Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Fybc

[Arquivado] Ao tentar criar pastas, o processo trava + Explorer.e

Recommended Posts

Olá pessoal

 

estou com problemas que imagino ser fruto de algum malware. Ao tentar criar uma NOVA PASTA em alguns diretórios em meu PC, o processo trava. Bem como, ao tentar desligar o windows o explorer.exe deixa de responder TODAS AS VEZES. De vez em quando (ontem por exemplo), o kaspersky acusa alguns processos normais como trojans. (detalhe: é meu pc de trabalho na empresa)

 

segue abaixo meu log, apos fazer uma varredura com Malwarebytes' Anti-Malware. E agradeço de já qualquer ajuda:

 

Logfile of HijackThis v1.99.1
Scan saved at 14:48:51, on 25/2/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Arquivos de programas\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Java\jre7\bin\jqs.exe
C:\Arquivos de programas\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Arquivos de programas\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\notepad.exe
D:\programas\Adobe Photoshop CS3\Photoshop.exe
C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://172.16.0.22:8080/intranet
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Arquivos de programas\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O1 - Hosts: 172.16.0.207 desenv.medimagem.com.br
O1 - Hosts: 172.16.0.207 desenv.cms.com.br
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\PROGRAMS\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKLM\..\Run: [bCU] "C:\Arquivos de programas\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll
O11 - Options group: [iNTERNATIONAL] International
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.samsungsetup.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = medplan.local
O17 - HKLM\Software\..\Telephony: DomainName = medplan.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = medplan.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~1.0FO\adialhk.dll
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" -r (file missing)
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Arquivos de programas\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: gupdate - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre7\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre7\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Arquivos de programas\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Fybc

|- Baixe: < AdwCleaner_Logo2_zps580bcd78.jpg > ( ... par Xplode )

|- Ao acessar,clique na imagem: < AdwCleaner_Tlcharger.jpg >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como Executar_Administrador.jpg

advz4z8Y.jpg

|- Ps: Dê início ao scan,clicando em "Examinar".
|- Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
|- Copie o log ou clique "Relatório".
|- Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa, muito obrigado pelo retorno DigRam

 

fiz o que recomendastes. Segue o Log:

 

# AdwCleaner v3.020 - Relatório criado 28/02/2014 às 07:49:15
# Atualizado 27/02/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : fcarvalho - PORTAL001
# Executando de : C:\Documents and Settings\fcarvalho.MEDWIN\Desktop\adwcleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
[#] Serviço Deletada : BCUService
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess
Pasta Deletada : C:\Arquivos de programas\DeviceVM
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Chave Deletedo : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [bCU]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Valor Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [D:\PROGRAMS\Orbitdownloader\orbitnet.exe]
Valor Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\PROGRAMS\Orbitdownloader\orbitdm.exe]
Valor Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\PROGRAMS\Orbitdownloader\orbitnet.exe]
Chave Deletedo : HKCU\Software\DeviceVM
Chave Deletedo : HKCU\Software\Orbit
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\DeviceVM
Chave Deletedo : HKLM\Software\Orbit
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Orbit_is1
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Navegadores ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v24.0 (pt-BR)
[ Arquivo : C:\Documents and Settings\fcarvalho.MEDWIN\Dados de aplicativos\Mozilla\Firefox\Profiles\9ufo2kjm.default\prefs.js ]
-\\ Google Chrome v33.0.1750.117
[ Arquivo : C:\Documents and Settings\fcarvalho.MEDWIN\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3933 octets] - [28/02/2014 07:48:20]
AdwCleaner[s0].txt - [3797 octets] - [28/02/2014 07:49:15]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3857 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Fybc

|- Baixe: < 1268r49.png > ( ... by Oleg N. Scherbakov )
|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,clique direito em JRT.exe e execute-o ... Executar_Administrador.jpg
|- Aguarde a conclusão e poste o relatório. ( JRT.txt )

-/-

|- Baixe: < ZHPDiag2.exe > < NicolasCoolman.jpg > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

ZHPDiag_Pergaminho2_zps6e758639.jpg

|- Execute o ícone do pergaminho. ( ZHPDiag )

ZHPDiag_Pesquisar_zps3acb0f25.jpg

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!

zhpdia11.png

|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Se o log for extenso,envie-o à Pjjoint.malekal.

|- Ou acesse: < Cjoint_Logo.jpg >

|- Maiores informações: < |Link| >

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ola DigRam

 

mais uma vez, muito obrigado por responder.

temos um problema nessa etapa: no meu trabalho, não tenho a permissão administrativa de desabilitar o Kaspersky.

O que faço?

abraço!

