Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Boa noite, venha pedir ajuda novamente para analisarem o computador da minha esposa.
Segue o log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:37:03, on 17/09/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Dolby PCEE4\pcee4.exe
C:\Program Files\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\PSafe\PSafeSysTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\PSafe\Protege\psprotege.exe
C:\Program Files\PSafe\PSafeWDS.exe
C:\Positivo\Deskmedia\GerenciadorLocal.exe
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Users\Gabriela\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gabriela\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gabriela\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gabriela\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gabriela\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gabriela\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gabriela\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gabriela\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gabriela\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gabriela\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goncalvesgrill.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyCtD0DzztCzytByBtCtDyEzytC0FzzyCtN0D0Tzu0StByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=666777870
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Gabriela\AppData\Roaming\Complitly\Complitly.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~1\Funmoods\1.5.23.22\bh\escort.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~1\Funmoods\1.5.23.22\escorTlbr.dll
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE4
O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [suiteTray] "C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files\Acer\clear.fi\Movie\clear.fiMovieService.exe"
O4 - HKLM\..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [PSafeSysTray] "C:\Program Files\PSafe\PSafeSysTray.exe"
O4 - HKLM\..\Run: [VDownloader] "C:\Program Files\VDownloader\VDownloader.exe" /silent
O4 - HKLM\..\Run: [Deskmedia] C:\Positivo\Deskmedia\GerenciadorLocal.exe"
O4 - HKLM\..\Run: [Deskmedia2] "C:\Positivo\Deskmedia\InstaladorLite.exe"
O4 - HKLM\..\Run: [Deskmedia3] "C:\Positivo\Deskmedia\GerenciadorLocal.exe"
O4 - HKLM\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Gabriela\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files\Acer\Registration\GREGsvc.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: PSafeLockBoxSvc - PSafe - C:\Program Files\PSafe\PSafeCategoryFinder.exe
O23 - Service: PSafeSVC - PSafe S/A - C:\Program Files\PSafe\PSafesvc.exe
O23 - Service: PSafeWD - PSafe - C:\Program Files\PSafe\PSafeWD.exe
O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files\Scpad\scpVista.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
--
End of file - 11361 bytes
Boa noite....
Segue o log.
\obrigado
*** [services] ***
*** [Files / Folders] ***
File Deleted : C:\Users\Gabriela\AppData\Local\funmoods.crx
File Deleted : C:\Users\Gabriela\AppData\Local\funmoods-speeddial.crx
Folder Deleted : C:\Program Files\Complitly
Folder Deleted : C:\Program Files\DealPly
Folder Deleted : C:\Program Files\Funmoods
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Deleted : C:\Users\Gabriela\AppData\Local\APN
Folder Deleted : C:\Users\Gabriela\AppData\Local\Babylon
Folder Deleted : C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Folder Deleted : C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Folder Deleted : C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
Folder Deleted : C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Folder Deleted : C:\Users\Gabriela\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Gabriela\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Gabriela\AppData\Roaming\Complitly
Folder Deleted : C:\Users\Gabriela\AppData\Roaming\OpenCandy
*** [Registry] ***
Key Deleted : HKCU\Software\Complitly
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\DealPly
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
*** [internet Browsers] ***
-\\ Internet Explorer v9.0.8112.16421
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyCtD0DzztCzytByBtCtDyEzytC0FzzyCtN0D0Tzu0StByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=666777870 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page] = hxxp://br.ask.com/?l=dis&o=15383 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyCtD0DzztCzytByBtCtDyEzytC0FzzyCtN0D0Tzu0StByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=666777870 --> hxxp://www.google.com
-\\ Google Chrome v21.0.1180.89
File : C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.13] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=44444&babsrc=HP_ss&mntrId=00651f8600000000000060d819271049", "hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyCtD0DzztCzytByBtCtDyEzytC0FzzyCtN0D0Tzu0StByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=666777870" ]
Deleted [l.45] : icon_url = "hxxp://start.funmoods.com/favicon.ico",
Deleted [l.48] : keyword = "funmoods.com",
Deleted [l.51] : search_url = "hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyCtD0DzztCzytByBtCtDyEzytC0FzzyCtN0D0Tzu0StByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=666777870",
Deleted [l.1633] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=44444&babsrc=HP_ss&mntrId=00651f8600000000000060d819271049", "hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyCtD0DzztCzytByBtCtDyEzytC0FzzyCtN0D0Tzu0StByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=666777870" ]
*************************
AdwCleaner[s1].txt - [10363 octets] - [17/09/2012 23:11:23]
########## EOF - C:\AdwCleaner[s1].txt - [10424 octets] ##########
Segue o link: http://pjjoint.malekal.com/files.php?read=ZHPDiag_20120918_q6o5m13p9j7
Boa Noite! leandro aislan
|- Feche programas/pastas que estejam abertos.
