Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

carol2906

[Resolvido] Sites estranhos após instalação de alguns programas

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

carol2906    0

carol2906
Postado

Boa noite,

 

Hoje instalei alguns programas em meu computador para fazer a edição de algumas músicas, e junto com eles vieram outros programas que eu não desejava.

Mas o que me incomoda no momento é o fato de que os sites de banco estão todos esquisitos, com vários campos pra digitar senhas e começam a abrir várias janelas. Acredito que esteja com algum vírus e não sei o que fazer.

 

Segue o log do hijack this:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:59:51, on 07/07/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Serv_SpUsb.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\ngsrv\ngslotd.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe
C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\ngsrv\epsng_certd.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Epson Software\Event Manager\EEventManager.exe
C:\Arquivos de programas\Samsung\Kies\KiesTrayAgent.exe
C:\WINDOWS\system32\aetcrss1.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHJB.EXE
C:\Arquivos de programas\Samsung\Kies\Kies.exe
C:\Arquivos de programas\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Arquivos de programas\Expstudio\Audio Editor\ExpAudioEdit.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HIJACKTHIS\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=incore_pay_hp_05_hao123_br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=incore_pay_hp_01_hao123_br
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - Default URLSearchHook is missing
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: BrowseSmart - {ffbb88a9-c663-4b9b-9170-70fa0a5a2786} - C:\Arquivos de programas\BrowseSmart\BrowseSmartBHO.dll (file missing)
O4 - HKLM\..\Run: [epsng_certd] C:\Arquivos de programas\ngsrv\epsng_certd.exe -r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Arquivos de programas\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [crlregistrationf] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\registration.exe /title="crlregistration" /date=062813
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Arquivos de programas\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [switchBoard] C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKLM\..\RunOnce: [APN-Stub_ATU3] "C:\Documents and Settings\All Users\Dados de aplicativos\APN\APN-Stub\ATU3\ApnSetup.exe" and Settings\Carol\APNSetup.exe /hpr=0 /sa=0 /install=ATU3 /dtid=default /trgb=CR /type=vanilla /runonce /runonce /second /runonce /runonce /runonce /runonce /runonce /runonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Arquivos de programas\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHJB.EXE /EPT "EPLTarget\P0000000000000000" /M "TX133 TX135"
O4 - HKCU\..\Run: [KiesPreload] C:\Arquivos de programas\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Arquivos de programas\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] C:\Arquivos de programas\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Arquivos de programas\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\RunOnce: [hao123Setting] C:\DOCUME~1\Carol\CONFIG~1\Temp\bdg46C.exe http://br.hao123.com/?tn=incore_pay_hp_05_hao123_br
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe -update plugin
O4 - HKUS\S-1-5-21-725345543-920026266-1801674531-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrador')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Atalho para LogMeIn.lnk = C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: http://www.bancoreal.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O15 - Trusted Zone: http://www.santander.com.br
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SAGEM MorphoSmart Service Provider Usb Server (MSO_SpUsb_Service) - Unknown owner - C:\WINDOWS\system32\Serv_SpUsb.exe
O23 - Service: ngSlotDaemon (ngSlotD) - OEM - C:\Arquivos de programas\ngsrv\ngslotd.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe
--
End of file - 15129 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

Oi Carol.

 

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:

http://www.bleepingcomputer.com/download/adwcleaner/

 

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

 

Remova adwares e toolbars maliciosas com o Adwcleaner

 

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[s0].txt

 

Ficamos na espera.

Compartilhar este post

Link para o post
Compartilhar em outros sites

carol2906    0

carol2906
Postado

Bom dia Power Max,

 

Segue log do Adwcleaner:

 