Compartilhar este post


Link para o post
Compartilhar em outros sites

la vai, sem desibilitar:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by fcarvalho on qui 06/03/2014 at 11:57:36,65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on qui 06/03/2014 at 12:02:11,42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ Relatório do ZHPDiag v2014.3.2.6 - Nicolas Coolman (3/3/2014)
~ Iniciado por fcarvalho (6/3/2014 16:05:30)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : http://nicolascoolman.webs.com/apps/links/
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found
---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 24.0
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
---\\ Softwares de proteçao do sistema
Kaspersky Anti-Virus 6.0 for Windows Workstations v6.0.3.837
Malwarebytes Anti-Malware versão 1.75.0.1300
---\\ Softwares d'optimização do sistema
CCleaner v3.24 =>Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 21
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3062 MB (23% free)
System Restore: Activé (Enable)
System drive C: has 69 GB (70%) free of 98 GB
---\\ Modo de conexão ao sistema
~ Computer Name: PORTAL001
~ User Name: fcarvalho
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\fcarvalho.MEDWIN\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\fcarvalho.MEDWIN\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\fcarvalho.MEDWIN\Desktop\
~ %Favorites% : C:\Documents and Settings\fcarvalho.MEDWIN\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\fcarvalho.MEDWIN\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\fcarvalho.MEDWIN\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 69 Go of 98 Go)
D: Hard drive, Flash drive, Thumb drive (Free 786 Go of 834 Go)
E: CD-ROM drive (Not Inserted)
T: Floppy drive, Flash card reader, USB Key (Not Inserted)
V: Floppy drive, Flash card reader, USB Key (Not Inserted)
Y: Floppy drive, Flash card reader, USB Key (Not Inserted)
Z: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 40 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/4/2008 - 19:21:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.6CE32F7778061CCC5814D5E0F282D369] - (.Microsoft Corporation - Internet Extensions for Win32.) (.8/3/2009 - 04:34:58.) -- C:\WINDOWS\system32\wininet.dll [914944]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/4/2008 - 19:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.322D0E36693D6E24A2398BEE62A268CD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/4/2008 - 12:19:24.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138112]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/4/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/4/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/4/2008 - 18:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/4/2008 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/4/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/4/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/4/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.68755F0FF16070178B54674FE5B847B0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/4/2008 - 12:17:02.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456576]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/4/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/4/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.13/4/2008 - 19:02:26.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/4/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 18:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/4/2008 - 18:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/29
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/395
~ Mes Documents (My Documents) : 2/2371
~ Mon Bureau (My Desktop) : 0/53
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 03s
---\\ Processos lançados
[MD5.201BCF8550512C105BAC78E9FA401260] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Arquivos de programas\GbPlugin\GbpSv.exe [452136] [PID.1608]
[MD5.FDE5FAE31394A586F9CCC7300B6AD681] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [643072] [PID.1644]
[MD5.1643BBD933C046D5BBAEDD0A2A8F387C] - (.Kaspersky Lab - Kaspersky Anti-Virus.) -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe [231952] [PID.944]
[MD5.73686FE0B2E0469F89FD2075BE724704] - (.Apple Computer, Inc. - Bonjour Service.) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe [229376] [PID.984]
[MD5.5739F2821D49975CEDE6BF0153D0CF01] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe [181664] [PID.1128]
[MD5.D7E0BED3EA21D7BDDD410ADE51708D90] - (.Intel Corporation - Local Manageability Service.) -- C:\Arquivos de programas\Intel\Intel® Management Engine Components\LMS\LMS.exe [325656] [PID.1744]
[MD5.A678E5DDD974903DD71F503BDCACA218] - (.Intel Corporation - User Notification Service.) -- C:\Arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe [2656280] [PID.1912]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2432]
[MD5.E1B94448E933F7D98DA10129CF010E91] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [19972712] [PID.440]
[MD5.38D198A2DD54A67120040566A38103BA] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [31016] [PID.1728]
[MD5.15A1A88D97D440C735058CCF3F74A6EE] - (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe [94208] [PID.676]
[MD5.E7704CBF568815C1CAA6E513387BD3F2] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [65536] [PID.2364]
[MD5.CCE5D71F19AB70D969F9819B5C88438D] - (.ATI Technologies Inc. - Catalyst Control Center: Host application.) -- C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe [65536] [PID.3256]
[MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Arquivos de programas\Skype\Phone\Skype.exe [20584608] [PID.1012]
[MD5.183F44EAE82B426778D0C8F7FCE50821] - (.Adobe Systems, Incorporated - Adobe Photoshop CS3.) -- D:\programas\Adobe Photoshop CS3\Photoshop.exe [44814336] [PID.2680]
[MD5.227846995AFEEFA70D328BF5334A86A5] - (.Macrovision Europe Ltd. - Activation Licensing Service.) -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848] [PID.5040]
[MD5.026C4CA19FAE1F84894A99735B15AACA] - (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe [859464] [PID.5076]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe [638816] [PID.5828]
[MD5.66EA3B698F9A7EA2DBF0E4B246B6C958] - (.Nicolas Coolman - ZHPDiag.) -- D:\PROGRAMS\ZHPDiag\ZHPDiag.exe [8349696] [PID.2768]
~ Processes Running: Scanned in 00mn 01s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\fcarvalho.MEDWIN\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_abn.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\fcarvalho.MEDWIN\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://172.16.0.22:8080/intranet
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
O1 - Hosts: 172.16.0.207 desenv.medimagem.com.br
O1 - Hosts: 172.16.0.207 desenv.cms.com.br
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll
~ BHO: 12 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKCU]{710EB7A1-45ED-11D0-924A-0020AFC7AC4D} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [AllUsers]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
~ Global Startup: 1 Legitimates Filtered in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [startCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab - Kaspersky Anti-Virus.) -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O4 - HKLM\..\Run: [MSConfig] . (.Microsoft Corporation - Utilitário de configuração do sistema.) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1305094879-4204437982-2263759875-1584\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-1305094879-4204437982-2263759875-1584\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} . (.Kaspersky Lab - Script Monitor Internet Explorer plugin.) -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.samsungsetup.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2DE00A7-63A0-48D9-8A98-A9CA389EB9D5}: DhcpNameServer = 172.16.0.2 172.16.0.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2DE00A7-63A0-48D9-8A98-A9CA389EB9D5}: DhcpDomain = medplan.int
O17 - HKLM\System\CS1\Services\Tcpip\..\{C2DE00A7-63A0-48D9-8A98-A9CA389EB9D5}: DhcpNameServer = 172.16.0.2 172.16.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{C2DE00A7-63A0-48D9-8A98-A9CA389EB9D5}: DhcpDomain = medplan.int
O17 - HKLM\System\CS3\Services\Tcpip\..\{C2DE00A7-63A0-48D9-8A98-A9CA389EB9D5}: DhcpNameServer = 172.16.0.2 172.16.0.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{C2DE00A7-63A0-48D9-8A98-A9CA389EB9D5}: DhcpDomain = medplan.int
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = medplan.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.2 172.16.0.254
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: klogon . (.Kaspersky Lab - Logon Visualizer.) -- C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Kaspersky Lab - kldialhk.) - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\adialhk.dll
~ AppInit DLL: Scanned in 00mn 00s
---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Arquivos de programas\GbPlugin\GbpSv.exe
O23 - Service: Intel® Management and Security Application User Notificat (UNS) . (.Intel Corporation - User Notification Service.) - C:\Arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe
~ Services: 9 Legitimates Filtered in 00mn 07s
---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\fcarvalho.MEDWIN\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\fcarvalho.MEDWIN\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (autocheck autochk * ) - File not found
~ BEX: 1 Legitimates Filtered in 00mn 00s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (InCDPass) . (. - .) - C:\WINDOWS\system32\drivers\InCDPass.sys (.not file.)
O41 - Driver: (InCDRm) . (. - .) - C:\WINDOWS\system32\drivers\InCDRm.sys (.not file.)
~ Drivers: 66 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: Módulo de Proteção Banco Santander (Brasil) S.A. - (...) [HKLM] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1
O42 - Logiciel: Planilha Investimento Industrial, Agroindustrial, Comercial e Serviços - (.Banco do Nordeste do Brasil.) [HKLM] -- Planilha Investimento Industrial, Agroindustrial, Comercial e Serviços
O42 - Logiciel: Planilha Investimento Industrial, Agroindustrial, Comercial e Serviços - (.Banco do Nordeste do Brasil.) [HKLM] -- {95EEC3DD-98B1-402D-8984-A1D429A7F469}
O42 - Logiciel: Plano de Negócio - (.SEBRAE.) [HKLM] -- {D233EC4A-EF4B-4CCA-AE37-7994A3E1A483}
O42 - Logiciel: Voice Editing Standard - (...) [HKLM] -- {EC398162-CB7C-4FC8-9DF9-6DB43B9DD6A5}
~ Logic: 8 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKLM\Software\AutoHelpDesk]
~ Key Software: 215 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/1/2014 - 07:59:44 - [74,601] ----D C:\Arquivos de programas\GUMD.tmp
