carol2906 0 Denunciar post Postado Julho 8, 2014 Boa noite, Hoje instalei alguns programas em meu computador para fazer a edição de algumas músicas, e junto com eles vieram outros programas que eu não desejava. Mas o que me incomoda no momento é o fato de que os sites de banco estão todos esquisitos, com vários campos pra digitar senhas e começam a abrir várias janelas. Acredito que esteja com algum vírus e não sei o que fazer. Segue o log do hijack this: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:59:51, on 07/07/2014 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Serv_SpUsb.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\Arquivos de programas\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\ngsrv\ngslotd.exe C:\WINDOWS\system32\HPZipm12.exe c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\ngsrv\epsng_certd.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\Epson Software\Event Manager\EEventManager.exe C:\Arquivos de programas\Samsung\Kies\KiesTrayAgent.exe C:\WINDOWS\system32\aetcrss1.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Samsung\Samsung New PC Studio\NPSAgent.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHJB.EXE C:\Arquivos de programas\Samsung\Kies\Kies.exe C:\Arquivos de programas\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Arquivos de programas\Expstudio\Audio Editor\ExpAudioEdit.exe C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wuauclt.exe C:\HIJACKTHIS\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=incore_pay_hp_05_hao123_br R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=incore_pay_hp_01_hao123_br R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - Default URLSearchHook is missing O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O2 - BHO: BrowseSmart - {ffbb88a9-c663-4b9b-9170-70fa0a5a2786} - C:\Arquivos de programas\BrowseSmart\BrowseSmartBHO.dll (file missing) O4 - HKLM\..\Run: [epsng_certd] C:\Arquivos de programas\ngsrv\epsng_certd.exe -r O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [EEventManager] "C:\Arquivos de programas\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [crlregistrationf] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\registration.exe /title="crlregistration" /date=062813 O4 - HKLM\..\Run: [KiesTrayAgent] C:\Arquivos de programas\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [switchBoard] C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t O4 - HKLM\..\RunOnce: [APN-Stub_ATU3] "C:\Documents and Settings\All Users\Dados de aplicativos\APN\APN-Stub\ATU3\ApnSetup.exe" and Settings\Carol\APNSetup.exe /hpr=0 /sa=0 /install=ATU3 /dtid=default /trgb=CR /type=vanilla /runonce /runonce /second /runonce /runonce /runonce /runonce /runonce /runonce O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Arquivos de programas\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHJB.EXE /EPT "EPLTarget\P0000000000000000" /M "TX133 TX135" O4 - HKCU\..\Run: [KiesPreload] C:\Arquivos de programas\Samsung\Kies\Kies.exe /preload O4 - HKCU\..\Run: [KiesAirMessage] C:\Arquivos de programas\Samsung\Kies\KiesAirMessage.exe -startup O4 - HKCU\..\Run: [] C:\Arquivos de programas\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Arquivos de programas\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\RunOnce: [hao123Setting] C:\DOCUME~1\Carol\CONFIG~1\Temp\bdg46C.exe http://br.hao123.com/?tn=incore_pay_hp_05_hao123_br O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe -update plugin O4 - HKUS\S-1-5-21-725345543-920026266-1801674531-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrador') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Atalho para LogMeIn.lnk = C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: http://www.bancoreal.com.br O15 - Trusted Zone: http://www.bancosantander.com.br O15 - Trusted Zone: www.bb.com.br O15 - Trusted Zone: imagem.caixa.gov.br O15 - Trusted Zone: internetbanking.caixa.gov.br O15 - Trusted Zone: internetbankingpf.caixa.gov.br O15 - Trusted Zone: www.caixa.gov.br O15 - Trusted Zone: http://www.santander.com.br O15 - Trusted Zone: http://www.santanderempresarial.com.br O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: SAGEM MorphoSmart Service Provider Usb Server (MSO_SpUsb_Service) - Unknown owner - C:\WINDOWS\system32\Serv_SpUsb.exe O23 - Service: ngSlotDaemon (ngSlotD) - OEM - C:\Arquivos de programas\ngsrv\ngslotd.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe -- End of file - 15129 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Julho 9, 2014 Oi Carol. Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer: http://www.bleepingcomputer.com/download/adwcleaner/ Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial: Remova adwares e toolbars maliciosas com o Adwcleaner * Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[s0].txt Ficamos na espera. Compartilhar este post Link para o post Compartilhar em outros sites
carol2906 0 Denunciar post Postado Julho 9, 2014 Bom dia Power Max, Segue log do Adwcleaner: # AdwCleaner v3.215 - Relatório criado 09/07/2014 às 10:19:42 # Atualizado 09/07/2014 por Xplode # Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits) # Usuário : Carol - CASA-46997CABD5 # Executando de : C:\Documents and Settings\Carol\Desktop\AdwCleaner.exe # Opção : Limpar ***** [ Serviços ] ***** ***** [ Arquivos / Pastas ] ***** Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\Ask Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\baidu Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\BrowserDefender Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\IBUpdaterService Pasta Deletada : C:\Arquivos de programas\LyricsOn Pasta Deletada : C:\Arquivos de programas\MyPC Backup Pasta Deletada : C:\Arquivos de programas\Uninstaller Pasta Deletada : C:\Arquivos de programas\Plus-HD-1.3 Pasta Deletada : C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\lollipop Pasta Deletada : C:\DOCUME~1\Carol\CONFIG~1\Temp\Greener Web Pasta Deletada : C:\DOCUME~1\Carol\CONFIG~1\Temp\NetCrawl Pasta Deletada : C:\Documents and Settings\Carol\Dados de aplicativos\Babylon Pasta Deletada : C:\Documents and Settings\Carol\Dados de aplicativos\baidu Pasta Deletada : C:\Documents and Settings\Carol\Dados de aplicativos\SimilarSites Pasta Deletada : F:\Documents and Settings\Carol\Optimizer Pro Arquivo Deletada : C:\DOCUME~1\Carol\CONFIG~1\Temp\Uninstall.exe Arquivo Deletada : C:\Documents and Settings\Carol\Menu Iniciar\Programas\lollipop.lnk Arquivo Deletada : C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\bProtector Web Data Arquivo Deletada : C:\WINDOWS\Tasks\Lyrics On Update.job Arquivo Deletada : C:\WINDOWS\Tasks\Plus-HD-1.3-chromeinstaller.job Arquivo Deletada : C:\WINDOWS\Tasks\Plus-HD-1.3-codedownloader.job Arquivo Deletada : C:\WINDOWS\Tasks\Plus-HD-1.3-enabler.job Arquivo Deletada : C:\WINDOWS\Tasks\Plus-HD-1.3-updater.job ***** [ Atalhos ] ***** ***** [ Registro ] ***** Chave Deletedo : HKCU\Software\Classes\Applications\lollipop.exe Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Main [backup.old.Start Page] Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\secman.DLL Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL Chave Deletedo : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager Chave Deletedo : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1 Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FFBB88A9-C663-4B9B-9170-70FA0A5A2786} Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93} Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{392DE650-A1E6-4FB3-A5A4-21285DE225BD} Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B} Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982} Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377} Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{B463ECD2-E5D8-4178-80C4-EC7C7E72F9AC} Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFBB88A9-C663-4B9B-9170-70FA0A5A2786} Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{769A91DA-209F-47FE-88B9-B0321B0982C8} Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFBB88A9-C663-4B9B-9170-70FA0A5A2786} Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{769A91DA-209F-47FE-88B9-B0321B0982C8} Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Valor Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Arquivos de programas\Samsung\Samsung New PC Studio\npsasvr.exe] Valor Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Arquivos de programas\Samsung\Samsung New PC Studio\npsvsvr.exe] Chave Deletedo : HKCU\Software\APN PIP Chave Deletedo : HKCU\Software\InstallCore Chave Deletedo : HKCU\Software\Myfree Codec Chave Deletedo : HKCU\Software\Softonic Chave Deletedo : HKLM\Software\Myfree Codec Chave Deletedo : HKLM\Software\yuna software Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4 Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E ***** [ Navegadores ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v30.0 (pt-BR) [ Arquivo : C:\Documents and Settings\Carol\Dados de aplicativos\Mozilla\Firefox\Profiles\pqdvgsis.default\prefs.js ] -\\ Google Chrome v [ Arquivo : C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ] Deletedo [Extension] : bopakagnckmlgajfccecajhnimjiiedh Deletedo [Extension] : eooncjejnppfjjklapaamhcdmjbilmde ************************* AdwCleaner[R0].txt - [8979 octets] - [09/07/2014 10:16:01] AdwCleaner[s0].txt - [8727 octets] - [09/07/2014 10:19:42] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8787 octets] ########## Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Julho 9, 2014 :seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial: Escolhendo Programas que Iniciam com o PC De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows. Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC. ______________________________________________________________________________ :seta: Baixe o programa Junkware Removal Tool no link abaixo: http://thisisudax.org/downloads/JRT.exe Para executar corretamente o programa acima é só seguir as dicas deste tutorial: Tutorial do Junkware Removal Tool * Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt Ficamos na espera. Compartilhar este post Link para o post Compartilhar em outros sites
carol2906 0 Denunciar post Postado Julho 10, 2014 Boa noite! Através do programa ccleaner escolhi os programas que deveriam iniciar com o windows. Porém o programa Junkware removal tool não executa de forma alguma :-( Até mais Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Julho 10, 2014 Desative temporariamente seu antivírus para evitar conflitos. * Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe: http://www.hijackthis.nl/smeenk/ :seta: Para executá-lo corretamente siga as dicas deste tutorial: Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek * Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