# AdwCleaner v3.215 - Relatório criado 09/07/2014 às 10:19:42
# Atualizado 09/07/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : Carol - CASA-46997CABD5
# Executando de : C:\Documents and Settings\Carol\Desktop\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\Ask
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\baidu
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\BrowserDefender
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\IBUpdaterService
Pasta Deletada : C:\Arquivos de programas\LyricsOn
Pasta Deletada : C:\Arquivos de programas\MyPC Backup
Pasta Deletada : C:\Arquivos de programas\Uninstaller
Pasta Deletada : C:\Arquivos de programas\Plus-HD-1.3
Pasta Deletada : C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\lollipop
Pasta Deletada : C:\DOCUME~1\Carol\CONFIG~1\Temp\Greener Web
Pasta Deletada : C:\DOCUME~1\Carol\CONFIG~1\Temp\NetCrawl
Pasta Deletada : C:\Documents and Settings\Carol\Dados de aplicativos\Babylon
Pasta Deletada : C:\Documents and Settings\Carol\Dados de aplicativos\baidu
Pasta Deletada : C:\Documents and Settings\Carol\Dados de aplicativos\SimilarSites
Pasta Deletada : F:\Documents and Settings\Carol\Optimizer Pro
Arquivo Deletada : C:\DOCUME~1\Carol\CONFIG~1\Temp\Uninstall.exe
Arquivo Deletada : C:\Documents and Settings\Carol\Menu Iniciar\Programas\lollipop.lnk
Arquivo Deletada : C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\bProtector Web Data
Arquivo Deletada : C:\WINDOWS\Tasks\Lyrics On Update.job
Arquivo Deletada : C:\WINDOWS\Tasks\Plus-HD-1.3-chromeinstaller.job
Arquivo Deletada : C:\WINDOWS\Tasks\Plus-HD-1.3-codedownloader.job
Arquivo Deletada : C:\WINDOWS\Tasks\Plus-HD-1.3-enabler.job
Arquivo Deletada : C:\WINDOWS\Tasks\Plus-HD-1.3-updater.job
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKCU\Software\Classes\Applications\lollipop.exe
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Main [backup.old.Start Page]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Chave Deletedo : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FFBB88A9-C663-4B9B-9170-70FA0A5A2786}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{392DE650-A1E6-4FB3-A5A4-21285DE225BD}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{B463ECD2-E5D8-4178-80C4-EC7C7E72F9AC}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFBB88A9-C663-4B9B-9170-70FA0A5A2786}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{769A91DA-209F-47FE-88B9-B0321B0982C8}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFBB88A9-C663-4B9B-9170-70FA0A5A2786}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{769A91DA-209F-47FE-88B9-B0321B0982C8}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Valor Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Arquivos de programas\Samsung\Samsung New PC Studio\npsasvr.exe]
Valor Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Arquivos de programas\Samsung\Samsung New PC Studio\npsvsvr.exe]
Chave Deletedo : HKCU\Software\APN PIP
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\Myfree Codec
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKLM\Software\Myfree Codec
Chave Deletedo : HKLM\Software\yuna software
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
***** [ Navegadores ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v30.0 (pt-BR)
[ Arquivo : C:\Documents and Settings\Carol\Dados de aplicativos\Mozilla\Firefox\Profiles\pqdvgsis.default\prefs.js ]
-\\ Google Chrome v
[ Arquivo : C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]
Deletedo [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Deletedo [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
*************************
AdwCleaner[R0].txt - [8979 octets] - [09/07/2014 10:16:01]
AdwCleaner[s0].txt - [8727 octets] - [09/07/2014 10:19:42]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8787 octets] ##########

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

 

Escolhendo Programas que Iniciam com o PC

 

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

 

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.

______________________________________________________________________________

 

:seta: Baixe o programa Junkware Removal Tool no link abaixo:

http://thisisudax.org/downloads/JRT.exe

 

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

 

Tutorial do Junkware Removal Tool

 

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

 

Ficamos na espera.

Compartilhar este post

Link para o post
Compartilhar em outros sites

carol2906    0

carol2906
Postado

Boa noite!

 

Através do programa ccleaner escolhi os programas que deveriam iniciar com o windows.

Porém o programa Junkware removal tool não executa de forma alguma :-(

 

Até mais

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

Desative temporariamente seu antivírus para evitar conflitos.

 

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:

http://www.hijackthis.nl/smeenk/

 

:seta: Para executá-lo corretamente siga as dicas deste tutorial:

 

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

 

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Compartilhar este post

Link para o post
Compartilhar em outros sites

carol2906    0

carol2906
Postado

Boa noite,

 

Agora consegui executar o zoek. Segue log.