O43 - CFD: 27/9/2012 - 14:28:20 - [0,001] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 27/9/2012 - 14:27:37 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 31/7/2013 - 10:58:18 - [5,640] --H-D C:\Documents and Settings\All Users\Dados de aplicativos\{C967C837-A256-442F-8AC4-F25622F7B509}
O43 - CFD: 22/1/2014 - 07:32:37 - [0,015] R---D C:\Documents and Settings\fcarvalho.MEDWIN\Menu Iniciar\Programas\Acessórios
O43 - CFD: 6/3/2014 - 07:28:08 - [0] R---D C:\Documents and Settings\fcarvalho.MEDWIN\Menu Iniciar\Programas\Inicializar
~ Program Folder: 127 Legitimates Filtered in 00mn 32s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.EE86268E59E4B38961E7C40D16BE5BB4] - 25/2/2014 - 14:43:36 ---A- . (.Soeperman Enterprises Ltd. - HijackThis.) -- C:\HijackThis.exe [218112]
O44 - LFC:[MD5.388E5A402CE396385BDE6D329B6ECCD4] - 25/2/2014 - 14:48:51 ---A- . (...) -- C:\hijackthis.log [11110]
O44 - LFC:[MD5.9E86CE78756613E18962344F11A9036D] - 26/2/2014 - 10:05:13 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [664]
O44 - LFC:[MD5.6C43A9340572F456A1A8D09AB6B5D6FC] - 6/3/2014 - 07:24:01 ---A- . (...) -- C:\WINDOWS\wiaservc.log [48]
O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 6/3/2014 - 07:28:09 ---A- . (...) -- C:\WINDOWS\system.ini [227]
O44 - LFC:[MD5.EE9D8B7FAD6E066F255E7598D3CB25F4] - 6/3/2014 - 07:28:09 ---A- . (...) -- C:\WINDOWS\win.ini [552]
O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 6/3/2014 - 11:59:20 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\WINDOWS\system32\Drivers\gbpndisrd.sys [31088]
O44 - LFC:[MD5.7CF7B4A3DD7D55D37A5A85AAC957CF60] - 6/3/2014 - 14:05:03 ---A- . (...) -- C:\WINDOWS\wiadebug.log [401]
~ Files: 17 Legitimates Filtered in 00mn 04s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [Enabled] .(.Google.) -- C:\Arquivos de programas\Google\Google Talk\googletalk.exe
~ Keys Export: 25 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{59abdbcf-93d1-11e3-9f00-dcb1228724ce}\AutoRun\command. (...) -- F:\sources\SetupError.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\BCU [Key] . (...) -- C:\Arquivos de programas\DeviceVM\Browser Configuration Utility\BCU.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Viber [Key] . (...) -- C:\Documents and Settings\fcarvalho\Configurações locais\Dados de aplicativos\Viber\Viber.exe (.not file.)
~ SMSR Keys: 10 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.DA6675E1400D58412C93180F8651A9FB] - 28/10/2001 - 15:06:30 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.8F866DF9A974BFFDCB2001D303BC0695] - 8/5/2013 - 10:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\WINDOWS\system32\Drivers\gbpkm.sys [49536]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 6/3/2014 - 11:59:20 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\WINDOWS\system32\Drivers\gbpndisrd.sys [31088]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 13/4/2008 - 09:36:06 ----- . (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.16E441DC4DAF703FB0B0FE474830FF53] - 2/10/2001 - 07:37:40 ---A- . (.lecs Inc. - Aaudio.) -- C:\WINDOWS\system32\Drivers\IcRecUsb.sys [17432]
O58 - SDL:[MD5.C53775780148884AC87C455489A0C070] - 13/4/2008 - 11:23:42 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\mtlmnt5.sys [126686]
O58 - SDL:[MD5.54886A652BF5685192141DF304E923FD] - 13/4/2008 - 11:23:40 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\mtlstrm.sys [1309184]
O58 - SDL:[MD5.6DDA78A0BE692B61B668FAB860F276CF] - 13/4/2008 - 09:34:28 ----- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\Drivers\mtxparhm.sys [452736]
O58 - SDL:[MD5.576B34CEAE5B7E5D9FD2775E93B3DB53] - 13/4/2008 - 11:23:42 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\ntmtlfax.sys [180360]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 28/10/2001 - 15:07:22 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.E9AAA0092D74A9D371659C4C38882E12] - 13/4/2008 - 11:23:44 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\recagent.sys [13776]
O58 - SDL:[MD5.D9673011648A71ED1E1F77B831BC85E6] - 13/4/2008 - 11:23:44 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slnt7554.sys [129535]
O58 - SDL:[MD5.2C1779C0FEB1F4A6033600305EBA623A] - 13/4/2008 - 11:23:46 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slntamr.sys [404990]
O58 - SDL:[MD5.F9B8E30E82EE95CF3E1D3E495599B99C] - 13/4/2008 - 11:23:48 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slnthal.sys [95424]
O58 - SDL:[MD5.DB56BB2C55723815CF549D7FC50CFCEB] - 13/4/2008 - 11:23:48 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys [13240]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 28/10/2001 - 15:06:30 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 28/10/2001 - 15:06:08 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 28/10/2001 - 15:06:16 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.912150FE88E79AFEE0BB72216FAB2617] - 28/10/2001 - 15:06:36 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 28/10/2001 - 15:06:40 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 3/8/2004 - 22:46:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.19D4F0DAD3F393C13DE7F849ADE72EFE] - 28/10/2001 - 15:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 28/10/2001 - 15:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 28/10/2001 - 15:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 28/10/2001 - 15:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 28/10/2001 - 15:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.86BB7AF2533B342B8E274590AD2190FA] - 3/8/2004 - 22:45:20 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 3/8/2004 - 22:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 3/8/2004 - 22:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 3/8/2004 - 22:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 3/8/2004 - 22:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 7 Legitimates Filtered in 00mn 06s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: HijackThis 1.99.1 - (.Soeperman Enterprises Ltd..) [HKLM] -- HijackThis
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 28/2/2006 - C:\Arquivos de programas\Bonjour\mDNSResponder.exe (Bonjour Service) .(.Apple Computer, Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE
O64 - Services: CurCS - 8/5/2013 - C:\WINDOWS\system32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 8/10/2013 - C:\Arquivos de programas\GbPlugin\GbpSv.exe (GbpSv) .(.GAS Tecnologia - G-Buster Browser Defense - Service.) - LEGACY_GBPSV
~ Legacy: 116 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <Google Chrome.5GOMECMWEGW4ZK4QL74PEDXPL4> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <Google Chrome.JDKZK5XNKCOPYT2XU2MEKLJXZY> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <Google Chrome.X6ENHUU5PXBP7TWAGBJWTAX6V4> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\fcarvalho\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {05402AB2-DCA2-4ffa-B893-BAC7BBA33F6B} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {E41AA1F3-4877-46e5-B956-3386E9873E92} [DefaultScope] - (Yahoo) - http://br.search.yahoo.com
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8F0E8A5803C17EF5BB1059A0E3C1864F] [sPRF][22/1/2014] (...) -- C:\Documents and Settings\fcarvalho.MEDWIN\Dados de aplicativos\unins000.dat [19986]
[MD5.AD6E810B9CE3D8C0C1FF0203C68C6FA6] [sPRF][22/1/2014] (.No owner - Setup/Uninstall.) -- C:\Documents and Settings\fcarvalho.MEDWIN\Dados de aplicativos\unins000.exe [720082]
[MD5.D911A2E56CE60B646F6316DDFEC5AD11] [sPRF][21/2/2014] (...) -- C:\Documents and Settings\fcarvalho.MEDWIN\Dados de aplicativos\unins001.dat [15570]
[MD5.CD23C4ABA6442E1DD7579C829FFFD5AB] [sPRF][21/2/2014] (.No owner - Setup/Uninstall.) -- C:\Documents and Settings\fcarvalho.MEDWIN\Dados de aplicativos\unins001.exe [720594]
~ Files: 5 Legitimates Filtered in 00mn 00s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "A4CE332DB4FEACC4EA7397493A1E4A38" . (.Plano de Negócio.) -- C:\WINDOWS\Installer\{D233EC4A-EF4B-4CCA-AE37-7994A3E1A483}\_853F67D554F05449430E7E.exe
~ Update Products: 120 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.CDCE01014A8A174F6D6453BCB8A94BCB] [WIS][2/10/2012] (.Twitter, Inc. - TweetDeck Setup.) -- C:\Windows\Installer\16ccfc.msi [986624]
[MD5.0F53C096525A45D4632382AAC3A326AC] [WIS][13/6/2013] (.CustomerResearchQFolder - CustomerResearchQFolder.) -- C:\Windows\Installer\2164ab5.msi [121344]
[MD5.38BD02F30D7CF9203DC3D2E8C8B60676] [WIS][9/12/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\355e49.msi [1634304]
[MD5.613839B0B5209A52FF11BD91B11A73AD] [WIS][27/9/2012] (.Nome de sua empresa: - TextPad.) -- C:\Windows\Installer\abc31.msi [373248]
[MD5.487B1A510A1A8555ACC9C2B9BF030F92] [WIS][31/7/2013] (.Banco do Nordeste do Brasil - Planilha Investimento Industrial, Agroindustrial, Comercial e S.) -- C:\Windows\Installer\bc27be.msi [263680]
~ WIS: 123 Legitimates Filtered in 00mn 10s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 22/1/2014 116648 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 22/1/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 4/4/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 28/10/2013 118680 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 5/9/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Arquivos de programas\Skype\Updater\Updater.exe
SR - | Auto 24/5/2011 643072 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe
SR - | Auto 2/10/2012 231952 | (AVP) . (.Kaspersky Lab.) - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
SR - | Auto 28/2/2006 229376 | (Bonjour Service) . (.Apple Computer, Inc..) - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
SR - | Demand 2/10/2012 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SR - | Auto 8/10/2013 452136 | (GbpSv) . (.GAS Tecnologia.) - C:\Arquivos de programas\GbPlugin\GbpSv.exe
SR - | Auto 4/4/2013 181664 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SR - | Auto 22/12/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Arquivos de programas\Intel\Intel® Management Engine Components\LMS\LMS.exe
SR - | Auto 13/4/2008 14336 | C:\WINDOWS\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\system32\svchost.exe
SR - | Auto 13/4/2008 14336 | C:\WINDOWS\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\system32\svchost.exe
SR - | Auto 22/12/2010 2656280 | (UNS) . (.Intel Corporation.) - C:\Arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe
~ Services: Scanned in 00mn 11s
---\\ Scâner Aditional (088)
Database Version : 13031 - (3/3/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 253021 Items scanned in 00mn 14s
~ 846 Legitimates filtered by white list
End of the scan (533 lines in 01mn 33s)(0)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Fybc