carol2906 0 Denunciar post Postado Julho 10, 2014 Boa noite, Agora consegui executar o zoek. Segue log. Zoek.exe v5.0.0.0 Updated 05-July-2014 Tool run by Carol on 10/07/2014 at 17:21:35,46. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\Carol\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 10/07/2014 17:25:42 Zoek.exe System Restore Point Created Succesfully. ==== Reset Hosts File ====================== # Copyright © 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-725345543-920026266-1801674531-1005\Software\Microsoft\Internet Explorer\SearchScopes\{9D58093C-0A7F-4849-881F-B195913CE3A1} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Documents and Settings\Carol\Dados de aplicativos\Mozilla\Firefox\Profiles\pqdvgsis.default\prefs.js: user_pref("browser.startup.homepage", "about:home"); Added to C:\Documents and Settings\Carol\Dados de aplicativos\Mozilla\Firefox\Profiles\pqdvgsis.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ProfilePath: C:\Documents and Settings\Carol\Dados de aplicativos\Mozilla\Firefox\Profiles\pqdvgsis.default user.js not found ---- Lines browser.startup.page removed from prefs.js ---- user_pref("browser.startup.page", 0); ---- FireFox user.js and prefs.js backups ---- prefs_072014_1741_.backup ==== Deleting Files \ Folders ====================== C:\Arquivos de programas\Yahoo! deleted C:\Arquivos de programas\MyFree Codec deleted C:\Documents and Settings\Carol\Dados de aplicativos\ZoomBrowser EX deleted C:\Documents and Settings\Carol\Dados de aplicativos\Yahoo! deleted C:\DOCUME~1\ALLUSE~1\DADOSD~1\APN deleted C:\DOCUME~1\ALLUSE~1\DADOSD~1\boost_interprocess deleted C:\DOCUME~1\ALLUSE~1\DADOSD~1\AVG January 2013 Campaign deleted C:\DOCUME~1\ALLUSE~1\DADOSD~1\Package Cache deleted C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\speeddial.crx deleted C:\Documents and Settings\All Users\Menu Iniciar\Programas\MyFree Codec deleted C:\WINDOWS\SET3.tmp deleted C:\WINDOWS\SET4.tmp deleted C:\WINDOWS\SET8.tmp deleted C:\WINDOWS\System32\is-PF69S.tmp deleted C:\Documents and Settings\Carol\Dados de aplicativos\unins000.exe deleted C:\Documents and Settings\Carol\Dados de aplicativos\unins001.exe deleted C:\Documents and Settings\Carol\Dados de aplicativos\unins002.exe deleted "C:\WINDOWS\Installer\8768a.msi" deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [10/10/2009 21:00] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{87F8774F-B485-47E2-A755-A40A8A5E886D}"="C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\cef\xpi" [06/06/2014 16:34] ==== Firefox Extensions ====================== ProfilePath: C:\Documents and Settings\Carol\Dados de aplicativos\Mozilla\Firefox\Profiles\pqdvgsis.default - Site Matcher Pro - %ProfilePath%\extensions\matchersitepro@matchersitepro.com ==== Firefox Plugins ====================== Profilepath: C:\Documents and Settings\Carol\Dados de aplicativos\Mozilla\Firefox\Profiles\pqdvgsis.default 4390CCD3790F8D9C427C0C29590C62D7 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash FB5621842FDABF9F8359775573498FBC - C:\Arquivos de programas\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update 14365399E83D7BC15760E8676E890C87 - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 14365399E83D7BC15760E8676E890C87 - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat 34663C9214E30B9B80F1D35A074B8DFC - C:\Arquivos de programas\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.5 7DD81A64EB213BF1FB8656345C6A6F1D - C:\Arquivos de programas\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.5 D86F9B69869E9354C2031B564998DFB1 - C:\Arquivos de programas\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.5 57BCE27582F15E360F6003DC67B8C2CC - C:\Arquivos de programas\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.5 5D12C858A31BBBE00B040CC7B72035B4 - C:\Arquivos de programas\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.5 F045DF7AF127DC4BCC53421850114E15 - C:\Arquivos de programas\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In 2F4781F84C92E8C4B1586E47A78E8A61 - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.50.255 18C6A57B569F088C2BD7B828A211AC06 - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll - Java Platform SE 7 U5 81D388824634378A37765FD943FB3144 - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director A93A4FC3B7596E9EA4FC203195FF77B6 - C:\Arquivos de programas\Photodex Presenter\npPxPlay.dll - Photodex Presenter Plugin 1C8124B6A03A620EB0CBCA615666D2AE - C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation CF4ABE599858E10EEB911E16FBCFD87D - C:\Arquivos de programas\Windows Media Player\npdrmv2.dll - Microsoft® DRM 76E34EA1089E92709C5725407B565DA1 - C:\Arquivos de programas\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library 02A4A41FAC9BF96155B3E8068D1DF4B6 - C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll - Microsoft® DRM 7D28153B7D586330678AD522B71D89CB - C:\Arquivos de programas\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions mdebcffgnijbblbinknkbefciofebcda - C:\DOCUME~1\Carol\CONFIG~1\Temp\crx70.tmp[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions abmojiekfpcmkkfamgfcpgfgipocface - C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\abn\sf.crx[26/10/2013 08:55] apdfllckaahabafndbhieahigkjlhalf - C:\DOCUME~1\Carol\CONFIG~1\DADOSD~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[] nnjbodopomfddehlalfilheomcahbpei - C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\cef\sf.crx[02/01/2014 08:48] pgacfjdigcddmmncljpflgcfpfahebkh - C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\bb\sf.crx[07/12/2013 14:27] GBBD Banco Santander (Brasil) S.A. - Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\abmojiekfpcmkkfamgfcpgfgipocface YouTube - Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf GBBD Banco Santander (Brasil) S.A. - Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\idnljhnpjegfbcohjhdnhjlnfnffmbnf Google Mail Checker - Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff Cath Kidston - Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\ndlpkmaeinmnbiadacenijnhlolneopm Google Wallet - Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda GBBD Caixa Economica Federal - Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei GBBD Caixa Economica Federal - Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi GBBD Banco do Brasil - Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh Gmail - Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://br.hao123.com/?tn=incore_pay_hp_05_hao123_br" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://br.hao123.com/?tn=incore_pay_hp_01_hao123_br" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://br.hao123.com/?tn=incore_pay_hp_01_hao123_br" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {searchCLSID} Unknown Url="Not_Found" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" {24A32B97-ECD3-5376-ACF9-7B4F1A656AAF} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {72AEB4FE-ED71-0452-D2D2-3585281541E1} Unknown Url="Not_Found" ==== Reset Google Chrome ====================== C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-725345543-920026266-1801674531-1005\Software\Microsoft\Internet Explorer\SearchScopes\{24A32B97-ECD3-5376-ACF9-7B4F1A656AAF} deleted successfully HKEY_USERS\S-1-5-21-725345543-920026266-1801674531-1005\Software\Microsoft\Internet Explorer\SearchScopes\{72AEB4FE-ED71-0452-D2D2-3585281541E1} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== shortcuts on Users Desktops ====================== C:\Documents and Settings\Carol\Desktop\Atalho para uTorrent.lnk - C:\Arquivos de programas\uTorrent\uTorrent.exe C:\Documents and Settings\Carol\Desktop\Google Chrome.lnk - C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Carol\Desktop\PUC PEDAGOGIA.lnk - F:\Documents and Settings\Carol\PUC PEDAGOGIA ==== shortcuts on All Users Desktop ====================== C:\Documents and Settings\All Users\Desktop\aTube Catcher.lnk - C:\Arquivos de programas\DsNET Corp\aTube Catcher 2.0\yct.exe C:\Documents and Settings\All Users\Desktop\Camtasia Studio 5.lnk - C:\Arquivos de programas\TechSmith\Camtasia Studio 5\CamtasiaStudio.exe C:\Documents and Settings\All Users\Desktop\CCleaner.lnk - C:\Arquivos de programas\CCleaner\CCleaner.exe C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk - C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Documents and Settings\All Users\Desktop\Samsung Kies (Lite).lnk - C:\Arquivos de programas\Samsung\Kies\KiesAgent.exe /lite C:\Documents and Settings\All Users\Desktop\Samsung Kies.lnk - C:\Arquivos de programas\Samsung\Kies\KiesAgent.exe C:\Documents and Settings\All Users\Desktop\Video Search.lnk - C:\Arquivos de programas\DsNET Corp\aTube Catcher 2.0\yct.exe /VIDEOSEARCH ==== shortcuts in Users Start Menu ====================== C:\Documents and Settings\Carol\Menu Iniciar\µTorrent.lnk - C:\Documents and Settings\Carol\Dados de aplicativos\uTorrent\uTorrent.exe C:\Documents and Settings\Carol\Menu Iniciar\Programas\Eye Candy 5 Impact Manual.lnk - C:\Arquivos de programas\Adobe\Adobe Photoshop CS6\Plug-ins\Alien Skin\Eye Candy 5 Impact\EyeCandy5ImpactUsersGuide.pdf C:\Documents and Settings\Carol\Menu Iniciar\Programas\Google Chrome\Google Chrome.lnk - C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe ==== shortcuts in All Users Start Menu ====================== C:\Documents and Settings\All Users\Menu Iniciar\Programas\aTube Catcher\aTube Catcher.lnk - C:\Arquivos de programas\DsNET Corp\aTube Catcher 2.0\yct.exe C:\Documents and Settings\All Users\Menu Iniciar\Programas\CorelDRAW Graphics Suite X6\CorelDRAW X6.lnk - c:\WINDOWS\Installer\{C5262276-0075-498B-B80F-7D997482E4DB}\NewShortcut1.exe C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office Excel 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office Word 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe C:\Documents and Settings\All Users\Menu Iniciar\Programas\Sony\Noise Reduction Plug-In 2.0\Noise Reduction Plug-In 2.0 Readme.lnk - C:\Arquivos de programas\Sony\Noise Reduction Plug-In 2.0\Readme\nr_readme.htm C:\Documents and Settings\All Users\Menu Iniciar\Programas\Sony\Sound Forge Pro 10.0\Sound Forge Pro 10.0 Readme.lnk - C:\Arquivos de programas\Sony\Sound Forge Pro 10.0\Readme\forge_readme.htm C:\Documents and Settings\All Users\Menu Iniciar\Programas\Sony\Sound Forge Pro 10.0\Sound Forge Pro 10.0.lnk - C:\Arquivos de programas\Sony\Sound Forge Pro 10.0\Forge100.exe ==== shortcuts in Quick Launch ====================== C:\Documents and Settings\Carol\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk - C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE /recycle C:\Documents and Settings\Carol\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Documents and Settings\Carol\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk - C:\Arquivos de programas\Samsung\Kies\KiesAgent.exe /lite C:\Documents and Settings\Carol\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk - C:\Arquivos de programas\Samsung\Kies\KiesAgent.exe C:\Documents and Settings\Carol\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Arquivos de programas\Windows Media Player\wmplayer.exe /prefetch:1 C:\Documents and Settings\Carol\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Documents and Settings\Carol\Dados de aplicativos\uTorrent\uTorrent.exe ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyOverride"="*.local" "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully HKEY_CURRENT_USER\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\crlregistrationf deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot) deleted successfully ==== Empty IE Cache ====================== C:\Documents and Settings\Carol\Configurações locais\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Default User\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Configurações locais\temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Carol\Configurações locais\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\pqdvgsis.