|- Feche,também,o navegador!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPFix_Logo.jpg&key=e1490e388cb3365073cd3d8484ad299330f9c980ec992ca5e2d4b57fd46b5d7b" alt="ZHPFix_Logo.jpg" />
|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".
>
P2 - FPN: [HKLM] [@WildTangent.com/GamesAppPresenceDetector,Version=1.0] - (...) -- C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dllO4 - HKLM\..\Run: [Deskmedia2] C:\Positivo\Deskmedia\InstaladorLite.exe (.not file.)
O42 - Logiciel: FATE - (.WildTangent.) [HKLM] -- WTA-3eba207b-5589-4880-8b81-04d67ba9e09d => WildTangent Game
O42 - Logiciel: John Deere Drive Green - (.WildTangent.) [HKLM] -- WTA-1b168b65-92c6-4377-a07d-7954c3fc7a7e => WildTangent
O42 - Logiciel: Polar Bowler - (.WildTangent.) [HKLM] -- WTA-695de64e-6537-4bc9-949d-04093b8ac443 => WildTangent Game
O42 - Logiciel: Slingo Deluxe - (.WildTangent.) [HKLM] -- WTA-1066cb8a-461f-44ed-9b77-1a06c9781f19 => WildTangent Game
O43 - CFD: 17/10/2011 - 14:33:44 - [8,659] ----D C:\Program Files\WildTangent Games => WildTangentO43 - CFD: 07/05/2012 - 09:58:47 - [0] ----D C:\Users\Gabriela\AppData\Local\Dados de aplicativos
O43 - CFD: 07/05/2012 - 09:58:47 - [0] ----D C:\Users\Gabriela\AppData\Local\Histórico
O69 - SBI: SearchScopes [HKCU] {1A5801B3-1C69-5163-4FEA-0CDFAB897A3A} - (Search the web (Babylon)) - http://search.babylon.com
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files\WildTangent Games\App\GamesAppService.exe
SS - | Demand 12/10/2010 206072 | (gpsvc) . (.WildTangent, Inc..) - C:\Program Files\WildTangent Games\App\GamesAppService.exe
[MD5.00000000000000000000000000000000] [APT] [DealPlyUpdate] (...) -- C:\Program Files\DealPly\DealPlyUpdate.exe (.not file.) => Infection PUP (PUP.DealPly)
[HKLM\Software\360Safe] => Infection Diverse (Lozavita.Troj)proxyfix
emptytemp
emptyflash
firewallraz
sysrestore
|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
|- Minimize o Bloco de Notas.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_PasteClipboard.jpg&key=e48613cfa6f79756d0d3087d1f9470f91a4d063f3d1285295d93d87cacbfb63d" alt="ZHPDiag_PasteClipboard.jpg" />
|- Clique no menu,"Paste ClipBoard".
|- Clique em "GO" -> Oui.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPFix_GO.jpg&key=558fe81face1e694faa61f1e0c3985db203e8ad910d59aa68f5da5f2fd114f02" alt="ZHPFix_GO.jpg" />
|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt
Abs!
