[Arquivado] Ao tentar criar pastas, o processo trava + Explorer.e

[Fybc 0]

Olá pessoal

 

estou com problemas que imagino ser fruto de algum malware. Ao tentar criar uma NOVA PASTA em alguns diretórios em meu PC, o processo trava. Bem como, ao tentar desligar o windows o explorer.exe deixa de responder TODAS AS VEZES. De vez em quando (ontem por exemplo), o kaspersky acusa alguns processos normais como trojans. (detalhe: é meu pc de trabalho na empresa)

 

segue abaixo meu log, apos fazer uma varredura com Malwarebytes' Anti-Malware. E agradeço de já qualquer ajuda:

 

Logfile of HijackThis v1.99.1

Scan saved at 14:48:51, on 25/2/2014

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

C:\Arquivos de programas\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Java\jre7\bin\jqs.exe

C:\Arquivos de programas\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

C:\Arquivos de programas\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\notepad.exe

D:\programas\Adobe Photoshop CS3\Photoshop.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://172.16.0.22:8080/intranet

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Arquivos de programas\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

O1 - Hosts: 172.16.0.207 desenv.medimagem.com.br

O1 - Hosts: 172.16.0.207 desenv.cms.com.br

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\PROGRAMS\Orbitdownloader\orbitcth.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"

O4 - HKLM\..\Run: [bCU] "C:\Arquivos de programas\DeviceVM\Browser Configuration Utility\BCU.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: http://www.samsungsetup.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = medplan.local

O17 - HKLM\Software\..\Telephony: DomainName = medplan.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = medplan.local

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - (no file)

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~1.0FO\adialhk.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" -r (file missing)

O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Arquivos de programas\DeviceVM\Browser Configuration Utility\BCUService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: gupdate - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre7\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre7\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Arquivos de programas\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe

 

 

[DigRam 144]

Boa Noite! Fybc

|- Baixe: < > ( ... par Xplode )

|- Ao acessar,clique na imagem: < >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como



|- Ps: Dê início ao scan,clicando em "Examinar".
|- Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
|- Copie o log ou clique "Relatório".
|- Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >

Abs!

[Fybc 0]

Opa, muito obrigado pelo retorno DigRam

 

fiz o que recomendastes. Segue o Log:

 

# AdwCleaner v3.020 - Relatório criado 28/02/2014 às 07:49:15

# Atualizado 27/02/2014 por Xplode

# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)

# Usuário : fcarvalho - PORTAL001

# Executando de : C:\Documents and Settings\fcarvalho.MEDWIN\Desktop\adwcleaner.exe

# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : BCUService

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess

Pasta Deletada : C:\Arquivos de programas\DeviceVM

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook

Chave Deletedo : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL

Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [bCU]

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}

Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}

Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}

Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}

Valor Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [D:\PROGRAMS\Orbitdownloader\orbitnet.exe]

Valor Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\PROGRAMS\Orbitdownloader\orbitdm.exe]

Valor Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\PROGRAMS\Orbitdownloader\orbitnet.exe]

Chave Deletedo : HKCU\Software\DeviceVM

Chave Deletedo : HKCU\Software\Orbit

Chave Deletedo : HKLM\Software\Conduit

Chave Deletedo : HKLM\Software\DeviceVM

Chave Deletedo : HKLM\Software\Orbit

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Orbit_is1

Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v24.0 (pt-BR)

[ Arquivo : C:\Documents and Settings\fcarvalho.MEDWIN\Dados de aplicativos\Mozilla\Firefox\Profiles\9ufo2kjm.default\prefs.js ]

-\\ Google Chrome v33.0.1750.117

[ Arquivo : C:\Documents and Settings\fcarvalho.MEDWIN\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3933 octets] - [28/02/2014 07:48:20]

AdwCleaner[s0].txt - [3797 octets] - [28/02/2014 07:49:15]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3857 octets] ##########

[DigRam 144]

Bom Dia! Fybc

|- Baixe: < > ( ... by Oleg N. Scherbakov )
|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,clique direito em JRT.exe e execute-o ...
|- Aguarde a conclusão e poste o relatório. ( JRT.txt )

-/-

|- Baixe: < ZHPDiag2.exe > < > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.



|- Execute o ícone do pergaminho. ( ZHPDiag )



|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!



|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Se o log for extenso,envie-o à Pjjoint.malekal.

|- Ou acesse: < >

|- Maiores informações: < |Link| >

A+

[Fybc 0]

Ola DigRam

 

mais uma vez, muito obrigado por responder.

temos um problema nessa etapa: no meu trabalho, não tenho a permissão administrativa de desabilitar o Kaspersky.

O que faço?

abraço!

[Fybc 0]

la vai, sem desibilitar:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.2 (02.20.2014:1)

OS: Microsoft Windows XP x86

Ran by fcarvalho on qui 06/03/2014 at 11:57:36,65

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on qui 06/03/2014 at 12:02:11,42

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~ Relatório do ZHPDiag v2014.3.2.6 - Nicolas Coolman (3/3/2014)

~ Iniciado por fcarvalho (6/3/2014 16:05:30)

~ Endereço do Website : http://nicolascoolman.webs.com

~ Fóruns de suporte gratuito para desinfecção : http://nicolascoolman.webs.com/apps/links/

~ Tradução pelo utilizador

~ Estatuto da versão :

~ Lista Branca : Ativado pelo programa

~ Elevação dos Privilégios : OK

~ Controle de Conta de Utilizador : Not Found

---\\ Navegadores Internet

MSIE: Internet Explorer v8.0.6001.18702

MFIE: Mozilla Firefox 24.0

---\\ Informações sobre os produtos Windows

~ Langage: Portugais

Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)

Windows Automatic Updates : OK

Windows Genuine Advantage : KO

---\\ Softwares de proteçao do sistema

Kaspersky Anti-Virus 6.0 for Windows Workstations v6.0.3.837

Malwarebytes Anti-Malware versão 1.75.0.1300

---\\ Softwares d'optimização do sistema

CCleaner v3.24 =>Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares

Adobe Flash Player 11 Plugin

Adobe Reader XI

Java 7 Update 21

---\\ Informações sobre o sistema

~ Processor: x86 Family 6 Model 42 Stepping 7, GenuineIntel

~ Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 3062 MB (23% free)

System Restore: Activé (Enable)

System drive C: has 69 GB (70%) free of 98 GB

---\\ Modo de conexão ao sistema

~ Computer Name: PORTAL001

~ User Name: fcarvalho

~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, Administrador,

~ Unselected Option: 045,061,O62,065,066,080,O82,089

Logged in as Administrator

---\\ As variáveis de ambiente

~ System Unit : C:\

~ %AppZHP% : C:\Documents and Settings\fcarvalho.MEDWIN\Dados de aplicativos\ZHP\

~ %AppData% : C:\Documents and Settings\fcarvalho.MEDWIN\Dados de aplicativos\

~ %Desktop% : C:\Documents and Settings\fcarvalho.MEDWIN\Desktop\

~ %Favorites% : C:\Documents and Settings\fcarvalho.MEDWIN\Favoritos\

~ %LocalAppData% : C:\Documents and Settings\fcarvalho.MEDWIN\Configurações locais\Dados de aplicativos\

~ %StartMenu% : C:\Documents and Settings\fcarvalho.MEDWIN\Menu Iniciar\

~ %Windir% : C:\WINDOWS\

~ %System% : C:\WINDOWS\system32\

---\\ Enumeração das unidades dos discos

C: Hard drive, Flash drive, Thumb drive (Free 69 Go of 98 Go)

D: Hard drive, Flash drive, Thumb drive (Free 786 Go of 834 Go)

E: CD-ROM drive (Not Inserted)

T: Floppy drive, Flash card reader, USB Key (Not Inserted)

V: Floppy drive, Flash card reader, USB Key (Not Inserted)

Y: Floppy drive, Flash card reader, USB Key (Not Inserted)

Z: Floppy drive, Flash card reader, USB Key (Not Inserted)

---\\ Estado do Centro de Segurança do Windows

~ Security Center: 40 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos

[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/4/2008 - 19:21:00.) -- C:\WINDOWS\Explorer.exe [1035776]

[MD5.6CE32F7778061CCC5814D5E0F282D369] - (.Microsoft Corporation - Internet Extensions for Win32.) (.8/3/2009 - 04:34:58.) -- C:\WINDOWS\system32\wininet.dll [914944]

[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/4/2008 - 19:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952]

[MD5.322D0E36693D6E24A2398BEE62A268CD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/4/2008 - 12:19:24.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138112]

[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]

[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/4/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]

