Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Manain

[Arquivado] Navegadores Lentos Crhome e IE

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

Manain    0

Manain
Postado

Analise de LOG, não consigo rodar malwares-bytes e nem desinstalar.

 

Segue LOG

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:26:30, on 19/10/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\ARQUIV~1\GbPlugin\GbpSv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\SCardSvr.exe
D:\WINDOWS\system32\svchost.exe
D:\Arquivos de programas\Java\jre7\bin\jqs.exe
D:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
D:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe
D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\system32\mfevtps.exe
D:\WINDOWS\system32\svchost.exe
D:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mcshield.exe
D:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfefire.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\System32\alg.exe
D:\Arquivos de programas\McAfee.com\Agent\mcagent.exe
D:\WINDOWS\system32\aetcrss1.exe
D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Arquivos de programas\Baidu Security\PC Faster\3.7.0.0\PCFasterSvc.exe
D:\Arquivos de programas\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe
D:\WINDOWS\system32\msiexec.exe
D:\Documents and Settings\Sidnei\Meus documentos\Downloads\HijackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - D:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre7\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\ScriptSn.20120627080103.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - d:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - D:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - d:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [mcui_exe] "D:\Arquivos de programas\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [baidu PC Faster 3.7.0.0] "D:\Arquivos de programas\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe" -auto -start
O4 - HKLM\..\RunOnce: [Del2294187] cmd.exe /Q /D /c del "D:\DOCUME~1\Sidnei\CONFIG~1\Temp\0.del"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [Del2294125] cmd.exe /Q /D /c del "D:\DOCUME~1\Sidnei\CONFIG~1\Temp\0.del"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: *.caixa.gov.br
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - d:\ARQUIV~1\mcafee\msc\mcsniepl.dll
O20 - Winlogon Notify: GbPluginCef - D:\Arquivos de programas\GbPlugin\gbiehcef.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - D:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - D:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - D:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - D:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - D:\Arquivos de programas\Java\jre7\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - D:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - D:\Arquivos de programas\Arquivos comuns\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - D:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - D:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - D:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - D:\Arquivos de programas\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - D:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - D:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - D:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - D:\WINDOWS\system32\mfevtps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - D:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Baidu PC Faster Service 3.7.0.0 (PCFasterSvc_{PCFaster_3.7.0.0}) - Baidu Inc. - D:\Arquivos de programas\Baidu Security\PC Faster\3.7.0.0\PCFasterSvc.exe
--
End of file - 9982 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! Manain

 

|- Desinstale: D:\Arquivos de programas\Baidu Security <<

 

-/-

 

|- Baixe: < ZHPDiag2.exe > < NicolasCoolman.jpg > ( ... de Nicolas Coolman )

|- Salve-o no disco local! ( C ou D )
|- Execute o ícone do pergaminho. ( ZHPDiag )

 

abynh7jv.jpg

 

|- Clique: "CONFIGURE"

 

ZHPDiag_Options2_zps5a090bf7.jpg

 

|- Clique: "Options" >> "All" >> OK

 

ZHPDiag_FullAnalysis_zps60157826.jpg

 

|- Clique: "CONFIGURE" >> "Full Analysis"
|- Aguarde a conclusão!
|- Caso ocorra travamentos e não possa obter o log,aborte a verificação completa e faça a customizada.
|- Volte a janela principal da ferramenta.

 

adcYraWj.jpg

 

|- Clique "SEARCH" e aguarde a conclusão!
|- Ou clique "Options" >> "None".

ZHPDiag_AdditionalScan_zps21f11520.jpg

 

|- Marque,apenas,a opção "Additional Scan (O88)".

 

~ Unselected Option:

O1,039,O40,O41,O42,O43,O44,O45,O46,O47,
O48,O49,O50,O51,O52,O53,O54,O55,O56,O57,
O58,O59,O60,O61,O62,O63,O64,O65,O66,O67,
O68,O69,O80,O81,O82,O83,O84,O85,O86,O87,
O89,O90,O91,O92
####

 

|- Desta forma,estas opções serão desabilitadas!

 

zhpdia11.png

 

|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Se o log for extenso,envie-o à Pjjoint.malekal.

 

|- Ou acesse: < Cjoint_Logo.jpg >

 

|- Maiores informações: < |Link| >

 

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

Manain    0

Manain
Postado

Segue relatorio ZHPDiag.txt

 

 

~ Relatório do ZHPDiag v2013.11.9.20 - Nicolas Coolman (09/11/2013)
~ Iniciado por Sidnei (09/11/2013 18:34:40)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : http://nicolascoolman.webs.com/apps/links/
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found


---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
GCIE: Google Chrome v30.0.1599.101

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ Softwares de proteçao do sistema
Malwarebytes' Anti-Malware

---\\ Softwares d'optimização do sistema
CCleaner v3.10 =>Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 11 ActiveX
Adobe Reader 7.0
Java 7 Update 45

---\\ Informações sobre o sistema
~ Processor: x86 Family 15 Model 4 Stepping 9, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 495 MB (33% free)
System Restore: Activé (Enable)
System drive D: has 23 GB (58%) free of 39 GB

---\\ Modo de conexão ao sistema
~ Computer Name: KELOW
~ User Name: Sidnei
~ All Users Names: SUPPORT_388945a0, Sidnei, HelpAssistant, Convidado, Administrador,
~ Unselected Option: None
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : D:\
~ %AppZHP% : D:\Documents and Settings\Sidnei\Dados de aplicativos\ZHP\
~ %AppData% : D:\Documents and Settings\Sidnei\Dados de aplicativos\
~ %Desktop% : D:\Documents and Settings\Sidnei\Desktop\
~ %Favorites% : D:\Documents and Settings\Sidnei\Favoritos\
~ %LocalAppData% : D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\
~ %StartMenu% : D:\Documents and Settings\Sidnei\Menu Iniciar\
~ %Windir% : D:\WINDOWS\
~ %System% : D:\WINDOWS\system32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 26 Go of 35 Go)
D: Hard drive, Flash drive, Thumb drive (Free 23 Go of 39 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Free 0 Go of 4 Go)

 

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 42 Legitimates Filtered in 00mn 00s

 

---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/04/2008 - 23:20:58.) -- D:\WINDOWS\Explorer.exe [1035776]
[MD5.FF2D779ABA637062E34DF520F087DFBD] - (.Microsoft Corporation - Internet Extensions for Win32.) (.04/11/2011 - 16:13:20.) -- D:\WINDOWS\system32\wininet.dll [916992]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/04/2008 - 23:21:23.) -- D:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 10:49:54.) -- D:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 15:40:30.) -- D:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 16:14:21.) -- D:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 15:40:46.) -- D:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/04/2008 - 22:52:42.) -- D:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 13:36:05.) -- D:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.13/04/2008 - 22:55:19.) -- D:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 15:40:58.) -- D:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 15:57:15.) -- D:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 16:19:42.) -- D:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 10:29:31.) -- D:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 16:21:00.) -- D:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 16:15:53.) -- D:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.13/04/2008 - 23:02:24.) -- D:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 16:19:43.) -- D:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 15:32:51.) -- D:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/04/2008 - 22:53:17.) -- D:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/04/2008 - 22:53:00.) -- D:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 03s

 

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/390
~ Mes musiques (My Musics) : 12/57
~ Mes Favoris (My Favorites) : 1/20
~ Mes Documents (My Documents) : 7/3975
~ Mon Bureau (My Desktop) : 4/95
~ Menu demarrer (Programs) : 1/122
~ Hidden Files: Scanned in 00mn 25s

 