Bom dia segue o log:
Rapport de ZHPFix 1.2.06 par Nicolas Coolman, Update du 17/05/2012
Fichier d'export Registre :
Run by Gabriela at 23/09/2012 09:58:10
Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Web site : http://nicolascoolman.skyrock.com/
========== Software ==========
NOT FOUND Uninstall Process: c:\program files\acer games\fate\uninstall\uninstaller.exe
NOT FOUND Uninstall Process: c:\program files\acer games\john deere drive green\uninstall\uninstaller.exe
NOT FOUND Uninstall Process: c:\program files\acer games\polar bowler\uninstall\uninstaller.exe
NOT FOUND Uninstall Process: c:\program files\acer games\slingo deluxe\uninstall\uninstaller.exe
========== Registry Key ==========
DELETED Key: Mozilla Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0
DELETED Key*: SearchScopes :{1A5801B3-1C69-5163-4FEA-0CDFAB897A3A}
DELETED Key: Service: GamesAppService
DELETED Key: Service: gpsvc
DELETED Key: HKLM\Software\360Safe
========== Registry Value ==========
NOT FOUND RunValue: Deskmedia2
ProxyFix : Proxy killed successfully
DELETED ProxyServer Value
DELETED ProxyEnable Value
DELETED EnableHttp1_1 Value
DELETED ProxyHttp1.1 Value
DELETED ProxyOverride Value
No Value in Standard Profile Register Key FirewallRaz :
No Value in Domain Profile Register Key FirewallRaz :
No Value in Firewall Exception Register Key (FirewallRaz)
========== Repertory ==========
DELETE on Reboot Folder**: C:\Program Files\WildTangent Games
NOT FOUND C:\Users\Gabriela\AppData\Local\Dados de aplicativos
NOT FOUND C:\Users\Gabriela\AppData\Local\Histórico
DELETED Window Temporary:
DELETED Flash Cookies:
========== File ==========
DELETE on Reboot c:\program files\wildtangent games\app\browserintegration\registered\0\np_wtapp.dll
NOT FOUND File: c:\positivo\deskmedia\instaladorlite.exe
DELETE on Reboot c:\program files\wildtangent games\app\gamesappservice.exe
DELETED Window Temporary:
DELETED Flash Cookies:
========== Task ==========
NOT FOUND Task: DealPlyUpdate
========== Restoration ==========
Restore System Point not created
========== Summary ==========
5 : Registry Key
10 : Registry Value
5 : Repertory
5 : File
4 : Software
1 : Task
1 : Restoration
End of clean in 00mn 32s
========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 23/09/2012 09:58:10 [2383]
Bom Dia! leandro aislan
|- Baixe e execute este arquivo: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/WTRemover_zps33ff045b.jpg&key=f8aa0e0768f7a44e620e0b842de90bf028647719bba68d5e04f81a3e5aa2d52b" alt="WTRemover_zps33ff045b.jpg" /> > <- Mirror!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/ZHP_uninstall_zps01617da3.jpg&key=4c72f6071ce1a6017cbd38c7d970b405f7ad80ff93aa3ea6619a232702a6b035" alt="ZHP_uninstall_zps01617da3.jpg" />
|- Desinstale ZHPDiag,clicando em "ZHP_uninstall".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Uninstall2.jpg&key=a9e703e726fc1f13cd20ff066e475a995646652ce2e7d66ac03b110ebe5a8322" alt="AdwCleaner_Uninstall2.jpg" />
|- Abra a ferramenta AdwCleaner e clique em "Uninstall".
-/-
|- Seus logs estão limpos!
|- Tudo Ok?
Abs!
Boa Noite obrigado.......
Tudo ok aparentemente.....
Muito obrigado mesmo...
Leandro
PROBLEMA RESOLVIDO
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Boa Noite! leandro aislan
|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/adwcleaner_logo.jpg&key=e2bde0dd8c13fd52e18ca6fc88e8f2d73040a387059f8bc22a53202f0de6f95f" alt="adwcleaner_logo.jpg" /> > ( ... par Xplode )
|- Ao acessar,clique na imagem: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Tlcharger.jpg&key=2319bbcd35144166c25768473f26c7f193a7ab5036b9479bd1465d8257d6f6b2" alt="AdwCleaner_Tlcharger.jpg" /> >
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".
|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/AdwCleaner_Delete.jpg&key=75f446191cf36528cf6179827354e5d573f05557fda01df5a7ea91d29f5b7dee" alt="AdwCleaner_Delete.jpg" />
|- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt
|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_Silent.jpg&key=b108c6f3da4b9ebe004c6fc63c6e29fc4f2043056612e16f58c8a6da9600eaea" alt="ZHPDiag_Silent.jpg" /> > ( ... par Nicolas Coolman )
|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Caso utilize o Avast,estabeleça esta configuração à SandBox.
|- Para Windows Vista ou 7,clique direito e execute o arquivo como administrador.
|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_4cones.jpg&key=1fa875282159446f710d915aa0f19515c10ea929b8487f1466b6ce34a529ae11" alt="ZHPDiag_4cones.jpg" />
|- Além do relatório,teremos no desktop: ZHP_uninstall, MBRCheck, ZHPDiag, ZHPFix
|- Poste e/ou cole aqui,o link que foi gerado!
Abs!