[Resolvido] &nbspAnálise de log

[MasterFuxi 0]

Olá. Gostaria de uma análise no log do HiJackThis, por gentileza.

 

 

HiJackThis

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 02:28:16, on 30/01/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\System32\VTTimer.exe

C:\Windows\System32\VTTrayp.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\SOUNDMAN.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Windows\System32\mmrtkrnl.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Users\gaspar\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Users\gaspar\AppData\Roaming\VIVO INTERNET\ouc.exe

C:\Windows\system32\wuauclt.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fissa.com/br/?s=h&c=12031713428&suid=Eu2QtmY2U&d=8&pid=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.certified-toolbar.com?si=41460&home=true&tid=2937

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\gaspar\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED

O4 - Startup: Dropbox.lnk = gaspar\AppData\Roaming\Dropbox\bin\Dropbox.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLM\System\CCS\Services\Tcpip\..\{61FA8882-2F70-4DEE-8D1F-C1C7CCE6127A}: NameServer = 200.222.122.134 200.165.132.155

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

--

End of file - 7640 bytes

[DigRam 144]

Bom Dia! MasterFuxi

 

|- O que ocorre?

 

-/-

 

|- Baixe: < > ( ... by OldTimer Tools )

|- Salve-o no desktop!
|- Duplo clique em OTL.exe >> Executar ou

|- Ps: Tendo dificuldades ao executar OTL.exe,delete o arquivo e baixe-o daqui ou aqui.



|- Configure a ferramenta,segundo a screenshot!
|- Em "Exame Extra do Registro",assinale "Nenhum".

*crack* /s
*keygen* /s
*serial* /s
*AutoKMS* /s
*loader* /s
*netsvcs*
*msconfig*
%SYSTEMDRIVE%\*.*
%APPDATA%\Local\*.
%APPDATA%\*.exe /s
%APPDATA%\*.
%systemdrive%\drivers\*.exe
%USERPROFILE%\AppData\Local\*.*
%USERPROFILE%\AppData\Roaming\*.*
%systemroote%\*. /mp /s
%systemroot%\system32\drivers\*.* /90
%systemroot%\assembly\tmp\*.* /S /MD5
%systemroot%\assembly\temp\*.* /S /MD5
%systemroot%\assembly\GAC\*.* /S /MD5
%systemroot%\assembly\GAC_32\*.* /S /MD5
%systemroot%\assembly\GAC_64\*.* /S /MD5
%systemroot%\system32\config\systemprofile\AppData\Local\*.*
%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*
%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
/md5start
services.exe
/md5stop
regedit /e c:\registrybackup.reg /c
%systemroot%\system32\tasks\*.* /s /64
%windir%\tasks\*.* /s

|- Copie estas informações que estão no Code,para o Bloco de Notas.
|- Salve-as em Meus Documentos ou desktop,com o nome scan. << Texto!
|- Clique na área "Exames Personalizados/Correções".



|- Clique em Ok para procurar um arquivo com exame personalizado.
|- Clique "Abrir". ( scan.txt )



|- Após colar as informações na área branca,clique em

|- Concluindo,poste o relatório: OTL.txt << Link ao relatório!



|- Para enviar,acesse: < MyFile.tk >

|- Ou acesse: < >

|- Maiores informações: < |Link| >

Abraços!

 

[MasterFuxi 0]

Olá. Só queria saber se tem alguma coisa anormal no log.

 

 

OTL

 

http://cjoint.com/?CAEr4Li4m8Q

 

Obs: Já estou ciente da memória baixa.

[DigRam 144]

Boa Noite! MasterFuxi

MasterFuxi, em 30/01/2013, disse: Obs: Já estou ciente da memória baixa.

__________

735,30 Mb Total Physical Memory | 54,91 Mb Available Physical Memory | 7,47% Memory free

__________

|- Sim!Realmente,está baixa.

