[Resolvido] &nbspVirus detectado e sempre volta..

[luciovitorio 0]

Olá.. bom dia.. tenho tido problema com um virus (pelo menos esta sendo detectado assim pelo AVG) chamado gbas.prot.dll e .gbas.dll. O AVG detecta e diz que removeu.. mais sempre passo novamente ele sempre aparece. Gostaria de saber se alguém já passou por esse problema, se sim.. o que fizeram para resolver..

 

GRATO!!

 

Segue a baixo o log do hijackthis!!!

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:08:37, on 29/04/2012

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16982)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Administrador\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\conime.exe

C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\AVG\AVG2012\avgui.exe

C:\Users\Administrador\Downloads\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=piano

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.funmoods.com/results.php?f=4&a=piano&q={searchTerms}

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Administrador\AppData\Roaming\Complitly\Complitly.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll

O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll

O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Google Update] "C:\Users\Administrador\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone

O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone

O17 - HKLM\System\CCS\Services\Tcpip\..\{6287F4A4-DEF9-4C4B-9D01-E11116E2BA35}: NameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{6287F4A4-DEF9-4C4B-9D01-E11116E2BA35}: NameServer = 192.168.1.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

 

--

End of file - 8748 bytes

[wings 22]

Olá luciovitorio

 

 

1.

*Baixe o SecurityCheck (...de screen317) e salve-o no desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Tecle [Enter] e cole o relatório apresentado

 

2.

*Instale o ZHPDiag (...de Nicolas Coolman)

 

*Após a instalação, haverão 3 ícones no desktop (Área de Trabalho).

 

 

*Execute o ZHPDiag através do seu ícone no desktop. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Verifique se sua versão está atualizada

 

 

*Caso esteja desatualizada, clique no botão para atualizar

 

 

*Clique no botão

 

*Selecione [All]

 

 

*Clique no botão

 

Selecione 30 Days

 

*Clique no no botão

 

*Aguarde o término

 

*Cole o relatório ZHPDiag.txt criado no desktop (Área de Trabalho)

 

*Caso o relatório seja grande, acesse este link

 

*Clique [selecionar arquivo...]

 

*Localize o relatório ZHPDiag.txt no desktop (Área de Trabalho) e clique [Abrir]

 

*Clique [upload file]

 

*Cole o link gerado ao lado de Download link:

 

3.

*Baixe o GMER (...de Przemyslaw Gmerek) e salve-o no desktop (Área de Trabalho)

 

Passo importante:

*Desative temporariamente o antivírus e feche todos os programas ativos

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Se receber um aviso sobre atividade de rootkit e se deseja fazer um scan clique [NO]

 

*Clique [scan] e aguarde o término

*Clique [save...] e salve no desktop com o nome de gmer

*Cole o relatório

 

*Caso o relatório seja grande, acesse este link

 

*Clique [selecionar arquivo...]

 

*Localize o relatório gmer.txt no desktop e clique [Abrir]

 

*Clique [upload file]

 

*Cole o link gerado ao lado de Download link:

 

*Caso não consiga executar o GMER, tente em Modo de Segurança

[luciovitorio 0]

Olá Wings (desculpe pela demora da resposta), estou fazendo o que você me solicitou.

Segue abaixo os logs que foi gerado pelo programa SecurityCheck.

Logo logo eu posto os relatórios gerados pelos outros programas.

 

 

 

Results of screen317's Security Check version 0.99.24

Windows Vista x86 (UAC is enabled)

Out of date service pack!!

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

AVG 2012

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Java 6 Update 31

Adobe Flash Player 9 (Out of date Flash Player installed!)

Adobe Reader X (10.1.3)

