9-91FE-4CE3-93C8-5AEEE09242B1}
DELETED FirewallRaz (Public) : TCP Query User{4551EE38-676D-49ED-81E5-A452F801F8F8}E:\easysetupassistant\wr741n\easysetupassistant.exe
DELETED FirewallRaz (Public) : UDP Query User{5813417B-5B86-41A3-8F17-369C0E6E2A62}E:\easysetupassistant\wr741n\easysetupassistant.exe

========== Registry Data Items ==========
REMOVED R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL
REPLACED Value NoActiveDesktopChanges :   Good (0) - Bad (1)

========== Repertory ==========
DELETED Folder: C:\Users\Rosana\AppData\Local\._LiveCode_
NOT FOUND C:\Users\Rosana\AppData\Local\Dados de aplicativos
NOT FOUND C:\Users\Rosana\AppData\Local\Histórico
DELETED Folder: C:\Users\Rosana\AppData\Local\SCE
DELETED Folder: c:\users\rosana\appdata\local\google\chrome\user data\default\extensions\ihflimipbcaljfnojhhknppphnnciiif
DELETED Window Temporary:
DELETED Flash Cookies:

========== File ==========
NOT FOUND File: c:\program files (x86)\vdownloader\addons\npvdownloader.dll
DELETED File: c:\users\rosana\appdata\roaming\microsoft\microsoft.exe
NOT FOUND File: c:\users\rosana\appdata\roaming\microsoft\microsoft.exe
NOT FOUND File: c:\users\rosana\desktop\mendes dll injector v1.1 - atalho.lnk
NOT FOUND File: c:\users\rosana\desktop\fail\mendes dll injector v1.1.exe
DELETED File: C:\Users\Rosana\AppData\Roaming\logs.dat
DELETED File***: c:\users\rosana\appdata\roaming\logs.dat
NOT FOUND File: c:\level up! games\combat arms\combatarms.exe
NOT FOUND File: c:\level up! games\combat arms\engine.exe
DELETED Window Temporary:
DELETED Flash Cookies:

========== Task ==========
DELETED Task: Game_Booster_AutoUpdate
DELETED Task: {1DE82984-F9B7-45C3-A094-825A94DC91F3}
DELETED Task: {41449AA9-78F7-4280-921A-96962C9D71AE}
DELETED Task: {7583E52C-1C9B-4D7C-B5BA-7AD4EB1AC52D}
DELETED Task: {7CF2EEA4-DB5E-4103-9E5B-1E8A4547D3E2}
DELETED Task: {9764CF2F-499D-4C61-9B6B-D2A9CF5D0676}
DELETED Task: {98DB3D77-A32C-473D-AC8F-40356FE5F3A5}
DELETED Task: {A2EC9C4E-37E5-4B9A-AC90-D9A555C94D38}
DELETED Task: {AACFA6AE-AD92-4395-ACE2-6F48B99E3110}
DELETED Task: {CA6C6621-B375-46BA-8A6E-EF41DBE5CFAB}
DELETED Task: {DCDEAFD3-CE13-423B-9CCB-88E7CE82DD61}
DELETED Task: {F06C05AF-2B8A-4268-828B-046B3BD84F40}
DELETED Task: {F7AF2ABA-40E6-453E-A352-C0380B6D7703}
DELETED Task: {F92DAB37-0B16-40AB-AFC1-527F849317DA}
DELETED Task: {FA30F361-A031-45B4-9D45-ED6674EF40BB}

========== Restoration ==========
Restore System Point created succefully


========== Summary ==========
13 : Registry Key
17 : Registry Value
2 : Registry Data Items
7 : Repertory
11 : File
15 : Task
1 : Restoration


End of clean in 01mn 25s

========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 30/11/2012 23:03:30 [4629]

[DigRam 144]

Boa Noite! MateusMTS

 

|- Abra o OTL.exe -> Clique em Limpeza. <-- Confirme!

|- Ps: O computador irá reiniciar!

 

|- Execute escaneamento online em | |

|- Utilize o navegador "Internet Explorer",para essa tarefa!

 

 

|- Siga,conforme a imagem,essa verificação ou scan.

 

 

|- Ao concluir,clique em "List of found threats" >> "Export to text file"

|- Salve esse texto no desktop,com o nome: Esetlog

|- Ps: Caso nada seja detectado,não teremos relatório ou lista presente.

|- Poste o relatório que estará no desktop! ( Esetlog.txt )

 

A+

[wings 22]

Tópico Arquivado

 

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.