|- Seus logs estão limpos!

-/-

|- Baixe: |DelFix| ( ... de Xplode )

DelFix_SetaVerde.jpg

|- Estando na página,clique na seta verde para o download.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.

abcgIEZi.jpg

|- Execute-a!
|- Com a checkbox marcada! ( Remove disinfection tools )
|- Clique "Run".
|- Tudo Ok?

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites
# DelFix v10.6 - Logfile created 11/03/2014 at 07:37:15

# Updated 11/11/2013 by Xplode

# Username : fcarvalho - PORTAL001

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)


~ Removing disinfection tools ...


Deleted : C:\AdwCleaner

Deleted : C:\Documents and Settings\fcarvalho.MEDWIN\Dados de aplicativos\ZHP

Deleted : C:\HijackThis.exe

Deleted : C:\hijackthis.log

Deleted : C:\Documents and Settings\fcarvalho.MEDWIN\Desktop\JRT.exe

Deleted : C:\Documents and Settings\fcarvalho.MEDWIN\Desktop\JRT.txt

Deleted : C:\Documents and Settings\fcarvalho.MEDWIN\Desktop\ZHPDiag.txt

Deleted : C:\Documents and Settings\fcarvalho.MEDWIN\Meus documentos\Downloads\adwcleaner.exe

Deleted : HKLM\SOFTWARE\AdwCleaner

Deleted : HKLM\SOFTWARE\Soeperman Enterprises Ltd.

Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hijackthis

Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe


########## - EOF - ##########



Ok, muito obrigado DigRam.

A respeito do explorer.exe e dos travamentos ao tentar criar novas pastas não tem jeito mesmo né?

abç

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Fybc

A respeito do explorer.exe e dos travamentos ao tentar criar novas pastas não tem jeito mesmo né?

|- Utilize estas duas ferramentas,logo abaixo.

-/-

|- Baixe: < UsbFix > ( ...de C_XX & El Desaparecido )

 

|- Clique download-button-jdownloads.png

|- Salve-o no desktop!
|- Siga com sua instalação.
|- Execute o arquivo UsbFix.exe,com um duplo clique.

UsbFix_Supprssion.jpg

|- Escolha a opção "Suppression" ou "Delete".
|- Aguarde a conclusão e poste o relatório. ( C:\UsbFix.txt )

-/-

|- Baixe: < Pre_Scan > ( ... par g3n-h@ckm@n & Saachaa )
|- Role a página e clique: Télécharger Pre_Scan ( Winlogon.exe )
|- Salve-o no desktop! < images_2.jpg ( winlogon ) >
|- Ps: A ferramenta virá renomeada como "winlogon.exe".
|- Desabilite seu antivírus,antispyware,sandbox e/ou firewall.
|- Feche o navegador programas que estejam abertos e execute a ferramenta!

< acqtsq8m.jpg >

|- Duplo-clique em Pre_scan.exe ou winlogon.exe.

Pre_Scan.png

|- Clique: Scan|Kill
|- Ps: Durante o scan,sua área de trabalho irá desaparecer e janelas pretas irão surgir na tela.
|- Isso é normal e faz parte do funcionamento da ferramenta.

Pre_Scan_Kill.jpg

|- Encontrando infecções,pode ocorrer reinicialização e aparecer essa tela,logo àcima.
|- Poderá haver reboot e prosseguimento do scan. << Aguarde!
|- Poste,ao concluir,o relatório! ( Pre_Scan.txt )

|- Para enviar,acesse!: Cjoint_Logo.jpg

|- Ou...1fichier.com

|- Ou...myfile.tk

Abs!

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

############################## | UsbFix V 7.167 | [supressão]


Usuário: fcarvalho (Administrador) # PORTAL001

Atualizado em 13/03/2014 por El Desaparecido - Team SosVirus

Começou em 09:38:02 | 14/03/2014








PC: Foxconn (H61MXV/-LE/H67MXV )

CPU: Processador Intel Pentium III Xeon

RAM -> [Total : 3062 Mo| Free : 2262 Mo]

Bios: American Megatrends Inc.

Boot: Normal boot


OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) Service Pack 3

WB: Windows Internet Explorer : 8.0.6001.18702

WB: Google Chrome : 33.0.1750.146

WB: Mozilla Firefox : 24.0


SC: Security Center [Enabled]

WU: Windows Update [Enabled]


FW: Windows FireWall [Enabled]


C:\ (%systemdrive%) -> Disco fixo # 98 Gb (70 Mb livre - 71%) [] # NTFS

D:\ -> Disco fixo # 834 Gb (786 Mb livre - 94%) [] # NTFS

E:\ -> CD-ROM


################## | Processos Ativos |


C:\WINDOWS\System32\smss.exe (ID: 1248 |ParentID: 4)

C:\WINDOWS\system32\csrss.exe (ID: 1348 |ParentID: 1248)

C:\WINDOWS\system32\winlogon.exe (ID: 1388 |ParentID: 1248)

C:\WINDOWS\system32\services.exe (ID: 1432 |ParentID: 1388)

C:\WINDOWS\system32\lsass.exe (ID: 1444 |ParentID: 1388)

C:\ARQUIV~1\GbPlugin\GbpSv.exe (ID: 1628 |ParentID: 1432)

C:\WINDOWS\system32\Ati2evxx.exe (ID: 1656 |ParentID: 1432)

C:\WINDOWS\system32\svchost.exe (ID: 1680 |ParentID: 1432)

C:\WINDOWS\system32\svchost.exe (ID: 1988 |ParentID: 1432)

C:\WINDOWS\System32\svchost.exe (ID: 236 |ParentID: 1432)

C:\WINDOWS\system32\svchost.exe (ID: 404 |ParentID: 1432)

C:\WINDOWS\system32\Ati2evxx.exe (ID: 628 |ParentID: 1388)

C:\WINDOWS\system32\svchost.exe (ID: 664 |ParentID: 1432)

C:\WINDOWS\system32\spoolsv.exe (ID: 836 |ParentID: 1432)

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (ID: 976 |ParentID: 1432)

C:\Arquivos de programas\Bonjour\mDNSResponder.exe (ID: 996 |ParentID: 1432)

C:\Arquivos de programas\Java\jre7\bin\jqs.exe (ID: 1224 |ParentID: 1432)

C:\Arquivos de programas\Intel\Intel® Management Engine Components\LMS\LMS.exe (ID: 1864 |ParentID: 1432)

C:\WINDOWS\System32\svchost.exe (ID: 2040 |ParentID: 1432)

C:\WINDOWS\System32\svchost.exe (ID: 216 |ParentID: 1432)

C:\Arquivos de programas\Skype\Updater\Updater.exe (ID: 392 |ParentID: 1432)

C:\WINDOWS\system32\svchost.exe (ID: 136 |ParentID: 1432)