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

``````````End of Log````````````

 

Segue mais um Log.

Log gerado pelo ZHPDiag.

 

http://wikisend.com/download/108872/ZHPDiag.txt

 

Segue os logs do GMER. E fico no aguardo de mais instruções.

 

 

 

 

 

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-05-04 22:37:49

Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1200BEVS-22UST0 rev.01.01A01

Running: f4wx570g.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\ufrdyfog.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x94BEBF3C]

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x94BEBFE4]

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x94BEC080]

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x94BEC11C]

 

---- Kernel code sections - GMER 1.0.15 ----

 

? C:\Users\ADMINI~1\AppData\Local\Temp\mbr.sys O sistema não pode encontrar o arquivo especificado. !

 

---- User IAT/EAT - GMER 1.0.15 ----

 

IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7410FBC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [740DB9AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [740CA31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [740CCBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [740C8AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [740DCF28] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [740C7D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [740C7CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [740C6A64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7415C1D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [740E7F56] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [740C90CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [740D2179] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [740D21A4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [740D7F1C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [740D7D3E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [741083D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

 

---- EOF - GMER 1.0.15 ----

[wings 22]

1.

*Baixe o RestauSys1Clic (...de Pierre13) e salve-o no desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Aguarde o término

 

2.

*Selecione e copie (Ctrl+c) as linhas em marrom:

O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} . (.SimplyGen - Complitly - Helps you search the web.) -- C:\Users\Administrador\AppData\Roaming\Complitly\Complitly.dll => Infection BT (Adware.PredictAd)

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} . (.Babylon BHO - No comment.) -- C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll => Infection BT (Toolbar.Babylon)

O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} . (.DealPly Technologies Ltd - DealPly for Internet Explorer.) -- C:\Program Files\DealPly\DealPlyIE.dll => Infection PUP (PUP.DealPly)

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} . (.Babylon Ltd. - No comment.) -- C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll => Infection BT (Toolbar.Babylon)

[MD5.1F51E3ABEE4D0A89FC6ED450ECE7877A] [APT] [DealPlyUpdate] (.DealPly.) -- C:\Program Files\DealPly\DealPlyUpdate.exe => Infection PUP (PUP.DealPly)

O42 - Logiciel: Babylon toolbar on IE - (.Unknown owner.) [HKLM] -- BabylonToolbar => Infection BT (Toolbar.Babylon)

O42 - Logiciel: DealPly - (.DealPly.) [HKLM] -- DealPly => Infection PUP (PUP.DealPly)

[HKCU\Software\BabylonToolbar] => Infection BT (Toolbar.Babylon)

[HKCU\Software\DealPly] => Infection PUP (PUP.DealPly)

[HKLM\Software\Babylon] => Infection BT (Toolbar.Babylon)

O43 - CFD: 21/01/2012 - 15:42:49 - [1,394] ----D C:\Program Files\BabylonToolbar => Infection BT (Toolbar.Babylon)

O43 - CFD: 29/04/2012 - 11:07:30 - [0,348] ----D C:\Program Files\DealPly => Infection PUP (PUP.DealPly)

O43 - CFD: 21/01/2012 - 15:40:16 - [0] ----D C:\ProgramData\Babylon => Infection BT (Toolbar.Babylon)

O43 - CFD: 21/01/2012 - 15:40:16 - [0,008] ----D C:\Users\Administrador\AppData\Roaming\Babylon => Infection BT (Toolbar.Babylon)

O43 - CFD: 21/01/2012 - 15:40:17 - [6,189] ----D C:\Users\Administrador\AppData\Local\Babylon => Infection BT (Toolbar.Babylon)

O69 - SBI: SearchScopes [HKCU] {0D7562AE-8EF6-416d-A838-AB665251703A} [DefaultScope] - (Search) - http://start.funmoods.com => Infection PUP (Adware.Facemoods)

O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) - http://search.babylon.com

[HKLM\Software\Classes\AppID\esrv.EXE]

[HKLM\Software\Classes\b]

[HKLM\Software\Classes\Babylon.dskBnd]

[HKLM\Software\Classes\Babylon.dskBnd.1]

[HKLM\Software\Classes\bbylnApp.appCore]

[HKLM\Software\Classes\bbylnApp.appCore.1]

[HKLM\Software\Classes\escort.escortIEPane]

[HKLM\Software\Classes\escort.escortIEPane.1]

[HKLM\Software\Classes\escort.escrtBtn.1]

[HKLM\Software\Classes\esrv.BabylonESrvc]

[HKLM\Software\Classes\esrv.BabylonESrvc.1]

[HKLM\Software\Classes\suggestmeyes.suggestmeyesbho]

[HKLM\Software\Classes\suggestmeyes.suggestmeyesbho.1]

[HKLM\Software\Classes\TypeLib\{01bcb858-2f62-4f06-a8f4-48f927c15333}] => Infection PUP (Adware. PredictAd)

[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] => Infection BT (Adware.Agent)

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}] => Infection PUP (Adware.Facemoods)

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] => Infection BT (Adware.MyWebSearch)

[HKLM\Software\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}] => Infection BT (Adware.PredictAd)

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}] => Infection BT (Adware.PredictAd)

[HKLM\Software\Classes\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}] => Infection BT (Toolbar.Babylon)

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\AppID\{442f13bc-2031-42d5-9520-437f65271153}] => Infection PUP (Adware.PredictAd)

[HKLM\Software\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}] => Infection BT (Toolbar.Babylon)

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}] => Infection BT (Toolbar.Babylon)

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] => Infection PUP (PUP.DealPly)

[HKLM\Software\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] => Infection PUP (PUP.DealPly)

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] => Infection PUP (PUP.DealPly)

[HKLM\Software\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{c9ae652b-8c99-4ac2-b556-8b501182874e}]

[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje]

[HKCU\Software\BabylonToolbar] => Infection BT (Toolbar.Babylon)

[HKLM\Software\BabylonToolbar] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar]

C:\Program Files\BabylonToolbar => Infection BT (Toolbar.Babylon)

C:\Program Files\DealPly => Infection PUP (PUP.DealPly)

C:\ProgramData\Babylon => Infection BT (Toolbar.Babylon)

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly => Infection PUP (PUP.DealPly)

C:\Users\Administrador\AppData\Roaming\Babylon => Infection BT (Toolbar.Babylon)

C:\Users\Administrador\AppData\Local\Babylon => Infection BT (Toolbar.Babylon)

C:\Users\Administrador\AppData\LocalLow\BabylonToolbar => Infection BT (Toolbar.Babylon)

C:\Users\Administrador\AppData\Local\Temp\BabylonToolbar => Infection BT (Toolbar.Babylon)

C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda => Infection BT (Adware.PredictAd)

[MD5.00000000000000000000000000000000] [APT] [{D9EF8AF1-471A-4B44-8F60-4616352EB9A4}] (...) -- E:\cd\drivers\humana\Windows Vista\Synaptics PS 2 Port TouchPad\InstNT.exe (.not file.)

O42 - Logiciel: Complitly - (.Complitly.) [HKLM] -- {4FFBB818-B13C-11E0-931D-B2664824019B}_is1

[HKCU\Software\Complitly]

O43 - CFD: 22/04/2012 - 18:44:10 - [1,597] ----D C:\Program Files\Complitly

O43 - CFD: 22/04/2012 - 18:44:10 - [0,467] ----D C:\Users\Administrador\AppData\Roaming\Complitly

O43 - CFD: 18/01/2012 - 09:37:22 - [0] ----D C:\Users\Administrador\AppData\Local\Dados de aplicativos

O43 - CFD: 18/01/2012 - 09:37:22 - [0] ----D C:\Users\Administrador\AppData\Local\Histórico

O61 - LFC:Last File Created 30/04/2012 - 19:26:03 ---A- C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.crackle.com.br_0.localstorage [3072] => Crack, KeyGen, Keymaker - Possible Malware

C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.crackle.com.br_0.localstorage => Crack, KeyGen, Keymaker - Possible Malware

C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.crackle.com.br_0.localstorage => Crack, KeyGen, Keymaker - Possible Malware

EmptyTemp

EmptyFlash

*Execute o ZHPFix através do ícone no desktop . Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

 

*Clique

 

 

*Clique

 

 

*Cole o relatório ZHPFixReport.txt criado no desktop

[luciovitorio 0]

Realizado conforme você disse.. Segue os logs abaixo.:

 

 

 

 

 

Rapport de ZHPFix 1.12.3372 par Nicolas Coolman, Update du 22/11/2011

Fichier d'export Registre :

Run by Administrador at 06/05/2012 10:12:23

Windows Vista Home Basic Edition, 32-bit (Build 6000)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

 

========== Software ==========

NOT FOUND Uninstall Process: c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\uninstall.exe

NOT FOUND Uninstall Process: c:\program files\dealply\uninst.exe

DELETED O42 - Logiciel: Complitly - (.Complitly.) [HKLM] -- {4FFBB818-B13C-11E0-931D-B2664824019B}_is1

 

========== Memory Process ==========

DELETED Memory Process: C:\Program Files\DealPly\DealPlyUpdate.exe

DELETED Memory Process: C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.crackle.com.br_0.localstorage

 

========== Registry Key ==========

DELETED [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar]

DELETED [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]

NOT FOUND Key: CLSID BHO: {0FB6A909-6086-458F-BD92-1F8EE10042A0}

DELETED Key: CLSID BHO: {2EECD738-5844-4a99-B4B6-146BF802613B}

DELETED Key: CLSID BHO: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

DELETED Key: HKCU\Software\BabylonToolbar

DELETED Key: HKCU\Software\DealPly

DELETED Key: HKLM\Software\Babylon

DELETED Key: SearchScopes :{0D7562AE-8EF6-416d-A838-AB665251703A}

DELETED Key: SearchScopes :{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

DELETED Key: HKLM\Software\Classes\AppID\esrv.EXE

DELETED Key: HKLM\Software\Classes\b

DELETED Key: HKLM\Software\Classes\Babylon.dskBnd

DELETED Key: HKLM\Software\Classes\Babylon.dskBnd.1

DELETED Key: HKLM\Software\Classes\bbylnApp.appCore

DELETED Key: HKLM\Software\Classes\bbylnApp.appCore.1

DELETED Key: HKLM\Software\Classes\escort.escortIEPane

DELETED Key: HKLM\Software\Classes\escort.escortIEPane.1

DELETED Key: HKLM\Software\Classes\escort.escrtBtn.1

DELETED Key: HKLM\Software\Classes\esrv.BabylonESrvc

DELETED Key: HKLM\Software\Classes\esrv.BabylonESrvc.1

NOT FOUND Key: HKLM\Software\Classes\suggestmeyes.suggestmeyesbho

NOT FOUND Key: HKLM\Software\Classes\suggestmeyes.suggestmeyesbho.1

NOT FOUND Key: HKLM\Software\Classes\TypeLib\{01bcb858-2f62-4f06-a8f4-48f927c15333}

DELETED Key: HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

NOT FOUND Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}

NOT FOUND Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}

NOT FOUND Key: HKLM\Software\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

NOT FOUND Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

DELETED Key: HKLM\Software\Classes\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}

DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B}

NOT FOUND Key: HKLM\Software\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}

NOT FOUND Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}

DELETED Key: HKLM\Software\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

DELETED Key: HKLM\Software\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

NOT FOUND Key: HKLM\Software\Classes\AppID\{442f13bc-2031-42d5-9520-437f65271153}

DELETED Key: HKLM\Software\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

DELETED Key: HKLM\Software\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

DELETED Key: HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

DELETED Key: HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

DELETED Key: HKLM\Software\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

DELETED Key: HKLM\Software\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

DELETED Key: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}

DELETED Key: HKLM\Software\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

DELETED Key: HKLM\Software\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

DELETED Key: HKLM\Software\Classes\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}

DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC}

NOT FOUND Key: HKLM\Software\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}

DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

NOT FOUND Key: HKLM\Software\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

NOT FOUND Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

DELETED Key: HKLM\Software\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

DELETED Key: HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

DELETED Key: HKLM\Software\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

DELETED Key: HKLM\Software\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

DELETED Key: HKLM\Software\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}

DELETED Key: HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}

DELETED Key: HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

DELETED Key: HKLM\Software\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

DELETED Key: HKLM\Software\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

NOT FOUND Key: HKLM\Software\Classes\Interface\{c9ae652b-8c99-4ac2-b556-8b501182874e}

DELETED Key: HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

DELETED Key: HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

DELETED Key: HKLM\Software\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

DELETED Key: HKLM\Software\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

DELETED Key: HKLM\Software\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}

DELETED Key: HKLM\Software\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

DELETED Key: HKLM\Software\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

DELETED Key: HKLM\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

DELETED Key: HKLM\Software\BabylonToolbar

NOT FOUND Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar

NOT FOUND Key: HKCU\Software\Complitly

 

========== Registry Value ==========

DELETED Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC}

 

========== Repertory ==========

DELETED Folder: C:\Program Files\BabylonToolbar

DELETED Folder: C:\Program Files\DealPly

DELETED Folder: C:\ProgramData\Babylon

DELETED Folder: C:\Users\Administrador\AppData\Roaming\Babylon

DELETED Folder: C:\Users\Administrador\AppData\Local\Babylon

DELETED Folder: c:\programdata\microsoft\windows\start menu\programs\dealply

DELETED Folder: c:\users\administrador\appdata\locallow\babylontoolbar

DELETED Folder: c:\users\administrador\appdata\local\temp\babylontoolbar

DELETED Folder: c:\users\administrador\appdata\local\google\chrome\user data\default\extensions\dlfienamagdnkekbbbocojppncdambda

NOT FOUND C:\Program Files\Complitly

NOT FOUND C:\Users\Administrador\AppData\Roaming\Complitly

DELETED Folder: C:\Users\Administrador\AppData\Local\Dados de aplicativos

DELETED Folder: C:\Users\Administrador\AppData\Local\Histórico

DELETED Window Temporary: : 188

DELETED Flash Cookies: 54

 

========== File ==========

NOT FOUND File: c:\users\administrador\appdata\roaming\complitly\complitly.dll

DELETED File: c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\babylontoolbar.dll

DELETED File: c:\program files\dealply\dealplyie.dll

DELETED File: c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\babylontoolbartlbr.dll

DELETED File: c:\program files\dealply\dealplyupdate.exe

NOT FOUND Folder/File: c:\program files\babylontoolbar

NOT FOUND Folder/File: c:\program files\dealply

NOT FOUND Folder/File: c:\programdata\babylon

NOT FOUND Folder/File: c:\users\administrador\appdata\roaming\babylon

NOT FOUND Folder/File: c:\users\administrador\appdata\local\babylon

NOT FOUND File: c:\users\administrador\appdata\local\google\chrome\user data\default\local storage\http_www.crackle.com

DELETED File: c:\users\administrador\appdata\local\google\chrome\user data\default\local storage\http_www.crackle.com.br_0.localstorage

DELETED Window Temporary: : 1666

DELETED Flash Cookies: 26

 

========== Task ==========

DELETED Task: DealPlyUpdate

DELETED Task: {D9EF8AF1-471A-4B44-8F60-4616352EB9A4}

 

 

========== Summary ==========

2 : Memory Process

72 : Registry Key

1 : Registry Value

15 : Repertory

14 : File

3 : Software

2 : Task

 

 

End of clean in 00mn 39s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 06/05/2012 10:12:23 [8902]

[wings 22]

1.

*Delete o SecurityCheck

 

2.

*Delete o GMER e seu relatório

 

3.

*Baixe o AdwCleaner (...de Xplode) e salve-o no desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Clique [Delete]

 

*Cole o relatório apresentado

[luciovitorio 0]

Segue o novo relatório.:

 

 

 

 

# AdwCleaner v1.605 - Logfile created 05/06/2012 at 11:11:02

# Updated 05/05/2012 by Xplode

# Operating system : Windows Vista Home Basic (32 bits)

# User : Administrador - BARBARA-PC

# Running from : C:\Users\Administrador\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki

Folder Deleted : C:\Program Files\Funmoods

File Deleted : C:\Users\Public\Desktop\Babylon.lnk

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\Funmoods

Key Deleted : HKLM\SOFTWARE\Funmoods

Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1

Key Deleted : HKLM\SOFTWARE\Classes\f

Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd

Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr

Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore

Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods

 

***** [Registre - GUID] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v7.0.6000.16982

 

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=piano --> hxxp://www.google.fr

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=piano --> hxxp://www.google.fr

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.funmoods.com/results.php?f=4&a=piano&q={searchTerms} --> hxxp://www.google.fr

 

-\\ Mozilla Firefox v [unable to get version]

 

-\\ Google Chrome v18.0.1025.168

 

File : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

Deleted : "name": "Funmoods",

Deleted : "update_url": "hxxp://funmoods.com/public/download/chrome/update.xml",

 

*************************

 

AdwCleaner[s1].txt - [4787 octets] - [06/05/2012 11:11:02]

 

########## EOF - C:\AdwCleaner[s1].txt - [4915 octets] ##########

 

Quando eu cliquei em delete ele foi detectado pelo antivirus como uma possível ameaça. Mesmo assim eu cliquei em "não fazer nada". Isso é normal?

[wings 22]

Sim...é normal.

 

Informe se o problema foi resolvido para continuarmos com a desinstalação e atualizações necessárias.

[luciovitorio 0]

Sim...é normal.

 

Informe se o problema foi resolvido para continuarmos com a desinstalação e atualizações necessárias.

 

 

 

Estou passando o antivirus novamente.. só min.

[wings 22]

OK....Aguardando.

[luciovitorio 0]

Muito obrigado pela ajuda.. passei o antivirus e agora não aparece mais nada.. agora Wings, aproveitando, eu estou tendo o mesmo problema no meu desktop (esse problema foi resolvido no meu laptop), eu posso usar esse mesmo post para tentar resolver.. ou devo abrir um novo post..

 

Muito obrigado mesmo..

[wings 22]

Muito obrigado pela ajuda.. passei o antivirus e agora não aparece mais nada.. agora Wings, aproveitando, eu estou tendo o mesmo problema no meu desktop (esse problema foi resolvido no meu laptop), eu posso usar esse mesmo post para tentar resolver.. ou devo abrir um novo post..

 

Muito obrigado mesmo..

Abra um novo tópico.

 

Vamos continuar o caso deste PC...

 

1.

*Desinstale o ZHPDiag

 

 

2.

*Delete o ZHPDiag2.exe e seus relatórios localizados no desktop

 

 

3.

*Delete as pastas C:\Arquivos de programas\ZHPdiag e C:\ZHP

 

 

4.

*Execute o AdwCleaner e clique [uninstall]

 

 

5.

*Atualize seu Windows Vista

 

Instale o Service Pack 1 e depois o Service Pack 2

 

 

6.

*Atualize o Internet Explorer. Só atualize-o depois de instalar o Service Pack 2!!

 

 

7.

Atualize o Flash Player

 

 

 

Um abraço

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.