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=53 folders=14 24522213 bytes) ==== Empty Temp Folders ====================== C:\Documents and Settings\Carol\Configurações locais\Temp will be emptied at reboot C:\Documents and Settings\Default User\Configurações locais\temp emptied successfully C:\Documents and Settings\LocalService\Configurações locais\temp emptied successfully C:\Documents and Settings\NetworkService\Configurações locais\temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\Carol\CONFIG~1\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Julho 11, 2014 :seta: Faça o download do < ZHPDiag > < > ( ... de Nicolas Coolman ) Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo: Para instalá-lo e executá-lo corretamente siga as dicas deste artigo: Tutorial de instalação e execução do aplicativo ZHPDiag * Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
carol2906 0 Denunciar post Postado Agosto 5, 2014 Bom dia, Desculpe a demora em postar resposta, mas tive alguns contratempos. Segue log do ZHP Diag: ~ Relatório do ZHPDiag v2014.8.3.113 - Nicolas Coolman (03/08/2014) ~ Iniciado por Carol (05/08/2014 11:19:42) ~ Endereço do Website : http://nicolascoolman.fr ~ Endereço do Webforum : http://forum.nicolascoolman.fr ~ Tradução pelo utilizador ~ Estatuto da versão : Versão atualizada. ~ Lista Branca : Ativado pelo programa ~ Elevação dos Privilégios : OK ~ Controle de Conta de Utilizador : Not Found ---\\ Navegadores Internet MSIE: Internet Explorer v8.0.6001.18702 MFIE: Mozilla Firefox 30.0 GCIE: Google Chrome v36.0.1985.125 (Defaut) ---\\ Informações sobre os produtos Windows ~ Langage: Portugais Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : OK ---\\ Softwares de proteçao do sistema McAfee Security Scan Plus v3.8.141.11 ---\\ Softwares d'optimização do sistema CCleaner v3.11 ---\\ Softwares de partilha do PeerToPeer (P2P) µTorrent v3.2.3.28705 =>P2P.µTorrent ---\\ Monitoramento dos softwares Adobe Flash Player 14 Plugin Adobe Reader XI ---\\ Informações sobre o sistema ~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3055 MB (61% free) System Restore: Activé (Enable) System drive C: has 40 GB (41%) free of 98 GB ---\\ Modo de conexão ao sistema ~ Computer Name: CASA-46997CABD5 ~ User Name: Carol ~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, Carol, ASPNET, Administrador, ~ Unselected Option: 045,061,O62,065,066,080,O82,089 Logged in as Administrator ---\\ As variáveis de ambiente ~ System Unit : C:\ ~ %AppZHP% : C:\Documents and Settings\Carol\Dados de aplicativos\ZHP\ ~ %AppData% : C:\Documents and Settings\Carol\Dados de aplicativos\ ~ %Desktop% : C:\Documents and Settings\Carol\Desktop\ ~ %Favorites% : C:\Documents and Settings\Carol\Favoritos\ ~ %LocalAppData% : C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\ ~ %StartMenu% : C:\Documents and Settings\Carol\Menu Iniciar\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ Enumeração das unidades dos discos C: Hard drive, Flash drive, Thumb drive (Free 40 Go of 98 Go) D: CD-ROM drive (Not Inserted) E: Hard drive, Flash drive, Thumb drive (Free 94 Go of 98 Go) F: Hard drive, Flash drive, Thumb drive (Free 18 Go of 103 Go) ---\\ Estado do Centro de Segurança do Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: 52 Legitimates Filtered in 00mn 00s ---\\ Pesquisa particular de ficheiros genéricos [MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\Explorer.exe [1035776] [MD5.1BE73DF0AE36B73A8D097459EF0AC6E6] - (.Microsoft Corporation - Internet Extensions for Win32.) (.08/06/2013 - 03:24:02.) -- C:\WINDOWS\system32\wininet.dll [920064] [MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [509952] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 10:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 10:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/04/2008 - 15:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240] [MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248] ~ Generic Processes: Scanned in 00mn 00s ---\\ Estatuto dos ficheiros ocultos (Oculto/Total) ~ Mes images (My Pictures) : 2/9852 ~ Mes musiques (My Musics) : 2/675 ~ Mes Videos (My Videos) : 1/259 ~ Mes Favoris (My Favorites) : 1/10 ~ Mes Documents (My Documents) : 4/15456 ~ Mon Bureau (My Desktop) : 3/3291 ~ Menu demarrer (Programs) : 1/46 ~ Hidden Files: Scanned in 01mn 19s ---\\ Processos lançados [MD5.B99C37364701D19F2B5C0A0E1ECCDB80] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe [519720] [PID.1492] [MD5.6D4413938AF57EAB7CF4F06D652ACBD4] - (.Sagem Securite - Serv_SpUsb.) -- C:\WINDOWS\system32\Serv_SpUsb.exe [138752] [PID.1832] [MD5.B122D463C76E0305C6F0C76932969F62] - (.Microsoft Corporation - Servidor de gerenciamento de recursos do ca.) -- C:\WINDOWS\System32\SCardSvr.exe [99328] [PID.508] [MD5.73686FE0B2E0469F89FD2075BE724704] - (.Apple Computer, Inc. - Bonjour Service.) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe [229376] [PID.1192] [MD5.D3F9205CC4CB07553F2F9472C767EA87] - (.Teruten - FsUsbDevice.) -- C:\WINDOWS\system32\FsUsbExService.exe [233472] [PID.132] [MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Google Installer.) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [136176] [PID.1504] [MD5.4F2143570D2250CA4C4A4C98553C82CD] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [161704] [PID.1604] [MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.exe [322120] [PID.1628] [MD5.6B5AF2DE1781726755B11FBDC57432F7] - (.OEM - ngslotd.) -- C:\Arquivos de programas\ngsrv\ngslotd.exe [56832] [PID.1532] [MD5.D31F88C5F19EEFA366A415D6BC5F2ABC] - (.HP - PML Driver.) -- C:\WINDOWS\system32\HPZipm12.exe [69632] [PID.1916] [MD5.543A4EF0923BF70D126625B034EF25AF] - (.Protexis Inc. - PsiService PsiService.) -- c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe [189728] [PID.1936] [MD5.958E956E119EB7B9ABA142AFED1B5FF4] - (...) -- C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe [186760] [PID.160] [MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.844] [MD5.18B6A913D2FBC0E5C02C14B24359E828] - (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\WINDOWS\system32\aetcrss1.exe [18944] [PID.836] [MD5.BF8382259F4EAF534DC806D7C7B0AEAA] - (.Samsung - KiesPDLR.) -- C:\Arquivos de programas\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288] [PID.2180] [MD5.DFB379511FC34C591421F47267410872] - (.Software Updater - Software Updater.) -- C:\Arquivos de programas\Software Updater\SoftwareUpdater.exe [2141776] [PID.2196] =>PUP.Eorezo [MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.2460] [MD5.C155A13687144076286989EF078112C2] - (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Arquivos de programas\ZHPDiag\ZHPhep.exe [1917440] [PID.2828] [MD5.AAB9A24EC7199F18D588AA8BF705D345] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8084992] [PID.2316] [MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe [860488] [PID.4064] ~ Processes Running: Scanned in 00mn 01s ---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3) P2 - FPN: [HKLM] [@photodex.com/PhotodexPresenter] - (.No owner - Photodex Presenter Plugin 4,10,0,2737.) -- C:\Arquivos de programas\Photodex Presenter\npPxPlay.dll P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_abn.dll P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_bb.dll P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_cef.dll ~ Firefox Browser: 18 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4) R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1 ~ IE Browser: 13 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Gestão do Proxy (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\Userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Redireção do ficheiro Hosts (01) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 19 ---\\ Browser Helper Objects do navegador (02) O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehCef.dll O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehAbn.dll ~ BHO: 12 Legitimates Filtered in 00mn 00s ---\\ Barras do Internet Explorer (03)) O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chave orfã ~ Toolbar: Scanned in 00mn 00s ---\\ Outras conexões do utilizador (04) O4 - GS\Desktop [Carol]: Atalho para uTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Arquivos de programas\uTorrent\uTorrent.exe =>P2P.BitTorrent ~ Global Startup: 1 Legitimates Filtered in 00mn 01s ---\\ Aplicações iniciadas por registo & pastas (04) O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Run: [CertificateRegistration] . (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\WINDOWS\system32\aetcrss1.exe O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Arquivos de programas\QuickTime\qttask.exe O4 - HKLM\..\RunOnce: [APN-Stub_ATU3] C:\Documents and Settings\All Users\Dados de aplicativos\APN\APN-Stub\ATU3\ApnSetup.exe (.not file.) O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AdobeBridge] Chave orfã O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-21-725345543-920026266-1801674531-1005\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-725345543-920026266-1801674531-1005\..\Run: [AdobeBridge] Chave orfã ~ Application: Scanned in 00mn 00s ---\\ Boutões da barra de ferramentas principal do Internet Explorer (09) O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Piratagem da Opção " Redefinir Configurações da Web " (014) O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp" O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br" ~ IE Paramètres WEB: Scanned in 00mn 00s ---\\ Site na zona confiavél do Internet Explorer (05) O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancoreal.com.br O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancosantander.com.br O15 - Trusted Zone: [HKCU\...\Domains\www] http.bb.com.br O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br O15 - Trusted Zone: [HKCU\...\Domains\www] http.santander.com.br O15 - Trusted Zone: [HKCU\...\Domains\www] http.santanderempresarial.com.br ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} ((no name)) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} ((no name)) - https://imagem.caixa.gov.br/cab/gbpdist.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} ((no name)) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} ((no name)) - https://secure.logmein.com/activex/RACtrl.