[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/4/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]

[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/4/2008 - 18:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]

[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/4/2008 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]

[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/4/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]

[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/4/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]

[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/4/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]

[MD5.68755F0FF16070178B54674FE5B847B0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/4/2008 - 12:17:02.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456576]

[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/4/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]

[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/4/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]

[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.13/4/2008 - 19:02:26.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]

[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/4/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]

[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]

[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 18:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]

[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/4/2008 - 18:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]

~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)

~ Mes images (My Pictures) : 2/29

~ Mes musiques (My Musics) : 1/2

~ Mes Favoris (My Favorites) : 1/395

~ Mes Documents (My Documents) : 2/2371

~ Mon Bureau (My Desktop) : 0/53

~ Menu demarrer (Programs) : 1/26

~ Hidden Files: Scanned in 00mn 03s

---\\ Processos lançados

[MD5.201BCF8550512C105BAC78E9FA401260] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Arquivos de programas\GbPlugin\GbpSv.exe [452136] [PID.1608]

[MD5.FDE5FAE31394A586F9CCC7300B6AD681] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [643072] [PID.1644]

[MD5.1643BBD933C046D5BBAEDD0A2A8F387C] - (.Kaspersky Lab - Kaspersky Anti-Virus.) -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe [231952] [PID.944]

[MD5.73686FE0B2E0469F89FD2075BE724704] - (.Apple Computer, Inc. - Bonjour Service.) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe [229376] [PID.984]

[MD5.5739F2821D49975CEDE6BF0153D0CF01] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe [181664] [PID.1128]

[MD5.D7E0BED3EA21D7BDDD410ADE51708D90] - (.Intel Corporation - Local Manageability Service.) -- C:\Arquivos de programas\Intel\Intel® Management Engine Components\LMS\LMS.exe [325656] [PID.1744]

[MD5.A678E5DDD974903DD71F503BDCACA218] - (.Intel Corporation - User Notification Service.) -- C:\Arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe [2656280] [PID.1912]

[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2432]

[MD5.E1B94448E933F7D98DA10129CF010E91] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [19972712] [PID.440]

[MD5.38D198A2DD54A67120040566A38103BA] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [31016] [PID.1728]

[MD5.15A1A88D97D440C735058CCF3F74A6EE] - (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe [94208] [PID.676]

[MD5.E7704CBF568815C1CAA6E513387BD3F2] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [65536] [PID.2364]

[MD5.CCE5D71F19AB70D969F9819B5C88438D] - (.ATI Technologies Inc. - Catalyst Control Center: Host application.) -- C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe [65536] [PID.3256]

[MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Arquivos de programas\Skype\Phone\Skype.exe [20584608] [PID.1012]

[MD5.183F44EAE82B426778D0C8F7FCE50821] - (.Adobe Systems, Incorporated - Adobe Photoshop CS3.) -- D:\programas\Adobe Photoshop CS3\Photoshop.exe [44814336] [PID.2680]

[MD5.227846995AFEEFA70D328BF5334A86A5] - (.Macrovision Europe Ltd. - Activation Licensing Service.) -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848] [PID.5040]

[MD5.026C4CA19FAE1F84894A99735B15AACA] - (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe [859464] [PID.5076]

[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe [638816] [PID.5828]

[MD5.66EA3B698F9A7EA2DBF0E4B246B6C958] - (.Nicolas Coolman - ZHPDiag.) -- D:\PROGRAMS\ZHPDiag\ZHPDiag.exe [8349696] [PID.2768]

~ Processes Running: Scanned in 00mn 01s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)

P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\fcarvalho.MEDWIN\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_abn.dll

P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\fcarvalho.MEDWIN\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_bb.dll

~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)

R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://172.16.0.22:8080/intranet

R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)

~ IE Browser: 13 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas

F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe

F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"

~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)

O1 - Hosts: 172.16.0.207 desenv.medimagem.com.br

O1 - Hosts: 172.16.0.207 desenv.cms.com.br

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects do navegador (02)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll

~ BHO: 12 Legitimates Filtered in 00mn 00s

---\\ Barras do Internet Explorer (03))

O3 - Toolbar: (no name) - [HKCU]{710EB7A1-45ED-11D0-924A-0020AFC7AC4D} Chave orfã

~ Toolbar: Scanned in 00mn 00s

---\\ Outras conexões do utilizador (04)

O4 - GS\Desktop [AllUsers]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

~ Global Startup: 1 Legitimates Filtered in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)

O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp

O4 - HKLM\..\Run: [startCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc

O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab - Kaspersky Anti-Virus.) -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

O4 - HKLM\..\Run: [MSConfig] . (.Microsoft Corporation - Utilitário de configuração do sistema.) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-1305094879-4204437982-2263759875-1584\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

O4 - HKUS\S-1-5-21-1305094879-4204437982-2263759875-1584\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} . (.Kaspersky Lab - Script Monitor Internet Explorer plugin.) -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll

O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO

O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã

O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe

~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)

O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"

O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"

~ IE Paramètres WEB: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)

O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br

O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br

O15 - Trusted Zone: [HKCU\...\Domains\www] http.samsungsetup.com

~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Objets ActiveX (Downloaded Program Files)(O16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

~ Objets ActiveX: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)

O17 - HKLM\System\CCS\Services\Tcpip\..\{C2DE00A7-63A0-48D9-8A98-A9CA389EB9D5}: DhcpNameServer = 172.16.0.2 172.16.0.254

O17 - HKLM\System\CCS\Services\Tcpip\..\{C2DE00A7-63A0-48D9-8A98-A9CA389EB9D5}: DhcpDomain = medplan.int

O17 - HKLM\System\CS1\Services\Tcpip\..\{C2DE00A7-63A0-48D9-8A98-A9CA389EB9D5}: DhcpNameServer = 172.16.0.2 172.16.0.254

O17 - HKLM\System\CS1\Services\Tcpip\..\{C2DE00A7-63A0-48D9-8A98-A9CA389EB9D5}: DhcpDomain = medplan.int

O17 - HKLM\System\CS3\Services\Tcpip\..\{C2DE00A7-63A0-48D9-8A98-A9CA389EB9D5}: DhcpNameServer = 172.16.0.2 172.16.0.254

O17 - HKLM\System\CS3\Services\Tcpip\..\{C2DE00A7-63A0-48D9-8A98-A9CA389EB9D5}: DhcpDomain = medplan.int

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = medplan.local

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.2 172.16.0.254

~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)

O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation

O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation

~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll

O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll

O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll

O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll

O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll

O20 - Winlogon Notify: klogon . (.Kaspersky Lab - Logon Visualizer.) -- C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll

O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll

O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll

O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll

O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll

O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll

~ Winlogon: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)

O20 - AppInit_DLLs: . (.Kaspersky Lab - kldialhk.) - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\adialhk.dll

~ AppInit DLL: Scanned in 00mn 00s

---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll

~ STS/SSO: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)

O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Intel® Management and Security Application User Notificat (UNS) . (.Intel Corporation - User Notification Service.) - C:\Arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe

~ Services: 9 Legitimates Filtered in 00mn 07s

---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)

O24 - Desktop Component 0: Minha página inicial atual - file:About:Home

O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\fcarvalho.MEDWIN\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\fcarvalho.MEDWIN\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

---\\ Listagem dos dados do BootExecute (Bex) (034)

O34 - HKLM BootExecute: (autocheck autochk * ) - File not found

~ BEX: 1 Legitimates Filtered in 00mn 00s

---\\ Drivers lançados ao arranque do sistema (041)

O41 - Driver: (InCDPass) . (. - .) - C:\WINDOWS\system32\drivers\InCDPass.sys (.not file.)

O41 - Driver: (InCDRm) . (. - .) - C:\WINDOWS\system32\drivers\InCDRm.sys (.not file.)