---\\ Processos lançados
[MD5.4E35773DAD00E89F670AEA734BC25D66] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- D:\Arquivos de programas\GbPlugin\gbpsv.exe [527720] [PID.1312]
[MD5.222B59D2655EE0C831F9317A14A49B0F] - (.Nero AG - incdsrv.) -- D:\Arquivos de programas\Ahead\InCD\InCDsrv.exe [876032] [PID.1572]
[MD5.B122D463C76E0305C6F0C76932969F62] - (.Microsoft Corporation - Servidor de gerenciamento de recursos do ca.) -- D:\WINDOWS\System32\SCardSvr.exe [99328] [PID.296]
[MD5.80A79264302910C7C24BA7E44267EFEF] - (.Oracle Corporation - Java Quick Starter Service.) -- D:\Arquivos de programas\Java\jre7\bin\jqs.exe [182696] [PID.548]
[MD5.11745B78C9302B81B8A7492C10BEA002] - (.McAfee, Inc. - SiteAdvisor.) -- D:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe [103112] [PID.576]
[MD5.C59D9F880BEA416BAB4C57AD04242A71] - (.McAfee, Inc. - McAfee Access Protection.) -- D:\Arquivos de programas\McAfee\MSC\McAPexe.exe [145088] [PID.636]
[MD5.5007E21208DA68F60EBF43352BDFE6D0] - (.McAfee, Inc. - McAfee Service Host.) -- D:\Arquivos de programas\Arquivos comuns\McAfee\Platform\McSvcHost\McSvHost.exe [281560] [PID.688]
[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe [322120] [PID.884]
[MD5.9B4C6E57156EACBDB8B4977D1948149F] - (.McAfee, Inc. - McAfee Process Validation Service.) -- D:\WINDOWS\system32\mfevtps.exe [172416] [PID.684]
[MD5.1F0F4B564BFFD1E5C319F39DC3EEA17F] - (.McAfee, Inc. - McAfee On-Access Scanner service.) -- D:\Arquivos de programas\Arquivos comuns\McAfee\AMCore\mcshield.exe [638976] [PID.1940]
[MD5.4C363DA2098C3A88797F21AFE80E6DB8] - (.McAfee, Inc. - McAfee Core Firewall Service.) -- D:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfefire.exe [169320] [PID.752]
[MD5.9F21FB79005F196DB0D522F2FEF0A067] - (.Software 2000 Limited - SMLMProxy Module.) -- D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.exe [73728] [PID.1784]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- D:\WINDOWS\System32\alg.exe [44544] [PID.2576]
[MD5.E715412E47D20EB0EBF77B65F9157343] - (...) -- ystem32\rundll32.exe [0] [PID.2976]
[MD5.04F6CBD2BDAB19480F82AB255E56E9DB] - (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- D:\WINDOWS\system32\aetcrss1.exe [151552] [PID.2400]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java Update Scheduler.) -- D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [254336] [PID.2512]
[MD5.74557BFD04530E512DBB9C151C4DA110] - (.McAfee, Inc. - McAfee.) -- D:\Arquivos de programas\Arquivos comuns\McAfee\Platform\mcuicnt.exe [499384] [PID.1452]
[MD5.0C3C47124215C5E566F92C3F2E31D86A] - (.Nicolas Coolman - ZHPDiag.) -- D:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8192512] [PID.1108]
~ Processes Running: Scanned in 00mn 03s

 

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- D:\Arquivos de programas\McAfee\MSC\npMcSnFFPl.dll
~ Firefox Browser: 13 Legitimates Filtered in 00mn 01s

 

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1
~ IE Browser: 13 Legitimates Filtered in 00mn 00s

 

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s

 

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=D:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=D:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s

 

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 18

 

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Banco Bradesco S.A. - scpsssh2 Module.) -- D:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- D:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll
~ BHO: 16 Legitimates Filtered in 00mn 01s

 

---\\ Barras do Internet Explorer (03))
O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- D:\Arquivos de programas\McAfee\SiteAdvisor\McIEPlg.dll
O3 - Toolbar: &Windows Live Toolbar - [HKLM]{21FA44EF-376D-4D53-9B0F-8A89D3229068} . (.Microsoft Corporation - Windows Live Toolbar Core.) -- D:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s

 

---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [AllUsers]: Central de Soluções HP.lnk . (.Hewlett-Packard Company - hpqdirec.exe.) -- D:\Arquivos de programas\HP\Digital Imaging\bin\hpqdirec.exe
O4 - GS\Desktop [AllUsers]: Central Folhamatic.LNK . (...) -- Z:\folhawin\central\centralf.exe
O4 - GS\Desktop [AllUsers]: Comprar suprimentos HP.lnk . (...) -- D:\Arquivos de programas\HP\HPSSUPPLY\hpqSSupply.exe
O4 - GS\Desktop [AllUsers]: Declaração do Simples Nacional - SP.lnk . (...) -- D:\Arquivos de programas\SEFAZ\Simples Nacional\DSN_SP.exe (.not file.)
O4 - GS\Desktop [AllUsers]: GDRais 2012.lnk . (...) -- C:\GDRais\gdrais.bat
O4 - GS\Desktop [AllUsers]: SEFIP.lnk . (...) -- D:\Arquivos de programas\CAIXA\SEFIP\Sefip.exe
O4 - GS\Desktop [sidnei]: ACI.lnk . (...) -- D:\Documents and Settings\Sidnei\ACI\aci.exe
O4 - GS\Desktop [sidnei]: adm.lnk . (.Folhamatic Sistemas - No Comment.) -- Z:\folhawin\admsoft\adm.exe
O4 - GS\Desktop [sidnei]: Auslogics Disk Defrag.lnk . (.Auslogics - Disk Defrag.) -- D:\Arquivos de programas\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe
O4 - GS\Desktop [sidnei]: Calculadora.lnk . (.Microsoft Corporation - Arquivo do aplicativo 'Calculadora' do Wind.) -- D:\WINDOWS\system32\calc.exe
O4 - GS\Desktop [sidnei]: CAT 4.0.lnk . (...) -- C:\CAT40\sp2tccli.exe
O4 - GS\Desktop [sidnei]: Conectividade Social.lnk . (.CAIXA ECONÔMICA FEDERAL - No Comment.) -- D:\Arquivos de programas\CAIXA\CNS\cnsini.exe
O4 - GS\Desktop [sidnei]: DACON Mensal-Semestral 1.3.lnk . (.SERPRO - No Comment.) -- D:\Arquivos de programas\Programas RFB\DACON Mensal-Semestral10\DACONMS13.exe
O4 - GS\Desktop [sidnei]: DCTF Semestral 1.3.lnk . (.SERPRO - No Comment.) -- D:\Arquivos de programas\Programas RFB\DCTF Semestral 1.3\DCTFSemestral13.exe
O4 - GS\Desktop [sidnei]: DCTF Semestral 1.4.lnk . (.SERPRO - No Comment.) -- C:\Arquivos de programas\Programas RFB\DCTF Semestral 1.4\DCTFSemestral14.exe
O4 - GS\Desktop [sidnei]: Dirf 2008.LNK . (...) -- D:\Arquivos de programas\Programas RFB\Dirf2008\Dirf2008.exe
O4 - GS\Desktop [sidnei]: Dirf 2009.LNK . (...) -- D:\Arquivos de programas\Programas RFB\Dirf2009\Dirf2009.exe
O4 - GS\Desktop [sidnei]: Dirf 2011.LNK . (...) -- C:\Arquivos de Programas RFB\Dirf2011\Dirf2011.exe
O4 - GS\Desktop [sidnei]: Dirf 2012.LNK . (...) -- C:\Arquivos de Programas RFB\Dirf2012\Dirf2012.exe
O4 - GS\Desktop [sidnei]: EFISCAL.lnk . (...) -- Z:\folhawin\efiscal\EFISCAL.exe
O4 - GS\Desktop [sidnei]: folha.lnk . (.IOB Folhamatic - Executável Gerado pelo VFP6.) -- Z:\folhawin\folha\folha.exe
O4 - GS\Desktop [sidnei]: GDRais2007.lnk . (...) -- C:\GDRais2007\GDRais2007.exe
O4 - GS\Desktop [sidnei]: GDRais2008.lnk . (...) -- C:\GDRais2008\GDRais2008.exe
O4 - GS\Desktop [sidnei]: GDRais2010.lnk . (...) -- C:\GDRais2010\GDRais2010.exe
O4 - GS\Desktop [sidnei]: GdRaisJava.lnk . (...) -- D:\Arquivos de programas\GdRaisJava\gdrais.bat
O4 - GS\Desktop [sidnei]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [sidnei]: Internet Explorer.lnk - Chave orfã
O4 - GS\Desktop [sidnei]: Nice PDF Compressor.lnk . (.NicePDF Software, Inc. - Nice PDF Compressor.) -- D:\Arquivos de programas\Nice PDF Compressor\PDFCompressor.exe
O4 - GS\Desktop [sidnei]: PJSI 2008.lnk . (.SERPRO - No Comment.) -- D:\Arquivos de programas\Programas RFB\PJSI2008\PJSI2008.exe
~ Global Startup: 38 Legitimates Filtered in 00mn 05s

 

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- D:\Arquivos de programas\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [CertificateRegistration] . (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- D:\WINDOWS\system32\aetcrss1.exe
O4 - HKLM\..\Run: [KernelFaultCheck] Chave orfã
O4 - HKLM\..\Run: [userFaultCheck] Chave orfã
O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- D:\Arquivos de programas\McAfee.com\Agent\mcagent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- D:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- D:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- D:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-606747145-1214440339-725345543-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-606747145-1214440339-725345543-1003\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
~ Application: Scanned in 00mn 00s

 

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- D:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- D:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s

 

---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s

 

---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] *.caixa.gov.br
~ IE Zone Confiance: Scanned in 00mn 00s

 

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: Microsoft XML Parser for Java - (Microsoft XML Parser for Java) - (.not file.) - D:\WINDOWS\Java\classes\xmldso.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} ((no name)) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
~ Objets ActiveX: Scanned in 00mn 00s

 

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{85CEE3F1-4602-4963-ADE1-6FB4D97D2085}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{85CEE3F1-4602-4963-ADE1-6FB4D97D2085}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{85CEE3F1-4602-4963-ADE1-6FB4D97D2085}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
~ Domain: Scanned in 00mn 00s