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Alteração Dominio/Clientes DNS (017) O17 - HKLM\System\CCS\Services\Tcpip\..\{8E2A87FF-0AEA-49D3-90BD-D450CB5C356B}: DhcpNameServer = 192.168.25.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{8E2A87FF-0AEA-49D3-90BD-D450CB5C356B}: DhcpNameServer = 192.168.25.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{8E2A87FF-0AEA-49D3-90BD-D450CB5C356B}: DhcpNameServer = 192.168.25.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.25.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocolo adicional (018) O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: GbPluginAbn . (.Banco Real - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehAbn.dll O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehCef.dll O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: WBSrv . (.Stardock Corporation - WBSrv.dll.) -- C:\Arquivos de programas\Stardock\Object Desktop\WindowBlinds\wbsrv.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - Pasta e monitor da bandeja UPNP.) -- C:\WINDOWS\system32\upnpui.dll ~ SSODL: 6 Legitimates Filtered in 00mn 00s ---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ Lista dos serviços NT não Microsoft e não desativados (023) O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe O23 - Service: ngSlotDaemon (ngSlotD) . (.OEM - ngslotd.) - C:\Arquivos de programas\ngsrv\ngslotd.exe O23 - Service: ScsiAccess (ScsiAccess) . (...) - C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe ~ Services: 12 Legitimates Filtered in 00mn 09s ---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024) O24 - Desktop Component 0: Minha página inicial atual - file:About:Home O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s ---\\ Drivers lançados ao arranque do sistema (041) O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for RootKit Detection.) - C:\WINDOWS\system32\DRIVERS\avipbb.sys O41 - Driver: (Bfilter) . (. - .) - C:\WINDOWS\system32\drivers\Bfilter.sys (.not file.) O41 - Driver: (Bfmon) . (. - .) - C:\WINDOWS\system32\drivers\Bfmon.sys (.not file.) O41 - Driver: (Bnbase) . (. - .) - C:\WINDOWS\system32\drivers\bnbase.sys (.not file.) O41 - Driver: (Bndef) . (. - .) - C:\WINDOWS\system32\drivers\bndef.sys (.not file.) O41 - Driver: (Bprotect) . (. - .) - C:\WINDOWS\system32\drivers\Bprotect.sys (.not file.) O41 - Driver: ({6fcd6092-9615-4f7f-8898-8df53980e5d2}t) . (.StdLib - StdLib.) - C:\WINDOWS\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}t.sys =>PUP.LinkiDoo O41 - Driver: ({a3f28269-ad17-41a8-b032-3e0313ef8979}Gt) . (.StdLib - StdLib.) - C:\WINDOWS\system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gt.sys =>PUP.LinkiDoo ~ Drivers: 93 Legitimates Filtered in 00mn 00s ---\\ Software instalados (042) O42 - Logiciel: Cadeias de Certificação Prodemge - 01/2012 - (.Prodemge.) [HKLM] -- Cadeias de Certificação Prodemge_is1 O42 - Logiciel: DOI - (...) [HKLM] -- DOI O42 - Logiciel: Fix Print 3.7 - (.Nova Consultoria.) [HKLM] -- {91C9FA89-44F6-4D7A-A006-25816412CCCC}_is1 O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 O42 - Logiciel: IRPF2010 - Declaração de Ajuste Anual e Final de Espólio - (...) [HKLM] -- IRPF2010 - Declaração de Ajuste Anual e Final de Espólio O42 - Logiciel: IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2011 O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2012 O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013 O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014 O42 - Logiciel: LIVE! Control Center 1.03 - (.OEM.) [HKLM] -- {271F5A67-A83A-4985-B41B-201EB267E6CF} O42 - Logiciel: LIVE! OSD 1.03 - (.OEM.) [HKLM] -- {73289228-1853-4623-982A-EB17FF0270CA} O42 - Logiciel: Módulo Adicional de Segurança CAIXA - (...) [HKLM] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1 O42 - Logiciel: Módulo de Proteção - Banco Santander (Brasil) S.A. - (...) [HKLM] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1 O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5 O42 - Logiciel: Receitanet 2010 - (...) [HKLM] -- Receitanet O42 - Logiciel: SafeSign - (.A.E.T. Europe B.V..) [HKLM] -- {2DF407D3-A8AD-4ACF-BFD5-5F7D42EC62FD} O42 - Logiciel: Xenofex 1.0 - (...) [HKLM] -- Xenofex 1.0 O42 - Logiciel: ePass2000 (Somente remover) - (...) [HKLM] -- 4673551D-STFT12-4FE7-A218-48BDAE051E2B_std ~ Logic: 56 Legitimates Filtered in 00mn 03s ---\\ HKCU & HKLM Software Keys [HKCU\Software\A.E.T. Europe B.V.] [HKCU\Software\AutoHelpDesk] [HKCU\Software\Baidu Security] [HKCU\Software\Baidu] [HKCU\Software\ECS] [HKCU\Software\EXPStudio] [HKCU\Software\GbAs] [HKCU\Software\UltraDownloads.com.br] [HKCU\Software\Zhuk] [HKLM\Software\A.E.T. Europe B.V.] [HKLM\Software\AutoHelpDesk] [HKLM\Software\Baidu Security] [HKLM\Software\Baidu_Drp_pos] [HKLM\Software\FTDriver] [HKLM\Software\NGSrv] [HKLM\Software\Programas RFB] [HKLM\Software\SiteFinder] =>Adware.ShoppingReport [HKLM\Software\baidu] ~ Key Software: 694 Legitimates Filtered in 00mn 03s ---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 15/01/2012 - 16:47:08 - [] ----D C:\Arquivos de programas\3D Canvas 8 O43 - CFD: 26/02/2014 - 19:52:55 - [] ----D C:\Arquivos de programas\A.E.T. Europe B.V O43 - CFD: 13/07/2010 - 17:07:20 - [] ----D C:\Arquivos de programas\Alterdata O43 - CFD: 31/10/2009 - 13:57:10 - [] ----D C:\Arquivos de programas\Ares Music O43 - CFD: 04/12/2013 - 17:47:28 - [] ----D C:\Arquivos de programas\Baidu Security O43 - CFD: 18/06/2014 - 19:34:52 - [] ----D C:\Arquivos de programas\Baidu-Security-2014-4.4.4.73687 O43 - CFD: 18/01/2012 - 22:02:19 - [] ----D C:\Arquivos de programas\Baixo Cidade O43 - CFD: 03/05/2013 - 12:10:41 - [] -S--D C:\Arquivos de programas\d3ed O43 - CFD: 26/03/2010 - 09:46:05 - [] ----D C:\Arquivos de programas\Declaração Anual de Movimento Econômico O43 - CFD: 06/01/2010 - 21:14:09 - [] ----D C:\Arquivos de programas\DigiPix O43 - CFD: 07/07/2014 - 10:39:13 - [] ----D C:\Arquivos de programas\Expstudio O43 - CFD: 25/09/2013 - 12:20:39 - [] ----D C:\Arquivos de programas\Fix Print O43 - CFD: 01/02/2011 - 22:22:17 - [] ----D C:\Arquivos de programas\IPPS O43 - CFD: 21/07/2010 - 09:56:32 - [] ----D C:\Arquivos de programas\MiniBiblio O43 - CFD: 15/12/2009 - 20:36:57 - [] ----D C:\Arquivos de programas\ngsrv O43 - CFD: 26/02/2014 - 20:02:56 - [] ----D C:\Arquivos de programas\Programas RFB O43 - CFD: 01/09/2009 - 09:15:55 - [] ----D C:\Arquivos de programas\Serviços on-line O43 - CFD: 18/06/2014 - 19:27:34 - [0] ----D C:\Arquivos de programas\SiteLookup O43 - CFD: 22/02/2011 - 14:44:29 - [] ----D C:\Arquivos de programas\Zhuk O43 - CFD: 06/09/2009 - 16:53:13 - [] ----D C:\Arquivos de programas\Arquivos comuns\Opus Shared O43 - CFD: 01/09/2009 - 09:15:26 - [] ----D C:\Arquivos de programas\Arquivos comuns\Serviços O43 - CFD: 26/02/2014 - 19:52:53 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\A.E.T. Europe B.V O43 - CFD: 14/07/2014 - 11:54:39 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security O43 - CFD: 29/08/2011 - 16:46:03 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\IM O43 - CFD: 29/08/2011 - 16:44:44 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\IncrediMail O43 - CFD: 04/12/2013 - 17:48:58 - [] ----D C:\Documents and Settings\Carol\Dados de aplicativos\Baidu Security O43 - CFD: 04/05/2013 - 07:42:56 - [0] -S--D C:\Documents and Settings\Carol\Dados de aplicativos\cce5c O43 - CFD: 26/02/2014 - 19:56:02 - [] ----D C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\A.E.T. Europe B.V O43 - CFD: 14/08/2012 - 19:36:27 - [] ----D C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Ares O43 - CFD: 10/08/2010 - 20:44:12 - [] ----D C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\bi O43 - CFD: 22/02/2011 - 14:48:16 - [] ----D C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Oleg_Zhuk O43 - CFD: 05/05/2010 - 18:24:38 - [] R---D C:\Documents and Settings\Carol\Menu Iniciar\Programas\Acessórios O43 - CFD: 09/07/2014 - 12:34:09 - [] R---D C:\Documents and Settings\Carol\Menu Iniciar\Programas\Inicializar O43 - CFD: 26/02/2012 - 08:56:11 - [] ----D C:\Documents and Settings\Carol\Menu Iniciar\Programas\Programas RFB2012 O43 - CFD: 01/03/2013 - 06:11:14 - [] ----D C:\Documents and Settings\Carol\Menu Iniciar\Programas\Programas RFB2013 O43 - CFD: 26/02/2014 - 20:06:30 - [] ----D C:\Documents and Settings\Carol\Menu Iniciar\Programas\Programas RFB2014 ~ Program Folder: 287 Legitimates Filtered in 00mn 07s ---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044) O44 - LFC:[MD5.EDCEAF74C3345517A2F792ED64558A92] - 04/08/2014 - 22:30:36 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [116] O44 - LFC:[MD5.B160951916A8001C38DBC47E21046C8B] - 05/08/2014 - 11:07:42 ---A- . (...) -- C:\WINDOWS\wiaservc.log [48] O44 - LFC:[MD5.F3C5F83862C39854AEBA1863B63EF820] - 05/08/2014 - 11:07:45 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159] O44 - LFC:[MD5.8FCA7D8A9C8AE5CC7BD1C2D06995DC8D] - 05/08/2014 - 11:13:51 ---A- . (.GAS Tecnologia - GAS Tecnologia - IM Helper Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31448] ~ Files: 11 Legitimates Filtered in 00mn 19s ---\\ Operações e funções ao arranque do Windows Explorer (046) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Exportar a chave da aplicação autorizada (047) O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Ares\Ares.exe" [Enabled] .(...) -- C:\Arquivos de programas\Ares\Ares.exe (.not file.) ~ Keys Export: 17 Legitimates Filtered in 00mn 00s ---\\ Negação do serviço (Local Security Authority) (048) ~ LSA: 6 Legitimates Filtered in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\epsng_certd [Key] . (.OEM - Certificate Daemon.) -- C:\Arquivos de programas\ngsrv\epsng_certd.exe ~ SMSR Keys: 21 Legitimates Filtered in 00mn 01s ---\\ Lista dos drivers do sistema (SDL) (O58) O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\WINDOWS\system32\Drivers\360FileOem.sys [146304] O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\WINDOWS\system32\Drivers\360HookOem.sys [54912] O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\WINDOWS\system32\Drivers\360RegOem.sys [23168] O58 - SDL:13/02/2009 - 11:17:49 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver.) -- C:\WINDOWS\system32\Drivers\avgntdd.sys [45416] O58 - SDL:07/12/2009 - 21:23:39 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\WINDOWS\system32\Drivers\avgntflt.sys [56816] O58 - SDL:13/02/2009 - 11:29:11 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver Manager.) -- C:\WINDOWS\system32\Drivers\avgntmgr.sys [22360] O58 - SDL:30/03/2009 - 09:33:07 ---A- . (.Avira GmbH - Avira Driver for RootKit Detection.) -- C:\WINDOWS\system32\Drivers\avipbb.sys [96104] O58 - SDL:25/09/2010 - 19:09:01 ---A- . (.Windows ® 2000 DDK provider - Mirror Miniport Driver.) -- C:\WINDOWS\system32\Drivers\bbcap.sys [2944] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528] O58 - SDL:22/05/2013 - 20:43:44 ---A- . (.Devguru Co., Ltd - Device Error Recovery SDK(x86).) -- C:\WINDOWS\system32\Drivers\dgderdrv.sys [20032] O58 - SDL:16/03/2009 - 15:32:56 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\WINDOWS\system32\Drivers\ecskbc.sys [4096] O58 - SDL:07/01/2009 - 11:27:06 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ECSLiveIO.sys [16336] O58 - SDL:16/03/2009 - 15:47:16 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\WINDOWS\system32\Drivers\ecsmouclass.sys [3968] O58 - SDL:15/12/2009 - 20:36:58 ---A- . (.No owner - USB Smart Card Driver.) -- C:\WINDOWS\system32\Drivers\ft12usb.sys [11904] O58 - SDL:23/09/2013 - 19:10:32 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\WINDOWS\system32\Drivers\GbpKm.sys [46392] O58 - SDL:05/08/2014 - 11:13:51 ---A- . (.GAS Tecnologia - GAS Tecnologia - IM Helper Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31448] O58 - SDL:16/03/2009 - 15:33:48 ---A- . (.Windows ® Codename Longhorn DDK provider - KBFiltr.) -- C:\WINDOWS\system32\Drivers\GpdKBFilter.sys [4096] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792] O58 - SDL:19/03/2007 - 16:00:14 ---A- . (...) -- C:\WINDOWS\system32\Drivers\RLVrtAuCbl.sys [31616] O58 - SDL:15/12/2009 - 20:36:58 ---A- . (.OEM - This is used by FT12 Readers.) -- C:\WINDOWS\system32\Drivers\smccardc.sys [13056] O58 - SDL:11/05/2009 - 09:12:24 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\Drivers\ssmdrv.sys [28520] O58 - SDL:02/05/2013 - 01:23:50 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\WINDOWS\system32\Drivers\ssudbus.sys [83864] O58 - SDL:02/05/2013 - 01:23:50 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\WINDOWS\system32\Drivers\ssudmdm.sys [181912] O58 - SDL:25/10/2007 - 16:26:10 ---A- . (...) -- C:\WINDOWS\system32\Drivers\StarOpen.sys [5632] O58 - SDL:04/05/2013 - 15:50:13 ---A- . (...) -- C:\WINDOWS\system32\Drivers\TrueSight.sys [15616] O58 - SDL:13/07/2009 - 01:07:46 ---A- . (...) -- C:\WINDOWS\system32\Drivers\uxpatch.sys [25448] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112] O58 - SDL:07/07/2014 - 05:44:56 ---A- . (.StdLib - StdLib.) -- C:\WINDOWS\system32\Drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}t.sys [55224] =>PUP.LinkiDoo O58 - SDL:16/06/2014 - 15:52:00 ---A- . (.StdLib - StdLib.) -- C:\WINDOWS\system32\Drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gt.sys [55232] =>PUP.LinkiDoo O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097] O58 - SDL:16/03/2009 - 15:32:56 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\WINDOWS\system32\ecskbc.sys [4096] O58 - SDL:07/01/2009 - 11:27:06 ---A- . (...) -- C:\WINDOWS\system32\ECSLiveIO.sys [16336] O58 - SDL:16/03/2009 - 15:47:16 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\WINDOWS\system32\ecsmouclass.sys [3968] O58 - SDL:07/04/2009 - 08:39:44 ---A- . (...) -- C:\WINDOWS\system32\FsUsbExDisk.Sys [36608] O58 - SDL:16/03/2009 - 15:33:48 ---A- . (.Windows ® Codename Longhorn DDK provider - KBFiltr.) -- C:\WINDOWS\system32\GpdKBFilter.sys [4096] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537] O58 - SDL:13/12/2009 - 08:47:41 -SHA- . (...) -- C:\WINDOWS\system32\KGyGaAvL.sys [952] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560] ~ Drivers: 83 Legitimates Filtered in 00mn 03s ---\\ Lista das ferramentas de remoção de vírus (LAT) (063) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Lista dos serviços Legacy du registo (064) O64 - Services: CurCS - 31/05/2012 - C:\WINDOWS\system32\drivers\360HookOem.sys (360HookOem) .(.360安全中心 - 360HookOem.) - LEGACY_360HOOKOEM O64 - Services: CurCS - 13/02/2009 - C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys (avgio) .(.Avira GmbH - Avira AntiVir Support for Minifilter.) - LEGACY_AVGIO O64 - Services: CurCS - 28/02/2006 - C:\Arquivos de programas\Bonjour\mDNSResponder.exe (Bonjour Service) .(.Apple Computer, Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE O64 - Services: CurCS - 23/09/2013 - C:\WINDOWS\system32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM O64 - Services: CurCS - 21/02/2014 - C:\Arquivos de programas\GbPlugin\gbpsv.exe (GbpSv) .(.GAS Tecnologia - G-Buster Browser Defense - Service.) - LEGACY_GBPSV O64 - Services: CurCS - 15/12/2009 - C:\Arquivos de programas\ngsrv\ngslotd.exe (ngSlotD) .(.OEM - ngslotd.) - LEGACY_NGSLOTD O64 - Services: CurCS - 01/07/2010 - C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe (ScsiAccess) .(...) - LEGACY_SCSIACCESS O64 - Services: CurCS - 07/07/2014 - C:\WINDOWS\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}t.sys ({6fcd6092-9615-4f7f-8898-8df53980e5d2}t) .(.StdLib - StdLib.) - LEGACY_{6FCD6092-9615-4F7F-8898-8DF53980E5D2}T =>PUP.LinkiDoo O64 - Services: CurCS - 16/06/2014 - C:\WINDOWS\system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gt.sys ({a3f28269-ad17-41a8-b032-3e0313ef8979}Gt) .(.StdLib - StdLib.) - LEGACY_{A3F28269-AD17-41A8-B032-3E0313EF8979}GT =>PUP.LinkiDoo ~ Legacy: 167 Legitimates Filtered in 00mn 00s ---\\ Menu de inicialização Internet (068) O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (...) -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (.not file.) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (.not file.) O68 - StartMenuInternet: <Google Chrome.Carol> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069) O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84) [MD5.B3EB4098F08B2B50BF48BEEA0F1271D2] [sPRF][02/06/2014] (...) -- C:\Documents and Settings\Carol\Dados de aplicativos\unins000.dat [44697] [MD5.47998C7FA68804E7C40FDED47C60736E] [sPRF][14/06/2013] (...) -- C:\Documents and Settings\Carol\Dados de aplicativos\unins001.dat [11878] [MD5.E214648F8846D213C0C750691F46113B] [sPRF][08/03/2014] (...) -- C:\Documents and Settings\Carol\Dados de aplicativos\unins002.dat [34116] [MD5.DB95B03031E66AC45495EDF1D16B8887] [sPRF][09/07/2014] (...) -- C:\Documents and Settings\Carol\Desktop\AdwCleaner.exe [1348263] [MD5.C93911B62EA4BF0AEF1B16596302018E] [sPRF][18/06/2014] (...) -- C:\Documents and Settings\Carol\Desktop\atube-catcher-3-8-7971-32-bits.exe [670888] [MD5.3D4A630F2DA832C1529CC6D2D8C3A95B] [sPRF][18/03/2013] (...) -- C:\Documents and Settings\Carol\Desktop\camtasia-studio-804-build-1060-baixaki-32-bits.exe [649968] [MD5.9A4022CAA9CC2EF1820F360991502108] [sPRF][07/07/2014] (...) -- C:\Documents and Settings\Carol\Desktop\expstudio-audio-editor-free-4-31-32-bits.exe [670920] [MD5.BD41EA356CB85FCD663588504B50113C] [sPRF][28/05/2014] (.Banco Santander (Brasil) S.A. - Módulo de Proteção - Banco Santander (Brasil) S.A..) -- C:\Documents and Settings\Carol\Desktop\gbplugin2.exe [5738152] [MD5.20C80FB1BC968D22A1B248725BAF5E2D] [sPRF][22/05/2013] (...) -- C:\Documents and Settings\Carol\Desktop\LimpaPenDrive.bat [2050] [MD5.352E8561E633B17ED22012366721FFDC] [sPRF][10/07/2014] (...) -- C:\Documents and Settings\Carol\Desktop\zoek.exe [1285120] [MD5.D41D8CD98F00B204E9800998ECF8427E] [sPRF][01/01/1601] (...) -- C:\WINDOWS\Downloaded Program Files\gbpdist.dll [99392] [MD5.8F700DA1A1A75501D6EEF76BC866EB29] [sPRF][16/05/2011] (...) -- C:\WINDOWS\Downloaded Program Files\LMIProxyHelper.exe [70984] [MD5.E20F38184ECB403A82FFE0096D3CCCCD] [sPRF][15/12/2011] (...) -- C:\WINDOWS\Downloaded Program Files\RACtrl.dll [4617616] ~ Files: 22 Legitimates Filtered in 00mn 15s ---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados) SS - | Demand 09/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 13/05/2009 108289 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe SS - | Auto 21/07/2009 185089 | (AntiVirService) . (.Avira GmbH.) - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SS - | Demand 02/09/2009 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe SS - | Demand 18/03/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe SS - | Demand 23/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand 07/04/2008 430592 | (ServiceLayer) . (.Nokia..) - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe SR - | Auto 28/02/2006 229376 | (Bonjour Service) . (.Apple Computer, Inc..) - C:\Arquivos de programas\Bonjour\mDNSResponder.exe SR - | Auto 07/04/2009 233472 | (FsUsbExService) . (.Teruten.) - C:\WINDOWS\system32\FsUsbExService.exe SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe SR - | Auto 18/03/2010 136176 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe SR - | Auto 05/07/2012 161704 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe SR - | Auto 15/11/2010 138752 | (MSO_SpUsb_Service) . (.Sagem Securite.) - C:\WINDOWS\system32\Serv_SpUsb.exe SR - | Auto 15/12/2009 56832 | (ngSlotD) . (.OEM.) - C:\Arquivos de programas\ngsrv\ngslotd.exe SR - | Auto 03/03/2006 69632 | (Pml Driver HPZ12) . (.HP.) - C:\WINDOWS\system32\HPZipm12.exe SR - | Auto 10/03/2010 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe SR - | Auto 01/07/2010 186760 | (ScsiAccess) . (...) - C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe ~ Services: Scanned in 00mn 21s ---\\ Scâner Aditional (088) Database Version : 13026 - (03/08/2014) Clés trouvées (Keys found) : 1 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 2 [HKCU\Software\SoftwareUpdater] =>Hijacker.Eazel C:\Arquivos de programas\Software Updater\SoftwareUpdater.exe =>PUP.Eorezo^ [HKLM\Software\SiteFinder] =>Adware.ShoppingReport^ ~ Additionnel Scan: 472909 Items scanned in 02mn 21s ---\\ Informações complémentaires do módulos ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Gestão do Proxy (R5) ~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects do navegador (02) ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Barras do Internet Explorer (03)) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Aplicações iniciadas por registo & pastas (04) ~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50) ~ AMI: 5 Legitimates Filtered in 00mn 00s ---\\ Sumário das deteções encontradas na sua estação http://nicolascoolman.fr/pup-eorezo =>PUP.Eorezo http://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoo http://nicolascoolman.fr/adware-shoppingreport =>Adware.ShoppingReport http://nicolascoolman.fr/hijacker-eazel =>Hijacker.Eazel ~ MSI: 4 link(s) detected in 00mn 00s ~ 1196 Legitimates filtered by white list End of the scan (626 lines in 05mn 53s)(0) Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Agosto 5, 2014 :seta: Acesse o site https://www.virustotal.com e envie este arquivo destacado em negrito abaixo para ser analisado (se o site informar que ele já foi analisado, peça para analisar novamente): C:\WINDOWS\system32\Serv_SpUsb.exe Assim que a análise dele for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta juntamente com o relatório pedido nesta postagem. Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial: Analise arquivos e links suspeitos de forma online e totalmente gratuita ___________________________________________________________________________ :seta: Selecione e copie todo o texto destacado em vermelho que te passei. _____________________________________________________________________________________________________________ :seta: Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta juntamente com o link da análise do arquivo no site Virus Total. Compartilhar este post Link para o post Compartilhar em outros sites
