[Resolvido] &nbspMeu E-mail está enviando Vírus

[MasterFuxi 0]

Olá. Desde ontem meu e-mail está enviando links estranhos e, não baixei nada de diferente esses dias.

 

Segue abaixo o log.

 

HiJackThis

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:57:14, on 25/04/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\SOUNDMAN.EXE

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Windows\System32\VTTimer.exe

C:\Windows\System32\VTTrayp.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Free Download Manager\fdm.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\gaspar\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [VModes] VModes UpdateRegistryOnly

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Users\gaspar\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLM\System\CCS\Services\Tcpip\..\{61FA8882-2F70-4DEE-8D1F-C1C7CCE6127A}: NameServer = 200.222.122.134 200.165.132.155

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

 

--

End of file - 6264 bytes

[DigRam 144]

Boa Tarde! MasterFuxi

 

|- Baixe: < AdwCleaner > ( ... par Xplode )

 

|- Clique na imagem: < >

 

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".

 

|- Dê início ao scan,clicando em "Recherche" < >

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[R].txt

 

### ºº ###

 

|- Baixe: < BankerFix 3.1 >

|- Salve-o no desktop!

|- Desabilite,temporariamente,o seu antivírus.

|- Dê um duplo-clique sobre o bankerfix.exe.

|- Ps: Execute o bankerfix.exe,apenas uma vez!Evitando,com isso,a sobrescrição de seu relatório.

|- A janela do BankerFix 3.1,abrir-se-á com a seguinte pergunta: "Instalar o Bankerfix 3.1?"

|- Clique em Sim!

|- Uma janela informando que o BankerFix 3.1 será baixado,via internet,abrir-se-á.

|- Clique OK -> Aguarde!

|- Na próxima janela,clique em OK.

|- O BankerFix 3.1 será iniciado!

|- Pressione qualquer tecla,para dar continuidade ao processo. <- Aguarde!

|- Terminado o scan,leia a mensagem na tela e aperte Enter.

|- Habilite o seu anti-vírus.

|- Retorne com o relatório,do BankerFix,que estará em: C:\LinhaDefensiva\relatorio.txt

 

### ºº ###

 

|- Baixe: | ZHPDiag | *ºº* < > ( ... de Nicolas Coolman )

 

|- Estando na página,clique em: < >

 

|- Salve-o no desktop!

 

 

|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

 

 

|- Confirme todos os passos,ao instalar ZHPDiag.

|- Conclua a instalação,clicando em "Termine".

 

 

|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:

 

|- <1> MBRCheck

|- <2> ZHPDiag2

|- <3> ZHPFix

 

 

|- Abra a ferramenta e clique no ícone do pergaminho. ( ZHPScript )

 

 

|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )

|- Habilite todas as opções de diagnóstico,clicando em "Options".

 

 

|- Clique em All.

 

 

|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )

|- Ao concluir,clique em "Save Report".

|- Ps: Salve-o em um local conveniente!

|- Anexe na sua resposta,ZHPDiag.txt.

|- Ps: Não poste,diretamente,esse arquivo texto.

|- Recomendo compactá-lo e anexar em sua resposta!

 

|- Ou envie-o à Pjjoint.malekal,clicando na seta azul! < >

 

|- Ou acesse: < >

 

|- Maiores informações: < |Link| >

 

Abraços!

[MasterFuxi 0]

Olá. Obrigado por reabrir o tópico.

 

Aqui estão os logs.

 

AdwCleaner

 

 

# AdwCleaner v1.604 - Logfile created 05/11/2012 at 12:12:31

# Updated 23/04/2012 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)

# User : gaspar - GASPAR-PC

# Running from : C:\Users\gaspar\Desktop\adwcleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Found : C:\Users\gaspar\AppData\Local\APN

Folder Found : C:\Users\gaspar\AppData\Local\Babylon

Folder Found : C:\Users\gaspar\AppData\Local\Temp\Iminent

Folder Found : C:\Users\gaspar\AppData\Roaming\Babylon

Folder Found : C:\ProgramData\Babylon

 

***** [Registry] *****

 

Key Found : HKCU\Software\Iminent

Key Found : HKLM\SOFTWARE\Babylon

Key Found : HKLM\SOFTWARE\Iminent

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

 

***** [Registre - GUID] *****

 

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16421

 

[OK] Registry is clean.