~ Drivers: 66 Legitimates Filtered in 00mn 00s

---\\ Software instalados (042)

O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1

O42 - Logiciel: Módulo de Proteção Banco Santander (Brasil) S.A. - (...) [HKLM] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1

O42 - Logiciel: Planilha Investimento Industrial, Agroindustrial, Comercial e Serviços - (.Banco do Nordeste do Brasil.) [HKLM] -- Planilha Investimento Industrial, Agroindustrial, Comercial e Serviços

O42 - Logiciel: Planilha Investimento Industrial, Agroindustrial, Comercial e Serviços - (.Banco do Nordeste do Brasil.) [HKLM] -- {95EEC3DD-98B1-402D-8984-A1D429A7F469}

O42 - Logiciel: Plano de Negócio - (.SEBRAE.) [HKLM] -- {D233EC4A-EF4B-4CCA-AE37-7994A3E1A483}

O42 - Logiciel: Voice Editing Standard - (...) [HKLM] -- {EC398162-CB7C-4FC8-9DF9-6DB43B9DD6A5}

~ Logic: 8 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys

[HKCU\Software\AutoHelpDesk]

[HKCU\Software\GbAs]

[HKLM\Software\AutoHelpDesk]

~ Key Software: 215 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 22/1/2014 - 07:59:44 - [74,601] ----D C:\Arquivos de programas\GUMD.tmp

O43 - CFD: 27/9/2012 - 14:28:20 - [0,001] ----D C:\Arquivos de programas\Serviços on-line

O43 - CFD: 27/9/2012 - 14:27:37 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Serviços

O43 - CFD: 31/7/2013 - 10:58:18 - [5,640] --H-D C:\Documents and Settings\All Users\Dados de aplicativos\{C967C837-A256-442F-8AC4-F25622F7B509}

O43 - CFD: 22/1/2014 - 07:32:37 - [0,015] R---D C:\Documents and Settings\fcarvalho.MEDWIN\Menu Iniciar\Programas\Acessórios

O43 - CFD: 6/3/2014 - 07:28:08 - [0] R---D C:\Documents and Settings\fcarvalho.MEDWIN\Menu Iniciar\Programas\Inicializar

~ Program Folder: 127 Legitimates Filtered in 00mn 32s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)

O44 - LFC:[MD5.EE86268E59E4B38961E7C40D16BE5BB4] - 25/2/2014 - 14:43:36 ---A- . (.Soeperman Enterprises Ltd. - HijackThis.) -- C:\HijackThis.exe [218112]

O44 - LFC:[MD5.388E5A402CE396385BDE6D329B6ECCD4] - 25/2/2014 - 14:48:51 ---A- . (...) -- C:\hijackthis.log [11110]

O44 - LFC:[MD5.9E86CE78756613E18962344F11A9036D] - 26/2/2014 - 10:05:13 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [664]

O44 - LFC:[MD5.6C43A9340572F456A1A8D09AB6B5D6FC] - 6/3/2014 - 07:24:01 ---A- . (...) -- C:\WINDOWS\wiaservc.log [48]

O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 6/3/2014 - 07:28:09 ---A- . (...) -- C:\WINDOWS\system.ini [227]

O44 - LFC:[MD5.EE9D8B7FAD6E066F255E7598D3CB25F4] - 6/3/2014 - 07:28:09 ---A- . (...) -- C:\WINDOWS\win.ini [552]

O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 6/3/2014 - 11:59:20 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\WINDOWS\system32\Drivers\gbpndisrd.sys [31088]

O44 - LFC:[MD5.7CF7B4A3DD7D55D37A5A85AAC957CF60] - 6/3/2014 - 14:05:03 ---A- . (...) -- C:\WINDOWS\wiadebug.log [401]

~ Files: 17 Legitimates Filtered in 00mn 04s

---\\ Operações e funções ao arranque do Windows Explorer (046)

O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll

~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Exportar a chave da aplicação autorizada (047)

O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [Enabled] .(.Google.) -- C:\Arquivos de programas\Google\Google Talk\googletalk.exe

~ Keys Export: 25 Legitimates Filtered in 00mn 00s

---\\ Image File Execution Options (IFEO) (O50)

O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

~ IFEO: Scanned in 00mn 00s

---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)

O51 - MPSK:{59abdbcf-93d1-11e3-9f00-dcb1228724ce}\AutoRun\command. (...) -- F:\sources\SetupError.exe (.not file.)

~ Keys: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)

O53 - SMSR:HKLM\...\startupreg\BCU [Key] . (...) -- C:\Arquivos de programas\DeviceVM\Browser Configuration Utility\BCU.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\Viber [Key] . (...) -- C:\Documents and Settings\fcarvalho\Configurações locais\Dados de aplicativos\Viber\Viber.exe (.not file.)

~ SMSR Keys: 10 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)

O58 - SDL:[MD5.DA6675E1400D58412C93180F8651A9FB] - 28/10/2001 - 15:06:30 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]

O58 - SDL:[MD5.8F866DF9A974BFFDCB2001D303BC0695] - 8/5/2013 - 10:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\WINDOWS\system32\Drivers\gbpkm.sys [49536]

O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 6/3/2014 - 11:59:20 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\WINDOWS\system32\Drivers\gbpndisrd.sys [31088]

O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 13/4/2008 - 09:36:06 ----- . (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]

O58 - SDL:[MD5.16E441DC4DAF703FB0B0FE474830FF53] - 2/10/2001 - 07:37:40 ---A- . (.lecs Inc. - Aaudio.) -- C:\WINDOWS\system32\Drivers\IcRecUsb.sys [17432]

O58 - SDL:[MD5.C53775780148884AC87C455489A0C070] - 13/4/2008 - 11:23:42 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\mtlmnt5.sys [126686]

O58 - SDL:[MD5.54886A652BF5685192141DF304E923FD] - 13/4/2008 - 11:23:40 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\mtlstrm.sys [1309184]

O58 - SDL:[MD5.6DDA78A0BE692B61B668FAB860F276CF] - 13/4/2008 - 09:34:28 ----- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\Drivers\mtxparhm.sys [452736]

O58 - SDL:[MD5.576B34CEAE5B7E5D9FD2775E93B3DB53] - 13/4/2008 - 11:23:42 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\ntmtlfax.sys [180360]

O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 28/10/2001 - 15:07:22 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]

O58 - SDL:[MD5.E9AAA0092D74A9D371659C4C38882E12] - 13/4/2008 - 11:23:44 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\recagent.sys [13776]

O58 - SDL:[MD5.D9673011648A71ED1E1F77B831BC85E6] - 13/4/2008 - 11:23:44 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slnt7554.sys [129535]

O58 - SDL:[MD5.2C1779C0FEB1F4A6033600305EBA623A] - 13/4/2008 - 11:23:46 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slntamr.sys [404990]

O58 - SDL:[MD5.F9B8E30E82EE95CF3E1D3E495599B99C] - 13/4/2008 - 11:23:48 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slnthal.sys [95424]

O58 - SDL:[MD5.DB56BB2C55723815CF549D7FC50CFCEB] - 13/4/2008 - 11:23:48 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys [13240]

O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 28/10/2001 - 15:06:30 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]

O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 28/10/2001 - 15:06:08 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]

O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 28/10/2001 - 15:06:16 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]

O58 - SDL:[MD5.912150FE88E79AFEE0BB72216FAB2617] - 28/10/2001 - 15:06:36 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]

O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 28/10/2001 - 15:06:40 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]

O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 3/8/2004 - 22:46:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]

O58 - SDL:[MD5.19D4F0DAD3F393C13DE7F849ADE72EFE] - 28/10/2001 - 15:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]

O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 28/10/2001 - 15:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]

O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 28/10/2001 - 15:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]

O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 28/10/2001 - 15:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]

O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 28/10/2001 - 15:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]

O58 - SDL:[MD5.86BB7AF2533B342B8E274590AD2190FA] - 3/8/2004 - 22:45:20 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]

O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 3/8/2004 - 22:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]

O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 3/8/2004 - 22:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]

O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 3/8/2004 - 22:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]

O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 3/8/2004 - 22:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]

~ Drivers: 7 Legitimates Filtered in 00mn 06s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)

O63 - Logiciel: HijackThis 1.99.1 - (.Soeperman Enterprises Ltd..) [HKLM] -- HijackThis

O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman

~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)

O64 - Services: CurCS - 28/2/2006 - C:\Arquivos de programas\Bonjour\mDNSResponder.exe (Bonjour Service) .(.Apple Computer, Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE

O64 - Services: CurCS - 8/5/2013 - C:\WINDOWS\system32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM

O64 - Services: CurCS - 8/10/2013 - C:\Arquivos de programas\GbPlugin\GbpSv.exe (GbpSv) .(.GAS Tecnologia - G-Buster Browser Defense - Service.) - LEGACY_GBPSV

~ Legacy: 116 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)

~ FASS Keys: 10 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)

O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <Google Chrome.5GOMECMWEGW4ZK4QL74PEDXPL4> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <Google Chrome.JDKZK5XNKCOPYT2XU2MEKLJXZY> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <Google Chrome.X6ENHUU5PXBP7TWAGBJWTAX6V4> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\fcarvalho\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe

~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)