carol2906 0 Denunciar post Postado Agosto 5, 2014 Boa tarde, Segue link do vírus total e log do ZH Fix. https://www.virustotal.com/pt/file/fef7f7aee0324d88c6fc7dea407efa31ce333e0ac94a8a6e2ece7d82aadd150c/analysis/1407256185/ Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014 Fichier d'export Registre : Run by Carol at 05/08/2014 13:32:53 High Elevated Privileges : OK Windows XP Professional Service Pack 3 (Build 2600) Reciclagem vazia (00mn 17s) Reparação de atalhos do navegador ========== Processo memória ========== ELIMINÉ: Memory Process: C:\Arquivos de programas\Software Updater\SoftwareUpdater.exe ========== Estado dos serviços ========== {6FCD6092-9615-4F7F-8898-8DF53980E5D2}T Parado {A3F28269-AD17-41A8-B032-3E0313EF8979}GT Parado ========== Chaves do Registo ========== ELIMINÉ Driver Key: Bfilter ELIMINÉ Driver Key: Bfmon ELIMINÉ Driver Key: Bnbase ELIMINÉ Driver Key: Bndef ELIMINÉ Driver Key: Bprotect ELIMINÉ Driver Key: {6fcd6092-9615-4f7f-8898-8df53980e5d2}t ELIMINÉ Driver Key: {a3f28269-ad17-41a8-b032-3e0313ef8979}Gt ELIMINÉ: HKCU\Software\Baidu Security ELIMINÉ: HKCU\Software\Baidu ELIMINÉ: HKLM\Software\Baidu Security ELIMINÉ: HKLM\Software\Baidu_Drp_pos ELIMINÉ: HKLM\Software\SiteFinder ELIMINÉ: HKLM\Software\baidu ELIMINÉ: HKCU\Software\SoftwareUpdater ========== Valores do Registo ========== ELIMINÉ RunValue: APN-Stub_ATU3 ELIMINÉ RunValue: AdobeBridge ========== Pastas ========== Nenhuma pasta CLSID local utilizador vazia ========== Ficheiros ========== ELIMINÉ: c:\windows\system32\drivers\360hookoem.sys ELIMINÉ: c:\windows\system32\drivers\360regoem.sys ELIMINÉ: c:\windows\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}t.sys ELIMINÉ: c:\windows\system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}gt.sys ELIMINÉ:* c:\arquivos de programas\software updater\softwareupdater.exe ELIMINÉ Temporários windows (85) (20.685.969 octets) ELIMINÉ Flash Cookies (4) (564 octets) ========== Restauração Sistema ========== Ponto de restauro do sistema criado com sucesso ========== Recapitulativo ========== 1 : Processo memória 14 : Chaves do Registo 2 : Valores do Registo 1 : Pastas 7 : Ficheiros 2 : Estado dos serviços 1 : Restauração Sistema End of clean in 00mn 36s ========== Caminho do ficheiro do relatório ========== C:\Documents and Settings\Carol\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 05/08/2014 13:33:11 [2146] Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Agosto 5, 2014 Abra novamente o ( ZHPDiag ) |- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão. |- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt Compartilhar este post Link para o post Compartilhar em outros sites
carol2906 0 Denunciar post Postado Agosto 5, 2014 Boa tarde, Segue log do ZHP ~ Relatório do ZHPDiag v2014.8.3.113 - Nicolas Coolman (03/08/2014) ~ Iniciado por Carol (05/08/2014 15:51:50) ~ Endereço do Website : http://nicolascoolman.fr ~ Endereço do Webforum : http://forum.nicolascoolman.fr ~ Tradução pelo utilizador ~ Estatuto da versão : Versão atualizada. ~ Lista Branca : Ativado pelo programa ~ Elevação dos Privilégios : OK ~ Controle de Conta de Utilizador : Not Found ---\\ Navegadores Internet MSIE: Internet Explorer v8.0.6001.18702 MFIE: Mozilla Firefox 30.0 GCIE: Google Chrome v36.0.1985.125 (Defaut) ---\\ Informações sobre os produtos Windows ~ Langage: Portugais Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : OK ---\\ Softwares de proteçao do sistema McAfee Security Scan Plus v3.8.141.11 ---\\ Softwares d'optimização do sistema CCleaner v3.11 ---\\ Softwares de partilha do PeerToPeer (P2P) µTorrent v3.2.3.28705 =>P2P.µTorrent ---\\ Monitoramento dos softwares Adobe Flash Player 14 Plugin Adobe Reader XI ---\\ Informações sobre o sistema ~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3055 MB (48% free) System Restore: Activé (Enable) System drive C: has 40 GB (41%) free of 98 GB ---\\ Modo de conexão ao sistema ~ Computer Name: CASA-46997CABD5 ~ User Name: Carol ~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, Carol, ASPNET, Administrador, ~ Unselected Option: 045,061,O62,065,066,080,O82,089 Logged in as Administrator ---\\ As variáveis de ambiente ~ System Unit : C:\ ~ %AppZHP% : C:\Documents and Settings\Carol\Dados de aplicativos\ZHP\ ~ %AppData% : C:\Documents and Settings\Carol\Dados de aplicativos\ ~ %Desktop% : C:\Documents and Settings\Carol\Desktop\ ~ %Favorites% : C:\Documents and Settings\Carol\Favoritos\ ~ %LocalAppData% : C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\ ~ %StartMenu% : C:\Documents and Settings\Carol\Menu Iniciar\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ Enumeração das unidades dos discos C: Hard drive, Flash drive, Thumb drive (Free 40 Go of 98 Go) D: CD-ROM drive (Not Inserted) E: Hard drive, Flash drive, Thumb drive (Free 94 Go of 98 Go) F: Hard drive, Flash drive, Thumb drive (Free 21 Go of 103 Go) ---\\ Estado do Centro de Segurança do Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: 52 Legitimates Filtered in 00mn 00s ---\\ Pesquisa particular de ficheiros genéricos [MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\Explorer.exe [1035776] [MD5.1BE73DF0AE36B73A8D097459EF0AC6E6] - (.Microsoft Corporation - Internet Extensions for Win32.) (.08/06/2013 - 03:24:02.) -- C:\WINDOWS\system32\wininet.dll [920064] [MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [509952] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 10:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 10:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/04/2008 - 15:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240] [MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248] ~ Generic Processes: Scanned in 00mn 00s ---\\ Estatuto dos ficheiros ocultos (Oculto/Total) ~ Mes images (My Pictures) : 2/9852 ~ Mes musiques (My Musics) : 2/675 ~ Mes Videos (My Videos) : 1/259 ~ Mes Favoris (My Favorites) : 1/10 ~ Mes Documents (My Documents) : 4/15456 ~ Mon Bureau (My Desktop) : 3/3294 ~ Menu demarrer (Programs) : 1/46 ~ Hidden Files: Scanned in 00mn 53s ---\\ Processos lançados [MD5.B99C37364701D19F2B5C0A0E1ECCDB80] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe [519720] [PID.1492] [MD5.6D4413938AF57EAB7CF4F06D652ACBD4] - (.Sagem Securite - Serv_SpUsb.) -- C:\WINDOWS\system32\Serv_SpUsb.exe [138752] [PID.1832] [MD5.B122D463C76E0305C6F0C76932969F62] - (.Microsoft Corporation - Servidor de gerenciamento de recursos do ca.) -- C:\WINDOWS\System32\SCardSvr.exe [99328] [PID.508] [MD5.73686FE0B2E0469F89FD2075BE724704] - (.Apple Computer, Inc. - Bonjour Service.) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe [229376] [PID.1192] [MD5.D3F9205CC4CB07553F2F9472C767EA87] - (.Teruten - FsUsbDevice.) -- C:\WINDOWS\system32\FsUsbExService.exe [233472] [PID.132] [MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Google Installer.) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [136176] [PID.1504] [MD5.4F2143570D2250CA4C4A4C98553C82CD] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [161704] [PID.1604] [MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.exe [322120] [PID.1628] [MD5.6B5AF2DE1781726755B11FBDC57432F7] - (.OEM - ngslotd.) -- C:\Arquivos de programas\ngsrv\ngslotd.exe [56832] [PID.1532] [MD5.D31F88C5F19EEFA366A415D6BC5F2ABC] - (.HP - PML Driver.) -- C:\WINDOWS\system32\HPZipm12.exe [69632] [PID.1916] [MD5.543A4EF0923BF70D126625B034EF25AF] - (.Protexis Inc. - PsiService PsiService.) -- c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe [189728] [PID.1936] [MD5.958E956E119EB7B9ABA142AFED1B5FF4] - (...) -- C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe [186760] [PID.160] [MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.844] [MD5.18B6A913D2FBC0E5C02C14B24359E828] - (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\WINDOWS\system32\aetcrss1.exe [18944] [PID.836] [MD5.BF8382259F4EAF534DC806D7C7B0AEAA] - (.Samsung - KiesPDLR.) -- C:\Arquivos de programas\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288] [PID.2180] [MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.2460] [MD5.C155A13687144076286989EF078112C2] - (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Arquivos de programas\ZHPDiag\ZHPhep.exe [1917440] [PID.2828] [MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe [860488] [PID.2240] [MD5.AAB9A24EC7199F18D588AA8BF705D345] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8084992] [PID.4264] ~ Processes Running: Scanned in 00mn 01s ---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3) P2 - FPN: [HKLM] [@photodex.com/PhotodexPresenter] - (.No owner - Photodex Presenter Plugin 4,10,0,2737.) -- C:\Arquivos de programas\Photodex Presenter\npPxPlay.dll P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_abn.dll P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_bb.dll P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_cef.dll ~ Firefox Browser: 18 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4) R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1 ~ IE Browser: 13 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Gestão do Proxy (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\Userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Redireção do ficheiro Hosts (01) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 19 ---\\ Browser Helper Objects do navegador (02) O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehCef.dll O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehAbn.dll ~ BHO: 12 Legitimates Filtered in 00mn 00s ---\\ Barras do Internet Explorer (03)) O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chave orfã ~ Toolbar: Scanned in 00mn 00s ---\\ Outras conexões do utilizador (04) O4 - GS\Desktop [Carol]: Atalho para uTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Arquivos de programas\uTorrent\uTorrent.exe =>P2P.BitTorrent ~ Global Startup: 1 Legitimates Filtered in 00mn 01s ---\\ Aplicações iniciadas por registo & pastas (04) O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Run: [CertificateRegistration] . (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\WINDOWS\system32\aetcrss1.exe O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Arquivos de programas\QuickTime\qttask.exe O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-21-725345543-920026266-1801674531-1005\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe ~ Application: Scanned in 00mn 00s ---\\ Boutões da barra de ferramentas principal do Internet Explorer (09) O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Piratagem da Opção " Redefinir Configurações da Web " (014) O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp" O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br" ~ IE Paramètres WEB: Scanned in 00mn 00s ---\\ Site na zona confiavél do Internet Explorer (05) O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancoreal.com.br O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancosantander.com.br O15 - Trusted Zone: [HKCU\...