 

-\\ Google Chrome v18.0.1025.168

 

File : C:\Users\gaspar\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

Found : "scriptable_host": [ "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*.childrenschorus.[...]

Found : "matches": [ "*://*.google.com/*", "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*[...]

Found : "update_url": "hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php[...]

Found : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT285163[...]

 

*************************

 

AdwCleaner[R1].txt - [8587 octets] - [26/04/2012 17:45:38]

AdwCleaner[R2].txt - [6278 octets] - [11/05/2012 12:12:31]

 

########## EOF - C:\AdwCleaner[R2].txt - [6406 octets] ##########

 

 

BankerFix

 

 

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2012-05-11 - 12:16

-------------------------------------------------------

Lista de Definição: 2012-03-19-1 | CORE: 2012-01-27-1

=======================================================

 

IP malicioso encontrado no hosts:

 

IP malicioso encontrado no hosts:

 

IP malicioso encontrado no hosts:

 

IP malicioso encontrado no hosts:

 

IP malicioso encontrado no hosts:

 

IP malicioso encontrado no hosts:

 

 

 

----- Fim -------------------------

 

 

ZHPDiag

 

http://cjoint.com/12mi/BElrS3NvHZR.htm

[wings 22]

Tópico aberto

 

O autor solicitou a reabertura do tópico.

[DigRam 144]

Boa Tarde! MasterFuxi

 

C:\user.js

|- Abra este ficheiro,com o Bloco de Notas,e poste seu conteúdo!

 

-/-/-/-

 

|- Lance,novamente,AdwCleaner e clique em "Delete" ou "Suppression".

 

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt

 

-/-/-/-

 

|- Feche programas/pastas que estejam abertas.

|- Para Windows Vista,desabilite a UAC.

 

 

|- Dê um duplo clique em ZHPFix.

 

|- Clique no menu,H < >

 

O4 - HKLM\..\Run: [VModes] Orphean Key

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

[MD5.00000000000000000000000000000000] [APT] [{12D366BE-E7D5-44AA-A764-F6F8C1913F14}] (...) -- C:\Users\gaspar\Desktop\Install_Ragnarok.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{46872ACB-F05A-42E2-8487-1FA333D86988}] (...) -- C:\Program Files\LevelUp! Games\RagnarokOnline\Ragnarok.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{547725C9-2E36-4F24-8A2E-2FBA0A0B0BCC}] (...) -- C:\Users\gaspar\Desktop\Install_Ragnarok.exe (.not file.)

 

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}]

[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440}

[HKCU\Software\Iminent]

[HKLM\Software\Iminent]

 

C:\ProgramData\Babylon

C:\Users\gaspar\AppData\Roaming\Babylon

C:\Users\gaspar\AppData\Local\Babylon

C:\Users\gaspar\AppData\Local\Temp\Iminent

 

hostfix

proxyfix

emptytemp

emptyflash

firewallraz

sysrestore

|- Copie e cole estas informações,que estão em vermelho,para o campo "amarelo claro" de ZHPFix.

|- Ps: Procure deixar o campo limpo,antes de colar as informações que estão na Quote.

|- Clique em GO -> Oui.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

Abraços!

[MasterFuxi 0]

Olá. Aqui estão os logs.