-/-

|- Execute o OTL.exe.

|- Copie estas informações que estão no Code,para o campo clipboard da ferramenta. ( "Exames Personalizados/Correções" )

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.fissa.com/br/?s=h&c=12031713428&suid=Eu2QtmY2U&d=8&pid=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110808&tt=3612_4&babsrc=SP_ss&mntrId=3805bd9e000000000000000000000000
IE - HKCU\..\SearchScopes\{509489F6-6383-250E-9923-6CA2B0545982}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_pt-BRBR479
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
IE - HKCU\..\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}: "URL" = http://www.fissa.com/br/results/?s=b&c=12031713428&suid=Eu2QtmY2U&d=8&pid=&q={searchTerms}
IE - HKCU\..\SearchScopes\{F0762484-E94E-4171-A443-B08BDB266288}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MYC2&o=APN10416&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AIT&apn_dtid=^zzz002^YY^BR&apn_uid=865341e0-375c-49de-98b2-8113a5f1198f&apn_sauid=8879CDCE-5EE3-456C-988A-B577E0CBE9CA
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
O33 - MountPoints2\{cd3c72cd-ac2b-11e1-96e3-0019216aa339}\Shell - "" = AutoRun
O33 - MountPoints2\{cd3c72cd-ac2b-11e1-96e3-0019216aa339}\Shell\AutoRun\command - "" = F:\AutoRun.exe
[2012/10/07 12:58:17 | 000,290,500 | ---- | C] () -- C:\Users\gaspar\AppData\Local\funmoods-speeddial_sf.crx
[2012/10/07 12:58:12 | 000,031,465 | ---- | C] () -- C:\Users\gaspar\AppData\Local\funmoods.crx
[1 \Users\gaspar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QOZVKAO8\*.tmp files -> \Users\gaspar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QOZVKAO8\*.tmp -> ]
[3 \Users\gaspar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TFW00X45\*.tmp files -> \Users\gaspar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TFW00X45\*.tmp -> ]
 
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{509489F6-6383-250E-9923-6CA2B0545982}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{509489F6-6383-250E-9923-6CA2B0545982}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F0762484-E94E-4171-A443-B08BDB266288}]
 
 
:Files
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\*.sqm
C:\Users\gaspar\AppData\Local\{*}
 
:Commands 
[CLEARALLRESTOREPOINTS]
[purity] 
[emptytemp] 
[Reboot]

|- Clique no botão Consertar -> Aguarde a conclusão!

|- O computador vai reiniciar! -> Clique em "Executar".

|- Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar.

|- Poste o relatório: C:\_OTL\MovedFiles\*.log

A+

[MasterFuxi 0]

Boa tarde. Aqui está:

 

OTL

 

http://cjoint.com/?CAFrx6fsO7I

[DigRam 144]

Boa Tarde! MasterFuxi

|- Baixe: < > ( ... par Xplode )

|- Ao acessar,clique na imagem: < >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como
|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".



|- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt

-/-

|- Baixe: < > ( ... par Nicolas Coolman )

|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Caso utilize o Avast,estabeleça esta configuração à SandBox.
|- Para Windows Vista ou 7,clique direito e execute o arquivo como
|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!



|- Além do relatório,teremos no desktop: ZHP_uninstall, MBRCheck, ZHPDiag, ZHPFix



|- Poste e/ou cole aqui,o link que será gerado,logo após o relatório.

|- Ou acesse:

|- Ou acesse:

|- Maiores informações: < |Link| >

A+

[MasterFuxi 0]

Boa tarde. aqui está:

 

AdwCleaner

 

# AdwCleaner v2.109 - Logfile created 01/31/2013 at 15:52:13

# Updated 26/01/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)

# User : gaspar - GASPAR-PC

# Boot Mode : Normal

# Running from : C:\Users\gaspar\Downloads\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\END

File Deleted : C:\user.js

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\Users\gaspar\AppData\Local\APN

Folder Deleted : C:\Users\gaspar\AppData\Roaming\Babylon

Folder Deleted : C:\Users\gaspar\AppData\Roaming\FissaSearch

Folder Deleted : C:\Windows\Installer\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\FissaSearch

Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\PIP

Key Deleted : HKCU\Software\ProtectedSearch

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\Software\AedgePerformanceBCN

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1

Key Deleted : HKLM\Software\Classes\Installer\Features\BA172DB42E6685D4FA8808EFB370074C

Key Deleted : HKLM\Software\Classes\Installer\Products\BA172DB42E6685D4FA8808EFB370074C

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Deleted : HKLM\Software\FissaSearch

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BA172DB42E6685D4FA8808EFB370074C

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}

Key Deleted : HKLM\Software\PIP

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.56

File : C:\Users\gaspar\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.16] : urls_to_restore_on_startup = [ "hxxp://www.google.com.br/", "hxxp://searchfunmoods.com/?f=[...]