O69 - SBI: SearchScopes [HKCU] {05402AB2-DCA2-4ffa-B893-BAC7BBA33F6B} - (Google) - http://www.google.com

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com

O69 - SBI: SearchScopes [HKCU] {E41AA1F3-4877-46e5-B956-3386E9873E92} [DefaultScope] - (Yahoo) - http://br.search.yahoo.com

~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)

[MD5.8F0E8A5803C17EF5BB1059A0E3C1864F] [sPRF][22/1/2014] (...) -- C:\Documents and Settings\fcarvalho.MEDWIN\Dados de aplicativos\unins000.dat [19986]

[MD5.AD6E810B9CE3D8C0C1FF0203C68C6FA6] [sPRF][22/1/2014] (.No owner - Setup/Uninstall.) -- C:\Documents and Settings\fcarvalho.MEDWIN\Dados de aplicativos\unins000.exe [720082]

[MD5.D911A2E56CE60B646F6316DDFEC5AD11] [sPRF][21/2/2014] (...) -- C:\Documents and Settings\fcarvalho.MEDWIN\Dados de aplicativos\unins001.dat [15570]

[MD5.CD23C4ABA6442E1DD7579C829FFFD5AB] [sPRF][21/2/2014] (.No owner - Setup/Uninstall.) -- C:\Documents and Settings\fcarvalho.MEDWIN\Dados de aplicativos\unins001.exe [720594]

~ Files: 5 Legitimates Filtered in 00mn 00s

---\\ Listagem dos códigos dos software (PUC) (090)

O90 - PUC: "A4CE332DB4FEACC4EA7397493A1E4A38" . (.Plano de Negócio.) -- C:\WINDOWS\Installer\{D233EC4A-EF4B-4CCA-AE37-7994A3E1A483}\_853F67D554F05449430E7E.exe

~ Update Products: 120 Legitimates Filtered in 00mn 00s

---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)

[MD5.CDCE01014A8A174F6D6453BCB8A94BCB] [WIS][2/10/2012] (.Twitter, Inc. - TweetDeck Setup.) -- C:\Windows\Installer\16ccfc.msi [986624]

[MD5.0F53C096525A45D4632382AAC3A326AC] [WIS][13/6/2013] (.CustomerResearchQFolder - CustomerResearchQFolder.) -- C:\Windows\Installer\2164ab5.msi [121344]

[MD5.38BD02F30D7CF9203DC3D2E8C8B60676] [WIS][9/12/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\355e49.msi [1634304]

[MD5.613839B0B5209A52FF11BD91B11A73AD] [WIS][27/9/2012] (.Nome de sua empresa: - TextPad.) -- C:\Windows\Installer\abc31.msi [373248]

[MD5.487B1A510A1A8555ACC9C2B9BF030F92] [WIS][31/7/2013] (.Banco do Nordeste do Brasil - Planilha Investimento Industrial, Agroindustrial, Comercial e S.) -- C:\Windows\Installer\bc27be.msi [263680]

~ WIS: 123 Legitimates Filtered in 00mn 10s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)

SS - | Demand 13/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe

SS - | Auto 22/1/2014 116648 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

SS - | Demand 22/1/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

SS - | Demand 4/4/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

SS - | Demand 28/10/2013 118680 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe

SS - | Auto 5/9/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Arquivos de programas\Skype\Updater\Updater.exe

SR - | Auto 24/5/2011 643072 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe

SR - | Auto 2/10/2012 231952 | (AVP) . (.Kaspersky Lab.) - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

SR - | Auto 28/2/2006 229376 | (Bonjour Service) . (.Apple Computer, Inc..) - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

SR - | Demand 2/10/2012 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

SR - | Auto 8/10/2013 452136 | (GbpSv) . (.GAS Tecnologia.) - C:\Arquivos de programas\GbPlugin\GbpSv.exe

SR - | Auto 4/4/2013 181664 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe

SR - | Auto 22/12/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Arquivos de programas\Intel\Intel® Management Engine Components\LMS\LMS.exe

SR - | Auto 13/4/2008 14336 | C:\WINDOWS\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\system32\svchost.exe

SR - | Auto 13/4/2008 14336 | C:\WINDOWS\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\system32\svchost.exe

SR - | Auto 22/12/2010 2656280 | (UNS) . (.Intel Corporation.) - C:\Arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe

~ Services: Scanned in 00mn 11s

---\\ Scâner Aditional (088)

Database Version : 13031 - (3/3/2014)

Clés trouvées (Keys found) : 0

Valeurs trouvées (Values found) : 0

Dossiers trouvés (Folders found) : 0

Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 253021 Items scanned in 00mn 14s

~ 846 Legitimates filtered by white list

End of the scan (533 lines in 01mn 33s)(0)

[DigRam 144]

Boa Noite! Fybc

|- Seus logs estão limpos!

-/-

|- Baixe: |DelFix| ( ... de Xplode )



|- Estando na página,clique na seta verde para o download.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.



|- Execute-a!
|- Com a checkbox marcada! ( Remove disinfection tools )
|- Clique "Run".
|- Tudo Ok?

Abs!

[Fybc 0]

# DelFix v10.6 - Logfile created 11/03/2014 at 07:37:15

# Updated 11/11/2013 by Xplode

# Username : fcarvalho - PORTAL001

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\AdwCleaner

Deleted : C:\Documents and Settings\fcarvalho.MEDWIN\Dados de aplicativos\ZHP

Deleted : C:\HijackThis.exe

Deleted : C:\hijackthis.log

Deleted : C:\Documents and Settings\fcarvalho.MEDWIN\Desktop\JRT.exe

Deleted : C:\Documents and Settings\fcarvalho.MEDWIN\Desktop\JRT.txt

Deleted : C:\Documents and Settings\fcarvalho.MEDWIN\Desktop\ZHPDiag.txt

Deleted : C:\Documents and Settings\fcarvalho.MEDWIN\Meus documentos\Downloads\adwcleaner.exe

Deleted : HKLM\SOFTWARE\AdwCleaner

Deleted : HKLM\SOFTWARE\Soeperman Enterprises Ltd.

Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hijackthis

Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe

########## - EOF - ##########

Ok, muito obrigado DigRam.

A respeito do explorer.exe e dos travamentos ao tentar criar novas pastas não tem jeito mesmo né?

abç

[DigRam 144]

Bom Dia! Fybc

A respeito do explorer.exe e dos travamentos ao tentar criar novas pastas não tem jeito mesmo né?

|- Utilize estas duas ferramentas,logo abaixo.

-/-

|- Baixe: < UsbFix > ( ...de C_XX & El Desaparecido )

 

|- Clique

|- Salve-o no desktop!
|- Siga com sua instalação.
|- Execute o arquivo UsbFix.exe,com um duplo clique.



|- Escolha a opção "Suppression" ou "Delete".
|- Aguarde a conclusão e poste o relatório. ( C:\UsbFix.txt )

-/-

|- Baixe: < Pre_Scan > ( ... par g3n-h@ckm@n & Saachaa )
|- Role a página e clique: Télécharger Pre_Scan ( Winlogon.exe )
|- Salve-o no desktop! < ( winlogon ) >
|- Ps: A ferramenta virá renomeada como "winlogon.exe".
|- Desabilite seu antivírus,antispyware,sandbox e/ou firewall.
|- Feche o navegador programas que estejam abertos e execute a ferramenta!

< >

|- Duplo-clique em Pre_scan.exe ou winlogon.exe.



|- Clique: Scan|Kill
|- Ps: Durante o scan,sua área de trabalho irá desaparecer e janelas pretas irão surgir na tela.
|- Isso é normal e faz parte do funcionamento da ferramenta.



|- Encontrando infecções,pode ocorrer reinicialização e aparecer essa tela,logo àcima.
|- Poderá haver reboot e prosseguimento do scan. << Aguarde!
|- Poste,ao concluir,o relatório! ( Pre_Scan.txt )

|- Para enviar,acesse!:

|- Ou...1fichier.com

|- Ou...myfile.tk

Abs!

 

[Fybc 0]

############################## | UsbFix V 7.167 | [supressão]

Usuário: fcarvalho (Administrador) # PORTAL001

Atualizado em 13/03/2014 por El Desaparecido - Team SosVirus

Começou em 09:38:02 | 14/03/2014

Site : http://www.pt.usbfix.net/

Changelog : http://www.usbfix.net/maj/

Support : http://pt.kioskea.net/forum/seguranca-virus-7

Upload Malware : http://www.sosvirus.net/upload_malware.php

Contato : http://www.pt.usbfix.net/contato/

PC: Foxconn (H61MXV/-LE/H67MXV )

CPU: Processador Intel Pentium III Xeon

RAM -> [Total : 3062 Mo| Free : 2262 Mo]

Bios: American Megatrends Inc.