 

Zoek.exe v5.0.0.0 Updated 05-July-2014
Tool run by Carol on 10/07/2014 at 17:21:35,46.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Carol\Desktop\zoek.exe [scan all users] [script inserted]
==== System Restore Info ======================
10/07/2014 17:25:42 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-725345543-920026266-1801674531-1005\Software\Microsoft\Internet Explorer\SearchScopes\{9D58093C-0A7F-4849-881F-B195913CE3A1} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Documents and Settings\Carol\Dados de aplicativos\Mozilla\Firefox\Profiles\pqdvgsis.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
Added to C:\Documents and Settings\Carol\Dados de aplicativos\Mozilla\Firefox\Profiles\pqdvgsis.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Documents and Settings\Carol\Dados de aplicativos\Mozilla\Firefox\Profiles\pqdvgsis.default
user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 0);
---- FireFox user.js and prefs.js backups ----
prefs_072014_1741_.backup
==== Deleting Files \ Folders ======================
C:\Arquivos de programas\Yahoo! deleted
C:\Arquivos de programas\MyFree Codec deleted
C:\Documents and Settings\Carol\Dados de aplicativos\ZoomBrowser EX deleted
C:\Documents and Settings\Carol\Dados de aplicativos\Yahoo! deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\APN deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\boost_interprocess deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\AVG January 2013 Campaign deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\Package Cache deleted
C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\speeddial.crx deleted
C:\Documents and Settings\All Users\Menu Iniciar\Programas\MyFree Codec deleted
C:\WINDOWS\SET3.tmp deleted
C:\WINDOWS\SET4.tmp deleted
C:\WINDOWS\SET8.tmp deleted
C:\WINDOWS\System32\is-PF69S.tmp deleted
C:\Documents and Settings\Carol\Dados de aplicativos\unins000.exe deleted
C:\Documents and Settings\Carol\Dados de aplicativos\unins001.exe deleted
C:\Documents and Settings\Carol\Dados de aplicativos\unins002.exe deleted
"C:\WINDOWS\Installer\8768a.msi" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [10/10/2009 21:00]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886D}"="C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\cef\xpi" [06/06/2014 16:34]
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\Carol\Dados de aplicativos\Mozilla\Firefox\Profiles\pqdvgsis.default
- Site Matcher Pro - %ProfilePath%\extensions\matchersitepro@matchersitepro.com
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\Carol\Dados de aplicativos\Mozilla\Firefox\Profiles\pqdvgsis.default
4390CCD3790F8D9C427C0C29590C62D7 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
FB5621842FDABF9F8359775573498FBC - C:\Arquivos de programas\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update
14365399E83D7BC15760E8676E890C87 - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
14365399E83D7BC15760E8676E890C87 - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
34663C9214E30B9B80F1D35A074B8DFC - C:\Arquivos de programas\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.5
7DD81A64EB213BF1FB8656345C6A6F1D - C:\Arquivos de programas\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.5
D86F9B69869E9354C2031B564998DFB1 - C:\Arquivos de programas\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.5
57BCE27582F15E360F6003DC67B8C2CC - C:\Arquivos de programas\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.5
5D12C858A31BBBE00B040CC7B72035B4 - C:\Arquivos de programas\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.5
F045DF7AF127DC4BCC53421850114E15 - C:\Arquivos de programas\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In
2F4781F84C92E8C4B1586E47A78E8A61 - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.50.255
18C6A57B569F088C2BD7B828A211AC06 - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll - Java Platform SE 7 U5
81D388824634378A37765FD943FB3144 - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
A93A4FC3B7596E9EA4FC203195FF77B6 - C:\Arquivos de programas\Photodex Presenter\npPxPlay.dll - Photodex Presenter Plugin
1C8124B6A03A620EB0CBCA615666D2AE - C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
CF4ABE599858E10EEB911E16FBCFD87D - C:\Arquivos de programas\Windows Media Player\npdrmv2.dll - Microsoft® DRM
76E34EA1089E92709C5725407B565DA1 - C:\Arquivos de programas\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
02A4A41FAC9BF96155B3E8068D1DF4B6 - C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
7D28153B7D586330678AD522B71D89CB - C:\Arquivos de programas\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
mdebcffgnijbblbinknkbefciofebcda - C:\DOCUME~1\Carol\CONFIG~1\Temp\crx70.tmp[]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
abmojiekfpcmkkfamgfcpgfgipocface - C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\abn\sf.crx[26/10/2013 08:55]
apdfllckaahabafndbhieahigkjlhalf - C:\DOCUME~1\Carol\CONFIG~1\DADOSD~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[]
nnjbodopomfddehlalfilheomcahbpei - C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\cef\sf.crx[02/01/2014 08:48]
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\bb\sf.crx[07/12/2013 14:27]
GBBD Banco Santander (Brasil) S.A. - Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\abmojiekfpcmkkfamgfcpgfgipocface
YouTube - Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
GBBD Banco Santander (Brasil) S.A. - Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\idnljhnpjegfbcohjhdnhjlnfnffmbnf
Google Mail Checker - Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff
Cath Kidston - Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\ndlpkmaeinmnbiadacenijnhlolneopm