Deleted [l.4199] : urls_to_restore_on_startup = [ "hxxp://www.google.com.br/", "hxxp://searchfunmoods.com/?f=1&a[...]

*************************

AdwCleaner[s1].txt - [3955 octets] - [31/01/2013 15:52:13]

########## EOF - C:\AdwCleaner[s1].txt - [4015 octets] ##########

ZHPDiag

Quando instalei, na hora de gerar o relatório, apareceu o seguinte erro.

[DigRam 144]

Boa Noite! MasterFuxi

|- Verifique se ZHPDiag2,ao executar,gera relatório.

|- Baixe: < > ( ... de Thisisu )

|- Salve-o no desktop!

|- Para Windows 7,clique direito em JRT.exe e execute-o como

|- Aguarde a conclusão e poste o relatório. ( JRT.txt )

|- Baixe: | ZHPDiag2 | *ºº* < > ( ... de Nicolas Coolman )

|- Salve-o no desktop!

|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

|- Confirme todos os passos,ao instalar ZHPDiag.

|- Conclua a instalação,clicando em "Termine".

|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:

|- <1> MBRCheck

|- <2> ZHPDiag2

|- <3> ZHPFix

|- Clique no ícone do pergaminho. ( ZHPScript )

|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )

|- Habilite todas as opções de diagnóstico,clicando em "Options".

|- Clique em All.

|- Desmarque,à seguir,as de n° O45,O61,O62,O65,O82.

|-

|- Clique em "Calendar" e escolha 30 dias!

|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )

|- Ao concluir,clique em "Save Report".

|- Ps: Salve-o em um local conveniente!

|- Anexe na sua resposta,ZHPDiag.txt. ( Coloque-o em um zip! )

|- Ps: Não poste,diretamente,esse arquivo texto.

|- Envie-o à Pjjoint.malekal,clicando na seta azul! < >

|- Ou acesse: < > ( Tire-o do zip ao enviar! )

|- Maiores informações: < |Link| >

A+

[MasterFuxi 0]

Boa tarde. Depois de ter gerado o relatório do ZHPDiag, o Google Chrome está fechando sem parar, mostrando a mensagem "Nossa! Houve uma falha no Google Chrome. Deseja reiniciar agora?"

Tive que escrever essa resposta no bloco de notas e colar no post, senão não iria conseguir. Talvez tenha acontecido algo a algum arquivo do Chrome.

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.5.8 (01.31.2013:1)

OS: Windows 7 Ultimate x86

Ran by gaspar on 01/02/2013 at 13:15:29,48

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{cc59e0f9-7e43-44fa-9faa-8377850bf205}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{cc59e0f9-7e43-44fa-9faa-8377850bf205}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\gaspar\appdata\local\downtango"

Successfully deleted: [Folder] "C:\Users\gaspar\appdata\locallow\simplytech"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 01/02/2013 at 13:21:39,77

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ZHPDiag2

http://cjoint.com/?CBbq1R40R9g

[DigRam 144]

Boa Tarde! MasterFuxi

Boa tarde. Depois de ter gerado o relatório do ZHPDiag, o Google Chrome está fechando sem parar, mostrando a mensagem "Nossa! Houve uma falha no Google Chrome. Deseja reiniciar agora?"

Tive que escrever essa resposta no bloco de notas e colar no post, senão não iria conseguir. Talvez tenha acontecido algo a algum arquivo do Chrome.

|- Mas...ZHPDiag foi executado em modo diagnóstico e não poderia afetar o navegador. Ps: Fechou o Chrome ao executar a ferramenta?

 

-/-

 

|- Feche programas/pastas que estejam abertos.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

 

 

|- Dê um duplo clique em ZHPFix.

|- Selecione e copie estas informações,que estão na Quote,para o "Bloco de Notas".