 

---\\ Protocolo adicional (018)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- D:\Arquivos de programas\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- D:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 02s

 

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- D:\Arquivos de programas\GbPlugin\gbiehcef.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- D:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- D:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- D:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- D:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxsrvc Module.) -- D:\WINDOWS\system32\igfxsrvc.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- D:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- D:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- D:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- D:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- D:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (...) -- WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- D:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 01s

 

---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - Pasta e monitor da bandeja UPNP.) -- D:\WINDOWS\system32\upnpui.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} . (.Banco Bradesco S.A. - scpIBLoad Module.) -- D:\Arquivos de programas\Scpad\scpLIB.dll
~ SSODL: 7 Legitimates Filtered in 00mn 01s

 

---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {A3717295-941D-416F-9384-ED1736729F1C} . (.Banco Bradesco S.A. - scpIBLoad Module.) -- D:\Arquivos de programas\Scpad\scpLIB.dll
~ STS/SSO: Scanned in 00mn 00s

 

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - D:\Arquivos de programas\GbPlugin\gbpsv.exe
O23 - Service: McAfee Validation Trust Protection Servi (mfevtp) . (.McAfee, Inc. - McAfee Process Validation Service.) - D:\WINDOWS\system32\mfevtps.exe
~ Services: 15 Legitimates Filtered in 00mn 47s

 

---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - D:\WINDOWS\web\wallpaper\Alegria.bmp
O24 - Desktop General: WallPaper - .(...) - D:\WINDOWS\web\wallpaper\Alegria.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

 

---\\ Tarefas planificadas automaticamente (039)
O39 - APT:Automatic Planified Task - D:\WINDOWS\Tasks\At1.job [416]
[MD5.00000000000000000000000000000000] [APT] [At1] (...) -- D:\DOCUME~1\Sidnei\DADOSD~1\UPDATE~1\UPDATE~1\UPDATE~1.exe (.not file.) [0]
~ Scheduled Task: 14 Legitimates Filtered in 00mn 02s

 

---\\ Software instalados (042)
O42 - Logiciel: ACI - (.Dataprev.) [HKLM] -- EBB7DDC5-F8A7-4C1A-8BDB-C64456D342A5
O42 - Logiciel: ACI Windows - (...) [HKLM] -- ACI Windows
O42 - Logiciel: Assistente de Instalação Certisign - (.CERTISIGN.) [HKLM] -- {6FBA74BD-149F-4521-B921-FFCC84876864}
O42 - Logiciel: Atividade Rural 2006 Java - (...) [HKLM] -- 6c83bdc164c3db5dd6fba86a7e596dcd
O42 - Logiciel: CAT VERSÃO 4.0 - (.DATAPREV.) [HKLM] -- CAT 4.0_mp1
O42 - Logiciel: Conectividade Social - (...) [HKLM] -- Conectividade Social
O42 - Logiciel: DS, versão 0104, - (...) [HKLM] -- {C4F9D0C2-1D60-43F8-93DC-CA0578549070}
O42 - Logiciel: Declaração do Simples Nacional - (...) [HKLM] -- {0A94CDAF-E974-4F29-A836-7CBF4CECEDE2}
O42 - Logiciel: Declaração do Simples Nacional - (...) [HKLM] -- {36C44EC2-27E7-4FA0-9633-6758A14F4B2B}
O42 - Logiciel: Dirf 2003 - (...) [HKLM] -- Dirf 2003
O42 - Logiciel: Dirf 2004 - (...) [HKLM] -- Dirf 2004
O42 - Logiciel: Dirf 2008 - (...) [HKLM] -- Dirf 2008
O42 - Logiciel: Dirf 2009 - (...) [HKLM] -- Dirf 2009
O42 - Logiciel: Dirf 2011 - (...) [HKLM] -- Dirf 2011
O42 - Logiciel: Dirf 2012 - (...) [HKLM] -- Dirf 2012
O42 - Logiciel: Extended Update - (...) [HKCU] -- UpdaterEX =>PUP.Dealply
O42 - Logiciel: GRRF - (...) [HKLM] -- GRRF
O42 - Logiciel: GRRF Eletrônica - (...) [HKLM] -- GRRF Eletrônica
O42 - Logiciel: GdRaisJava - (.SERPRO.) [HKLM] -- 2A5B6D9D-DEDE-4EAC-808C-A34BDF603029
O42 - Logiciel: Gerador de Declaração RAIS - GDRAIS 2007 ( Versão 2007.3 ) - (...) [HKLM] -- Gerador de Declaração RAIS - GDRAIS 2007 ( Versão 2007.3 )
O42 - Logiciel: Gerador de Declaração RAIS - GDRAIS 2008 ( Versão 2008.01.01 ) - (...) [HKLM] -- Gerador de Declaração RAIS - GDRAIS 2008 ( Versão 2008.01.01 )
O42 - Logiciel: Gerador de Declaração RAIS - GDRAIS 2008 ( Versão 2008.02.00 ) - (...) [HKLM] -- Gerador de Declaração RAIS - GDRAIS 2008 ( Versão 2008.02.00 )
O42 - Logiciel: Gerador de Declaração RAIS - GDRAIS 2010 ( Versão 2010.01.02 ) - (...) [HKLM] -- Gerador de Declaração RAIS - GDRAIS 2010 ( Versão 2010.01.02 )
O42 - Logiciel: Gerenciador de Certificados Digitais - Certisign - (.Certisign Certificadora Digital S.A..) [HKLM] -- {B4C4CBBB-A7FF-4581-B7EC-A501781ADCA3}
O42 - Logiciel: Nice PDF Compressor 2.0 - (.NicePDF Software, Inc..) [HKLM] -- Nice PDF Compressor_is1
O42 - Logiciel: Programa Nova Gia, versão 0780a, - (...) [HKLM] -- {0D74D34B-D090-4292-83BF-F37960327609}
O42 - Logiciel: Receitanet 2009 - (...) [HKLM] -- Receitanet
O42 - Logiciel: SEFIP 8.40 - (...) [HKLM] -- SEFIP 8.40
O42 - Logiciel: SafeSign - (.A.E.T. Europe B.V..) [HKLM] -- {66913111-2F8A-4950-AA93-51C26182FC35}
~ Logic: 332 Legitimates Filtered in 00mn 08s

 

---\\ HKCU & HKLM Software Keys
[HKCU\Software\A.E.T. Europe B.V.]
[HKCU\Software\ARL]
[HKCU\Software\Baidu Security]
[HKCU\Software\BonanzaDealsLive] =>Adware.BonanzaDeals
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\Contadez]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\RkSoft]
[HKCU\Software\SERPRO]
[HKCU\Software\Scopus]
[HKCU\Software\TorrentAid]
[HKCU\Software\WCA]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\arniWORX]
[HKCU\Software\myBabylon_English] =>Toolbar.Babylon
[HKLM\Software\A.E.T. Europe B.V.]
[HKLM\Software\ARL]
[HKLM\Software\CERTISIGN]
[HKLM\Software\Caixa]
[HKLM\Software\Certisign Certificadora Digital S.A.]
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\Contadez]
[HKLM\Software\DATAMEC]
[HKLM\Software\NOTADEZ]
[HKLM\Software\Programas RFB]
[HKLM\Software\Programas SRF]
[HKLM\Software\SEFAZ]
[HKLM\Software\arniWORX]
~ Key Software: 209 Legitimates Filtered in 00mn 08s

 