C:\Arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe (ID: 368 |ParentID: 1432)

C:\WINDOWS\system32\wbem\wmiapsrv.exe (ID: 1708 |ParentID: 1432)

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (ID: 1920 |ParentID: 976)

C:\WINDOWS\System32\alg.exe (ID: 2084 |ParentID: 1432)

C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 2100 |ParentID: 1680)

C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 2376 |ParentID: 1680)

C:\WINDOWS\system32\userinit.exe (ID: 2816 |ParentID: 1388)

C:\WINDOWS\Explorer.EXE (ID: 3072 |ParentID: 2952)


################## | Regedit Run |


F2 - HKLM\..\Winlogon : [shell] Explorer.exe

F2 - [64bit] HKLM\..\Winlogon : [shell] Explorer.exe

F2 - HKLM\..\Winlogon : [userinit] C:\WINDOWS\system32\userinit.exe,

F2 - [64bit] HKLM\..\Winlogon : [userinit] C:\WINDOWS\system32\userinit.exe,

04 - HKCU\..\Run : [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

04 - HKCU\..\Run : [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

04 - HKLM\..\Run : [RTHDCPL] RTHDCPL.EXE

04 - HKLM\..\Run : [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

04 - HKLM\..\Run : [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

04 - HKLM\..\Run : [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"

04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\Run : []

04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\RunOnce : []

04 - HKU\S-1-5-21-1305094879-4204437982-2263759875-1584\..\Run : [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

04 - HKU\S-1-5-21-1305094879-4204437982-2263759875-1584\..\Run : [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


################## | Procura genérica |



(!) Ficheiros temporários suprimido.


################## | Registro |


Reparado ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1

Reparado ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5

Supprimido ! HKU\S-1-5-21-1305094879-4204437982-2263759875-1584\Software\.\.\.\.\Mountpoints2\{59abdbcf-93d1-11e3-9f00-dcb1228724ce}


################## | Listing |


[27/09/2012 - 15:49:43 | D] - C:\7bdd47f1ed6a90d6bf5ee8e1

[28/02/2014 - 07:49:18 | D] - C:\Arquivos de programas

[27/09/2012 - 14:29:02 | A | 0 Ko] - C:\AUTOEXEC.BAT

[06/03/2014 - 07:28:09 | SH | 0 Ko] - C:\boot.ini

[28/10/2001 - 15:06:10 | N | 5 Ko] - C:\Bootfont.bin

[27/01/2014 - 07:55:49 | D] - C:\Config.Msi

[27/09/2012 - 14:29:02 | N | 0 Ko] - C:\CONFIG.SYS

[11/03/2014 - 07:37:18 | N | 1 Ko | 38FECB088A2C3ABA87E8C32DAC2355DB] - C:\DelFix.txt

[06/03/2014 - 16:05:36 | N | 0 Ko] - C:\Documents

[22/01/2014 - 07:39:43 | D] - C:\Documents and Settings

[25/10/2012 - 07:32:51 | N | 29096 Ko] - C:\ent suyane.wav

[06/11/2012 - 10:21:42 | N | 7928 Ko] - C:\Hallan Suplementação.MP3

[27/09/2012 - 15:52:14 | D] - C:\Intel

[27/09/2012 - 14:29:02 | RASH | 0 Ko] - C:\IO.SYS

[08/02/2013 - 09:00:24 | N | 10178 Ko] - C:\Janua J.wav

[25/02/2013 - 09:53:27 | N | 145447 Ko] - C:\Jorginho M.wav

[27/09/2012 - 14:29:02 | RASH | 0 Ko] - C:\MSDOS.SYS

[27/09/2012 - 17:10:15 | RHD] - C:\MSOCache

[03/08/2004 - 22:38:34 | N | 46 Ko | B2DE3452DE03674C6CEC68B8C8CE7C78] - C:\NTDETECT.COM

[27/09/2012 - 15:08:23 | RASH | 246 Ko] - C:\ntldr

[14/03/2014 - 09:37:31 | ASH | 2095104 Ko] - C:\pagefile.sys

[22/01/2014 - 07:57:45 | SHD] - C:\RECYCLER

[02/10/2012 - 16:31:50 | D] - C:\SD_VOICE

[27/09/2012 - 14:38:46 | SHD] - C:\System Volume Information

[14/03/2014 - 09:35:09 | D] - C:\UsbFix

[14/03/2014 - 09:38:45 | A | 6 Ko | 6D7BE04F880464677BBF89CBBD586BB1] - C:\UsbFix [Clean 2] PORTAL001.txt

[12/03/2014 - 09:29:06 | D] - C:\WINDOWS

[03/12/2012 - 17:30:14 | D] - D:\2salao

[03/12/2013 - 08:14:57 | D] - D:\3salao

[03/12/2013 - 08:14:34 | D] - D:\4salao

[29/01/2014 - 07:58:56 | D] - D:\5salao

[11/03/2014 - 10:02:20 | D] - D:\6salao

[04/02/2014 - 12:48:00 | N | 5473 Ko] - D:\A importância de manter o foco!.wmv

[13/03/2014 - 07:38:41 | D] - D:\ADMIN

[29/07/2013 - 11:12:32 | D] - D:\AGENCIA

[31/01/2014 - 17:53:21 | D] - D:\artes

[22/03/2013 - 11:21:07 | D] - D:\COMPARTILHAR

[02/10/2012 - 16:16:55 | D] - D:\Config.Msi

[11/10/2013 - 07:46:17 | N | 0 Ko | 4434DC5381DC284A89C6B64159BE2700] - D:\CorelDRAW Graphics Suite X5 - CODIGOS ATIVACAO.txt