 

C:\user.js

 

 

user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112546");

user_pref("extensions.BabylonToolbar_i.babExt", "");

user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

user_pref("extensions.BabylonToolbar_i.ovrDmn", "isearch.babylon.com");

user_pref("extensions.BabylonToolbar_i.id", "3805bd9e000000000000000000000000");

user_pref("extensions.BabylonToolbar_i.hardId", "3805bd9e000000000000000000000000");

user_pref("extensions.BabylonToolbar_i.instlDay", "15450");

user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1711:43:06");

user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

user_pref("extensions.BabylonToolbar_i.tlbrId", "base");

user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

user_pref("extensions.BabylonToolbar_i.newTab", false);

user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112546");

user_pref("extensions.BabylonToolbar_i.babExt", "");

user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

user_pref("extensions.BabylonToolbar_i.ovrDmn", "isearch.babylon.com");

user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112546");

user_pref("extensions.BabylonToolbar_i.babExt", "");

user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

user_pref("extensions.BabylonToolbar_i.ovrDmn", "isearch.babylon.com");

user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

 

 

AdwCleaner

 

# AdwCleaner v1.604 - Logfile created 05/11/2012 at 13:35:19

# Updated 23/04/2012 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)

# User : gaspar - GASPAR-PC

# Running from : C:\Users\gaspar\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\Users\gaspar\AppData\Local\APN

Folder Deleted : C:\Users\gaspar\AppData\Local\Babylon

Folder Deleted : C:\Users\gaspar\AppData\Local\Temp\Iminent

Folder Deleted : C:\Users\gaspar\AppData\Roaming\Babylon

Folder Deleted : C:\ProgramData\Babylon

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\Iminent

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\Iminent

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

 

***** [Registre - GUID] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16421

 

[OK] Registry is clean.

 

-\\ Google Chrome v18.0.1025.168

 

File : C:\Users\gaspar\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

Deleted : "scriptable_host": [ "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*.childrenschorus.[...]

Deleted : "matches": [ "*://*.google.com/*", "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*[...]

Deleted : "update_url": "hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php[...]

Deleted : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT285163[...]

 

*************************

 

AdwCleaner[R1].txt - [8587 octets] - [26/04/2012 17:45:38]

AdwCleaner[s1].txt - [6412 octets] - [11/05/2012 13:35:19]

 

########## EOF - C:\AdwCleaner[s1].txt - [6540 octets] ##########

 

 

 

ZHPFix

 

Rapport de ZHPFix 1.2.05 par Nicolas Coolman, Update du 30/04/2012

Fichier d'export Registre :

Run by gaspar at 11/05/2012 13:44:13

Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

Web site : http://nicolascoolman.skyrock.com/

 

========== Registry Key ==========

NOT FOUND Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

NOT FOUND Key: HKCU\Software\Iminent

NOT FOUND Key: HKLM\Software\Iminent

 

========== Registry Value ==========

NOT FOUND RunValue: VModes

NOT FOUND CLSID SSODL: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

NOT FOUND [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

NOT FOUND [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440}

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

No Value in Standard Profile Register Key FirewallRaz :

No Value in Domain Profile Register Key FirewallRaz :

No Value in Firewall Exception Register Key (FirewallRaz)

 

========== Repertory ==========

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== File ==========

NOT FOUND Folder/File: c:\programdata\babylon

NOT FOUND Folder/File: c:\users\gaspar\appdata\roaming\babylon

NOT FOUND Folder/File: c:\users\gaspar\appdata\local\babylon

NOT FOUND Folder/File: c:\users\gaspar\appdata\local\temp\iminent

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== Task ==========

DELETED Task: {12D366BE-E7D5-44AA-A764-F6F8C1913F14}

DELETED Task: {46872ACB-F05A-42E2-8487-1FA333D86988}

DELETED Task: {547725C9-2E36-4F24-8A2E-2FBA0A0B0BCC}

 

========== Restoration ==========

Restore System Point not created

 

 

========== Summary ==========

3 : Registry Key

13 : Registry Value

2 : Repertory

6 : File

3 : Task

1 : Restoration

 

 

End of clean in 00mn 15s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 11/05/2012 13:44:13 [2082]

[DigRam 144]

Boa Tarde! MasterFuxi

 

|- Pode deletar o ficheiro: C:\user.js

 

-/-/-/-

 

|- Baixe: < >

 

|- < Link - 2 >

 

|- < Link - 3 >

 

|- Atualize o programa!

|- Escolha o escaneamento Completo!

|- Desabilite programas de proteção,ao executar o malwarebytes.

|- Para Windows Vista ou 7,clique direito no arquivo e execute-o como administrador.

|- Ps: Para determinadas infecções,a ferramenta pedirá reboot. <- Confirme!

|- Ao concluir,clique em "Remover itens".

|- Poste,o relatório: mbam-log-2012-xx-xx (00-00-00).txt

 

Abraços!