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 25/06/2012 - 17:32:48 - [9,225] ----D D:\Arquivos de programas\A.E.T. Europe B.V
O43 - CFD: 04/03/2013 - 18:12:02 - [21,395] ----D D:\Arquivos de programas\ACI
O43 - CFD: 05/12/2009 - 08:43:09 - [0,781] ----D D:\Arquivos de programas\arniWORX
O43 - CFD: 19/10/2013 - 21:05:28 - [0] ----D D:\Arquivos de programas\Baidu Security
O43 - CFD: 19/10/2013 - 21:41:32 - [0,851] ----D D:\Arquivos de programas\BonanzaDeals =>Adware.BonanzaDeals
O43 - CFD: 19/10/2013 - 22:18:31 - [0] ----D D:\Arquivos de programas\BonanzaDealsLive =>Adware.BonanzaDeals
O43 - CFD: 10/09/2013 - 14:18:25 - [1216,127] ----D D:\Arquivos de programas\CAIXA
O43 - CFD: 25/06/2012 - 17:36:01 - [6,452] ----D D:\Arquivos de programas\Certisign
O43 - CFD: 08/11/2012 - 15:27:05 - [30,278] ----D D:\Arquivos de programas\GdRais
O43 - CFD: 06/03/2013 - 09:45:42 - [30,280] ----D D:\Arquivos de programas\GdRaisJava
O43 - CFD: 13/07/2013 - 10:24:22 - [4,699] ----D D:\Arquivos de programas\GUM29.tmp
O43 - CFD: 08/07/2013 - 17:54:00 - [4,767] ----D D:\Arquivos de programas\GUM7CF.tmp
O43 - CFD: 02/03/2007 - 20:05:29 - [0] ----D D:\Arquivos de programas\LimeWire
O43 - CFD: 09/08/2012 - 12:47:10 - [2,686] ----D D:\Arquivos de programas\Nice PDF Compressor
O43 - CFD: 30/05/2007 - 21:41:04 - [0,102] ----D D:\Arquivos de programas\PluginLetras
O43 - CFD: 02/07/2012 - 22:48:19 - [248,188] ----D D:\Arquivos de programas\Programas RFB
O43 - CFD: 21/09/2007 - 17:03:17 - [33,137] ----D D:\Arquivos de programas\Programas SRF
O43 - CFD: 08/09/2011 - 08:47:02 - [1,120] --H-D D:\Arquivos de programas\Scpad
O43 - CFD: 30/10/2010 - 19:41:23 - [38,627] ----D D:\Arquivos de programas\SEFAZ
O43 - CFD: 23/01/2007 - 20:50:28 - [0,001] ----D D:\Arquivos de programas\Serviços on-line
O43 - CFD: 23/01/2007 - 20:49:41 - [0,008] ----D D:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 19/10/2013 - 21:07:10 - [174,768] ----D D:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security
O43 - CFD: 19/10/2013 - 21:06:06 - [0,059] ----D D:\Documents and Settings\All Users\Dados de aplicativos\BonanzaDealsLive =>Adware.BonanzaDeals
O43 - CFD: 19/10/2013 - 21:08:50 - [2,042] ----D D:\Documents and Settings\Sidnei\Dados de aplicativos\Baidu Security
O43 - CFD: 14/05/2007 - 19:45:17 - [1,499] ----D D:\Documents and Settings\Sidnei\Dados de aplicativos\LimeWire
O43 - CFD: 09/11/2013 - 18:20:05 - [0,031] ----D D:\Documents and Settings\Sidnei\Dados de aplicativos\Scpad
O43 - CFD: 19/10/2013 - 21:15:41 - [0] ----D D:\Documents and Settings\Sidnei\Dados de aplicativos\UpdaterEX =>PUP.Dealply
O43 - CFD: 25/06/2012 - 17:34:57 - [0,007] ----D D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\A.E.T. Europe B.V
O43 - CFD: 19/10/2013 - 21:06:07 - [0] ----D D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\BonanzaDealsLive =>Adware.BonanzaDeals
O43 - CFD: 18/06/2009 - 10:00:18 - [0,008] ----D D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Conduit
O43 - CFD: 26/03/2010 - 08:42:54 - [0,013] R---D D:\Documents and Settings\Sidnei\Menu Iniciar\Programas\Acessórios
O43 - CFD: 07/02/2012 - 17:59:34 - [0,002] ----D D:\Documents and Settings\Sidnei\Menu Iniciar\Programas\ACI
O43 - CFD: 29/08/2012 - 11:08:51 - [0,001] ----D D:\Documents and Settings\Sidnei\Menu Iniciar\Programas\CAIXA
O43 - CFD: 20/02/2012 - 12:00:43 - [0,001] ----D D:\Documents and Settings\Sidnei\Menu Iniciar\Programas\GdRaisJava
O43 - CFD: 11/12/2011 - 23:10:19 - [0] R---D D:\Documents and Settings\Sidnei\Menu Iniciar\Programas\Inicializar
O43 - CFD: 25/02/2011 - 15:07:58 - [0,006] ----D D:\Documents and Settings\Sidnei\Menu Iniciar\Programas\Programas Rais
O43 - CFD: 29/03/2009 - 12:00:26 - [0,008] ----D D:\Documents and Settings\Sidnei\Menu Iniciar\Programas\Programas RFB
O43 - CFD: 31/05/2007 - 17:22:17 - [0,005] ----D D:\Documents and Settings\Sidnei\Menu Iniciar\Programas\Programas RFB2007
O43 - CFD: 26/06/2008 - 10:23:32 - [0,006] ----D D:\Documents and Settings\Sidnei\Menu Iniciar\Programas\Programas RFB2008
O43 - CFD: 18/02/2009 - 15:32:52 - [0,003] ----D D:\Documents and Settings\Sidnei\Menu Iniciar\Programas\Programas RFB2009
O43 - CFD: 31/01/2011 - 08:11:53 - [0,002] ----D D:\Documents and Settings\Sidnei\Menu Iniciar\Programas\Programas RFB2011
O43 - CFD: 20/02/2012 - 11:53:48 - [0,002] ----D D:\Documents and Settings\Sidnei\Menu Iniciar\Programas\Programas RFB2012
O43 - CFD: 01/11/2007 - 17:41:25 - [0,006] ----D D:\Documents and Settings\Sidnei\Menu Iniciar\Programas\Programas SRF
O43 - CFD: 21/09/2007 - 16:52:56 - [0,003] ----D D:\Documents and Settings\Sidnei\Menu Iniciar\Programas\Programas SRF2003
O43 - CFD: 21/09/2007 - 17:03:19 - [0,003] ----D D:\Documents and Settings\Sidnei\Menu Iniciar\Programas\Programas SRF2004
O43 - CFD: 15/03/2007 - 05:58:47 - [0,007] ----D D:\Documents and Settings\Sidnei\Menu Iniciar\Programas\Programas SRF2006
O43 - CFD: 10/05/2007 - 23:19:31 - [0,003] ----D D:\Documents and Settings\Sidnei\Menu Iniciar\Programas\Programas SRF2007
~ Program Folder: 186 Legitimates Filtered in 01mn 06s

 

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.4DC47CB74EBC1D92DD445FCC5DEAE76A] - 07/11/2013 - 06:46:08 ---A- . (...) -- D:\WINDOWS\system32\Drivers\mfencbdc.inf [2951]
O44 - LFC:[MD5.12F0F8D3F84FAB8F31D073286FE131CB] - 07/11/2013 - 06:52:01 ---A- . (...) -- D:\WINDOWS\system32\Drivers\mfencrk.inf [2641]
O44 - LFC:[MD5.8D73FF8E2D5A48D4064C18013C772F40] - 08/11/2013 - 15:48:36 ---A- . (...) -- D:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.61540A198922B4D70F27C9D48F7EA1CE] - 08/11/2013 - 15:48:42 ---A- . (...) -- D:\WINDOWS\wiadebug.log [157]
O44 - LFC:[MD5.74E5A2983D77EE8A9FF3A4DB1E459818] - 09/11/2013 - 17:35:30 ---A- . (...) -- D:\Documents [160]
~ Files: 12 Legitimates Filtered in 00mn 20s

 