Google Wallet - Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Caixa Economica Federal - Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei
GBBD Caixa Economica Federal - Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi
GBBD Banco do Brasil - Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
Gmail - Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{searchCLSID} Unknown Url="Not_Found"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"
{24A32B97-ECD3-5376-ACF9-7B4F1A656AAF} Unknown Url="Not_Found"
{72AEB4FE-ED71-0452-D2D2-3585281541E1} Unknown Url="Not_Found"
==== Reset Google Chrome ======================
C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-725345543-920026266-1801674531-1005\Software\Microsoft\Internet Explorer\SearchScopes\{24A32B97-ECD3-5376-ACF9-7B4F1A656AAF} deleted successfully
HKEY_USERS\S-1-5-21-725345543-920026266-1801674531-1005\Software\Microsoft\Internet Explorer\SearchScopes\{72AEB4FE-ED71-0452-D2D2-3585281541E1} deleted successfully
==== Deleting CLSID Registry Values ======================
==== shortcuts on Users Desktops ======================
C:\Documents and Settings\Carol\Desktop\Atalho para uTorrent.lnk - C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\Documents and Settings\Carol\Desktop\Google Chrome.lnk - C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Carol\Desktop\PUC PEDAGOGIA.lnk - F:\Documents and Settings\Carol\PUC PEDAGOGIA
==== shortcuts on All Users Desktop ======================
C:\Documents and Settings\All Users\Desktop\aTube Catcher.lnk - C:\Arquivos de programas\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Documents and Settings\All Users\Desktop\Camtasia Studio 5.lnk - C:\Arquivos de programas\TechSmith\Camtasia Studio 5\CamtasiaStudio.exe
C:\Documents and Settings\All Users\Desktop\CCleaner.lnk - C:\Arquivos de programas\CCleaner\CCleaner.exe
C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk - C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\All Users\Desktop\Samsung Kies (Lite).lnk - C:\Arquivos de programas\Samsung\Kies\KiesAgent.exe /lite
C:\Documents and Settings\All Users\Desktop\Samsung Kies.lnk - C:\Arquivos de programas\Samsung\Kies\KiesAgent.exe
C:\Documents and Settings\All Users\Desktop\Video Search.lnk - C:\Arquivos de programas\DsNET Corp\aTube Catcher 2.0\yct.exe /VIDEOSEARCH
==== shortcuts in Users Start Menu ======================
C:\Documents and Settings\Carol\Menu Iniciar\µTorrent.lnk - C:\Documents and Settings\Carol\Dados de aplicativos\uTorrent\uTorrent.exe
C:\Documents and Settings\Carol\Menu Iniciar\Programas\Eye Candy 5 Impact Manual.lnk - C:\Arquivos de programas\Adobe\Adobe Photoshop CS6\Plug-ins\Alien Skin\Eye Candy 5 Impact\EyeCandy5ImpactUsersGuide.pdf
C:\Documents and Settings\Carol\Menu Iniciar\Programas\Google Chrome\Google Chrome.lnk - C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
==== shortcuts in All Users Start Menu ======================
C:\Documents and Settings\All Users\Menu Iniciar\Programas\aTube Catcher\aTube Catcher.lnk - C:\Arquivos de programas\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\CorelDRAW Graphics Suite X6\CorelDRAW X6.lnk - c:\WINDOWS\Installer\{C5262276-0075-498B-B80F-7D997482E4DB}\NewShortcut1.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office Excel 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office Word 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Sony\Noise Reduction Plug-In 2.0\Noise Reduction Plug-In 2.0 Readme.lnk - C:\Arquivos de programas\Sony\Noise Reduction Plug-In 2.0\Readme\nr_readme.htm
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Sony\Sound Forge Pro 10.0\Sound Forge Pro 10.0 Readme.lnk - C:\Arquivos de programas\Sony\Sound Forge Pro 10.0\Readme\forge_readme.htm
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Sony\Sound Forge Pro 10.0\Sound Forge Pro 10.0.lnk - C:\Arquivos de programas\Sony\Sound Forge Pro 10.0\Forge100.exe
==== shortcuts in Quick Launch ======================
C:\Documents and Settings\Carol\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk - C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE /recycle
C:\Documents and Settings\Carol\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Carol\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk - C:\Arquivos de programas\Samsung\Kies\KiesAgent.exe /lite
C:\Documents and Settings\Carol\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk - C:\Arquivos de programas\Samsung\Kies\KiesAgent.exe
C:\Documents and Settings\Carol\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Arquivos de programas\Windows Media Player\wmplayer.exe /prefetch:1
C:\Documents and Settings\Carol\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Documents and Settings\Carol\Dados de aplicativos\uTorrent\uTorrent.exe
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_CURRENT_USER\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\crlregistrationf deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot) deleted successfully
==== Empty IE Cache ======================
C:\Documents and Settings\Carol\Configurações locais\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Carol\Configurações locais\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\pqdvgsis.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=53 folders=14 24522213 bytes)
==== Empty Temp Folders ======================
C:\Documents and Settings\Carol\Configurações locais\Temp will be emptied at reboot
C:\Documents and Settings\Default User\Configurações locais\temp emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\temp emptied successfully
C:\Documents and Settings\NetworkService\Configurações locais\temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\Carol\CONFIG~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

