Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

FreedomFSA

[Resolvido] &nbspAnálise de Log do HijackThis

Recommended Posts

Boa noite!

 

Faz um tempo desde a última faxina que fiz em meu computador. Dado isso, deixo a baixo o log gerado pelo HijackThis para que seja analisado.

 
Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:25:59, on 02/05/2014

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v11.0 (11.00.9600.16518)

Boot mode: Normal



Running processes:

C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.5\MySQLNotifier.exe

C:\Program Files (x86)\Hotkey\Hotkey.exe

C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe

C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe

C:\Program Files (x86)\Battle.net\Battle.net.4511\Battle.net.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE

C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\SysWOW64\DllHost.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.avell.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Sound Blaster Cinema] "C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe" /r

O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe

O4 - HKLM\..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [MySQL Notifier] C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.5\MySqlNotifier.exe

O4 - Global Startup: Hotkey.lnk = C:\Program Files (x86)\Hotkey\Hotkey.exe

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AtherosSvc - Unknown owner - C:\Windows\system32\AdminService.exe (file missing)

O23 - Service: AvrcpService - Realtek Semiconductor Corporation - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe

O23 - Service: BTDevManager - Unknown owner - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe

O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe

O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: MySQL56 - Unknown owner - C:\Program.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PowerBiosServer - Unknown owner - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Service KMSELDI - Unknown owner - C:\Program Files\KMSpico\Service_KMS.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @oem1.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: WD Backup (WDBackup) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

O23 - Service: WD Drive Manager (WDDriveService) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)



--

End of file - 11059 bytes

 
 

Durate a executcao do HijackThis, apareceu este erro:

 

9z6b.png

 

 

Não sei disser nada a respeito, então achei plausível postar aqui.

 

 

o/

 

Obrigado pela atencao!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá FreedomFSA.

 

Sugiro que crie um novo tópico na área de Remoção de Malwares no endereço abaixo, a qual é apropriada para a análise de logs:

http://forum.imasters.com.br/forum/304-remocao-de-malwares/

 

Ficamos na espera.

 

Não teria como mover este? Pra não ter que criar outro.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Já movi seu tópico, não tinha movido antes porque às vezes acontece de a pessoa ficar perdida e não saber para onde foi movido.

_____________________________________________________________________________

 

:seta: Faça o download do < ZHPDiag2.exe > < NicolasCoolman.jpg> ( ... de Nicolas Coolman )

 

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

 

Tutorial de instalação e execução do aplicativo ZHPDiag

 

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Power Max,

 

Obrigado por mover o tópico.

 

Segue a baixo o log do ZHPDiag.

 

 

~ Relatório do ZHPDiag v2014.5.3.52 - Nicolas Coolman  (03/05/2014)
~ Iniciado por Avell B155 (03/05/2014 17:09:31)
~ Endereço do Website :  http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : http://nicolascoolman.webs.com/apps/links/
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16521
MFIE: Mozilla Firefox 29.0 (Defaut)
GCIE: Google Chrome v34.0.1847.131

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8.1 Pro, 64-bit  (Build 9600)
Windows Server License Manager Script : OK

---\\ Softwares de proteçao do sistema
Windows Defender W8

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 55
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8112 MB (71% free)
System Restore: Activé (Enable)
System drive C: has 28 GB (25%) free of 111 GB

---\\ Modo de conexão ao sistema
~ Computer Name: B155
~ User Name: Avell B155
~ All Users Names: HomeGroupUser$, Convidado, Avell B155, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Avell B155\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Avell B155\AppData\Roaming\
~ %Desktop% : C:\Users\Avell B155\Desktop\
~ %Favorites% : C:\Users\Avell B155\Favorites\
~ %LocalAppData% : C:\Users\Avell B155\AppData\Local\
~ %StartMenu% : C:\Users\Avell B155\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 28 Go of 111 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 591 Go of 931 Go)
F: Floppy drive, Flash card reader, USB Key (Free 5 Go of 7 Go)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Windows Explorer.) (.22/10/2013 - 04:55:27.) -- C:\Windows\Explorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.22/08/2013 - 06:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Internet Extensions para Win32.) (.01/03/2014 - 00:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.22/08/2013 - 06:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/12/2013 - 05:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 09:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 08:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 05:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 08:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 08:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Driver de porta i8042.) (.22/08/2013 - 08:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 09:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.79B6F3DF7CDFD12159871FF71464F0CE] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.23/11/2013 - 04:08:19.) -- C:\Windows\system32\Drivers\MRxSmb.sys [403456]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 08:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.22/08/2013 - 10:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Driver de porta paralela.) (.22/08/2013 - 08:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 08:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.22/08/2013 - 20:00:55.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.C85C075DE5B6D0FE116043054DE8EE02] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.31/01/2014 - 13:15:23.) -- C:\Windows\system32\Drivers\volsnap.sys [311640]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/4
~ Mes Favoris (My Favorites) : 1/3
~ Mes Documents (My Documents) : 1/17
~ Mon Bureau (My Desktop) : 2/14319
~ Menu demarrer (Programs) : 1/28
~ Hidden Files:  Scanned in 00mn 00s



---\\ Processos lançados
[MD5.293770C94202D1EA18EE27E0D3EB6A41] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe   [2201032] [PID.3564]
[MD5.59D9856CD1420E2AF778821B7E1B81D0] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe   [153136] [PID.5244]
[MD5.6DC177F1626545F087892E73E7609DD0] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe   [1209904] [PID.5420]
[MD5.A4C98FD0EB19815374011C929B7D728A] - (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe   [21822128] [PID.5428]
[MD5.9D4A0ECBF734E2EECDD5B473A2D705FE] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   [20922016] [PID.5540]
[MD5.DE6928F6623EEAD69AFFF62E26676C85] - (.Oracle Corporation - MySQL Notifier.) -- C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.5\MySQLNotifier.exe   [771584] [PID.5880]
[MD5.A41A4D9BE587DA45C7ED27E8CDBC606C] - (.No owner - HotKey.) -- C:\Program Files (x86)\Hotkey\Hotkey.exe   [4902912] [PID.6036]
[MD5.CF61EC0DDF6431D727FE13C4AD95C5FD] - (.Creative Technology Ltd - Sound Blaster Cinema.) -- C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe   [711680] [PID.6072]
[MD5.225E5E39141C2DDF525756650C878AA0] - (.Western Digital Technologies, Inc. - WD Drive Auto Unlock.) -- C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe   [1694080] [PID.6092]
[MD5.443078EF67B609725CE3F76CC3A52156] - (.Western Digital Technologies, Inc. - WD Quick View.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe   [5545328] [PID.5092]
[MD5.3FDBC28DEF3378089C5EE301637970BA] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe   [275568] [PID.5312]
[MD5.8858F7FE986DD156F88488EDA50CC446] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe   [18544] [PID.6376]
[MD5.C54C8B8DAE3CC59CBAFF15FAC00084D7] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe   [1864368] [PID.316]
[MD5.550005223C0EEBFA602C37DCB5497ABD] - (.VideoLAN - VLC media player 2.1.3.) -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe   [126995] [PID.2800]
[MD5.E948B39B496BE1302E974DEBB3ED51D2] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [7869440] [PID.2004]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Avell B155\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://google.com
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [caokbcfjjpfjghiibofdoakkclhlkhkh] Despertador Online v.0.6 (Activé)
G2 - GCE: Preference [User Data\Default] [cocohmmjllchepkjocddkihldoiillkl] Desprotetor.com - Desprotetor de links v.1.0.4, (Activé)
G2 - GCE: Preference [User Data\Default] [gonbigodpnfghidmnphnadhepmbabhij] Cryptocat v.2.1.23 (Activé)
G2 - GCE: Preference [User Data\Default] [jlgdloilieclkegafohackmhffbmdpko] Yulia Brodskaya v.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 21 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
M0 - MFSP: prefs.js [Avell B155 - x9yz7alz.default] http://google.com
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Avell B155\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 6 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.avell.com
~ IE Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
~ BHO: 6 Legitimates Filtered in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Avell B155]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.)  -- C:\Users\Avell B155\AppData\Roaming\BitTorrent\BitTorrent.exe   =>P2P.BitTorrent
O4 - GS\Desktop [Avell B155]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.)  -- C:\Users\Avell B155\AppData\Roaming\BitTorrent\BitTorrent.exe   =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.)
O4 - HKLM\..\Run: [MBCfg64] . (.Creative Technology Ltd. - No Comment.) -- C:\Windows\system32\MBCfg64.dll
O4 - HKLM\..\Run: [BtServer] . (.Realtek Semiconductor Corporation - Realtek Bluetooth BTServer Application.) -- C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe
O4 - HKLM\..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (.not file.)
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe   =>.DT Soft Ltd
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [MySQL Notifier] . (.Oracle Corporation - MySQL Notifier.) -- C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.5\MySqlNotifier.exe
O4 - HKLM\..\Wow6432Node\Run: [Sound Blaster Cinema] . (.Creative Technology Ltd - Sound Blaster Cinema.) -- C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdReg] . (.Creative Technology Ltd. - Creative UpdReg.) -- C:\Windows\UpdReg.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe   =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [WD Drive Unlocker] . (.Western Digital Technologies, Inc. - WD Drive Auto Unlock.) -- C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe   =>.Western Digital Technologies
O4 - HKLM\..\Wow6432Node\Run: [WD Quick View] . (.Western Digital Technologies, Inc. - WD Quick View.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe   =>.Western Digital Technologies
O4 - HKUS\S-1-5-21-1242072069-3624147157-1849234089-1001\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-1242072069-3624147157-1849234089-1001\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
O4 - HKUS\S-1-5-21-1242072069-3624147157-1849234089-1001\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe   =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-1242072069-3624147157-1849234089-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1242072069-3624147157-1849234089-1001\..\Run: [MySQL Notifier] . (.Oracle Corporation - MySQL Notifier.) -- C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.5\MySqlNotifier.exe
~ Application:  Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{221F4CCC-CB31-4375-8F0A-83D7E0673C43}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{34CFEFC1-FF2A-405D-8AE3-862C89A7E668}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{221F4CCC-CB31-4375-8F0A-83D7E0673C43}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{34CFEFC1-FF2A-405D-8AE3-862C89A7E668}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{221F4CCC-CB31-4375-8F0A-83D7E0673C43}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{34CFEFC1-FF2A-405D-8AE3-862C89A7E668}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{221F4CCC-CB31-4375-8F0A-83D7E0673C43}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{34CFEFC1-FF2A-405D-8AE3-862C89A7E668}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 335.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL:  Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: BTDevManager (BTDevManager) . (.No owner - Realtek Bluetooth BTDevManager Service Appl.) - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
O23 - Service:  (PowerBiosServer) . (.No owner - PowerBiosServer.) - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
O23 - Service: Service KMSELDI (Service KMSELDI) . (.No owner - Service_KMS.) - C:\Program Files\KMSpico\Service_KMS.exe  =>PUP.KMSpico
~ Services: 20 Legitimates Filtered in 00mn 02s



---\\ Tarefas planificadas automaticamente (039)
[MD5.E3FEA8060978EAB6FA5D40E74DE6308B] [APT] [AutoPico Daily Restart] (...) -- C:\Program Files\KMSpico\AutoPico.exe   [1051416]  =>PUP.KMSpico
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore   [1082]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA   [1086]
~ Scheduled Task: 7 Legitimates Filtered in 00mn 01s



---\\ Software instalados (042)
O42 - Logiciel: Airplane Mode Hid Installer - (...) [HKLM][64Bits] -- InstallShield_{5E5B067F-52A4-447E-A3F1-D6DD10565E73}
O42 - Logiciel: Airplane Mode Hid Installer - (...) [HKLM][64Bits] -- {5E5B067F-52A4-447E-A3F1-D6DD10565E73}
O42 - Logiciel: Astah Community 6.8 - (.Change Vision, Inc..) [HKLM][64Bits] -- astah* community_is1
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: KMSpico v9.1.3 - (...) [HKLM][64Bits] -- KMSpico_is1  =>PUP.KMSpico
~ Logic: 29 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\RCBR]
~ Key Software: 269 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 18/11/2013 - 11:43:22 - [] ----D C:\Program Files (x86)\AirplaneModeInstaller
O43 - CFD: 17/02/2014 - 01:07:01 - [] ----D C:\ProgramData\boost_interprocess
~ Program Folder: 175 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0179D24423BA10AC216653B5CAB6DE40] - 03/05/2014 - 15:07:16 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [158852]
O44 - LFC:[MD5.0D7D0608CA520307C1D78E1F9B50B3BD] - 03/05/2014 - 15:07:16 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [775806]
~ Files: 13 Legitimates Filtered in 00mn 00s



---\\ Negação do serviço (Local Security Authority) (048)
~ LSA: 3 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:12/08/2013 - 20:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2  Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys   [17624]
O58 - SDL:19/10/2012 - 03:52:32 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4-1999 Driver.) -- C:\Windows\System32\Drivers\Dot4.sys   [151968]
O58 - SDL:19/10/2012 - 03:52:30 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4 Print Class Driver.) -- C:\Windows\System32\Drivers\Dot4Prt.sys   [27040]
O58 - SDL:06/09/2012 - 23:13:36 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys   [318800]
O58 - SDL:22/01/2014 - 08:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys   [108800]
O58 - SDL:22/01/2014 - 08:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys   [206080]
O58 - SDL:22/08/2013 - 09:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys   [31072]
O58 - SDL:03/05/2014 - 15:00:54 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys   [31088]
~ Drivers: 57 Legitimates Filtered in 00mn 00s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS:  Scanned in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.1C69B3F26CAB0E0F9D292BB4F2C9C772] [SPRF][16/02/2014] (...) -- C:\Users\Avell B155\AppData\Roaming\unins000.dat   [37824]
[MD5.AD6E810B9CE3D8C0C1FF0203C68C6FA6] [SPRF][16/02/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Avell B155\AppData\Roaming\unins000.exe   [720082]
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS:  - {1CF1260C-4DD0-4ebb-811F-33C572699FDE}
O92 - MNS:  - {374DE290-123F-4565-9164-39C4925E467B}
O92 - MNS:  - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
O92 - MNS:  - {A0953C92-50DC-43bf-BE83-3742FED03C9C}
O92 - MNS:  - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
O92 - MNS:  - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
O92 - MNS: FTP do Bluetooth - {F34020BE-4CE5-489A-A352-5D69BDFC7F54}
~ MNS: 7 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 25/01/2014 279000 |  (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 18/11/2013 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 18/11/2013 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/02/2013 820184 |  (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 29/04/2014 119408 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 20/04/2014 14243 |  (MySQL56) . (...) - C:\ProgramData\MySQL\MySQL Server 5.6\my.ini
SS - | Demand 13/04/2007 792112 |  (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Auto 11/12/2013 1050904 |  (Service KMSELDI) . (...) - C:\Program Files\KMSpico\Service_KMS.exe  =>PUP.KMSpico
SS - | Auto 23/10/2013 172192 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 25/02/2014 568512 |  (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 06/06/2011 64952 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 29/08/2012 208384 |  (AtherosSvc) . (.Atheros Commnucations.) - C:\Windows\System32\AdminService.exe
SR - | Auto 07/05/2013 35328 |  (AvrcpService) . (.Realtek Semiconductor Corporation.) - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe
SR - | Auto 08/10/2013 66560 |  (BTDevManager) . (...) - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
SR - | Auto 08/10/2013 452136 |  (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
SR - | Auto 15/11/2012 2468496 |  (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Auto 13/02/2013 731648 |  (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 20/03/2013 169432 |  (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 20/03/2013 368600 |  (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Demand 16/05/2007 271920 |  (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 02/04/2014 1615192 |  (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 02/04/2014 20541216 |  (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 04/03/2014 922968 |  (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 10/07/1658 0 |  (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 09/07/2013 46080 |  (PowerBiosServer) . (...) - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
SR - | Auto 11/12/2012 27768 |  (VIAKaraokeService) . (.VIA Technologies, Inc..) - C:\Windows\System32\viakaraokesrv.exe
SR - | Auto 28/02/2014 1042808 |  (WDBackup) . (.Western Digital Technologies, Inc..) - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
SR - | Auto 28/02/2014 271728 |  (WDDriveService) . (.Western Digital Technologies, Inc..) - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
SR - | Demand 10/07/1658 0 |  (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Auto 10/07/1658 0 |  (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
~ Services:  Scanned in 00mn 04s



---\\ Scâner Aditional (088)
Database Version : 13045 - (03/05/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 2
Dossiers trouvés  (Folders found) : 1
Fichiers trouvés  (Files found) : 1

[HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI]   =>PUP.KMSpico^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1]   =>PUP.KMSpico^
[HKLM\Software\Classes\S]   =>Toolbar.Agent
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico   =>PUP.KMSpico
C:\Program Files\KMSpico\AutoPico.exe   =>PUP.KMSpico^
~ Additionnel Scan: 285782 Items scanned in 00mn 12s



---\\ Sumário das deteções encontradas na sua estação
http://nicolascoolman.webs.com/apps/blog/show/29633319-pup-kmspico  =>PUP.KMSpico
~ MSI: 1 link(s) detected in 00mn 00s



~ 640 Legitimates filtered by white list
End of the scan (452 lines in 00mn 30s)(0)
 

 

[]`s

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Selecione e copie todo o texto destacado em vermelho que te passei.

_____________________________________________________________________________________________________________

 

:seta: Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

 

Copie este relatório e poste em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue o log.

 

 

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Avell B155 at 03/05/2014 17:58:37
High Elevated Privileges : OK
Windows 8 Business Edition, 64-bit Service Pack 1 (9600)

Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: HKLM\Software\Classes\S

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (11441) (3.229.871.799 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 13s

========== Caminho do ficheiro do relatório ==========
C:\Users\Avell B155\AppData\Roaming\ZHP\ZHPFix[R1].txt - 03/05/2014 17:58:41 [1145]
 

 

[]`s

Compartilhar este post


Link para o post
Compartilhar em outros sites

* Faça o download do Malwarebytes em um destes links abaixo:

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

http://downloads.malwarebytes.org/mbam-download.php

 

:seta: Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

 

Tutorial do Malwarebytes Anti-Malware

 

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Power Max,

 

Segue o log do MalwareBytes

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 03/05/2014
Scan Time: 21:58:17
Logfile: log.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.03.06
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Avell B155

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 512085
Time Elapsed: 44 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
RiskWare.Tool.CK, E:\Jogos\BF1942 Desert Combat\GERE AQUI SEU SERIAL.exe, , [2ed44a03d0ab211568f1c17dab594fb1],
RiskWare.Tool.CK, E:\Jogos\BF1942 Desert Combat\keygen antigo.exe, , [6a983c11de9d979f1a3fe45a16ee7888],
Trojan.Agent.CK, E:\Jogos\Call of Duty 4 - Modern Warfare\keygen-cod4.exe, , [ad550944d4a7f5416d5a45741ce56b95],

Physical Sectors: 0
(No malicious items detected)


(end)

 

Os três resultados encontrados são as keygen xD

 

Mandei pra quarentena. xD

 

[]`s

Compartilhar este post


Link para o post
Compartilhar em outros sites

Todos os logs que analisamos até agora estavam praticamente limpos. Não está sendo mostrado nada de realmente perigoso.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Todos os logs que analisamos até agora estavam praticamente limpos. Não está sendo mostrado nada de realmente perigoso.

 

Isso é bom. Achei que minha máquina estaria um pouco suja. xD

 

E aproveitando, sabes me recomendar um anti-spam/spyware bom, seja proprietário ou não ?

 

Obrigado pela atenção.

 

o/

 

[]`s

Compartilhar este post


Link para o post
Compartilhar em outros sites

Como antispyware você pode usar o próprio Malwarebytes que usamos hoje para fazer umas limpezas de tempos em tempos. Estas outras dicas abaixo também ajudam muito neste sentido:

Deixe seu PC mais protegido na internet com o SpywareBlaster

Tutorial do SUPERAntispyware (instalação e utilização)
__________________________________________________________________

Sugiro também que instale a extensão AdBlock que bloqueia propagandas em sites:
https://adblockplus.org

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.