---\\ Últimos ficheiros criados no Windows Prefetch (045)
O45 - LFCP:[MD5.9B4315BEBBA532C97DB47DB152A75A1D] - 06/11/2013 - 19:11:21 ---A- - D:\WINDOWS\Prefetch\MCSVHOST.EXE-32FC9880.pf
O45 - LFCP:[MD5.8F0495BBE642BDA19D7D2D7EE53914FE] - 06/11/2013 - 19:58:01 ---A- - D:\WINDOWS\Prefetch\INSTALLER.EXE-27A260CB.pf
O45 - LFCP:[MD5.D0FFE87A72F52C1565C56F50AE6317CF] - 07/11/2013 - 06:52:28 ---A- - D:\WINDOWS\Prefetch\MVSINST.EXE-0F81FB62.pf
O45 - LFCP:[MD5.059C8017A290A086A9FF206D9E7C2839] - 07/11/2013 - 06:52:32 ---A- - D:\WINDOWS\Prefetch\MCVSSHLD.EXE-074F4F27.pf
O45 - LFCP:[MD5.8E7FA06BF86290E44A8FECB092F358AC] - 07/11/2013 - 06:52:36 ---A- - D:\WINDOWS\Prefetch\MISPREG.EXE-131AFEEE.pf
O45 - LFCP:[MD5.5D60567D67EE150AFA94960351403886] - 07/11/2013 - 07:45:30 ---A- - D:\WINDOWS\Prefetch\ALERTH~1.EXE-1DAE22E2.pf
O45 - LFCP:[MD5.86E07ECCCCE43EBF17112C3D7A6D6993] - 07/11/2013 - 12:32:37 ---A- - D:\WINDOWS\Prefetch\HP1006SM.EXE-0C0D953E.pf
O45 - LFCP:[MD5.66E65B530F5596FEF855BF21691AC9B9] - 07/11/2013 - 12:39:21 ---A- - D:\WINDOWS\Prefetch\CNSINI.EXE-02AD8887.pf
O45 - LFCP:[MD5.E6A430EFCB96300832DA1630E8CC784A] - 07/11/2013 - 12:40:28 ---A- - D:\WINDOWS\Prefetch\CNS.EXE-23EFA891.pf
O45 - LFCP:[MD5.BB0D4927759561707F49FA45AC53D967] - 07/11/2013 - 13:11:14 ---A- - D:\WINDOWS\Prefetch\CNSINI.EXE-282F94EF.pf
O45 - LFCP:[MD5.B93A61F3AC7EC5B3B10B7695ACD1902D] - 07/11/2013 - 13:11:52 ---A- - D:\WINDOWS\Prefetch\CNS.EXE-33EB5C97.pf
O45 - LFCP:[MD5.0E6FD160CFFBB83EBA49422777929BA4] - 07/11/2013 - 13:14:44 ---A- - D:\WINDOWS\Prefetch\SETUPSEFIPV84PS01.EXE-207BEB88.pf
O45 - LFCP:[MD5.31265F9C9E16740D92850A9A9AC6EED2] - 07/11/2013 - 13:16:59 ---A- - D:\WINDOWS\Prefetch\GLJ29.TMP-0E55C90B.pf
O45 - LFCP:[MD5.EEA48137207988B9A6CF3129C28E1288] - 07/11/2013 - 13:18:01 ---A- - D:\WINDOWS\Prefetch\SEFIP.EXE-1625926F.pf
O45 - LFCP:[MD5.AD13A8F1DD0DCFBD0500A39ADF037AE0] - 08/11/2013 - 09:04:08 ---A- - D:\WINDOWS\Prefetch\EXIBIR.EXE-271E236A.pf
O45 - LFCP:[MD5.F1661E87FCE2F382827DEF6EC3F73108] - 08/11/2013 - 14:52:29 ---A- - D:\WINDOWS\Prefetch\MCSVHOST.EXE-2B207C11.pf
O45 - LFCP:[MD5.1FA1E9833CE823F26F74252EEA85C5A5] - 08/11/2013 - 14:52:40 ---A- - D:\WINDOWS\Prefetch\MCSACORE.EXE-12A3781F.pf
O45 - LFCP:[MD5.B9964953C8F2AB35DF85900FB6F2919D] - 08/11/2013 - 15:02:01 ---A- - D:\WINDOWS\Prefetch\FOLHA.EXE-23C4E9DC.pf
O45 - LFCP:[MD5.F13E952554E0EB6960F3B72AFF2ADA47] - 08/11/2013 - 16:33:12 ---A- - D:\WINDOWS\Prefetch\AETCRSS1.EXE-157B6F7B.pf
O45 - LFCP:[MD5.469F0FA502275E49DBF90D5711220398] - 09/11/2013 - 14:44:13 ---A- - D:\WINDOWS\Prefetch\MCMIGR~1.EXE-1287F284.pf
~ Prefetcher: 94 Legitimates Filtered in 00mn 01s

 

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - D:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

 

---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "D:\Arquivos de programas\LimeWire\LimeWire.exe" [Enabled] .(...) -- D:\Arquivos de programas\LimeWire\LimeWire.exe (.not file.)
O47 - AAKE:Key Export SP - "D:\Arquivos de programas\LimeWire\.NetworkShare\LimeWire\LimeWire.exe" [Enabled] .(...) -- D:\Arquivos de programas\LimeWire\.NetworkShare\LimeWire\LimeWire.exe (.not file.)
O47 - AAKE:Key Export SP - "D:\Documents and Settings\Suellen\Configurações locais\Temp\Rar$EX04.109\gustop.exe" [Enabled] .(...) -- D:\Documents and Settings\Suellen\Configurações locais\Temp\Rar$EX04.109\gustop.exe (.not file.)
O47 - AAKE:Key Export SP - "D:\Documents and Settings\Suellen\Configurações locais\Temp\Rar$EX00.562\gustop.exe" [Enabled] .(...) -- D:\Documents and Settings\Suellen\Configurações locais\Temp\Rar$EX00.562\gustop.exe (.not file.)
O47 - AAKE:Key Export SP - "D:\Documents and Settings\Suellen\Configurações locais\Temp\Rar$EX00.265\gustop.exe" [Enabled] .(...) -- D:\Documents and Settings\Suellen\Configurações locais\Temp\Rar$EX00.265\gustop.exe (.not file.)
O47 - AAKE:Key Export SP - "D:\Arquivos de programas\Ares\Ares.exe" [Enabled] .(...) -- D:\Arquivos de programas\Ares\Ares.exe (.not file.)
O47 - AAKE:Key Export SP - "D:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" [Enabled] .(.Software 2000 Limited.) -- D:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.exe
O47 - AAKE:Key Export SP - "D:\Arquivos de programas\Arquivos comuns\McAfee\MNA\McNASvc.exe" [Enabled] .(...) -- D:\Arquivos de programas\Arquivos comuns\McAfee\MNA\McNASvc.exe (.not file.)
~ Keys Export: 21 Legitimates Filtered in 00mn 00s

 

---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s

 

---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{c62a664c-f93f-11dd-a1e8-000fead62a98}\AutoRun\command - Chave orfã
~ Keys: Scanned in 00mn 00s

 

---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"vidc.ffds"="ffdshow.ax" . (.No owner - DirectShow and VFW video and audio decoding/encoding/processing filter.) -- D:\WINDOWS\system32\ffdshow.ax
~ TDSD: 22 Legitimates Filtered in 00mn 02s

 

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\GbpGSvc [Key] . (...) -- C:\Windows\System32\Eguis.exe (.not file.)
~ SMSR Keys: 12 Legitimates Filtered in 00mn 00s

 

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.E31BA3DC84CAE33ED6ED98201913EC1C] - 19/10/2013 - 20:11:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- D:\WINDOWS\system32\Drivers\Bhbase.sys [47456]
O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 19/01/1782 - 03:14:07 ---A- . (...) -- D:\WINDOWS\system32\ansi.sys [9032]
~ Drivers: 7 Legitimates Filtered in 00mn 02s

 

