[Resolvido] &nbspLog para analise

[Edvan 30]

# AdwCleaner v2.009 - Logfile created 11/29/2012 at 21:14:24

# Updated 24/11/2012 by Xplode

# Operating system : Windows 7 Professional (32 bits)

# User : Vania - VANIA-PC

# Boot Mode : Normal

# Running from : C:\Users\Vania\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\Users\Vania\AppData\Local\funmoods.crx

File Deleted : C:\Users\Vania\AppData\Local\funmoods-speeddial_sf.crx

File Deleted : C:\Users\Vania\AppData\Roaming\Mozilla\Firefox\Profiles\anmuve8p.default\searchplugins\Askcom.xml

File Deleted : C:\Users\Vania\AppData\Roaming\Mozilla\Firefox\Profiles\anmuve8p.default\searchplugins\funmoods.xml

File Deleted : C:\Users\Vania\AppData\Roaming\Mozilla\Firefox\Profiles\anmuve8p.default\searchplugins\yahoo-zugo.xml

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\Users\Vania\AppData\Local\APN

Folder Deleted : C:\Users\Vania\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Folder Deleted : C:\Users\Vania\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Folder Deleted : C:\Users\Vania\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\Vania\AppData\LocalLow\Funmoods

Folder Deleted : C:\Users\Vania\AppData\Roaming\Babylon

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Key Deleted : HKCU\Software\Zugo

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\Software\PIP

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16421

 

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutCtDyBzz0DtB0B0DzztAyDzzzyyBtB0AtN0D0Tzu0CtAtAtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=8400646 --> hxxp://www.google.com

 

-\\ Mozilla Firefox v16.0.2 (pt-BR)

 

Profile name : default

File : C:\Users\Vania\AppData\Roaming\Mozilla\Firefox\Profiles\anmuve8p.default\prefs.js

 

C:\Users\Vania\AppData\Roaming\Mozilla\Firefox\Profiles\anmuve8p.default\user.js ... Deleted !

 

Deleted : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=108293&tt=4812_8&babsrc=HP[...]

Deleted : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");

Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");

Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");

Deleted : user_pref("browser.startup.homepage", "hxxp://klit.startnow.com/?src=startpage&provider=&provider_na[...]

Deleted : user_pref("extensions.BabylonToolbar.admin", false);

Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.id", "042c972a0000000000001078d2bd8358");

Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15671");

Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");

Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]

Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");

Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.821:07:03");

Deleted : user_pref("extensions.funmoods.aflt", "ironpub");

Deleted : user_pref("extensions.funmoods.autoRvrt", false);

Deleted : user_pref("extensions.funmoods.cntry", "BR");

Deleted : user_pref("extensions.funmoods.cv", "cv5");

Deleted : user_pref("extensions.funmoods.dfltLng", "");

Deleted : user_pref("extensions.funmoods.dfltSrch", true);

Deleted : user_pref("extensions.funmoods.dnsErr", true);

Deleted : user_pref("extensions.funmoods.envrmnt", "production");

Deleted : user_pref("extensions.funmoods.excTlbr", false);

Deleted : user_pref("extensions.funmoods.hdrMd5", "1F08DB0D1DBFA73A2D241EFF76037050");

Deleted : user_pref("extensions.funmoods.hmpg", true);

Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2[...]

Deleted : user_pref("extensions.funmoods.id", "1078D2BD8358972A");

Deleted : user_pref("extensions.funmoods.instlDay", "15670");

Deleted : user_pref("extensions.funmoods.instlRef", "ironpub");

Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);

Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2221:9:49");

Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

Deleted : user_pref("extensions.funmoods.newTab", true);

Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=ironpub&chnl=ironpub&cd[...]

Deleted : user_pref("extensions.funmoods.prdct", "funmoods");

Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");

Deleted : user_pref("extensions.funmoods.sg", "none");

Deleted : user_pref("extensions.funmoods.smplGrp", "none");

Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");

Deleted : user_pref("extensions.funmoods.tlbrId", "base");

Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=ironpub&chnl=ironpub&[...]

Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");

Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2221:9:49");

Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");

Deleted : user_pref("extensions.funmoods_i.newTab", true);

Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");

Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2221:9:49");

Deleted : user_pref("keyword.URL", "hxxp://klit.startnow.com/s/?src=addrbar&provider=&provider_name=yahoo&prov[...]

 

-\\ Google Chrome v [unable to get version]

 

File : C:\Users\Vania\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

Deleted [l.8] : homepage = "hxxp://search.babylon.com/?affID=108293&tt=4812_8&babsrc=HP_ss&mntrId=042c972a000[...]

Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=108293&tt=4812_8&babsrc=H[...]

Deleted [l.36] : search_url = "hxxp://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_na[...]

Deleted [l.1702] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=108293&tt=4812_8&babsrc=HP_s[...]

Deleted [l.1711] : homepage = "hxxp://klit.startnow.com/?src=startpage&provider=&provider_name=yahoo&provider_code=[...]

 

*************************

 

AdwCleaner[s1].txt - [8213 octets] - [29/11/2012 21:14:24]

 

########## EOF - C:\AdwCleaner[s1].txt - [8273 octets] ##########

 

-------------------xxx--------------------------

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:20:40, on 29/11/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16455)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

 

--

End of file - 5546 bytes

 

 

OBS: Vou rodar o Malwarebytes já já posto.

[Edvan 30]

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

 

Versão da Base de Dados: v2012.11.29.11

 

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

Vania :: VANIA-PC [administrador]

 

29/11/2012 21:26:17

mbam-log-2012-11-29 (21-26-17).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 301012

Tempo decorrido: 41 minuto(s), 59 segundo(s)

 

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 1

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Enviado para a Quarentena e deletado com sucesso.

 

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 3

C:\Users\Vania\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Enviado para a Quarentena e deletado com sucesso.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Public\Desktop\MP3 Downloader.lnk (Rogue.Link) -> Enviado para a Quarentena e deletado com sucesso.

 

(fim)

[DigRam 144]

Boa Noite! Edvan

 

|- Baixe: < > ( ... de Thisisu )

 

|- Salve-o no desktop!

|- Para Windows 7,clique direto em JRT.exe e execute-o como

|- Aguarde a conclusão e poste o relatório. ( JRT.txt )

 

A+

[Edvan 30]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 3.6.8 (11.30.2012:1)

OS: Windows 7 Professional x86

Ran by Vania on 30/11/2012 at 15:39:24,35

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{98889811-442d-49dd-99d7-dc866be87dbc}

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 30/11/2012 at 15:42:13,65

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[DigRam 144]

Boa Tarde! Edvan

 

|- Baixe: < > ( ... par Nicolas Coolman )

 

|- Salve-o no desktop!

|- Desabilite seu antivírus!

|- Caso utilize o Avast,estabeleça esta configuração à SandBox.

|- Para Windows Vista ou 7,clique direito e execute o arquivo como

|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

 

 

|- Além do relatório,teremos no desktop: ZHP_uninstall, MBRCheck, ZHPDiag, ZHPFix

 

 

|- Poste e/ou cole aqui,o link que será gerado,logo após o relatório.

|- Ou acesse:

 

|- Ou acesse:

 

|- Maiores informações: < |Link| >

 

A+

[Edvan 30]

Desculpe a demora, dependo da minha irmã para acesso a maquina dela.

 

Link: http://cjoint.com/12dc/BLeadpCNDmv.htm

[DigRam 144]

Desculpe a demora, dependo da minha irmã para acesso a maquina dela.

 

Link: http://cjoint.com/12dc/BLeadpCNDmv.htm

Boa Noite! Edvan

 

|- Sua irmâ possui 2 antivírus! ( Avast e Panda )

|- Desinstale o menos estável.

 

-/-

 

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

 

 

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão no Code,para o "Bloco de Notas".

 

O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} Orphean Key     
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Orphean Key     
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Orphean Key     
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} Orphean Key     
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} Orphean Key     
O3 - Toolbar: (no name) - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (...) --  (.not file.)     

O43 - CFD: 05/12/2011 - 00:52:57 - [0] ----D C:\Users\Vania\AppData\Local\Dados de aplicativos
O43 - CFD: 05/12/2011 - 00:52:57 - [0] ----D C:\Users\Vania\AppData\Local\Histórico
O43 - CFD: 28/11/2012 - 16:12:40 - [0] ----D C:\Users\Vania\AppData\Local\Programs
O44 - LFC:[MD5.4F3DF319F2FC7C962FD8F3D3ABE9C560] - 29/11/2012 - 21:20:40 ---A- . (...) -- C:\hijackthis.log   [5547]

[HKCU\Software\Install]
[HKLM\Software\360Safe]    => Infection Diverse (Lozavita.Troj)
[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}]    => Infection BT (Toolbar.Babylon)

proxyfix
emptytemp
emptyflash
firewallraz
sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

 

|- Clique no menu,"Paste ClipBoard".

|- Clique em "GO" -> Oui.

 

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

A+

[Edvan 30]

Sua irmâ possui 2 antivírus! ( Avast e Panda )

|- Desinstale o menos estável.

 

O Panda USB and AutoRun Vaccine é para projeter contra infeções de pendriver.

 

Rapport de ZHPFix 1.3.05 par Nicolas Coolman, Update du 09/10/2012

Fichier d'export Registre :

Run by Vania at 07/12/2012 20:06:33

Windows 7 Business Edition, 32-bit (Build 7600)

Web site : http://nicolascoolman.skyrock.com/

 

 

 

========== Registry Key ==========

DELETED Key: CLSID BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}

DELETED Key: CLSID BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

DELETED Key: CLSID BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

DELETED Key: CLSID BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6}

DELETED Key: CLSID BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9}

DELETED Key: HKCU\Software\Install

DELETED Key: HKLM\Software\360Safe

DELETED Key: HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}

 

========== Registry Value ==========

DELETED Toolbar: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

No Value in Standard Profile Register Key FirewallRaz :

No Value in Domain Profile Register Key FirewallRaz :

 

========== Repertory ==========

NOT FOUND C:\Users\Vania\AppData\Local\Dados de aplicativos

NOT FOUND C:\Users\Vania\AppData\Local\Histórico

DELETED Folder: C:\Users\Vania\AppData\Local\Programs

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== File ==========

DELETED File: c:\hijackthis.log

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== Restoration ==========

Restore System Point created succefully

 

 

========== Summary ==========

8 : Registry Key

9 : Registry Value

5 : Repertory

3 : File

1 : Restoration

 

 

End of clean in 00mn 19s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 07/12/2012 20:06:34 [1762]

[DigRam 144]

Boa Noite! Edvan

 

 

|- Abra a ferramenta AdwCleaner e clique em "Uninstall".

|- Confirme a solicitação!

 

-/-

 

 

|- Desinstale ZHPDiag,clicando em "ZHP_uninstall".

 

-/-

 

|- Como está o computador? Tudo Ok?

 

A+

[Edvan 30]

tudo ok amigo, mais uma vez obrigado. :thumbsup:

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.