\Domains\www] http.bb.com.br O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br O15 - Trusted Zone: [HKCU\...\Domains\www] http.santander.com.br O15 - Trusted Zone: [HKCU\...\Domains\www] http.santanderempresarial.com.br ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} ((no name)) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} ((no name)) - https://imagem.caixa.gov.br/cab/gbpdist.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} ((no name)) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} ((no name)) - https://secure.logmein.com/activex/RACtrl.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Alteração Dominio/Clientes DNS (017) O17 - HKLM\System\CCS\Services\Tcpip\..\{8E2A87FF-0AEA-49D3-90BD-D450CB5C356B}: DhcpNameServer = 192.168.25.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{8E2A87FF-0AEA-49D3-90BD-D450CB5C356B}: DhcpNameServer = 192.168.25.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{8E2A87FF-0AEA-49D3-90BD-D450CB5C356B}: DhcpNameServer = 192.168.25.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.25.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocolo adicional (018) O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: GbPluginAbn . (.Banco Real - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehAbn.dll O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehCef.dll O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: WBSrv . (.Stardock Corporation - WBSrv.dll.) -- C:\Arquivos de programas\Stardock\Object Desktop\WindowBlinds\wbsrv.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - Pasta e monitor da bandeja UPNP.) -- C:\WINDOWS\system32\upnpui.dll ~ SSODL: 6 Legitimates Filtered in 00mn 00s ---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ Lista dos serviços NT não Microsoft e não desativados (023) O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe O23 - Service: ngSlotDaemon (ngSlotD) . (.OEM - ngslotd.) - C:\Arquivos de programas\ngsrv\ngslotd.exe O23 - Service: ScsiAccess (ScsiAccess) . (...) - C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe ~ Services: 12 Legitimates Filtered in 00mn 07s ---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024) O24 - Desktop Component 0: Minha página inicial atual - file:About:Home O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s ---\\ Drivers lançados ao arranque do sistema (041) O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for RootKit Detection.) - C:\WINDOWS\system32\DRIVERS\avipbb.sys O41 - Driver: (Bfilter) . (. - .) - C:\WINDOWS\system32\drivers\Bfilter.sys (.not file.) O41 - Driver: (Bfmon) . (. - .) - C:\WINDOWS\system32\drivers\Bfmon.sys (.not file.) O41 - Driver: (Bnbase) . (. - .) - C:\WINDOWS\system32\drivers\bnbase.sys (.not file.) O41 - Driver: (Bndef) . (. - .) - C:\WINDOWS\system32\drivers\bndef.sys (.not file.) O41 - Driver: (Bprotect) . (. - .) - C:\WINDOWS\system32\drivers\Bprotect.sys (.not file.) O41 - Driver: ({6fcd6092-9615-4f7f-8898-8df53980e5d2}t) . (. - .) - C:\WINDOWS\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}t.sys (.not file.) O41 - Driver: ({a3f28269-ad17-41a8-b032-3e0313ef8979}Gt) . (. - .) - C:\WINDOWS\system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gt.sys (.not file.) ~ Drivers: 79 Legitimates Filtered in 00mn 00s ---\\ Software instalados (042) O42 - Logiciel: Cadeias de Certificação Prodemge - 01/2012 - (.Prodemge.) [HKLM] -- Cadeias de Certificação Prodemge_is1 O42 - Logiciel: DOI - (...) [HKLM] -- DOI O42 - Logiciel: Fix Print 3.7 - (.Nova Consultoria.) [HKLM] -- {91C9FA89-44F6-4D7A-A006-25816412CCCC}_is1 O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 O42 - Logiciel: IRPF2010 - Declaração de Ajuste Anual e Final de Espólio - (...) [HKLM] -- IRPF2010 - Declaração de Ajuste Anual e Final de Espólio O42 - Logiciel: IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2011 O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2012 O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013 O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014 O42 - Logiciel: LIVE! Control Center 1.03 - (.OEM.) [HKLM] -- {271F5A67-A83A-4985-B41B-201EB267E6CF} O42 - Logiciel: LIVE! OSD 1.03 - (.OEM.) [HKLM] -- {73289228-1853-4623-982A-EB17FF0270CA} O42 - Logiciel: Módulo Adicional de Segurança CAIXA - (...) [HKLM] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1 O42 - Logiciel: Módulo de Proteção - Banco Santander (Brasil) S.A. - (...) [HKLM] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1 O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5 O42 - Logiciel: Receitanet 2010 - (...) [HKLM] -- Receitanet O42 - Logiciel: SafeSign - (.A.E.T. Europe B.V..) [HKLM] -- {2DF407D3-A8AD-4ACF-BFD5-5F7D42EC62FD} O42 - Logiciel: Xenofex 1.0 - (...) [HKLM] -- Xenofex 1.0 O42 - Logiciel: ePass2000 (Somente remover) - (...) [HKLM] -- 4673551D-STFT12-4FE7-A218-48BDAE051E2B_std ~ Logic: 56 Legitimates Filtered in 00mn 02s ---\\ HKCU & HKLM Software Keys [HKCU\Software\A.E.T. Europe B.V.] [HKCU\Software\AutoHelpDesk] [HKCU\Software\ECS] [HKCU\Software\EXPStudio] [HKCU\Software\GbAs] [HKCU\Software\UltraDownloads.com.br] [HKCU\Software\Zhuk] [HKLM\Software\A.E.T. Europe B.V.] [HKLM\Software\AutoHelpDesk] [HKLM\Software\FTDriver] [HKLM\Software\NGSrv] [HKLM\Software\Programas RFB] ~ Key Software: 687 Legitimates Filtered in 00mn 02s ---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 15/01/2012 - 16:47:08 - [] ----D C:\Arquivos de programas\3D Canvas 8 O43 - CFD: 26/02/2014 - 19:52:55 - [] ----D C:\Arquivos de programas\A.E.T. Europe B.V O43 - CFD: 13/07/2010 - 17:07:20 - [] ----D C:\Arquivos de programas\Alterdata O43 - CFD: 31/10/2009 - 13:57:10 - [] ----D C:\Arquivos de programas\Ares Music O43 - CFD: 18/01/2012 - 22:02:19 - [] ----D C:\Arquivos de programas\Baixo Cidade O43 - CFD: 03/05/2013 - 12:10:41 - [] -S--D C:\Arquivos de programas\d3ed O43 - CFD: 26/03/2010 - 09:46:05 - [] ----D C:\Arquivos de programas\Declaração Anual de Movimento Econômico O43 - CFD: 06/01/2010 - 21:14:09 - [] ----D C:\Arquivos de programas\DigiPix O43 - CFD: 07/07/2014 - 10:39:13 - [] ----D C:\Arquivos de programas\Expstudio O43 - CFD: 25/09/2013 - 12:20:39 - [] ----D C:\Arquivos de programas\Fix Print O43 - CFD: 01/02/2011 - 22:22:17 - [] ----D C:\Arquivos de programas\IPPS O43 - CFD: 21/07/2010 - 09:56:32 - [] ----D C:\Arquivos de programas\MiniBiblio O43 - CFD: 15/12/2009 - 20:36:57 - [] ----D C:\Arquivos de programas\ngsrv O43 - CFD: 26/02/2014 - 20:02:56 - [] ----D C:\Arquivos de programas\Programas RFB O43 - CFD: 01/09/2009 - 09:15:55 - [] ----D C:\Arquivos de programas\Serviços on-line O43 - CFD: 18/06/2014 - 19:27:34 - [0] ----D C:\Arquivos de programas\SiteLookup O43 - CFD: 22/02/2011 - 14:44:29 - [] ----D C:\Arquivos de programas\Zhuk O43 - CFD: 06/09/2009 - 16:53:13 - [] ----D C:\Arquivos de programas\Arquivos comuns\Opus Shared O43 - CFD: 01/09/2009 - 09:15:26 - [] ----D C:\Arquivos de programas\Arquivos comuns\Serviços O43 - CFD: 26/02/2014 - 19:52:53 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\A.E.T. Europe B.V O43 - CFD: 29/08/2011 - 16:46:03 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\IM O43 - CFD: 29/08/2011 - 16:44:44 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\IncrediMail O43 - CFD: 26/02/2014 - 19:56:02 - [] ----D C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\A.E.T. Europe B.V O43 - CFD: 14/08/2012 - 19:36:27 - [] ----D C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Ares O43 - CFD: 10/08/2010 - 20:44:12 - [] ----D C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\bi O43 - CFD: 22/02/2011 - 14:48:16 - [] ----D C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Oleg_Zhuk O43 - CFD: 05/05/2010 - 18:24:38 - [] R---D C:\Documents and Settings\Carol\Menu Iniciar\Programas\Acessórios O43 - CFD: 09/07/2014 - 12:34:09 - [] R---D C:\Documents and Settings\Carol\Menu Iniciar\Programas\Inicializar O43 - CFD: 26/02/2012 - 08:56:11 - [] ----D C:\Documents and Settings\Carol\Menu Iniciar\Programas\Programas RFB2012 O43 - CFD: 01/03/2013 - 06:11:14 - [] ----D C:\Documents and Settings\Carol\Menu Iniciar\Programas\Programas RFB2013 O43 - CFD: 26/02/2014 - 20:06:30 - [] ----D C:\Documents and Settings\Carol\Menu Iniciar\Programas\Programas RFB2014 ~ Program Folder: 282 Legitimates Filtered in 00mn 04s ---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044) O44 - LFC:[MD5.EDCEAF74C3345517A2F792ED64558A92] - 04/08/2014 - 22:30:36 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [116] O44 - LFC:[MD5.B160951916A8001C38DBC47E21046C8B] - 05/08/2014 - 11:07:42 ---A- . (...) -- C:\WINDOWS\wiaservc.log [48] O44 - LFC:[MD5.F3C5F83862C39854AEBA1863B63EF820] - 05/08/2014 - 11:07:45 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159] O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 05/08/2014 - 13:33:39 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31088] ~ Files: 11 Legitimates Filtered in 00mn 07s ---\\ Operações e funções ao arranque do Windows Explorer (046) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Exportar a chave da aplicação autorizada (047) O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Ares\Ares.exe" [Enabled] .(...) -- C:\Arquivos de programas\Ares\Ares.exe (.not file.) ~ Keys Export: 17 Legitimates Filtered in 00mn 00s ---\\ Negação do serviço (Local Security Authority) (048) ~ LSA: 6 Legitimates Filtered in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\epsng_certd [Key] . (.OEM - Certificate Daemon.) -- C:\Arquivos de programas\ngsrv\epsng_certd.exe ~ SMSR Keys: 21 Legitimates Filtered in 00mn 00s ---\\ Lista dos drivers do sistema (SDL) (O58) O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\WINDOWS\system32\Drivers\360FileOem.sys [146304] O58 - SDL:13/02/2009 - 11:17:49 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver.) -- C:\WINDOWS\system32\Drivers\avgntdd.sys [45416] O58 - SDL:07/12/2009 - 21:23:39 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\WINDOWS\system32\Drivers\avgntflt.sys [56816] O58 - SDL:13/02/2009 - 11:29:11 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver Manager.) -- C:\WINDOWS\system32\Drivers\avgntmgr.sys [22360] O58 - SDL:30/03/2009 - 09:33:07 ---A- . (.Avira GmbH - Avira Driver for RootKit Detection.) -- C:\WINDOWS\system32\Drivers\avipbb.sys [96104] O58 - SDL:25/09/2010 - 19:09:01 ---A- . (.Windows ® 2000 DDK provider - Mirror Miniport Driver.) -- C:\WINDOWS\system32\Drivers\bbcap.sys [2944] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528] O58 - SDL:22/05/2013 - 20:43:44 ---A- . (.Devguru Co., Ltd - Device Error Recovery SDK(x86).) -- C:\WINDOWS\system32\Drivers\dgderdrv.sys [20032] O58 - SDL:16/03/2009 - 15:32:56 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\WINDOWS\system32\Drivers\ecskbc.sys [4096] O58 - SDL:07/01/2009 - 11:27:06 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ECSLiveIO.sys [16336] O58 - SDL:16/03/2009 - 15:47:16 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\WINDOWS\system32\Drivers\ecsmouclass.sys [3968] O58 - SDL:15/12/2009 - 20:36:58 ---A- . (.No owner - USB Smart Card Driver.) -- C:\WINDOWS\system32\Drivers\ft12usb.sys [11904] O58 - SDL:23/09/2013 - 19:10:32 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\WINDOWS\system32\Drivers\GbpKm.sys [46392] O58 - SDL:05/08/2014 - 13:33:39 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31088] O58 - SDL:16/03/2009 - 15:33:48 ---A- . (.Windows ® Codename Longhorn DDK provider - KBFiltr.) -- C:\WINDOWS\system32\Drivers\GpdKBFilter.sys [4096] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792] O58 - SDL:19/03/2007 - 16:00:14 ---A- . (...) -- C:\WINDOWS\system32\Drivers\RLVrtAuCbl.sys [31616] O58 - SDL:15/12/2009 - 20:36:58 ---A- . (.OEM - This is used by FT12 Readers.) -- C:\WINDOWS\system32\Drivers\smccardc.sys [13056] O58 - SDL:11/05/2009 - 09:12:24 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\Drivers\ssmdrv.sys [28520] O58 - SDL:02/05/2013 - 01:23:50 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\WINDOWS\system32\Drivers\ssudbus.sys [83864] O58 - SDL:02/05/2013 - 01:23:50 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\WINDOWS\system32\Drivers\ssudmdm.sys [181912] O58 - SDL:25/10/2007 - 16:26:10 ---A- . (...) -- C:\WINDOWS\system32\Drivers\StarOpen.sys [5632] O58 - SDL:04/05/2013 - 15:50:13 ---A- . (...) -- C:\WINDOWS\system32\Drivers\TrueSight.sys [15616] O58 - SDL:13/07/2009 - 01:07:46 ---A- . (...) -- C:\WINDOWS\system32\Drivers\uxpatch.sys [25448] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097] O58 - SDL:16/03/2009 - 15:32:56 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\WINDOWS\system32\ecskbc.sys [4096] O58 - SDL:07/01/2009 - 11:27:06 ---A- . (...) -- C:\WINDOWS\system32\ECSLiveIO.sys [16336] O58 - SDL:16/03/2009 - 15:47:16 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\WINDOWS\system32\ecsmouclass.sys [3968] O58 - SDL:07/04/2009 - 08:39:44 ---A- . (...) -- C:\WINDOWS\system32\FsUsbExDisk.Sys [36608] O58 - SDL:16/03/2009 - 15:33:48 ---A- . (.Windows ® Codename Longhorn DDK provider - KBFiltr.) -- C:\WINDOWS\system32\GpdKBFilter.sys [4096] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537] O58 - SDL:13/12/2009 - 08:47:41 -SHA- . (...) -- C:\WINDOWS\system32\KGyGaAvL.sys [952] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424] O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560] ~ Drivers: 79 Legitimates Filtered in 00mn 02s ---\\ Lista das ferramentas de remoção de vírus (LAT) (063) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Lista dos serviços Legacy du registo (064) O64 - Services: CurCS - 15/07/1744 - C:\WINDOWS\system32\drivers\360HookOem.sys (360HookOem) .(...) - LEGACY_360HOOKOEM O64 - Services: CurCS - 13/02/2009 - C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys (avgio) .(.Avira GmbH - Avira AntiVir Support for Minifilter.) - LEGACY_AVGIO O64 - Services: CurCS - 28/02/2006 - C:\Arquivos de programas\Bonjour\mDNSResponder.exe (Bonjour Service) .(.Apple Computer, Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE O64 - Services: CurCS - 23/09/2013 - C:\WINDOWS\system32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM O64 - Services: CurCS - 21/02/2014 - C:\Arquivos de programas\GbPlugin\gbpsv.exe (GbpSv) .(.GAS Tecnologia - G-Buster Browser Defense - Service.) - LEGACY_GBPSV O64 - Services: CurCS - 15/12/2009 - C:\Arquivos de programas\ngsrv\ngslotd.exe (ngSlotD) .(.OEM - ngslotd.) - LEGACY_NGSLOTD O64 - Services: CurCS - 01/07/2010 - C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe (ScsiAccess) .(...) - LEGACY_SCSIACCESS ~ Legacy: 167 Legitimates Filtered in 00mn 00s ---\\ Menu de inicialização Internet (068) O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (...) -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (.not file.) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (.not file.) O68 - StartMenuInternet: <Google Chrome.Carol> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069) O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84) [MD5.B3EB4098F08B2B50BF48BEEA0F1271D2] [sPRF][02/06/2014] (...) -- C:\Documents and Settings\Carol\Dados de aplicativos\unins000.dat [44697] [MD5.47998C7FA68804E7C40FDED47C60736E] [sPRF][14/06/2013] (...) -- C:\Documents and Settings\Carol\Dados de aplicativos\unins001.dat [11878] [MD5.E214648F8846D213C0C750691F46113B] [sPRF][08/03/2014] (...) -- C:\Documents and Settings\Carol\Dados de aplicativos\unins002.dat [34116] [MD5.DB95B03031E66AC45495EDF1D16B8887] [sPRF][09/07/2014] (...) -- C:\Documents and Settings\Carol\Desktop\AdwCleaner.exe [1348263] [MD5.C93911B62EA4BF0AEF1B16596302018E] [sPRF][18/06/2014] (...) -- C:\Documents and Settings\Carol\Desktop\atube-catcher-3-8-7971-32-bits.exe [670888] [MD5.3D4A630F2DA832C1529CC6D2D8C3A95B] [sPRF][18/03/2013] (...) -- C:\Documents and Settings\Carol\Desktop\camtasia-studio-804-build-1060-baixaki-32-bits.exe [649968] [MD5.9A4022CAA9CC2EF1820F360991502108] [sPRF][07/07/2014] (...) -- C:\Documents and Settings\Carol\Desktop\expstudio-audio-editor-free-4-31-32-bits.exe [670920] [MD5.BD41EA356CB85FCD663588504B50113C] [sPRF][28/05/2014] (.Banco Santander (Brasil) S.A. - Módulo de Proteção - Banco Santander (Brasil) S.A..) -- C:\Documents and Settings\Carol\Desktop\gbplugin2.exe [5738152] [MD5.20C80FB1BC968D22A1B248725BAF5E2D] [sPRF][22/05/2013] (...) -- C:\Documents and Settings\Carol\Desktop\LimpaPenDrive.bat [2050] [MD5.352E8561E633B17ED22012366721FFDC] [sPRF][10/07/2014] (...) -- C:\Documents and Settings\Carol\Desktop\zoek.exe [1285120] [MD5.D41D8CD98F00B204E9800998ECF8427E] [sPRF][01/01/1601] (...) -- C:\WINDOWS\Downloaded Program Files\gbpdist.dll [99392] [MD5.8F700DA1A1A75501D6EEF76BC866EB29] [sPRF][16/05/2011] (...) -- C:\WINDOWS\Downloaded Program Files\LMIProxyHelper.exe [70984] [MD5.E20F38184ECB403A82FFE0096D3CCCCD] [sPRF][15/12/2011] (...) -- C:\WINDOWS\Downloaded Program Files\RACtrl.dll [4617616] ~ Files: 22 Legitimates Filtered in 00mn 01s ---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados) SS - | Demand 09/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 13/05/2009 108289 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe SS - | Auto 21/07/2009 185089 | (AntiVirService) . (.Avira GmbH.) - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SS - | Demand 02/09/2009 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe SS - | Demand 18/03/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe SS - | Demand 23/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand 07/04/2008 430592 | (ServiceLayer) . (.Nokia..) - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe SR - | Auto 28/02/2006 229376 | (Bonjour Service) . (.Apple Computer, Inc..) - C:\Arquivos de programas\Bonjour\mDNSResponder.exe SR - | Auto 07/04/2009 233472 | (FsUsbExService) . (.Teruten.) - C:\WINDOWS\system32\FsUsbExService.exe SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe SR - | Auto 18/03/2010 136176 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe SR - | Auto 05/07/2012 161704 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe SR - | Auto 15/11/2010 138752 | (MSO_SpUsb_Service) . (.Sagem Securite.) - C:\WINDOWS\system32\Serv_SpUsb.exe SR - | Auto 15/12/2009 56832 | (ngSlotD) . (.OEM.) - C:\Arquivos de programas\ngsrv\ngslotd.exe SR - | Auto 03/03/2006 69632 | (Pml Driver HPZ12) . (.HP.) - C:\WINDOWS\system32\HPZipm12.exe SR - | Auto 10/03/2010 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe SR - | Auto 01/07/2010 186760 | (ScsiAccess) . (...) - C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe ~ Services: Scanned in 00mn 21s ---\\ Scâner Aditional (088) Database Version : 13026 - (03/08/2014) Clés trouvées (Keys found) : 0 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 ~ Additionnel Scan: 472852 Items scanned in 02mn 09s ---\\ Informações complémentaires do módulos ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Gestão do Proxy (R5) ~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects do navegador (02) ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Barras do Internet Explorer (03)) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Aplicações iniciadas por registo & pastas (04) ~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50) ~ AMI: 5 Legitimates Filtered in 00mn 00s ---\\ Sumário das deteções encontradas na sua estação ~ MSI: 0 link(s) detected in 00mn 00s ~ 1170 Legitimates filtered by white list End of the scan (598 lines in 04mn 25s)(0) Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Agosto 6, 2014 :seta: Selecione e copie todo o texto destacado em vermelho que te passei. _____________________________________________________________________________________________________________ :seta: Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta e nos diga como está seu PC depois disto. Compartilhar este post Link para o post Compartilhar em outros sites
carol2906 0 Denunciar post Postado Agosto 6, 2014 Boa tarde, Segue log: Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014 Fichier d'export Registre : Run by Carol at 06/08/2014 15:09:52 High Elevated Privileges : OK Windows XP Professional Service Pack 3 (Build 2600) Reciclagem vazia (00mn 01s) Reparação de atalhos do navegador ========== Pastas ========== Nenhuma pasta CLSID local utilizador vazia ========== Ficheiros ========== ELIMINÉ Temporários windows (6) (750.312 octets) ELIMINÉ Flash Cookies (0) (0 octets) ========== Restauração Sistema ========== Ponto de restauro do sistema criado com sucesso ========== Recapitulativo ========== 1 : Pastas 2 : Ficheiros 1 : Restauração Sistema End of clean in 00mn 13s ========== Caminho do ficheiro do relatório ========== C:\Documents and Settings\Carol\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 05/08/2014 13:33:11 [2248] C:\Documents and Settings\Carol\Dados de aplicativos\ZHP\ZHPFix[R2].txt - 06/08/2014 15:09:54 [866] Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Agosto 6, 2014 Como está o PC? Compartilhar este post Link para o post Compartilhar em outros sites
carol2906 0 Denunciar post Postado Agosto 11, 2014 Bom dia , Este computador agora está bacana, consigo acessar os sites sem problema. Meu outro computador porém apresenta os mesmos problemas que este aqui estava apresentando antes, para fazer o procedimento com ele também preciso abrir outro tópico ou posso dar continuidade neste? Abraço e obrigada pela ajuda! Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Agosto 11, 2014 :) Fico feliz que o problema tenha sido resolvido. :seta: Só para finalizar siga estes tutoriais abaixo, por gentileza: Excluindo erros e otimizando seu PC com o CCleaner Elimine arquivos inúteis de seu PC com o PureRa _______________________________________________________________________________________________________________________ :seta: Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas deste tutorial. _______________________________________________________________________________________________________________________ Foi um prazer ajudar. Conte sempre conosco! PROBLEMA RESOLVIDO<br /><br />Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