---\\ Últimos ficheiros alterados ou criados (Utilizador) (061)
O61 - LFC: 06/11/2013 - 18:39:28 ---A- . (.Sidnei Donizete de Alcantara.) -- D:\Documents and Settings\Sidnei\Dados de aplicativos\Microsoft\Modelos\Normal.dot [613376]
O61 - LFC: 06/11/2013 - 18:39:32 ---A- . (...) -- D:\Documents and Settings\Sidnei\Dados de aplicativos\Scpad\bradesco_logscpMIB.dll04_11_2013_15_52_17.bin [5094]
O61 - LFC: 06/11/2013 - 18:39:32 ---A- . (...) -- D:\Documents and Settings\Sidnei\Dados de aplicativos\Scpad\bradesco_logscpMIB.dll06_11_2013_08_13_37.bin [907]
O61 - LFC: 06/11/2013 - 18:39:32 ---A- . (...) -- D:\Documents and Settings\Sidnei\Dados de aplicativos\Scpad\bradesco_logscpMIB.dll06_11_2013_15_55_44.bin [3749]
O61 - LFC: 07/11/2013 - 18:39:14 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Temp\crs_xxx.DBF [21391]
O61 - LFC: 07/11/2013 - 18:39:14 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Temp\cur_dep.dbf [1224]
O61 - LFC: 07/11/2013 - 18:39:14 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Temp\descontos.CDX [4608]
O61 - LFC: 07/11/2013 - 18:39:14 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Temp\descontos.DBF [13949]
O61 - LFC: 07/11/2013 - 18:39:14 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Temp\especiais.CDX [3072]
O61 - LFC: 07/11/2013 - 18:39:14 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Temp\especiais.DBF [3773]
O61 - LFC: 07/11/2013 - 18:39:14 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Temp\fb_1468.evn [65536]
O61 - LFC: 07/11/2013 - 18:39:14 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Temp\fb_1468.lck [262144]
O61 - LFC: 07/11/2013 - 18:39:15 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Temp\SEFIPCR.RE [9576]
O61 - LFC: 07/11/2013 - 18:39:15 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Temp\func_tmp.DBF [493]
O61 - LFC: 07/11/2013 - 18:39:15 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Temp\hash.txt [115]
O61 - LFC: 07/11/2013 - 18:39:15 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Temp\proventos.CDX [4608]
O61 - LFC: 07/11/2013 - 18:39:15 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Temp\proventos.DBF [15115]
O61 - LFC: 07/11/2013 - 18:39:15 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Temp\sef_30.DBF [360]
O61 - LFC: 07/11/2013 - 18:39:15 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Temp\sefip.DBF [6137]
O61 - LFC: 07/11/2013 - 18:39:16 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Temp\sef_obr.DBF [360]
O61 - LFC: 07/11/2013 - 18:39:16 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Temp\tmp_acum.DBF [520]
O61 - LFC: 07/11/2013 - 18:39:16 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Temp\totais1.DBF [6495]
O61 - LFC: 07/11/2013 - 18:39:16 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Temp\totais2.DBF [6495]
O61 - LFC: 07/11/2013 - 18:39:16 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Temp\totfinal.DBF [6787]
O61 - LFC: 07/11/2013 - 18:39:32 ---A- . (...) -- D:\Documents and Settings\Sidnei\Dados de aplicativos\Scpad\bradesco_logscpMIB.dll07_11_2013_08_10_31.bin [3881]
O61 - LFC: 07/11/2013 - 18:39:32 ---A- . (...) -- D:\Documents and Settings\Sidnei\Dados de aplicativos\Scpad\bradesco_logscpMIB.dll07_11_2013_08_40_23.bin [5160]
O61 - LFC: 07/11/2013 - 18:39:32 ---A- . (...) -- D:\Documents and Settings\Sidnei\Dados de aplicativos\Scpad\bradesco_logscpMIB.dll07_11_2013_09_48_26.bin [907]
O61 - LFC: 07/11/2013 - 18:39:32 ---A- . (...) -- D:\Documents and Settings\Sidnei\Dados de aplicativos\Scpad\bradesco_logscpMIB.dll07_11_2013_13_58_35.bin [4998]
O61 - LFC: 07/11/2013 - 18:39:32 ---A- . (...) -- D:\Documents and Settings\Sidnei\Dados de aplicativos\Scpad\bradesco_logscpMIB.dll07_11_2013_14_04_05.bin [907]
O61 - LFC: 08/11/2013 - 18:38:59 -SHA- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Microsoft\Credentials\S-1-5-21-606747145-1214440339-725345543-1003\Credentials [562]
O61 - LFC: 08/11/2013 - 18:39:14 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Temp\fopenfile.dll [0]
O61 - LFC: 08/11/2013 - 18:39:15 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Temp\Relatorio.dat [616]
O61 - LFC: 08/11/2013 - 18:39:15 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Temp\RelatorioContratos.dat [989]
O61 - LFC: 08/11/2013 - 18:39:15 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Temp\RelatorioExame.dat [616]
O61 - LFC: 08/11/2013 - 18:39:15 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Temp\rpt_seguro_desemprego_sd_pre_novo4.frx [15063]
O61 - LFC: 08/11/2013 - 18:39:27 -SHA- . (...) -- D:\Documents and Settings\Sidnei\Dados de aplicativos\Microsoft\Credentials\S-1-5-21-606747145-1214440339-725345543-1003\Credentials [356]
O61 - LFC: 09/11/2013 - 18:38:44 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Archived History [57344]
O61 - LFC: 09/11/2013 - 18:38:44 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Archived History-journal [512]
O61 - LFC: 09/11/2013 - 18:38:44 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cookies [390144]
O61 - LFC: 09/11/2013 - 18:38:44 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cookies-journal [16384]
O61 - LFC: 09/11/2013 - 18:38:44 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Current Session [639070]
O61 - LFC: 09/11/2013 - 18:38:44 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Current Tabs [44892]
O61 - LFC: 09/11/2013 - 18:38:44 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extension Rules\CURRENT [16]
O61 - LFC: 09/11/2013 - 18:38:44 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extension Rules\LOG [148]
O61 - LFC: 09/11/2013 - 18:38:44 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extension Rules\LOG.old [148]
O61 - LFC: 09/11/2013 - 18:38:44 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extension State\CURRENT [16]
O61 - LFC: 09/11/2013 - 18:38:44 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extension State\LOG [151]
O61 - LFC: 09/11/2013 - 18:38:44 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\chrome_shutdown_ms.txt [5]
O61 - LFC: 09/11/2013 - 18:38:45 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extension State\LOG.old [151]
O61 - LFC: 09/11/2013 - 18:38:45 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extension State\MANIFEST-001335 [614]
O61 - LFC: 09/11/2013 - 18:38:51 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Favicons [3518464]
O61 - LFC: 09/11/2013 - 18:38:51 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Favicons-journal [16384]
O61 - LFC: 09/11/2013 - 18:38:51 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\History [720896]
O61 - LFC: 09/11/2013 - 18:38:51 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\History Provider Cache [11045]
O61 - LFC: 09/11/2013 - 18:38:51 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\History-journal [16384]
O61 - LFC: 09/11/2013 - 18:38:51 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Last Session [49971]
O61 - LFC: 09/11/2013 - 18:38:51 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Last Tabs [17663]
O61 - LFC: 09/11/2013 - 18:38:52 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\https_plus.google.com_0.localstorage [3072]
O61 - LFC: 09/11/2013 - 18:38:52 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\https_plus.google.com_0.localstorage-journal [3608]
O61 - LFC: 09/11/2013 - 18:38:52 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\https_www.google.com.br_0.localstorage [3072]
O61 - LFC: 09/11/2013 - 18:38:52 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\https_www.google.com.br_0.localstorage-journal [3608]
O61 - LFC: 09/11/2013 - 18:38:52 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Managed Mode Settings [8]
O61 - LFC: 09/11/2013 - 18:38:52 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Network Action Predictor [91136]
O61 - LFC: 09/11/2013 - 18:38:52 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Network Action Predictor-journal [16384]
O61 - LFC: 09/11/2013 - 18:38:52 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences [283907]
O61 - LFC: 09/11/2013 - 18:38:52 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Session Storage\CURRENT [16]
O61 - LFC: 09/11/2013 - 18:38:53 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Session Storage\LOG [791]
O61 - LFC: 09/11/2013 - 18:38:53 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Session Storage\LOG.old [274]
O61 - LFC: 09/11/2013 - 18:38:53 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Session Storage\MANIFEST-002037 [480]
O61 - LFC: 09/11/2013 - 18:38:53 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Shortcuts [36864]
O61 - LFC: 09/11/2013 - 18:38:53 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Shortcuts-journal [16384]
O61 - LFC: 09/11/2013 - 18:38:53 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Top Sites [20480]
O61 - LFC: 09/11/2013 - 18:38:53 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Top Sites-journal [12824]
O61 - LFC: 09/11/2013 - 18:38:53 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\TransportSecurity [1601]
O61 - LFC: 09/11/2013 - 18:38:53 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Visited Links [131072]
O61 - LFC: 09/11/2013 - 18:38:53 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Local State [57401]
O61 - LFC: 09/11/2013 - 18:38:53 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Safe Browsing Bloom [9843380]
O61 - LFC: 09/11/2013 - 18:38:53 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Safe Browsing Bloom Prefix Set [1682752]
O61 - LFC: 09/11/2013 - 18:38:53 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Safe Browsing Cookies [6144]
O61 - LFC: 09/11/2013 - 18:38:53 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Safe Browsing Cookies-journal [4640]
O61 - LFC: 09/11/2013 - 18:38:54 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Safe Browsing Csd Whitelist [135236]
O61 - LFC: 09/11/2013 - 18:38:54 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Safe Browsing Download [1036684]
O61 - LFC: 09/11/2013 - 18:38:54 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Safe Browsing Download Whitelist [18896]
O61 - LFC: 09/11/2013 - 18:38:54 ---A- . (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Safe Browsing Extension Blacklist [6724]
O61 - LFC: 09/11/2013 - 18:39:32 ---A- . (...) -- D:\Documents and Settings\Sidnei\Dados de aplicativos\Scpad\bradesco_logscpMIB.dll08_11_2013_17_32_22.bin [5409]
O61 - LFC: 09/11/2013 - 18:39:32 ---A- . (...) -- D:\Documents and Settings\Sidnei\Dados de aplicativos\Scpad\bradesco_logscpMIB.dll09_11_2013_18_20_05.bin [973]
O61 - LFC: 09/11/2013 - 18:39:33 ---A- . (...) -- D:\Documents and Settings\Sidnei\Dados de aplicativos\ZHP\Log.txt [21568] =>.Nicolas Coolman
O61 - LFC: 09/11/2013 - 18:39:33 ---A- . (...) -- D:\Documents and Settings\Sidnei\Dados de aplicativos\ZHP\TestsZHPDiag.txt [3375] =>.Nicolas Coolman
O61 - LFC: 09/11/2013 - 18:39:33 -SHA- . (...) -- D:\Documents and Settings\Sidnei\IETldCache\index.dat [262144]
O61 - LFC: 09/11/2013 - 18:39:53 -SHA- . (...) -- D:\Documents and Settings\Sidnei\PrivacIE\index.dat [7880704]
~ 16 Fichiers cookies (Cookies files)
~ Files: 211 Legitimates Filtered in 01mn 11s

 

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

 

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 19/10/2013 - D:\WINDOWS\system32\drivers\Bhbase.sys (Bhbase) .(.Baidu, Inc. - Baidu Antivirus Hook Base.) - LEGACY_BHBASE
O64 - Services: CurCS - 11/05/2013 - D:\WINDOWS\system32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 23/02/2013 - D:\Arquivos de programas\GbPlugin\gbpsv.exe (GbpSv) .(.GAS Tecnologia - G-Buster Browser Defense - Service.) - LEGACY_GBPSV
O64 - Services: CurCS - 30/07/2013 - D:\Arquivos de programas\Arquivos comuns\Mcafee\Platform\McSvcHost\McSvHost.exe (HomeNetSvc) .(.McAfee, Inc. - McAfee Service Host.) - LEGACY_HOMENETSVC
~ Legacy: 183 Legitimates Filtered in 00mn 07s