:seta: Faça o download do < ZHPDiag > < NicolasCoolman.jpg> ( ... de Nicolas Coolman )

 

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

 

2aa105k.jpg

 

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

 

Tutorial de instalação e execução do aplicativo ZHPDiag

 

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

Compartilhar este post

Link para o post
Compartilhar em outros sites

carol2906    0

carol2906
Postado

Bom dia,

 

Desculpe a demora em postar resposta, mas tive alguns contratempos.

 

Segue log do ZHP Diag:

~ Relatório do ZHPDiag v2014.8.3.113 - Nicolas Coolman (03/08/2014)
~ Iniciado por Carol (05/08/2014 11:19:42)
~ Endereço do Website : http://nicolascoolman.fr
~ Endereço do Webforum : http://forum.nicolascoolman.fr
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found
---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 30.0
GCIE: Google Chrome v36.0.1985.125 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
---\\ Softwares de proteçao do sistema
McAfee Security Scan Plus v3.8.141.11
---\\ Softwares d'optimização do sistema
CCleaner v3.11
---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.2.3.28705 =>P2P.µTorrent
---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3055 MB (61% free)
System Restore: Activé (Enable)
System drive C: has 40 GB (41%) free of 98 GB
---\\ Modo de conexão ao sistema
~ Computer Name: CASA-46997CABD5
~ User Name: Carol
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, Carol, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Carol\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\Carol\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\Carol\Desktop\
~ %Favorites% : C:\Documents and Settings\Carol\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\Carol\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 40 Go of 98 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 94 Go of 98 Go)
F: Hard drive, Flash drive, Thumb drive (Free 18 Go of 103 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 52 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.1BE73DF0AE36B73A8D097459EF0AC6E6] - (.Microsoft Corporation - Internet Extensions for Win32.) (.08/06/2013 - 03:24:02.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 10:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 10:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/04/2008 - 15:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/9852
~ Mes musiques (My Musics) : 2/675
~ Mes Videos (My Videos) : 1/259
~ Mes Favoris (My Favorites) : 1/10
~ Mes Documents (My Documents) : 4/15456
~ Mon Bureau (My Desktop) : 3/3291
~ Menu demarrer (Programs) : 1/46
~ Hidden Files: Scanned in 01mn 19s
---\\ Processos lançados
[MD5.B99C37364701D19F2B5C0A0E1ECCDB80] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe [519720] [PID.1492]
[MD5.6D4413938AF57EAB7CF4F06D652ACBD4] - (.Sagem Securite - Serv_SpUsb.) -- C:\WINDOWS\system32\Serv_SpUsb.exe [138752] [PID.1832]
[MD5.B122D463C76E0305C6F0C76932969F62] - (.Microsoft Corporation - Servidor de gerenciamento de recursos do ca.) -- C:\WINDOWS\System32\SCardSvr.exe [99328] [PID.508]
[MD5.73686FE0B2E0469F89FD2075BE724704] - (.Apple Computer, Inc. - Bonjour Service.) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe [229376] [PID.1192]
[MD5.D3F9205CC4CB07553F2F9472C767EA87] - (.Teruten - FsUsbDevice.) -- C:\WINDOWS\system32\FsUsbExService.exe [233472] [PID.132]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Google Installer.) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [136176] [PID.1504]
[MD5.4F2143570D2250CA4C4A4C98553C82CD] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [161704] [PID.1604]
[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.exe [322120] [PID.1628]
[MD5.6B5AF2DE1781726755B11FBDC57432F7] - (.OEM - ngslotd.) -- C:\Arquivos de programas\ngsrv\ngslotd.exe [56832] [PID.1532]
[MD5.D31F88C5F19EEFA366A415D6BC5F2ABC] - (.HP - PML Driver.) -- C:\WINDOWS\system32\HPZipm12.exe [69632] [PID.1916]
[MD5.543A4EF0923BF70D126625B034EF25AF] - (.Protexis Inc. - PsiService PsiService.) -- c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe [189728] [PID.1936]