Boot: Normal boot

OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) Service Pack 3

WB: Windows Internet Explorer : 8.0.6001.18702

WB: Google Chrome : 33.0.1750.146

WB: Mozilla Firefox : 24.0

SC: Security Center [Enabled]

WU: Windows Update [Enabled]

FW: Windows FireWall [Enabled]

C:\ (%systemdrive%) -> Disco fixo # 98 Gb (70 Mb livre - 71%) [] # NTFS

D:\ -> Disco fixo # 834 Gb (786 Mb livre - 94%) [] # NTFS

E:\ -> CD-ROM

################## | Processos Ativos |

C:\WINDOWS\System32\smss.exe (ID: 1248 |ParentID: 4)

C:\WINDOWS\system32\csrss.exe (ID: 1348 |ParentID: 1248)

C:\WINDOWS\system32\winlogon.exe (ID: 1388 |ParentID: 1248)

C:\WINDOWS\system32\services.exe (ID: 1432 |ParentID: 1388)

C:\WINDOWS\system32\lsass.exe (ID: 1444 |ParentID: 1388)

C:\ARQUIV~1\GbPlugin\GbpSv.exe (ID: 1628 |ParentID: 1432)

C:\WINDOWS\system32\Ati2evxx.exe (ID: 1656 |ParentID: 1432)

C:\WINDOWS\system32\svchost.exe (ID: 1680 |ParentID: 1432)

C:\WINDOWS\system32\svchost.exe (ID: 1988 |ParentID: 1432)

C:\WINDOWS\System32\svchost.exe (ID: 236 |ParentID: 1432)

C:\WINDOWS\system32\svchost.exe (ID: 404 |ParentID: 1432)

C:\WINDOWS\system32\Ati2evxx.exe (ID: 628 |ParentID: 1388)

C:\WINDOWS\system32\svchost.exe (ID: 664 |ParentID: 1432)

C:\WINDOWS\system32\spoolsv.exe (ID: 836 |ParentID: 1432)

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (ID: 976 |ParentID: 1432)

C:\Arquivos de programas\Bonjour\mDNSResponder.exe (ID: 996 |ParentID: 1432)

C:\Arquivos de programas\Java\jre7\bin\jqs.exe (ID: 1224 |ParentID: 1432)

C:\Arquivos de programas\Intel\Intel® Management Engine Components\LMS\LMS.exe (ID: 1864 |ParentID: 1432)

C:\WINDOWS\System32\svchost.exe (ID: 2040 |ParentID: 1432)

C:\WINDOWS\System32\svchost.exe (ID: 216 |ParentID: 1432)

C:\Arquivos de programas\Skype\Updater\Updater.exe (ID: 392 |ParentID: 1432)

C:\WINDOWS\system32\svchost.exe (ID: 136 |ParentID: 1432)

C:\Arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe (ID: 368 |ParentID: 1432)

C:\WINDOWS\system32\wbem\wmiapsrv.exe (ID: 1708 |ParentID: 1432)

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (ID: 1920 |ParentID: 976)

C:\WINDOWS\System32\alg.exe (ID: 2084 |ParentID: 1432)

C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 2100 |ParentID: 1680)

C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 2376 |ParentID: 1680)

C:\WINDOWS\system32\userinit.exe (ID: 2816 |ParentID: 1388)

C:\WINDOWS\Explorer.EXE (ID: 3072 |ParentID: 2952)

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [shell] Explorer.exe

F2 - [64bit] HKLM\..\Winlogon : [shell] Explorer.exe

F2 - HKLM\..\Winlogon : [userinit] C:\WINDOWS\system32\userinit.exe,

F2 - [64bit] HKLM\..\Winlogon : [userinit] C:\WINDOWS\system32\userinit.exe,

04 - HKCU\..\Run : [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

04 - HKCU\..\Run : [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

04 - HKLM\..\Run : [RTHDCPL] RTHDCPL.EXE

04 - HKLM\..\Run : [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

04 - HKLM\..\Run : [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

04 - HKLM\..\Run : [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"

04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\Run : []

04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\RunOnce : []

04 - HKU\S-1-5-21-1305094879-4204437982-2263759875-1584\..\Run : [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

04 - HKU\S-1-5-21-1305094879-4204437982-2263759875-1584\..\Run : [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

################## | Procura genérica |

(!) Ficheiros temporários suprimido.

################## | Registro |

Reparado ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1

Reparado ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5

Supprimido ! HKU\S-1-5-21-1305094879-4204437982-2263759875-1584\Software\.\.\.\.\Mountpoints2\{59abdbcf-93d1-11e3-9f00-dcb1228724ce}

################## | Listing |

[27/09/2012 - 15:49:43 | D] - C:\7bdd47f1ed6a90d6bf5ee8e1

[28/02/2014 - 07:49:18 | D] - C:\Arquivos de programas

[27/09/2012 - 14:29:02 | A | 0 Ko] - C:\AUTOEXEC.BAT

[06/03/2014 - 07:28:09 | SH | 0 Ko] - C:\boot.ini

[28/10/2001 - 15:06:10 | N | 5 Ko] - C:\Bootfont.bin

[27/01/2014 - 07:55:49 | D] - C:\Config.Msi

[27/09/2012 - 14:29:02 | N | 0 Ko] - C:\CONFIG.SYS

[11/03/2014 - 07:37:18 | N | 1 Ko | 38FECB088A2C3ABA87E8C32DAC2355DB] - C:\DelFix.txt

[06/03/2014 - 16:05:36 | N | 0 Ko] - C:\Documents

[22/01/2014 - 07:39:43 | D] - C:\Documents and Settings

[25/10/2012 - 07:32:51 | N | 29096 Ko] - C:\ent suyane.wav

[06/11/2012 - 10:21:42 | N | 7928 Ko] - C:\Hallan Suplementação.MP3

[27/09/2012 - 15:52:14 | D] - C:\Intel

[27/09/2012 - 14:29:02 | RASH | 0 Ko] - C:\IO.SYS

[08/02/2013 - 09:00:24 | N | 10178 Ko] - C:\Janua J.wav

[25/02/2013 - 09:53:27 | N | 145447 Ko] - C:\Jorginho M.wav

[27/09/2012 - 14:29:02 | RASH | 0 Ko] - C:\MSDOS.SYS

[27/09/2012 - 17:10:15 | RHD] - C:\MSOCache

[03/08/2004 - 22:38:34 | N | 46 Ko | B2DE3452DE03674C6CEC68B8C8CE7C78] - C:\NTDETECT.COM

[27/09/2012 - 15:08:23 | RASH | 246 Ko] - C:\ntldr

[14/03/2014 - 09:37:31 | ASH | 2095104 Ko] - C:\pagefile.sys

[22/01/2014 - 07:57:45 | SHD] - C:\RECYCLER

[02/10/2012 - 16:31:50 | D] - C:\SD_VOICE

[27/09/2012 - 14:38:46 | SHD] - C:\System Volume Information

[14/03/2014 - 09:35:09 | D] - C:\UsbFix

[14/03/2014 - 09:38:45 | A | 6 Ko | 6D7BE04F880464677BBF89CBBD586BB1] - C:\UsbFix [Clean 2] PORTAL001.txt

[12/03/2014 - 09:29:06 | D] - C:\WINDOWS

[03/12/2012 - 17:30:14 | D] - D:\2salao

[03/12/2013 - 08:14:57 | D] - D:\3salao

[03/12/2013 - 08:14:34 | D] - D:\4salao

[29/01/2014 - 07:58:56 | D] - D:\5salao

[11/03/2014 - 10:02:20 | D] - D:\6salao

[04/02/2014 - 12:48:00 | N | 5473 Ko] - D:\A importância de manter o foco!.wmv

[13/03/2014 - 07:38:41 | D] - D:\ADMIN

[29/07/2013 - 11:12:32 | D] - D:\AGENCIA

[31/01/2014 - 17:53:21 | D] - D:\artes

[22/03/2013 - 11:21:07 | D] - D:\COMPARTILHAR

[02/10/2012 - 16:16:55 | D] - D:\Config.Msi

[11/10/2013 - 07:46:17 | N | 0 Ko | 4434DC5381DC284A89C6B64159BE2700] - D:\CorelDRAW Graphics Suite X5 - CODIGOS ATIVACAO.txt

[12/03/2014 - 08:48:42 | D] - D:\DESK

[25/02/2014 - 11:52:43 | D] - D:\desktop

[28/10/2013 - 11:40:15 | D] - D:\down

[24/01/2014 - 18:01:52 | D] - D:\Downloads

[04/06/2013 - 08:26:00 | D] - D:\e6b7ab044593f797ad83c31141a7af

[08/11/2013 - 18:34:16 | N | 435 Ko] - D:\edital lei a tito filho.pdf

[28/09/2012 - 10:23:30 | N | 248 Ko] - D:\favoritos_28_09_12.html

[30/05/2013 - 14:01:26 | N | 16534 Ko] - D:\FULL BANNER.cdr

[10/06/2013 - 17:08:12 | N | 79672 Ko] - D:\HEAR PRE EDIT OK.mp4

[20/02/2014 - 15:03:23 | N | 1019 Ko] - D:\home.jpg

[03/10/2012 - 08:17:16 | D] - D:\hoodoo

[26/04/2013 - 15:55:26 | D] - D:\imgs

[03/10/2012 - 16:52:26 | N | 50 Ko] - D:\inscritos2012.xls

[24/02/2014 - 10:45:49 | D] - D:\MEDPLAN

[28/02/2014 - 07:35:11 | D] - D:\meus docs

[12/11/2012 - 06:01:20 | N | 10355 Ko] - D:\MOV00064.MPG

[12/11/2012 - 06:07:50 | N | 35444 Ko] - D:\MOV00069.MPG

[12/11/2012 - 07:01:04 | N | 24694 Ko] - D:\MOV00090.MPG

[12/11/2012 - 21:56:18 | N | 184047 Ko] - D:\MOV00093.MPG

[12/11/2012 - 22:05:00 | N | 616 Ko] - D:\MOV00094.MPG

[12/11/2012 - 22:30:28 | N | 82157 Ko] - D:\MOV00095.MPG

[08/11/2013 - 14:11:38 | D] - D:\MUSGA

[09/08/2013 - 14:09:18 | D] - D:\My Received Files

[19/04/2012 - 10:05:26 | N | 173 Ko] - D:\ONGs II.pdf

[19/04/2012 - 09:58:36 | N | 330 Ko] - D:\ONGs.pdf

[20/12/2011 - 17:45:10 | N | 285 Ko] - D:\Orcamento security.pdf

[25/08/2010 - 08:37:04 | N | 2917 Ko] - D:\pdf_20100602165847_74.pdf

[28/02/2014 - 11:38:37 | D] - D:\PODCAST

[07/12/2012 - 10:06:00 | N | 454 Ko] - D:\prestadores para site humana.xlsx

[06/03/2014 - 15:40:21 | D] - D:\programas

[06/03/2014 - 15:50:26 | D] - D:\PROGRAMS

[03/10/2012 - 08:06:33 | D] - D:\PUBLIC

[23/01/2014 - 09:20:35 | SHD] - D:\RECYCLER

[03/10/2012 - 08:06:35 | D] - D:\RELA

[27/09/2012 - 17:27:57 | SHD] - D:\System Volume Information

[31/01/2014 - 17:48:24 | ASH | 68 Ko] - D:\Thumbs.db

[08/07/2011 - 16:08:56 | N | 352 Ko] - D:\timbrado.doc

[04/08/2011 - 08:16:36 | N | 1008 Ko] - D:\timbrado_medplan.doc

[04/02/2014 - 12:46:34 | N | 18617 Ko] - D:\Trabalho em equipe com humor.wmv

[09/12/2013 - 08:03:47 | D] - D:\VIDEOS

[12/03/2014 - 12:13:00 | N | 3644 Ko] - D:\Vídeo-0030.mp4

[06/03/2014 - 15:37:51 | N | 6706 Ko | 3BF2A8A287A0A7851E5925B91C476537] - D:\ZHPDiag2.exe

################## | Vaccin |

D:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)

################## | E.O.F | http://www.pt.usbfix.net/ - http://www.sosvirus.net |

[DigRam 144]

Bom Dia! Fybc

 

|- Resta,somente,executar a ferramenta Pre Scan.

 

Abs!

[Fybc 0]

Hey DigRam

 

rodei duas vezes o Pre Scan, reinicia o pc, mas nao gera o log. O Pre_Scan.txt surgiria no desktop?

ate+ e obrigado

[DigRam 144]

Hey DigRam

 

rodei duas vezes o Pre Scan, reinicia o pc, mas nao gera o log. O Pre_Scan.txt surgiria no desktop?

ate+ e obrigado

Bom Dia! Fybc

 

|- Caso não surja,vá a pasta estabelecida por Pre Scan que lá vc encontrará o relatório.

|- Desculpe-me a demora em lhe responder.

|- Pois,ainda,estou sem Internet e dentro de 15 dias espero resolver esse problema.

|- E quanto ao seu PC...tudo Ok?

 

Abs!

[Fybc 0]

Bom dia DigRam!

realmente não sei onde fica a opção em ver a pasta estabelecida pelo PreScan. Acredito que ele gere o txt onde ele esta, que no caso, esta no desktop mesmo, mas não sei pq ele não esta gerando esse log após o scankill.

Só tenho a agradecer a sua preocupação e ajuda, mestre.

Meu pc esta ainda parado - consegui a key do windows, mas ele não valida, pois exige uma segunda validação apenas com números (isso escolhendo a validação por telefone). Existe algum keygen que eu possa inserir essa key q funciona pra gerar esse codigo numerico?

Ja ouviu falar da ferramenta Hirens? Me indicaram mas preciso baixar aos poucos aqui no trampo, pois tem mais de 400mb

abraço!

Fyb

[DigRam 144]

Bom Dia! Fybc

Ja ouviu falar da ferramenta Hirens? Me indicaram mas preciso baixar aos poucos aqui no trampo, pois tem mais de 400mb

|- Sim! Mas já lhe respondi o que fazer no outro Tópico.

|- Formate o computador e reinstale o XP.

 

Abs!

[Fybc 0]

Hey DigRam,

 

instalei o windows 7. pois o xp que eu tinha realmente não validava nem com despacho.

abraço e obrigado pela ajuda.

[Fybc 0]

Enquanto isso, o pc do trampo esta do mesmo jeito, travando o explorer.exe quando tento criar pastas e quando vou desligar o pc.

[DigRam 144]

Bom Dia! Fybc

 

 

Enquanto isso, o pc do trampo esta do mesmo jeito, travando o explorer.exe quando tento criar pastas e quando vou desligar o pc.

|- Execute neste computador a ferramenta ZHPDiag.

 

-/-

 

|- Baixe: < ZHPDiag2.exe > < > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.



|- Execute o ícone do pergaminho. ( ZHPDiag )



|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!



|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Se o log for extenso,envie-o à Pjjoint.malekal.

|- Ou acesse: < >

|- Maiores informações: < |Link| >

A+

[Fybc 0]

Oi DigRam! Obrigado pela ajuda.

segue log:

 

~ Relatório do ZHPDiag v2014.4.16.27 - Nicolas Coolman (16/4/2014)
~ Iniciado por fcarvalho (16/4/2014 16:30:02)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : http://nicolascoolman.webs.com/apps/links/
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found


---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 28.0

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ Softwares de proteçao do sistema
Kaspersky Anti-Virus 6.0 for Windows Workstations v6.0.3.837
Malwarebytes Anti-Malware versão 1.75.0.1300

---\\ Softwares d'optimização do sistema
CCleaner v3.24 =>.Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 21

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3062 MB (26% free)
System Restore: Activé (Enable)
System drive C: has 67 GB (68%) free of 98 GB

---\\ Modo de conexão ao sistema
~ Computer Name: PORTAL001
~ User Name: fcarvalho
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\fcarvalho.MEDWIN\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\fcarvalho.MEDWIN\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\fcarvalho.MEDWIN\Desktop\
~ %Favorites% : C:\Documents and Settings\fcarvalho.MEDWIN\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\fcarvalho.MEDWIN\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\fcarvalho.MEDWIN\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 67 Go of 98 Go)
D: Hard drive, Flash drive, Thumb drive (Free 783 Go of 834 Go)
E: CD-ROM drive (Not Inserted)
T: Floppy drive, Flash card reader, USB Key (Not Inserted)
V: Floppy drive, Flash card reader, USB Key (Not Inserted)
Y: Floppy drive, Flash card reader, USB Key (Not Inserted)
Z: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 40 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/4/2008 - 19:21:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.6CE32F7778061CCC5814D5E0F282D369] - (.Microsoft Corporation - Internet Extensions for Win32.) (.8/3/2009 - 04:34:58.) -- C:\WINDOWS\system32\wininet.dll [914944]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/4/2008 - 19:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.322D0E36693D6E24A2398BEE62A268CD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/4/2008 - 12:19:24.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138112]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/4/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/4/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/4/2008 - 18:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/4/2008 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/4/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/4/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/4/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.68755F0FF16070178B54674FE5B847B0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/4/2008 - 12:17:02.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456576]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/4/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/4/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.13/4/2008 - 19:02:26.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/4/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 18:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/4/2008 - 18:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/30
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/395
~ Mes Documents (My Documents) : 2/2400
~ Mon Bureau (My Desktop) : 0/49
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 01s



---\\ Processos lançados
[MD5.B99C37364701D19F2B5C0A0E1ECCDB80] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe [519720] [PID.1604]
[MD5.FDE5FAE31394A586F9CCC7300B6AD681] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [643072] [PID.1640]
[MD5.1643BBD933C046D5BBAEDD0A2A8F387C] - (.Kaspersky Lab - Kaspersky Anti-Virus.) -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe [231952] [PID.840]
[MD5.73686FE0B2E0469F89FD2075BE724704] - (.Apple Computer, Inc. - Bonjour Service.) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe [229376] [PID.884]
[MD5.5739F2821D49975CEDE6BF0153D0CF01] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe [181664] [PID.1300]
[MD5.D7E0BED3EA21D7BDDD410ADE51708D90] - (.Intel Corporation - Local Manageability Service.) -- C:\Arquivos de programas\Intel\Intel® Management Engine Components\LMS\LMS.exe [325656] [PID.1576]
[MD5.A678E5DDD974903DD71F503BDCACA218] - (.Intel Corporation - User Notification Service.) -- C:\Arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe [2656280] [PID.1780]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2816]
[MD5.E1B94448E933F7D98DA10129CF010E91] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [19972712] [PID.2692]
[MD5.38D198A2DD54A67120040566A38103BA] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [31016] [PID.3204]
[MD5.E7704CBF568815C1CAA6E513387BD3F2] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [65536] [PID.2708]
[MD5.15A1A88D97D440C735058CCF3F74A6EE] - (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe [94208] [PID.3476]
[MD5.CCE5D71F19AB70D969F9819B5C88438D] - (.ATI Technologies Inc. - Catalyst Control Center: Host application.) -- C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe [65536] [PID.1712]
[MD5.183F44EAE82B426778D0C8F7FCE50821] - (.Adobe Systems, Incorporated - Adobe Photoshop CS3.) -- D:\programas\Adobe Photoshop CS3\Photoshop.exe [44814336] [PID.324]
[MD5.227846995AFEEFA70D328BF5334A86A5] - (.Macrovision Europe Ltd. - Activation Licensing Service.) -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848] [PID.3212]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe [275568] [PID.2744]
[MD5.CBA0013EBDE3F0B08B043F61857E9809] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe [18544] [PID.3220]
[MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Arquivos de programas\Skype\Phone\Skype.exe [20584608] [PID.2952]
[MD5.405A2343A4A4337EA221603D69D8061A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8217088] [PID.4600]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\fcarvalho.MEDWIN\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_abn.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\fcarvalho.MEDWIN\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://172.16.0.22:8080/intranet
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 13 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll
~ BHO: 12 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKCU]{710EB7A1-45ED-11D0-924A-0020AFC7AC4D} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [AllUsers]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
~ Global Startup: 1 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [startCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab - Kaspersky Anti-Virus.) -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1305094879-4204437982-2263759875-1584\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-1305094879-4204437982-2263759875-1584\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} . (.Kaspersky Lab - Script Monitor Internet Explorer plugin.) -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.samsungsetup.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2DE00A7-63A0-48D9-8A98-A9CA389EB9D5}: DhcpNameServer = 172.16.0.2 172.16.0.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2DE00A7-63A0-48D9-8A98-A9CA389EB9D5}: DhcpDomain = medplan.int
O17 - HKLM\System\CS1\Services\Tcpip\..\{C2DE00A7-63A0-48D9-8A98-A9CA389EB9D5}: DhcpNameServer = 172.16.0.2 172.16.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{C2DE00A7-63A0-48D9-8A98-A9CA389EB9D5}: DhcpDomain = medplan.int
O17 - HKLM\System\CS3\Services\Tcpip\..\{C2DE00A7-63A0-48D9-8A98-A9CA389EB9D5}: DhcpNameServer = 172.16.0.2 172.16.0.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{C2DE00A7-63A0-48D9-8A98-A9CA389EB9D5}: DhcpDomain = medplan.int
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = medplan.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.2 172.16.0.254
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: klogon . (.Kaspersky Lab - Logon Visualizer.) -- C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Kaspersky Lab - kldialhk.) - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\adialhk.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
~ Services: 9 Legitimates Filtered in 00mn 06s