 

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S
~ FASS Keys: 9 Legitimates Filtered in 00mn 00s

 

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- D:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

 

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - () - http://search.live.com
~ Keys: Scanned in 00mn 00s

 

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.5C1A2A4433B542E2DEAC9D2895C14466] [sPRF][04/12/2011] (...) -- D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\fusioncache.dat [139]
[MD5.61F796D70EDFAEB4ED745AAE5A0129B8] [sPRF][25/06/2012] (.Acresso Software Inc. - Setup.exe.) -- D:\Documents and Settings\Sidnei\Desktop\aiccertisign.exe [5148656]
[MD5.06DE1BF0A8DDA7BC02683C7622F6FC54] [sPRF][02/08/2007] (.No owner - GbpDist Module.) -- D:\WINDOWS\Downloaded Program Files\gbpdist.dll [65528]
~ Files: 5 Legitimates Filtered in 00mn 11s

 

---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "11131966A8F20594AA39152C1628CF53" . (.SafeSign.) -- D:\WINDOWS\Installer\{66913111-2F8A-4950-AA93-51C26182FC35}\ARPPRODUCTICON.exe
~ Update Products: 62 Legitimates Filtered in 00mn 01s

 

---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.37E01DE59803C79D9E5EDE2684A17835] [WIS][25/06/2012] (.A.E.T. Europe B.V. - SafeSign.) -- D:\Windows\Installer\1d53466.msi [2203648]
[MD5.7E77E209F308F541D36BE36378C64BD7] [WIS][22/09/2009] (.eSupportQFolder - eSupportQFolder.) -- D:\Windows\Installer\1eeb489.msi [121344]
[MD5.4EF869B69039294550C28022D88E2892] [WIS][22/09/2009] (.DeviceManagementQFolder - DeviceManagementQFolder.) -- D:\Windows\Installer\1eeb4b0.msi [121344]
~ WIS: 64 Legitimates Filtered in 01mn 16s

 

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 09/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - D:\WINDOWS\system32\dmadmin.exe
SR - | Auto 23/02/2013 527720 | (GbpSv) . (.GAS Tecnologia.) - D:\Arquivos de programas\GbPlugin\gbpsv.exe
SS - | Auto 08/04/2010 135664 | (gupdate) . (.Google Inc..) - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 08/04/2010 135664 | (gupdatem) . (.Google Inc..) - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SR - | Auto 30/07/2013 281560 | (HomeNetSvc) . (.McAfee, Inc..) - D:\Arquivos de programas\Arquivos comuns\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 25/07/2005 876032 | (InCDsrv) . (.Nero AG.) - D:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
SS - | Auto 25/07/2005 876032 | (InCDsrvR) . (.Nero AG.) - D:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
SR - | Auto 19/10/2013 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - D:\Arquivos de programas\Java\jre7\bin\jqs.exe
SR - | Auto 02/10/2013 103112 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - D:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
SR - | Auto 24/09/2013 145088 | (McAPExe) . (.McAfee, Inc..) - D:\Arquivos de programas\McAfee\MSC\McAPexe.exe
SR - | Auto 30/07/2013 281560 | (McMPFSvc) . (.McAfee, Inc..) - D:\Arquivos de programas\Arquivos comuns\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 281560 | (McNaiAnn) . (.McAfee, Inc..) - D:\Arquivos de programas\Arquivos comuns\McAfee\Platform\McSvcHost\McSvHost.exe
SS - | Demand 02/08/2013 471592 | (McODS) . (.McAfee, Inc..) - D:\Arquivos de programas\McAfee\VirusScan\mcods.exe
SR - | Auto 30/07/2013 281560 | (mcpltsvc) . (.McAfee, Inc..) - D:\Arquivos de programas\Arquivos comuns\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 281560 | (McProxy) . (.McAfee, Inc..) - D:\Arquivos de programas\Arquivos comuns\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 20/09/2013 638976 | (mfecore) . (.McAfee, Inc..) - D:\Arquivos de programas\Arquivos comuns\McAfee\AMCore\mcshield.exe
SR - | Auto 24/09/2013 169320 | (mfefire) . (.McAfee, Inc..) - D:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfefire.exe
SR - | Auto 24/09/2013 172416 | (mfevtp) . (.McAfee, Inc..) - D:\WINDOWS\system32\mfevtps.exe
SS - | Demand 03/03/2003 143360 | (NetSvc) . (.Intel® Corporation.) - D:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe
~ Services: Scanned in 01mn 23s

 

---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBR) (080)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Sidnei at 09/11/2013 18:47:24

device: opened successfully
~ MBR: 4 Legitimates Filtered in 00mn 02s

 

---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBRCheck) (080)
Written by ad13, http://ad13.geekstog
Run by Sidnei at 09/11/2013 18:47:26

********* Dump file Name *********
D:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s

 

---\\ Scâner Aditional (088)
Database Version : 12993 - (09/11/2013)
Clés trouvées (Keys found) : 14
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 6
Fichiers trouvés (Files found) : 4

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX] =>PUP.Dealply^
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKLM\Software\Classes\ctTOOLBAR.ctToolBarCtrl.2] =>Toolbar.Conduit
D:\Arquivos de programas\BonanzaDeals =>Adware.BonanzaDeals^
D:\Arquivos de programas\BonanzaDealsLive =>Adware.BonanzaDeals^
D:\Documents and Settings\All Users\Dados de aplicativos\BonanzaDealsLive =>Adware.BonanzaDeals^
D:\Documents and Settings\Sidnei\Dados de aplicativos\UpdaterEX =>PUP.Dealply^
D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\BonanzaDealsLive =>Adware.BonanzaDeals^
D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Conduit =>Toolbar.Conduit
[HKCU\Software\BonanzaDealsLive] =>Adware.BonanzaDeals^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\myBabylon_English] =>Toolbar.Babylon^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
~ Additionnel Scan: 224184 Items scanned in 04mn 02s

 

---\\ Sumário das deteções encontradas na sua estação
~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply =>PUP.DealPly
~ http://nicolascoolman.webs.com/apps/blog/show/32816468-adware-bonanzadeals =>Adware.BonanzaDeals
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo =>Toolbar.Yahoo
~ MSI: 6 link(s) detected in 04mn 02s

 

~ 1332 Legitimates filtered by white list
End of the scan (794 lines in 16mn 56s)(0)

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! Manain

|- Execute este script na ferramenta ZHPFix.
|- Copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c
|- À seguir,minimize o Bloco de Notas.