[12/03/2014 - 08:48:42 | D] - D:\DESK

[25/02/2014 - 11:52:43 | D] - D:\desktop

[28/10/2013 - 11:40:15 | D] - D:\down

[24/01/2014 - 18:01:52 | D] - D:\Downloads

[04/06/2013 - 08:26:00 | D] - D:\e6b7ab044593f797ad83c31141a7af

[08/11/2013 - 18:34:16 | N | 435 Ko] - D:\edital lei a tito filho.pdf

[28/09/2012 - 10:23:30 | N | 248 Ko] - D:\favoritos_28_09_12.html

[30/05/2013 - 14:01:26 | N | 16534 Ko] - D:\FULL BANNER.cdr

[10/06/2013 - 17:08:12 | N | 79672 Ko] - D:\HEAR PRE EDIT OK.mp4

[20/02/2014 - 15:03:23 | N | 1019 Ko] - D:\home.jpg

[03/10/2012 - 08:17:16 | D] - D:\hoodoo

[26/04/2013 - 15:55:26 | D] - D:\imgs

[03/10/2012 - 16:52:26 | N | 50 Ko] - D:\inscritos2012.xls

[24/02/2014 - 10:45:49 | D] - D:\MEDPLAN

[28/02/2014 - 07:35:11 | D] - D:\meus docs

[12/11/2012 - 06:01:20 | N | 10355 Ko] - D:\MOV00064.MPG

[12/11/2012 - 06:07:50 | N | 35444 Ko] - D:\MOV00069.MPG

[12/11/2012 - 07:01:04 | N | 24694 Ko] - D:\MOV00090.MPG

[12/11/2012 - 21:56:18 | N | 184047 Ko] - D:\MOV00093.MPG

[12/11/2012 - 22:05:00 | N | 616 Ko] - D:\MOV00094.MPG

[12/11/2012 - 22:30:28 | N | 82157 Ko] - D:\MOV00095.MPG

[08/11/2013 - 14:11:38 | D] - D:\MUSGA

[09/08/2013 - 14:09:18 | D] - D:\My Received Files

[19/04/2012 - 10:05:26 | N | 173 Ko] - D:\ONGs II.pdf

[19/04/2012 - 09:58:36 | N | 330 Ko] - D:\ONGs.pdf

[20/12/2011 - 17:45:10 | N | 285 Ko] - D:\Orcamento security.pdf

[25/08/2010 - 08:37:04 | N | 2917 Ko] - D:\pdf_20100602165847_74.pdf

[28/02/2014 - 11:38:37 | D] - D:\PODCAST

[07/12/2012 - 10:06:00 | N | 454 Ko] - D:\prestadores para site humana.xlsx

[06/03/2014 - 15:40:21 | D] - D:\programas

[06/03/2014 - 15:50:26 | D] - D:\PROGRAMS

[03/10/2012 - 08:06:33 | D] - D:\PUBLIC

[23/01/2014 - 09:20:35 | SHD] - D:\RECYCLER

[03/10/2012 - 08:06:35 | D] - D:\RELA

[27/09/2012 - 17:27:57 | SHD] - D:\System Volume Information

[31/01/2014 - 17:48:24 | ASH | 68 Ko] - D:\Thumbs.db

[08/07/2011 - 16:08:56 | N | 352 Ko] - D:\timbrado.doc

[04/08/2011 - 08:16:36 | N | 1008 Ko] - D:\timbrado_medplan.doc

[04/02/2014 - 12:46:34 | N | 18617 Ko] - D:\Trabalho em equipe com humor.wmv

[09/12/2013 - 08:03:47 | D] - D:\VIDEOS

[12/03/2014 - 12:13:00 | N | 3644 Ko] - D:\Vídeo-0030.mp4

[06/03/2014 - 15:37:51 | N | 6706 Ko | 3BF2A8A287A0A7851E5925B91C476537] - D:\ZHPDiag2.exe


################## | Vaccin |


D:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)


################## | E.O.F | http://www.pt.usbfix.net/ - http://www.sosvirus.net |


Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Fybc

 

|- Resta,somente,executar a ferramenta Pre Scan.

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Hey DigRam

 

rodei duas vezes o Pre Scan, reinicia o pc, mas nao gera o log. O Pre_Scan.txt surgiria no desktop?

ate+ e obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Hey DigRam

 

rodei duas vezes o Pre Scan, reinicia o pc, mas nao gera o log. O Pre_Scan.txt surgiria no desktop?

ate+ e obrigado

Bom Dia! Fybc

 

|- Caso não surja,vá a pasta estabelecida por Pre Scan que lá vc encontrará o relatório.

|- Desculpe-me a demora em lhe responder.

|- Pois,ainda,estou sem Internet e dentro de 15 dias espero resolver esse problema.

|- E quanto ao seu PC...tudo Ok?

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia DigRam!

realmente não sei onde fica a opção em ver a pasta estabelecida pelo PreScan. Acredito que ele gere o txt onde ele esta, que no caso, esta no desktop mesmo, mas não sei pq ele não esta gerando esse log após o scankill.

Só tenho a agradecer a sua preocupação e ajuda, mestre.

Meu pc esta ainda parado - consegui a key do windows, mas ele não valida, pois exige uma segunda validação apenas com números (isso escolhendo a validação por telefone). Existe algum keygen que eu possa inserir essa key q funciona pra gerar esse codigo numerico?

Ja ouviu falar da ferramenta Hirens? Me indicaram mas preciso baixar aos poucos aqui no trampo, pois tem mais de 400mb

abraço!

Fyb

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Fybc

Ja ouviu falar da ferramenta Hirens? Me indicaram mas preciso baixar aos poucos aqui no trampo, pois tem mais de 400mb

|- Sim! Mas já lhe respondi o que fazer no outro Tópico.

|- Formate o computador e reinstale o XP.

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Hey DigRam,

 

instalei o windows 7. pois o xp que eu tinha realmente não validava nem com despacho.

abraço e obrigado pela ajuda.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Enquanto isso, o pc do trampo esta do mesmo jeito, travando o explorer.exe quando tento criar pastas e quando vou desligar o pc.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Fybc

 

 

Enquanto isso, o pc do trampo esta do mesmo jeito, travando o explorer.exe quando tento criar pastas e quando vou desligar o pc.

|- Execute neste computador a ferramenta ZHPDiag.

 

-/-

 

|- Baixe: < ZHPDiag2.exe > < NicolasCoolman.jpg > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

ZHPDiag_Pergaminho2_zps6e758639.jpg

|- Execute o ícone do pergaminho. ( ZHPDiag )

ZHPDiag_Pesquisar_zps3acb0f25.jpg

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!

zhpdia11.png

|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Se o log for extenso,envie-o à Pjjoint.malekal.

|- Ou acesse: < Cjoint_Logo.jpg >

|- Maiores informações: < |Link| >

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi DigRam! Obrigado pela ajuda.

segue log:

 

~ Relatório do ZHPDiag v2014.4.16.27 - Nicolas Coolman (16/4/2014)
~ Iniciado por fcarvalho (16/4/2014 16:30:02)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : http://nicolascoolman.webs.com/apps/links/
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found


---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 28.0

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ Softwares de proteçao do sistema
Kaspersky Anti-Virus 6.0 for Windows Workstations v6.0.3.837
Malwarebytes Anti-Malware versão 1.75.0.1300

---\\ Softwares d'optimização do sistema
CCleaner v3.24 =>.Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 21

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3062 MB (26% free)
System Restore: Activé (Enable)
System drive C: has 67 GB (68%) free of 98 GB

---\\ Modo de conexão ao sistema
~ Computer Name: PORTAL001
~ User Name: fcarvalho
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\fcarvalho.MEDWIN\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\fcarvalho.MEDWIN\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\fcarvalho.MEDWIN\Desktop\
~ %Favorites% : C:\Documents and Settings\fcarvalho.MEDWIN\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\fcarvalho.MEDWIN\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\fcarvalho.MEDWIN\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 67 Go of 98 Go)
D: Hard drive, Flash drive, Thumb drive (Free 783 Go of 834 Go)
E: CD-ROM drive (Not Inserted)
T: Floppy drive, Flash card reader, USB Key (Not Inserted)
V: Floppy drive, Flash card reader, USB Key (Not Inserted)
Y: Floppy drive, Flash card reader, USB Key (Not Inserted)
Z: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 40 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/4/2008 - 19:21:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.6CE32F7778061CCC5814D5E0F282D369] - (.Microsoft Corporation - Internet Extensions for Win32.) (.8/3/2009 - 04:34:58.) -- C:\WINDOWS\system32\wininet.dll [914944]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/4/2008 - 19:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.322D0E36693D6E24A2398BEE62A268CD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/4/2008 - 12:19:24.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138112]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/4/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/4/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/4/2008 - 18:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/4/2008 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/4/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/4/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/4/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.68755F0FF16070178B54674FE5B847B0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/4/2008 - 12:17:02.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456576]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/4/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/4/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.13/4/2008 - 19:02:26.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/4/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 18:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/4/2008 - 18:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/30
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/395
~ Mes Documents (My Documents) : 2/2400
~ Mon Bureau (My Desktop) : 0/49
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 01s



---\\ Processos lançados
[MD5.B99C37364701D19F2B5C0A0E1ECCDB80] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe [519720] [PID.1604]
[MD5.FDE5FAE31394A586F9CCC7300B6AD681] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [643072] [PID.1640]
[MD5.1643BBD933C046D5BBAEDD0A2A8F387C] - (.Kaspersky Lab - Kaspersky Anti-Virus.) -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe [231952] [PID.840]
[MD5.73686FE0B2E0469F89FD2075BE724704] - (.Apple Computer, Inc. - Bonjour Service.) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe [229376] [PID.884]
[MD5.5739F2821D49975CEDE6BF0153D0CF01] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe [181664] [PID.1300]
[MD5.D7E0BED3EA21D7BDDD410ADE51708D90] - (.Intel Corporation - Local Manageability Service.) -- C:\Arquivos de programas\Intel\Intel® Management Engine Components\LMS\LMS.exe [325656] [PID.1576]
[MD5.A678E5DDD974903DD71F503BDCACA218] - (.Intel Corporation - User Notification Service.) -- C:\Arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe [2656280] [PID.1780]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2816]
[MD5.E1B94448E933F7D98DA10129CF010E91] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [19972712] [PID.2692]
[MD5.38D198A2DD54A67120040566A38103BA] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [31016] [PID.3204]
[MD5.E7704CBF568815C1CAA6E513387BD3F2] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [65536] [PID.2708]
[MD5.15A1A88D97D440C735058CCF3F74A6EE] - (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe [94208] [PID.3476]
[MD5.CCE5D71F19AB70D969F9819B5C88438D] - (.ATI Technologies Inc. - Catalyst Control Center: Host application.) -- C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe [65536] [PID.1712]
[MD5.183F44EAE82B426778D0C8F7FCE50821] - (.Adobe Systems, Incorporated - Adobe Photoshop CS3.) -- D:\programas\Adobe Photoshop CS3\Photoshop.exe [44814336] [PID.324]
[MD5.227846995AFEEFA70D328BF5334A86A5] - (.Macrovision Europe Ltd. - Activation Licensing Service.) -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848] [PID.3212]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe [275568] [PID.2744]
[MD5.CBA0013EBDE3F0B08B043F61857E9809] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe [18544] [PID.3220]
[MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Arquivos de programas\Skype\Phone\Skype.exe [20584608] [PID.2952]
[MD5.405A2343A4A4337EA221603D69D8061A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8217088] [PID.4600]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\fcarvalho.MEDWIN\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_abn.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\fcarvalho.MEDWIN\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://172.16.0.22:8080/intranet
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 13 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll
~ BHO: 12 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKCU]{710EB7A1-45ED-11D0-924A-0020AFC7AC4D} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [AllUsers]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
~ Global Startup: 1 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [startCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab - Kaspersky Anti-Virus.) -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1305094879-4204437982-2263759875-1584\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-1305094879-4204437982-2263759875-1584\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} . (.Kaspersky Lab - Script Monitor Internet Explorer plugin.) -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.samsungsetup.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2DE00A7-63A0-48D9-8A98-A9CA389EB9D5}: DhcpNameServer = 172.16.0.2 172.16.0.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2DE00A7-63A0-48D9-8A98-A9CA389EB9D5}: DhcpDomain = medplan.int
O17 - HKLM\System\CS1\Services\Tcpip\..\{C2DE00A7-63A0-48D9-8A98-A9CA389EB9D5}: DhcpNameServer = 172.16.0.2 172.16.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{C2DE00A7-63A0-48D9-8A98-A9CA389EB9D5}: DhcpDomain = medplan.int
O17 - HKLM\System\CS3\Services\Tcpip\..\{C2DE00A7-63A0-48D9-8A98-A9CA389EB9D5}: DhcpNameServer = 172.16.0.2 172.16.0.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{C2DE00A7-63A0-48D9-8A98-A9CA389EB9D5}: DhcpDomain = medplan.int
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = medplan.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.2 172.16.0.254
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: klogon . (.Kaspersky Lab - Logon Visualizer.) -- C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Kaspersky Lab - kldialhk.) - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\adialhk.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
~ Services: 9 Legitimates Filtered in 00mn 06s



---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\fcarvalho.MEDWIN\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\fcarvalho.MEDWIN\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (autocheck autochk * ) - File not found
~ BEX: 1 Legitimates Filtered in 00mn 00s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (InCDPass) . (. - .) - C:\WINDOWS\system32\drivers\InCDPass.sys (.not file.)
O41 - Driver: (InCDRm) . (. - .) - C:\WINDOWS\system32\drivers\InCDRm.sys (.not file.)
~ Drivers: 66 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: Módulo de Proteção Banco Santander (Brasil) S.A. - (...) [HKLM] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1
O42 - Logiciel: Planilha Investimento Industrial, Agroindustrial, Comercial e Serviços - (.Banco do Nordeste do Brasil.) [HKLM] -- Planilha Investimento Industrial, Agroindustrial, Comercial e Serviços
O42 - Logiciel: Planilha Investimento Industrial, Agroindustrial, Comercial e Serviços - (.Banco do Nordeste do Brasil.) [HKLM] -- {95EEC3DD-98B1-402D-8984-A1D429A7F469}
O42 - Logiciel: Plano de Negócio - (.SEBRAE.) [HKLM] -- {D233EC4A-EF4B-4CCA-AE37-7994A3E1A483}
O42 - Logiciel: Voice Editing Standard - (...) [HKLM] -- {EC398162-CB7C-4FC8-9DF9-6DB43B9DD6A5}
~ Logic: 17 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKLM\Software\AutoHelpDesk]
~ Key Software: 233 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/3/2014 - 13:11:24 - [6,517] ----D C:\Arquivos de programas\GUM5232.tmp
O43 - CFD: 22/1/2014 - 07:59:44 - [74,601] ----D C:\Arquivos de programas\GUMD.tmp
O43 - CFD: 27/9/2012 - 14:28:20 - [0,001] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 27/9/2012 - 14:27:37 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 18/3/2014 - 17:12:09 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess
O43 - CFD: 31/7/2013 - 10:58:18 - [5,640] --H-D C:\Documents and Settings\All Users\Dados de aplicativos\{C967C837-A256-442F-8AC4-F25622F7B509}
O43 - CFD: 22/1/2014 - 07:32:37 - [0,015] R---D C:\Documents and Settings\fcarvalho.MEDWIN\Menu Iniciar\Programas\Acessórios
O43 - CFD: 6/3/2014 - 07:28:08 - [0] R---D C:\Documents and Settings\fcarvalho.MEDWIN\Menu Iniciar\Programas\Inicializar
~ Program Folder: 133 Legitimates Filtered in 00mn 39s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.74884B511717D93C9D5CA960C9C51916] - 16/4/2014 - 07:21:58 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.8FCA7D8A9C8AE5CC7BD1C2D06995DC8D] - 16/4/2014 - 07:22:26 ---A- . (.GAS Tecnologia - GAS Tecnologia - IM Helper Driver.) -- C:\WINDOWS\system32\Drivers\gbpndisrd.sys [31448]
O44 - LFC:[MD5.A1B606B20389DA5AF9AAB6F09656EC00] - 16/4/2014 - 11:59:08 ---A- . (...) -- C:\WINDOWS\wiadebug.log [410]
O44 - LFC:[MD5.5866F5AC5FA90002CC1275789B715A60] - 8/4/2014 - 07:46:38 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [116]
~ Files: 18 Legitimates Filtered in 00mn 04s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [Enabled] .(.Google.) -- C:\Arquivos de programas\Google\Google Talk\googletalk.exe
~ Keys Export: 25 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\BCU [Key] . (...) -- C:\Arquivos de programas\DeviceVM\Browser Configuration Utility\BCU.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Viber [Key] . (...) -- C:\Documents and Settings\fcarvalho\Configurações locais\Dados de aplicativos\Viber\Viber.exe (.not file.)
~ SMSR Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnablELUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
~ MWPS: 10 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.DA6675E1400D58412C93180F8651A9FB] - 28/10/2001 - 15:06:30 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.8F866DF9A974BFFDCB2001D303BC0695] - 8/5/2013 - 10:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\WINDOWS\system32\Drivers\gbpkm.sys [49536]
O58 - SDL:[MD5.8FCA7D8A9C8AE5CC7BD1C2D06995DC8D] - 16/4/2014 - 07:22:26 ---A- . (.GAS Tecnologia - GAS Tecnologia - IM Helper Driver.) -- C:\WINDOWS\system32\Drivers\gbpndisrd.sys [31448]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 13/4/2008 - 09:36:06 ---A- . (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.16E441DC4DAF703FB0B0FE474830FF53] - 2/10/2001 - 07:37:40 ---A- . (.lecs Inc. - Aaudio.) -- C:\WINDOWS\system32\Drivers\IcRecUsb.sys [17432]
O58 - SDL:[MD5.C53775780148884AC87C455489A0C070] - 13/4/2008 - 11:23:42 ---A- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\mtlmnt5.sys [126686]
O58 - SDL:[MD5.54886A652BF5685192141DF304E923FD] - 13/4/2008 - 11:23:40 ---A- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\mtlstrm.sys [1309184]
O58 - SDL:[MD5.6DDA78A0BE692B61B668FAB860F276CF] - 13/4/2008 - 09:34:28 ---A- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\Drivers\mtxparhm.sys [452736]
O58 - SDL:[MD5.576B34CEAE5B7E5D9FD2775E93B3DB53] - 13/4/2008 - 11:23:42 ---A- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\ntmtlfax.sys [180360]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 28/10/2001 - 15:07:22 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.E9AAA0092D74A9D371659C4C38882E12] - 13/4/2008 - 11:23:44 ---A- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\recagent.sys [13776]
O58 - SDL:[MD5.D9673011648A71ED1E1F77B831BC85E6] - 13/4/2008 - 11:23:44 ---A- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slnt7554.sys [129535]
O58 - SDL:[MD5.2C1779C0FEB1F4A6033600305EBA623A] - 13/4/2008 - 11:23:46 ---A- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slntamr.sys [404990]
O58 - SDL:[MD5.F9B8E30E82EE95CF3E1D3E495599B99C] - 13/4/2008 - 11:23:48 ---A- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slnthal.sys [95424]
O58 - SDL:[MD5.DB56BB2C55723815CF549D7FC50CFCEB] - 13/4/2008 - 11:23:48 ---A- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys [13240]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 28/10/2001 - 15:06:30 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 28/10/2001 - 15:06:08 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 28/10/2001 - 15:06:16 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.912150FE88E79AFEE0BB72216FAB2617] - 28/10/2001 - 15:06:36 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 28/10/2001 - 15:06:40 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 3/8/2004 - 22:46:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.19D4F0DAD3F393C13DE7F849ADE72EFE] - 28/10/2001 - 15:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 28/10/2001 - 15:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 28/10/2001 - 15:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 28/10/2001 - 15:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 28/10/2001 - 15:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.86BB7AF2533B342B8E274590AD2190FA] - 3/8/2004 - 22:45:20 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 3/8/2004 - 22:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 3/8/2004 - 22:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 3/8/2004 - 22:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 3/8/2004 - 22:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 10 Legitimates Filtered in 00mn 04s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: UsbFix - (.El Desaparecido - www.usbfix.net - www.sosvirus.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 28/2/2006 - C:\Arquivos de programas\Bonjour\mDNSResponder.exe (Bonjour Service) .(.Apple Computer, Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE
O64 - Services: CurCS - 8/5/2013 - C:\WINDOWS\system32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 21/2/2014 - C:\Arquivos de programas\GbPlugin\gbpsv.exe (GbpSv) .(.GAS Tecnologia - G-Buster Browser Defense - Service.) - LEGACY_GBPSV
~ Legacy: 118 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <Google Chrome.5GOMECMWEGW4ZK4QL74PEDXPL4> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <Google Chrome.JDKZK5XNKCOPYT2XU2MEKLJXZY> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <Google Chrome.X6ENHUU5PXBP7TWAGBJWTAX6V4> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\fcarvalho\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {05402AB2-DCA2-4ffa-B893-BAC7BBA33F6B} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {E41AA1F3-4877-46e5-B956-3386E9873E92} [DefaultScope] - (Yahoo) - http://br.search.yahoo.com
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.1AC805D20D1E50C95FC2B06A937989C1] [sPRF][14/3/2014] (...) -- C:\Documents and Settings\fcarvalho.MEDWIN\Desktop\Pre_Scan.exe [2913280]
~ Files: 2 Legitimates Filtered in 00mn 01s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "A4CE332DB4FEACC4EA7397493A1E4A38" . (.Plano de Negócio.) -- C:\WINDOWS\Installer\{D233EC4A-EF4B-4CCA-AE37-7994A3E1A483}\_853F67D554F05449430E7E.exe
~ Update Products: 122 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.CDCE01014A8A174F6D6453BCB8A94BCB] [WIS][2/10/2012] (.Twitter, Inc. - TweetDeck Setup.) -- C:\Windows\Installer\16ccfc.msi [986624]
[MD5.0F53C096525A45D4632382AAC3A326AC] [WIS][13/6/2013] (.CustomerResearchQFolder - CustomerResearchQFolder.) -- C:\Windows\Installer\2164ab5.msi [121344]
[MD5.38BD02F30D7CF9203DC3D2E8C8B60676] [WIS][9/12/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\355e49.msi [1634304]
[MD5.613839B0B5209A52FF11BD91B11A73AD] [WIS][27/9/2012] (.Nome de sua empresa: - TextPad.) -- C:\Windows\Installer\abc31.msi [373248]
[MD5.487B1A510A1A8555ACC9C2B9BF030F92] [WIS][31/7/2013] (.Banco do Nordeste do Brasil - Planilha Investimento Industrial, Agroindustrial, Comercial e S.) -- C:\Windows\Installer\bc27be.msi [263680]
~ WIS: 125 Legitimates Filtered in 00mn 14s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}] (Groove WorkspaceManagerApplication) =>PUP.Manager
~ BCK: 5203 Legitimates Filtered in 00mn 04s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 22/1/2014 116648 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 22/1/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 4/4/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 1/4/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 5/9/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Arquivos de programas\Skype\Updater\Updater.exe

SR - | Auto 24/5/2011 643072 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe
SR - | Auto 2/10/2012 231952 | (AVP) . (.Kaspersky Lab.) - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
SR - | Auto 28/2/2006 229376 | (Bonjour Service) . (.Apple Computer, Inc..) - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
SR - | Demand 2/10/2012 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SR - | Auto 21/2/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
SR - | Auto 4/4/2013 181664 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SR - | Auto 22/12/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Arquivos de programas\Intel\Intel® Management Engine Components\LMS\LMS.exe
SR - | Auto 13/4/2008 14336 | C:\WINDOWS\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\system32\svchost.exe
SR - | Auto 13/4/2008 14336 | C:\WINDOWS\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\system32\svchost.exe
SR - | Auto 22/12/2010 2656280 | (UNS) . (.Intel Corporation.) - C:\Arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe

~ Services: Scanned in 00mn 05s



---\\ Scâner Aditional (088)
Database Version : 13044 - (16/4/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}] (Groove WorkspaceManagerApplication) =>PUP.Manager^
~ Additionnel Scan: 258299 Items scanned in 00mn 14s



---\\ Sumário das deteções encontradas na sua estação
http://nicolascoolman.webs.com/apps/blog/show/34213529-pup-manager%C2'> =>PUP.Manager
~ MSI: 1 link(s) detected in 00mn 00s



~ 877 Legitimates filtered by white list
End of the scan (539 lines in 01mn 43s)(0)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Fybc

|- Não vejo malwares,em potencial,sendo a causa de seus problemas.

-/-

|- Execute este script na ferramenta ZHPFix.
|- Copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c
|- À seguir,minimize o Bloco de Notas.

script zhpfix
[HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}] (Groove WorkspaceManagerApplication) =>PUP.Manager^
O3 - Toolbar: (no name) - [HKCU]{710EB7A1-45ED-11D0-924A-0020AFC7AC4D} Chave orfã
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã

emptytemp

|- Abra a ferramenta ZHPFix. < ZHPFix_logo2_zpsea0f2aa4.jpg >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.