---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\fcarvalho.MEDWIN\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\fcarvalho.MEDWIN\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (autocheck autochk * ) - File not found
~ BEX: 1 Legitimates Filtered in 00mn 00s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (InCDPass) . (. - .) - C:\WINDOWS\system32\drivers\InCDPass.sys (.not file.)
O41 - Driver: (InCDRm) . (. - .) - C:\WINDOWS\system32\drivers\InCDRm.sys (.not file.)
~ Drivers: 66 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: Módulo de Proteção Banco Santander (Brasil) S.A. - (...) [HKLM] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1
O42 - Logiciel: Planilha Investimento Industrial, Agroindustrial, Comercial e Serviços - (.Banco do Nordeste do Brasil.) [HKLM] -- Planilha Investimento Industrial, Agroindustrial, Comercial e Serviços
O42 - Logiciel: Planilha Investimento Industrial, Agroindustrial, Comercial e Serviços - (.Banco do Nordeste do Brasil.) [HKLM] -- {95EEC3DD-98B1-402D-8984-A1D429A7F469}
O42 - Logiciel: Plano de Negócio - (.SEBRAE.) [HKLM] -- {D233EC4A-EF4B-4CCA-AE37-7994A3E1A483}
O42 - Logiciel: Voice Editing Standard - (...) [HKLM] -- {EC398162-CB7C-4FC8-9DF9-6DB43B9DD6A5}
~ Logic: 17 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKLM\Software\AutoHelpDesk]
~ Key Software: 233 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/3/2014 - 13:11:24 - [6,517] ----D C:\Arquivos de programas\GUM5232.tmp
O43 - CFD: 22/1/2014 - 07:59:44 - [74,601] ----D C:\Arquivos de programas\GUMD.tmp
O43 - CFD: 27/9/2012 - 14:28:20 - [0,001] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 27/9/2012 - 14:27:37 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 18/3/2014 - 17:12:09 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess
O43 - CFD: 31/7/2013 - 10:58:18 - [5,640] --H-D C:\Documents and Settings\All Users\Dados de aplicativos\{C967C837-A256-442F-8AC4-F25622F7B509}
O43 - CFD: 22/1/2014 - 07:32:37 - [0,015] R---D C:\Documents and Settings\fcarvalho.MEDWIN\Menu Iniciar\Programas\Acessórios
O43 - CFD: 6/3/2014 - 07:28:08 - [0] R---D C:\Documents and Settings\fcarvalho.MEDWIN\Menu Iniciar\Programas\Inicializar
~ Program Folder: 133 Legitimates Filtered in 00mn 39s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.74884B511717D93C9D5CA960C9C51916] - 16/4/2014 - 07:21:58 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.8FCA7D8A9C8AE5CC7BD1C2D06995DC8D] - 16/4/2014 - 07:22:26 ---A- . (.GAS Tecnologia - GAS Tecnologia - IM Helper Driver.) -- C:\WINDOWS\system32\Drivers\gbpndisrd.sys [31448]
O44 - LFC:[MD5.A1B606B20389DA5AF9AAB6F09656EC00] - 16/4/2014 - 11:59:08 ---A- . (...) -- C:\WINDOWS\wiadebug.log [410]
O44 - LFC:[MD5.5866F5AC5FA90002CC1275789B715A60] - 8/4/2014 - 07:46:38 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [116]
~ Files: 18 Legitimates Filtered in 00mn 04s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [Enabled] .(.Google.) -- C:\Arquivos de programas\Google\Google Talk\googletalk.exe
~ Keys Export: 25 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\BCU [Key] . (...) -- C:\Arquivos de programas\DeviceVM\Browser Configuration Utility\BCU.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Viber [Key] . (...) -- C:\Documents and Settings\fcarvalho\Configurações locais\Dados de aplicativos\Viber\Viber.exe (.not file.)
~ SMSR Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnablELUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
~ MWPS: 10 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.DA6675E1400D58412C93180F8651A9FB] - 28/10/2001 - 15:06:30 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.8F866DF9A974BFFDCB2001D303BC0695] - 8/5/2013 - 10:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\WINDOWS\system32\Drivers\gbpkm.sys [49536]
O58 - SDL:[MD5.8FCA7D8A9C8AE5CC7BD1C2D06995DC8D] - 16/4/2014 - 07:22:26 ---A- . (.GAS Tecnologia - GAS Tecnologia - IM Helper Driver.) -- C:\WINDOWS\system32\Drivers\gbpndisrd.sys [31448]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 13/4/2008 - 09:36:06 ---A- . (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.16E441DC4DAF703FB0B0FE474830FF53] - 2/10/2001 - 07:37:40 ---A- . (.lecs Inc. - Aaudio.) -- C:\WINDOWS\system32\Drivers\IcRecUsb.sys [17432]
O58 - SDL:[MD5.C53775780148884AC87C455489A0C070] - 13/4/2008 - 11:23:42 ---A- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\mtlmnt5.sys [126686]
O58 - SDL:[MD5.54886A652BF5685192141DF304E923FD] - 13/4/2008 - 11:23:40 ---A- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\mtlstrm.sys [1309184]
O58 - SDL:[MD5.6DDA78A0BE692B61B668FAB860F276CF] - 13/4/2008 - 09:34:28 ---A- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\Drivers\mtxparhm.sys [452736]
O58 - SDL:[MD5.576B34CEAE5B7E5D9FD2775E93B3DB53] - 13/4/2008 - 11:23:42 ---A- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\ntmtlfax.sys [180360]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 28/10/2001 - 15:07:22 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.E9AAA0092D74A9D371659C4C38882E12] - 13/4/2008 - 11:23:44 ---A- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\recagent.sys [13776]
O58 - SDL:[MD5.D9673011648A71ED1E1F77B831BC85E6] - 13/4/2008 - 11:23:44 ---A- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slnt7554.sys [129535]
O58 - SDL:[MD5.2C1779C0FEB1F4A6033600305EBA623A] - 13/4/2008 - 11:23:46 ---A- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slntamr.sys [404990]
O58 - SDL:[MD5.F9B8E30E82EE95CF3E1D3E495599B99C] - 13/4/2008 - 11:23:48 ---A- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slnthal.sys [95424]
O58 - SDL:[MD5.DB56BB2C55723815CF549D7FC50CFCEB] - 13/4/2008 - 11:23:48 ---A- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys [13240]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 28/10/2001 - 15:06:30 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 28/10/2001 - 15:06:08 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 28/10/2001 - 15:06:16 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.912150FE88E79AFEE0BB72216FAB2617] - 28/10/2001 - 15:06:36 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 28/10/2001 - 15:06:40 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 3/8/2004 - 22:46:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.19D4F0DAD3F393C13DE7F849ADE72EFE] - 28/10/2001 - 15:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 28/10/2001 - 15:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 28/10/2001 - 15:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 28/10/2001 - 15:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 28/10/2001 - 15:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.86BB7AF2533B342B8E274590AD2190FA] - 3/8/2004 - 22:45:20 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 3/8/2004 - 22:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 3/8/2004 - 22:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 3/8/2004 - 22:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 3/8/2004 - 22:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 10 Legitimates Filtered in 00mn 04s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: UsbFix - (.El Desaparecido - www.usbfix.net - www.sosvirus.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 28/2/2006 - C:\Arquivos de programas\Bonjour\mDNSResponder.exe (Bonjour Service) .(.Apple Computer, Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE
O64 - Services: CurCS - 8/5/2013 - C:\WINDOWS\system32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 21/2/2014 - C:\Arquivos de programas\GbPlugin\gbpsv.exe (GbpSv) .(.GAS Tecnologia - G-Buster Browser Defense - Service.) - LEGACY_GBPSV
~ Legacy: 118 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <Google Chrome.5GOMECMWEGW4ZK4QL74PEDXPL4> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <Google Chrome.JDKZK5XNKCOPYT2XU2MEKLJXZY> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <Google Chrome.X6ENHUU5PXBP7TWAGBJWTAX6V4> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\fcarvalho\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {05402AB2-DCA2-4ffa-B893-BAC7BBA33F6B} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {E41AA1F3-4877-46e5-B956-3386E9873E92} [DefaultScope] - (Yahoo) - http://br.search.yahoo.com
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.1AC805D20D1E50C95FC2B06A937989C1] [sPRF][14/3/2014] (...) -- C:\Documents and Settings\fcarvalho.MEDWIN\Desktop\Pre_Scan.exe [2913280]
~ Files: 2 Legitimates Filtered in 00mn 01s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "A4CE332DB4FEACC4EA7397493A1E4A38" . (.Plano de Negócio.) -- C:\WINDOWS\Installer\{D233EC4A-EF4B-4CCA-AE37-7994A3E1A483}\_853F67D554F05449430E7E.exe
~ Update Products: 122 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.CDCE01014A8A174F6D6453BCB8A94BCB] [WIS][2/10/2012] (.Twitter, Inc. - TweetDeck Setup.) -- C:\Windows\Installer\16ccfc.msi [986624]
[MD5.0F53C096525A45D4632382AAC3A326AC] [WIS][13/6/2013] (.CustomerResearchQFolder - CustomerResearchQFolder.) -- C:\Windows\Installer\2164ab5.msi [121344]
[MD5.38BD02F30D7CF9203DC3D2E8C8B60676] [WIS][9/12/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\355e49.msi [1634304]
[MD5.613839B0B5209A52FF11BD91B11A73AD] [WIS][27/9/2012] (.Nome de sua empresa: - TextPad.) -- C:\Windows\Installer\abc31.msi [373248]
[MD5.487B1A510A1A8555ACC9C2B9BF030F92] [WIS][31/7/2013] (.Banco do Nordeste do Brasil - Planilha Investimento Industrial, Agroindustrial, Comercial e S.) -- C:\Windows\Installer\bc27be.msi [263680]
~ WIS: 125 Legitimates Filtered in 00mn 14s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}] (Groove WorkspaceManagerApplication) =>PUP.Manager
~ BCK: 5203 Legitimates Filtered in 00mn 04s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 22/1/2014 116648 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 22/1/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 4/4/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 1/4/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 5/9/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Arquivos de programas\Skype\Updater\Updater.exe

SR - | Auto 24/5/2011 643072 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe
SR - | Auto 2/10/2012 231952 | (AVP) . (.Kaspersky Lab.) - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
SR - | Auto 28/2/2006 229376 | (Bonjour Service) . (.Apple Computer, Inc..) - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
SR - | Demand 2/10/2012 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SR - | Auto 21/2/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
SR - | Auto 4/4/2013 181664 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SR - | Auto 22/12/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Arquivos de programas\Intel\Intel® Management Engine Components\LMS\LMS.exe
SR - | Auto 13/4/2008 14336 | C:\WINDOWS\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\system32\svchost.exe
SR - | Auto 13/4/2008 14336 | C:\WINDOWS\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\system32\svchost.exe
SR - | Auto 22/12/2010 2656280 | (UNS) . (.Intel Corporation.) - C:\Arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe

~ Services: Scanned in 00mn 05s



---\\ Scâner Aditional (088)
Database Version : 13044 - (16/4/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}] (Groove WorkspaceManagerApplication) =>PUP.Manager^
~ Additionnel Scan: 258299 Items scanned in 00mn 14s



---\\ Sumário das deteções encontradas na sua estação
http://nicolascoolman.webs.com/apps/blog/show/34213529-pup-manager%C2'> =>PUP.Manager
~ MSI: 1 link(s) detected in 00mn 00s



~ 877 Legitimates filtered by white list
End of the scan (539 lines in 01mn 43s)(0)

[DigRam 144]

Boa Tarde! Fybc

|- Não vejo malwares,em potencial,sendo a causa de seus problemas.

-/-

|- Execute este script na ferramenta ZHPFix.
|- Copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c
|- À seguir,minimize o Bloco de Notas.

script zhpfix
[HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}] (Groove WorkspaceManagerApplication) =>PUP.Manager^
O3 - Toolbar: (no name) - [HKCU]{710EB7A1-45ED-11D0-924A-0020AFC7AC4D} Chave orfã
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã

emptytemp

|- Abra a ferramenta ZHPFix. < >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!

A+