script zhpfix
MD5.E715412E47D20EB0EBF77B65F9157343] - (...) -- ystem32\rundll32.exe [0] [PID.2976]
[MD5.00000000000000000000000000000000] [APT] [At1] (...) -- D:\DOCUME~1\Sidnei\DADOSD~1\UPDATE~1\UPDATE~1\UPDATE~1.exe (.not file.) [0]
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Chave orfã
O4 - GS\Desktop [AllUsers]: Declaração do Simples Nacional - SP.lnk . (...) -- D:\Arquivos de programas\SEFAZ\Simples Nacional\DSN_SP.exe (.not file.)
O39 - APT:Automatic Planified Task - D:\WINDOWS\Tasks\At1.job [416]
O42 - Logiciel: Extended Update - (...) [HKCU] -- UpdaterEX =>PUP.Dealply
O43 - CFD: 18/06/2009 - 10:00:18 - [0,008] ----D D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Conduit
O43 - CFD: 19/10/2013 - 21:41:32 - [0,851] ----D D:\Arquivos de programas\BonanzaDeals =>Adware.BonanzaDeals
O43 - CFD: 19/10/2013 - 22:18:31 - [0] ----D D:\Arquivos de programas\BonanzaDealsLive =>Adware.BonanzaDeals
O43 - CFD: 19/10/2013 - 21:06:06 - [0,059] ----D D:\Documents and Settings\All Users\Dados de aplicativos\BonanzaDealsLive =>Adware.BonanzaDeals
O43 - CFD: 19/10/2013 - 21:15:41 - [0] ----D D:\Documents and Settings\Sidnei\Dados de aplicativos\UpdaterEX =>PUP.Dealply
O43 - CFD: 19/10/2013 - 21:06:07 - [0] ----D D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\BonanzaDealsLive =>Adware.BonanzaDeals
O43 - CFD: 02/03/2007 - 20:05:29 - [0] ----D D:\Arquivos de programas\LimeWire
O43 - CFD: 14/05/2007 - 19:45:17 - [1,499] ----D D:\Documents and Settings\Sidnei\Dados de aplicativos\LimeWire
O47 - AAKE:Key Export SP - "D:\Documents and Settings\Suellen\Configurações locais\Temp\Rar$EX04.109\gustop.exe" [Enabled] .(...) -- D:\Documents and Settings\Suellen\Configurações locais\Temp\Rar$EX04.109\gustop.exe (.not file.)
O47 - AAKE:Key Export SP - "D:\Documents and Settings\Suellen\Configurações locais\Temp\Rar$EX00.562\gustop.exe" [Enabled] .(...) -- D:\Documents and Settings\Suellen\Configurações locais\Temp\Rar$EX00.562\gustop.exe (.not file.)
O47 - AAKE:Key Export SP - "D:\Documents and Settings\Suellen\Configurações locais\Temp\Rar$EX00.265\gustop.exe" [Enabled] .(...) -- D:\Documents and Settings\Suellen\Configurações locais\Temp\Rar$EX00.265\gustop.exe (.not file.)
O47 - AAKE:Key Export SP - "D:\Arquivos de programas\LimeWire\LimeWire.exe" [Enabled] .(...) -- D:\Arquivos de programas\LimeWire\LimeWire.exe (.not file.)
O47 - AAKE:Key Export SP - "D:\Arquivos de programas\LimeWire\.NetworkShare\LimeWire\LimeWire.exe" [Enabled] .(...) -- D:\Arquivos de programas\LimeWire\.NetworkShare\LimeWire\LimeWire.exe (.not file.)
O47 - AAKE:Key Export SP - "D:\Arquivos de programas\Ares\Ares.exe" [Enabled] .(...) -- D:\Arquivos de programas\Ares\Ares.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\GbpGSvc [Key] . (...) -- C:\Windows\System32\Eguis.exe (.not file.)
[HKCU\Software\BonanzaDealsLive] =>Adware.BonanzaDeals
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\myBabylon_English] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX] =>PUP.Dealply^
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\YahooPartnerToolbar]
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}] =>Toolbar.Babylon
[HKCU\Software\BonanzaDealsLive] =>Adware.BonanzaDeals^
[HKCU\Software\myBabylon_English] =>Toolbar.Babylon^
[HKCU\Software\TorrentAid]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKLM\Software\Classes\ctTOOLBAR.ctToolBarCtrl.2] =>Toolbar.Conduit
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
D:\Arquivos de programas\BonanzaDeals =>Adware.BonanzaDeals^
D:\Arquivos de programas\BonanzaDealsLive =>Adware.BonanzaDeals^
D:\Documents and Settings\All Users\Dados de aplicativos\BonanzaDealsLive =>Adware.BonanzaDeals^
D:\Documents and Settings\Sidnei\Dados de aplicativos\UpdaterEX =>PUP.Dealply^
D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\BonanzaDealsLive =>Adware.BonanzaDeals^
D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Conduit =>Toolbar.Conduit
emptytemp
firewallraz
emptyclsid
proxyfix

|- Abra a ferramenta ZHPFix.
|- Clique IMPORTAÇÃO >> OK >> Acione o atalho "ctrl+v". ( Colar )
|- Clique "GO".
|- Poste o relatório!

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

Manain    0

Manain
Postado

Segue Log do ZHPFix

Rapport de ZHPFix 2013.11.4.1 par Nicolas Coolman, Update du 03/11/2013
Fichier d'export Registre :
Run by Sidnei at 10/11/2013 09:53:15
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)

Reciclagem vazia (00mn 09s)

========== Softwares ==========
AUSENTE Uninstall Process: d:\documents and settings\sidnei\dados de aplicativos\updaterex\updateproc\updatetask.exe

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX]
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}]
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}]
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
ELIMINÉ: StartupReg: GbpGSvc
ELIMINÉ: HKCU\Software\BonanzaDealsLive
ELIMINÉ: HKCU\Software\InstallCore
ELIMINÉ: HKCU\Software\myBabylon_English
ELIMINÉ: HKLM\Software\Classes\Prod.cap
ELIMINÉ: HKCU\Software\Conduit
ELIMINÉ: HKCU\Software\YahooPartnerToolbar
ELIMINÉ: HKLM\Software\Conduit
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
ELIMINÉ: HKCU\Software\TorrentAid
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
ELIMINÉ: HKLM\Software\Classes\ctTOOLBAR.ctToolBarCtrl.2

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}
ELIMINÉ: Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F}
ELIMINÉ: Toolbar: {01E04581-4EEE-11D0-BFE9-00AA005B4383}
ELIMINÉ: Toolbar: {0E5CBF21-D15F-11D0-8301-00AA005B4383}
ELIMINÉ: Toolbar: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}
ELIMINÉ: Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
ELIMINÉ: Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068}
ELIMINÉ AAKE KeyValue: D:\Documents and Settings\Suellen\Configurações locais\Temp\Rar$EX04.109\gustop.exe
ELIMINÉ AAKE KeyValue: D:\Documents and Settings\Suellen\Configurações locais\Temp\Rar$EX00.562\gustop.exe
ELIMINÉ AAKE KeyValue: D:\Documents and Settings\Suellen\Configurações locais\Temp\Rar$EX00.265\gustop.exe
ELIMINÉ AAKE KeyValue: D:\Arquivos de programas\LimeWire\LimeWire.exe
ELIMINÉ AAKE KeyValue: D:\Arquivos de programas\LimeWire\.NetworkShare\LimeWire\LimeWire.exe
ELIMINÉ AAKE KeyValue: D:\Arquivos de programas\Ares\Ares.exe
ELIMINÉ: FirewallRaz (SP) : %windir%\system32\sessmgr.exe
ELIMINÉ: FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe
ELIMINÉ: FirewallRaz (SP) : D:\Arquivos de programas\Java\jre1.6.0_05\bin\javaw.exe
ELIMINÉ: FirewallRaz (SP) : D:\Arquivos de programas\Arquivos comuns\McAfee\MNA\McNASvc.exe
ELIMINÉ: FirewallRaz (SP) : D:\Arquivos de programas\Java\jre6\bin\java.exe
ELIMINÉ: FirewallRaz (SP) : D:\Arquivos de programas\Java\jre6\bin\javaw.exe
ELIMINÉ: FirewallRaz (DP) : %windir%\system32\sessmgr.exe
ELIMINÉ: FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe
Nenhum valor presente na chave de exceções do registo (FirewallRaz)
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: d:\documents and settings\all users\desktop\declaração do simples nacional - sp.lnk
ELIMINÉ Temporários windows (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: At1

========== Outros ==========
NÃO-TRATADO [MD5.E715412E47D20EB0EBF77B65F9157343] - (...) -- ystem32\rundll32.exe [0] [PID.2976]


========== Recapitulativo ==========
24 : Chaves do Registo
28 : Valores do Registo
1 : Pastas
2 : Ficheiros
1 : Softwares
1 : Tarefa planificada
1 : Outros


End of clean in 01mn 57s

========== Caminho do ficheiro do relatório ==========
D:\Documents and Settings\Sidnei\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 10/11/2013 09:53:24 [4810]

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Manain

|- Baixe: < AdwCleaner_Logo2_zps580bcd78.jpg > ( ... par Xplode )

|- Ao acessar,clique na imagem: < AdwCleaner_Tlcharger.jpg >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como Executar_Administrador.jpg

advz4z8Y.jpg

|- Ps: Dê início à ferramenta,clicando em "Scan".
|- Ao concluir,clique "Clean" >> Clique "Report".
|- Poste: < C:\AdwCleaner\AdwCleaner[s1].txt >

-/-

|- Baixe: < zoek > ( ... by Smeenk )

|- Ou aqui! < 51a612a8b27e2-Zoek.png zoek.exe >

|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.

hijackthis;
iedefaults;
chromelook;
emptyCHRcache;
autoclean;
emptyalltemp;

|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script".

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

|- Surgirão estas informações,pedindo-lhe que aguarde o relatório.

Zoek_Reboot_zpscf60b3cf.jpg

|- Aceite e/ou confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<

A+

 

Compartilhar este post

Link para o post
Compartilhar em outros sites

Manain    0

Manain
Postado

Segue Log AdwCleaner

 

# AdwCleaner v3.012 - Relatório criado 14/11/2013 às 21:53:52
# Atualizado 11/11/2013 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : Sidnei - KELOW
# Executando de : D:\Documents and Settings\Sidnei\Desktop\adwcleaner.exe
# Opção : Examinar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Navegadores ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Google Chrome v
[ Arquivo : D:\Documents and Settings\Sidnei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1428 octets] - [14/11/2013 21:53:52]
########## EOF - D:\AdwCleaner\AdwCleaner[R0].txt - [1488 octets] ##########


Não consegui passar o Zoek, isto é não responde a tela abaixo aparece fiquei aguardando 03 dias e não gerou nenhum relatorio.

 

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! Manain

Não consegui passar o Zoek, isto é não responde a tela abaixo aparece fiquei aguardando 03 dias e não gerou nenhum relatorio.

|- Nem noiva na Igreja eu aguardo por 3 dias..vc é a pessoa mais paciente que já encontrei. rsr...
|- Executou o arquivo zoek.exe como administrador? Tente executar zoek.com ou zoek.scr,que são disponibilizados ao baixar o zip ou rar.

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito