[Resolvido] &nbspAnalise de log

[leandro aislan 0]

Boa noite, venha pedir ajuda novamente para analisarem o computador da minha esposa.

 

Segue o log:

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:37:03, on 17/09/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16448)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\NTI\Acer Backup Manager\BackupManagerTray.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Acer\clear.fi\MVP\clear.fiAgent.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe

C:\Dolby PCEE4\pcee4.exe

C:\Program Files\Acer\clear.fi\Movie\clear.fiMovieService.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\PSafe\PSafeSysTray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\PSafe\Protege\psprotege.exe

C:\Program Files\PSafe\PSafeWDS.exe

C:\Positivo\Deskmedia\GerenciadorLocal.exe

C:\Program Files\EgisTec IPS\PMMUpdate.exe

C:\Program Files\EgisTec IPS\PMMUpdate.exe

C:\Program Files\EgisTec IPS\EgisUpdate.exe

C:\Users\Gabriela\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gabriela\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gabriela\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gabriela\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gabriela\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gabriela\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gabriela\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gabriela\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gabriela\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gabriela\Downloads\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goncalvesgrill.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyCtD0DzztCzytByBtCtDyEzytC0FzzyCtN0D0Tzu0StByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=666777870

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Gabriela\AppData\Roaming\Complitly\Complitly.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~1\Funmoods\1.5.23.22\bh\escort.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~1\Funmoods\1.5.23.22\escorTlbr.dll

O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE4

O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart

O4 - HKLM\..\Run: [suiteTray] "C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files\Acer\clear.fi\Movie\clear.fiMovieService.exe"

O4 - HKLM\..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [PSafeSysTray] "C:\Program Files\PSafe\PSafeSysTray.exe"

O4 - HKLM\..\Run: [VDownloader] "C:\Program Files\VDownloader\VDownloader.exe" /silent

O4 - HKLM\..\Run: [Deskmedia] C:\Positivo\Deskmedia\GerenciadorLocal.exe"

O4 - HKLM\..\Run: [Deskmedia2] "C:\Positivo\Deskmedia\InstaladorLite.exe"

O4 - HKLM\..\Run: [Deskmedia3] "C:\Positivo\Deskmedia\GerenciadorLocal.exe"

O4 - HKLM\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKCU\..\Run: [Google Update] "C:\Users\Gabriela\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SISTEMA')

O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL

O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe

O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe

O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe

O23 - Service: GREGService - Acer Incorporated - C:\Program Files\Acer\Registration\GREGsvc.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe

O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files\NTI\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: PSafeLockBoxSvc - PSafe - C:\Program Files\PSafe\PSafeCategoryFinder.exe

O23 - Service: PSafeSVC - PSafe S/A - C:\Program Files\PSafe\PSafesvc.exe

O23 - Service: PSafeWD - PSafe - C:\Program Files\PSafe\PSafeWD.exe

O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files\Scpad\scpVista.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

 

--

End of file - 11361 bytes

[DigRam 144]

Boa Noite! leandro aislan

 

|- Baixe: < > ( ... par Xplode )

 

|- Ao acessar,clique na imagem: < >

 

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".

|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".

 

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt

 

|- Baixe: < > ( ... par Nicolas Coolman )

 

|- Salve-o no desktop!

|- Desabilite seu antivírus!

|- Caso utilize o Avast,estabeleça esta configuração à SandBox.

|- Para Windows Vista ou 7,clique direito e execute o arquivo como administrador.

|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

 

 

|- Além do relatório,teremos no desktop: ZHP_uninstall, MBRCheck, ZHPDiag, ZHPFix

|- Poste e/ou cole aqui,o link que foi gerado!

 

Abs!

[leandro aislan 0]

Boa noite....

Segue o log.

 

\obrigado

 

 

# AdwCleaner v2.002 - Logfile created 09/17/2012 at 23:11:23

# Updated 16/09/2012 by Xplode

# Operating system : Windows 7 Starter Service Pack 1 (32 bits)

# User : Gabriela - GABRIELA-PC

# Boot Mode : Normal

# Running from : C:\Users\Gabriela\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

File Deleted : C:\Users\Gabriela\AppData\Local\funmoods.crx

File Deleted : C:\Users\Gabriela\AppData\Local\funmoods-speeddial.crx

Folder Deleted : C:\Program Files\Complitly

Folder Deleted : C:\Program Files\DealPly

Folder Deleted : C:\Program Files\Funmoods

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly

Folder Deleted : C:\Users\Gabriela\AppData\Local\APN

Folder Deleted : C:\Users\Gabriela\AppData\Local\Babylon

Folder Deleted : C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Folder Deleted : C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Folder Deleted : C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda

Folder Deleted : C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Folder Deleted : C:\Users\Gabriela\AppData\Local\Temp\AskSearch

Folder Deleted : C:\Users\Gabriela\AppData\Roaming\Babylon

Folder Deleted : C:\Users\Gabriela\AppData\Roaming\Complitly

Folder Deleted : C:\Users\Gabriela\AppData\Roaming\OpenCandy

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\Complitly

Key Deleted : HKCU\Software\DealPly

Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\BabylonToolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1

Key Deleted : HKLM\SOFTWARE\Classes\f

Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd

Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr

Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore

Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO

Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\Software\DealPly

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16421

 

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyCtD0DzztCzytByBtCtDyEzytC0FzzyCtN0D0Tzu0StByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=666777870 --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page] = hxxp://br.ask.com/?l=dis&o=15383 --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyCtD0DzztCzytByBtCtDyEzytC0FzzyCtN0D0Tzu0StByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=666777870 --> hxxp://www.google.com

 

-\\ Google Chrome v21.0.1180.89

 

File : C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

Deleted [l.13] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=44444&babsrc=HP_ss&mntrId=00651f8600000000000060d819271049", "hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyCtD0DzztCzytByBtCtDyEzytC0FzzyCtN0D0Tzu0StByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=666777870" ]

Deleted [l.45] : icon_url = "hxxp://start.funmoods.com/favicon.ico",

Deleted [l.48] : keyword = "funmoods.com",

Deleted [l.51] : search_url = "hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyCtD0DzztCzytByBtCtDyEzytC0FzzyCtN0D0Tzu0StByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=666777870",

Deleted [l.1633] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=44444&babsrc=HP_ss&mntrId=00651f8600000000000060d819271049", "hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyCtD0DzztCzytByBtCtDyEzytC0FzzyCtN0D0Tzu0StByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=666777870" ]

 

*************************

 

AdwCleaner[s1].txt - [10363 octets] - [17/09/2012 23:11:23]

 

########## EOF - C:\AdwCleaner[s1].txt - [10424 octets] ##########

 

 

 

Segue o link: http://pjjoint.malekal.com/files.php?read=ZHPDiag_20120918_q6o5m13p9j7

[DigRam 144]

Boa Noite! leandro aislan

 

|- Feche programas/pastas que estejam abertos.

|- Feche,também,o navegador!

 

 

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

 

P2 - FPN: [HKLM] [@WildTangent.com/GamesAppPresenceDetector,Version=1.0] - (...) -- C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

O4 - HKLM\..\Run: [Deskmedia2] C:\Positivo\Deskmedia\InstaladorLite.exe (.not file.)

O42 - Logiciel: FATE - (.WildTangent.) [HKLM] -- WTA-3eba207b-5589-4880-8b81-04d67ba9e09d => WildTangent Game

O42 - Logiciel: John Deere Drive Green - (.WildTangent.) [HKLM] -- WTA-1b168b65-92c6-4377-a07d-7954c3fc7a7e => WildTangent

O42 - Logiciel: Polar Bowler - (.WildTangent.) [HKLM] -- WTA-695de64e-6537-4bc9-949d-04093b8ac443 => WildTangent Game

O42 - Logiciel: Slingo Deluxe - (.WildTangent.) [HKLM] -- WTA-1066cb8a-461f-44ed-9b77-1a06c9781f19 => WildTangent Game

O43 - CFD: 17/10/2011 - 14:33:44 - [8,659] ----D C:\Program Files\WildTangent Games => WildTangent

O43 - CFD: 07/05/2012 - 09:58:47 - [0] ----D C:\Users\Gabriela\AppData\Local\Dados de aplicativos

O43 - CFD: 07/05/2012 - 09:58:47 - [0] ----D C:\Users\Gabriela\AppData\Local\Histórico

O69 - SBI: SearchScopes [HKCU] {1A5801B3-1C69-5163-4FEA-0CDFAB897A3A} - (Search the web (Babylon)) - http://search.babylon.com

SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files\WildTangent Games\App\GamesAppService.exe

SS - | Demand 12/10/2010 206072 | (gpsvc) . (.WildTangent, Inc..) - C:\Program Files\WildTangent Games\App\GamesAppService.exe

[MD5.00000000000000000000000000000000] [APT] [DealPlyUpdate] (...) -- C:\Program Files\DealPly\DealPlyUpdate.exe (.not file.) => Infection PUP (PUP.DealPly)

[HKLM\Software\360Safe] => Infection Diverse (Lozavita.Troj)

 

proxyfix

emptytemp

emptyflash

firewallraz

sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

 

|- Clique no menu,"Paste ClipBoard".

|- Clique em "GO" -> Oui.

 

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

Abs!

[leandro aislan 0]

Bom dia segue o log:

 

 

Rapport de ZHPFix 1.2.06 par Nicolas Coolman, Update du 17/05/2012

Fichier d'export Registre :

Run by Gabriela at 23/09/2012 09:58:10

Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

Web site : http://nicolascoolman.skyrock.com/

 

========== Software ==========

NOT FOUND Uninstall Process: c:\program files\acer games\fate\uninstall\uninstaller.exe

NOT FOUND Uninstall Process: c:\program files\acer games\john deere drive green\uninstall\uninstaller.exe

NOT FOUND Uninstall Process: c:\program files\acer games\polar bowler\uninstall\uninstaller.exe

NOT FOUND Uninstall Process: c:\program files\acer games\slingo deluxe\uninstall\uninstaller.exe

 

========== Registry Key ==========

DELETED Key: Mozilla Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0

DELETED Key*: SearchScopes :{1A5801B3-1C69-5163-4FEA-0CDFAB897A3A}

DELETED Key: Service: GamesAppService

DELETED Key: Service: gpsvc

DELETED Key: HKLM\Software\360Safe

 

========== Registry Value ==========

NOT FOUND RunValue: Deskmedia2

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

No Value in Standard Profile Register Key FirewallRaz :

No Value in Domain Profile Register Key FirewallRaz :

No Value in Firewall Exception Register Key (FirewallRaz)

 

========== Repertory ==========

DELETE on Reboot Folder**: C:\Program Files\WildTangent Games

NOT FOUND C:\Users\Gabriela\AppData\Local\Dados de aplicativos

NOT FOUND C:\Users\Gabriela\AppData\Local\Histórico

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== File ==========

DELETE on Reboot c:\program files\wildtangent games\app\browserintegration\registered\0\np_wtapp.dll

NOT FOUND File: c:\positivo\deskmedia\instaladorlite.exe

DELETE on Reboot c:\program files\wildtangent games\app\gamesappservice.exe

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== Task ==========

NOT FOUND Task: DealPlyUpdate

 

========== Restoration ==========

Restore System Point not created

 

 

========== Summary ==========

5 : Registry Key

10 : Registry Value

5 : Repertory

5 : File

4 : Software

1 : Task

1 : Restoration

 

 

End of clean in 00mn 32s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 23/09/2012 09:58:10 [2383]

[DigRam 144]

Bom Dia! leandro aislan

 

|- Baixe e execute este arquivo: < > <- Mirror!

 

 

|- Desinstale ZHPDiag,clicando em "ZHP_uninstall".

 

 

|- Abra a ferramenta AdwCleaner e clique em "Uninstall".

 

-/-

 

|- Seus logs estão limpos!

|- Tudo Ok?

 

Abs!

[leandro aislan 0]

Boa Noite obrigado.......

 

Tudo ok aparentemente.....

 

Muito obrigado mesmo...

 

Leandro

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.