[MasterFuxi 0]

Olá. O Computador está limpo.

 

Aqui está o log.

 

Malwarebytes

 

 

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

 

Versão da Base de Dados: v2012.05.11.08

 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

gaspar :: GASPAR-PC [administrador]

 

11/05/2012 18:18:27

mbam-log-2012-05-11 (18-18-27).txt

 

Tipo de Verificação: Verificação Completa

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 269064

Tempo decorrido: 1 hora(s), 55 minuto(s), 31 segundo(s)

 

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

 

(fim)

[DigRam 144]

Boa Noite! MasterFuxi

 

Olá. O Computador está limpo.

|- Sim! Não vejo mais entradas ruins nos logs e Malwarebytes,não detectou problemas.

 

-/-/-/-

 

|- Desinstale o Malwarebytes.

|- Dê um duplo-clique no arquivo em destaque:

 

|- C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe <--

 

|- Reinicie o computador,após a conclusão!

 

-/-/-/-

 

|- Duplo clique em "ZHPFix"

 

 

|- Clique na guia,A.

|- Marque a(s) caixinhas que foram detectadas,e clique em "Fix". < >

 

-/-/-/-

 

|- Baixe: |DelFix| ( ... de Xplode )

 

 

|- Estando na página,clique em "Télécharger",para o download.

|- Salve-a em um local conveniente!

|- Feche aplicativos que estejam abertos.

 

 

|- Clique em "Suppression".

|- Poste o relatório! ( C:\DelFixSuppr.txt )

|- À seguir,para remover DelFix do seu computador,clique em "Désinstallation".

 

-/-/-/-

 

|- Seus logs estão limpos!

|- Tudo Ok?

 

Abraços!

[MasterFuxi 0]

Olá. Está tudo OK. Obrigado pela paciência e ajuda.

 

Aqui está o log.

 

DelFix

 

 

# DelFix v8.8 - Rapport créé le 12/05/2012 à 20:14:03

# Mis à jour le 12/02/12 par Xplode

# Système d'exploitation : Windows 7 Ultimate Service Pack 1 (32 bits)

# Nom d'utilisateur : gaspar - GASPAR-PC (Administrateur)

# Exécuté depuis : C:\Users\gaspar\Desktop\delfix.exe

# Option [suppression]

 

 

~~~~~~ Dossiers(s) ~~~~~~

 

Supprimé : C:\ZHP

Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP

Supprimé : C:\Program Files\ZHPDiag

 

~~~~~~ Fichier(s) ~~~~~~

 

Supprimé : C:\Users\gaspar\Desktop\ZHPDiag2.exe

Supprimé : C:\Users\gaspar\Downloads\adwcleaner (1).exe

Supprimé : C:\Users\gaspar\Downloads\HiJackThis.exe

Supprimé : C:\Users\gaspar\Downloads\hijackthis.log

Supprimé : C:\Users\Public\Desktop\ZHPDiag.lnk

Supprimé : C:\Users\Public\Desktop\ZHPFix.lnk

Supprimé : C:\Users\Public\Desktop\MBRCheck.lnk

 

~~~~~~ Registre ~~~~~~

 

Clé Supprimée : HKLM\SOFTWARE\AdwCleaner

Clé Supprimée : HKLM\SOFTWARE\TrendMicro\Hijackthis

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

 

~~~~~~ Autres ~~~~~~

 

-> Prefetch Vidé

 

*************************

 

DelFix[s1].txt - [1130 octets] - [12/05/2012 20:14:03]

 

########## EOF - C:\DelFix[s1].txt - [1254 octets] ##########

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.