[MD5.98B31CBC09D671DADEB7C92AEF1CBE29] - (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Users\gaspar\AppData\Roaming\VIVO INTERNET\ouc.exe [110592] [PID.2004]

O4 - Global Startup: C:\Users\gaspar\Desktop\[PSX] Castlevania.Symphony.Of.The.Night.NTSC.US - Atalho.lnk . (...) -- C:\Users\gaspar\Desktop\[PSX] Castlevania.Symphony.Of.The.Night.NTSC.US.rar (.not file.)

O43 - CFD: 16/04/2012 - 00:43:29 - [0] ----D C:\Users\gaspar\AppData\Local\Dados de aplicativos

O43 - CFD: 07/11/2012 - 11:14:15 - [0] ----D C:\Users\gaspar\AppData\Local\FLT

O43 - CFD: 16/04/2012 - 00:43:29 - [0] ----D C:\Users\gaspar\AppData\Local\Histórico

O43 - CFD: 21/01/2013 - 13:16:11 - [0] ----D C:\Users\gaspar\AppData\Local\Programs

O43 - CFD: 31/01/2013 - 14:16:42 - [0] ----D C:\Users\gaspar\AppData\Local\{68FCD0B4-F7B9-43B7-964F-4EC65004121E}

O43 - CFD: 31/01/2013 - 15:56:14 - [0] ----D C:\Users\gaspar\AppData\Local\{6F9C4449-FB6A-4EF9-AF4A-612089730E22}

O43 - CFD: 24/11/2012 - 17:44:49 - [0,013] ----D C:\Users\gaspar\AppData\Roaming\teamspeak2 => Toolbar.Conduit

O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Web Search) - http://search.certified-toolbar.com => Infection BT (Adware.Bandoo)

O87 - FAEL: "TCP Query User{94AFAC84-3939-4AF1-BB56-8D62112CC399}F:\fxpansion\guru\guru.exe" |In - Private - P6 - TRUE | .(...) -- F:\fxpansion\guru\guru.exe (.not file.)

O87 - FAEL: "UDP Query User{99B10B7B-52F5-4635-968C-B830D5ABBFDF}F:\fxpansion\guru\guru.exe" |In - Private - P17 - TRUE | .(...) -- F:\fxpansion\guru\guru.exe (.not file.)

 

[HKLM\Software\360Safe] => Infection Diverse (Lozavita.Troj)

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

 

proxyfix

emptytemp

emptyflash

firewallraz

sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

 

|- Clique no menu,"Paste ClipBoard".

|- Clique em "GO" -> Oui.

 

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

A+

[MasterFuxi 0]

Boa tarde. Reiniciei a máquina e o navegador voltou a funcionar normalmente.

 

 

ZHPFix

 

Rapport de ZHPFix 1.3.13 par Nicolas Coolman, Update du 26/01/2013

Fichier d'export Registre :

Run by gaspar at 01/02/2013 15:27:26

Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)

========== Memory Process ==========

DELETED Memory Process: C:\Users\gaspar\AppData\Roaming\VIVO INTERNET\ouc.exe

========== Registry Key ==========

DELETED Key: SearchScopes :{afdbddaa-5d3f-42ee-b79c-185a7020515b}

DELETED Key: HKLM\Software\360Safe

========== Registry Value ==========

NOT FOUND TCP Query User{94AFAC84-3939-4AF1-BB56-8D62112CC399}F:/fxpansion/guru/guru.exe

NOT FOUND UDP Query User{99B10B7B-52F5-4635-968C-B830D5ABBFDF}F:/fxpansion/guru/guru.exe

DELETED [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

No Value in Standard Profile Register Key FirewallRaz :

No Value in Domain Profile Register Key FirewallRaz :

DELETED FirewallRaz (Private) : TCP Query User{94AFAC84-3939-4AF1-BB56-8D62112CC399}F:\fxpansion\guru\guru.exe

DELETED FirewallRaz (Private) : UDP Query User{99B10B7B-52F5-4635-968C-B830D5ABBFDF}F:\fxpansion\guru\guru.exe

DELETED FirewallRaz (Domain) : {FC64CA27-A471-4BB2-AD58-E75FC961A5EE}

DELETED FirewallRaz (Domain) : {54C286E2-61F7-4754-9092-43C4D1B07806}

DELETED FirewallRaz (Public) : {D183F2A0-FE1C-4C64-AFFD-35E1B0A6D2CD}

DELETED FirewallRaz (Public) : {3CF81599-D2B2-4EA6-8E95-6A4954A76BAF}

DELETED FirewallRaz (Domain) : {2C0C99F8-C0FB-445C-8CC9-FCBD4D41BDDA}

DELETED FirewallRaz (Domain) : {980BA63E-4ECF-44B5-9478-2BE2272E2FA8}

DELETED FirewallRaz (Domain) : {E8340205-AF6B-4DC4-ACE1-BE172A4F7B94}

DELETED FirewallRaz (Domain) : {5B1A1AC2-6D67-4A1A-8B1E-EB34664A41FF}

DELETED FirewallRaz (Public) : {35A4B21E-9A19-4096-AEB4-C1D04FC96114}

DELETED FirewallRaz (Public) : {2ABB16A8-B3C2-4526-8FB3-EE9B581AA515}

DELETED FirewallRaz (Public) : {A86C9498-3E35-4AC0-B319-D897EBCFBF60}

DELETED FirewallRaz (Public) : {FDFD5A70-095D-451F-83FA-57D555AF2714}

========== Repertory ==========

NOT FOUND C:\Users\gaspar\AppData\Local\Dados de aplicativos

DELETED Folder: C:\Users\gaspar\AppData\Local\FLT

NOT FOUND C:\Users\gaspar\AppData\Local\Histórico

DELETED Folder: C:\Users\gaspar\AppData\Local\Programs

DELETED Folder: C:\Users\gaspar\AppData\Local\{68FCD0B4-F7B9-43B7-964F-4EC65004121E}

DELETED Folder: C:\Users\gaspar\AppData\Local\{6F9C4449-FB6A-4EF9-AF4A-612089730E22}

DELETED Folder: C:\Users\gaspar\AppData\Roaming\teamspeak2

DELETED Window Temporary:

DELETED Flash Cookies:

========== File ==========

DELETED File***: c:\users\gaspar\appdata\roaming\vivo internet\ouc.exe

DELETED c:\users\gaspar\desktop\[psx] castlevania.symphony.of.the.night.ntsc.us - atalho.lnk

NOT FOUND File: c:\users\gaspar\desktop\[psx] castlevania.symphony.of.the.night.ntsc.us.rar (.not file.)

DELETED Window Temporary:

DELETED Flash Cookies:

========== Restoration ==========

Restore System Point created succefully

========== Summary ==========

1 : Memory Process

2 : Registry Key

25 : Registry Value

9 : Repertory

5 : File

1 : Restoration

End of clean in 01mn 31s

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 01/02/2013 15:27:29 [3300]

[DigRam 144]

Boa Tarde! MasterFuxi

 

|- Poste HijackThis atualizado!

 

A+

[MasterFuxi 0]

Boa tarde. Aqui está:

 

HiJackThis

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:08:24, on 01/02/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Windows\System32\VTTimer.exe

C:\Windows\System32\VTTrayp.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\SOUNDMAN.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\System32\mmrtkrnl.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Users\gaspar\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\wuauclt.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\gaspar\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED

O4 - Startup: Dropbox.lnk = gaspar\AppData\Roaming\Dropbox\bin\Dropbox.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLM\System\CCS\Services\Tcpip\..\{61FA8882-2F70-4DEE-8D1F-C1C7CCE6127A}: NameServer = 200.222.122.134 200.165.132.155

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

--

End of file - 6002 bytes

[DigRam 144]

Boa Noite! MasterFuxi

 

|- Abra o HijackThis.

|- Clique: Do a system scan only

 

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

 

|- Marque esta entrada àcima.

|- Clique,para finalizá-la,em Fix checked >> Sim!

 

-/-

 

|- Estando tudo Ok,remova as ferramentas que foram utilizadas!

|- Abra o OTL.exe >> Clique

|- Confirme essa solicitação!

|- Aceite o reboot!

|- Seus logs estão limpos!

 

A+

[MasterFuxi 0]

Boa noite. Obrigado pela ajuda.

 

Problema resolvido!

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.