[MD5.958E956E119EB7B9ABA142AFED1B5FF4] - (...) -- C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe [186760] [PID.160]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.844]
[MD5.18B6A913D2FBC0E5C02C14B24359E828] - (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\WINDOWS\system32\aetcrss1.exe [18944] [PID.836]
[MD5.BF8382259F4EAF534DC806D7C7B0AEAA] - (.Samsung - KiesPDLR.) -- C:\Arquivos de programas\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288] [PID.2180]
[MD5.DFB379511FC34C591421F47267410872] - (.Software Updater - Software Updater.) -- C:\Arquivos de programas\Software Updater\SoftwareUpdater.exe [2141776] [PID.2196] =>PUP.Eorezo
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.2460]
[MD5.C155A13687144076286989EF078112C2] - (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Arquivos de programas\ZHPDiag\ZHPhep.exe [1917440] [PID.2828]
[MD5.AAB9A24EC7199F18D588AA8BF705D345] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8084992] [PID.2316]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe [860488] [PID.4064]
~ Processes Running: Scanned in 00mn 01s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@photodex.com/PhotodexPresenter] - (.No owner - Photodex Presenter Plugin 4,10,0,2737.) -- C:\Arquivos de programas\Photodex Presenter\npPxPlay.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_abn.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1
~ IE Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehAbn.dll
~ BHO: 12 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Carol]: Atalho para uTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Arquivos de programas\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 01s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [CertificateRegistration] . (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\WINDOWS\system32\aetcrss1.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Arquivos de programas\QuickTime\qttask.exe
O4 - HKLM\..\RunOnce: [APN-Stub_ATU3] C:\Documents and Settings\All Users\Dados de aplicativos\APN\APN-Stub\ATU3\ApnSetup.exe (.not file.)
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeBridge] Chave orfã
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-725345543-920026266-1801674531-1005\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-725345543-920026266-1801674531-1005\..\Run: [AdobeBridge] Chave orfã
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancoreal.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancosantander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santanderempresarial.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} ((no name)) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} ((no name)) - https://imagem.caixa.gov.br/cab/gbpdist.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} ((no name)) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} ((no name)) - https://secure.logmein.com/activex/RACtrl.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E2A87FF-0AEA-49D3-90BD-D450CB5C356B}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{8E2A87FF-0AEA-49D3-90BD-D450CB5C356B}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{8E2A87FF-0AEA-49D3-90BD-D450CB5C356B}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.25.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginAbn . (.Banco Real - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WBSrv . (.Stardock Corporation - WBSrv.dll.) -- C:\Arquivos de programas\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - Pasta e monitor da bandeja UPNP.) -- C:\WINDOWS\system32\upnpui.dll
~ SSODL: 6 Legitimates Filtered in 00mn 00s
---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
O23 - Service: ngSlotDaemon (ngSlotD) . (.OEM - ngslotd.) - C:\Arquivos de programas\ngsrv\ngslotd.exe
O23 - Service: ScsiAccess (ScsiAccess) . (...) - C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe
~ Services: 12 Legitimates Filtered in 00mn 09s
---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for RootKit Detection.) - C:\WINDOWS\system32\DRIVERS\avipbb.sys
O41 - Driver: (Bfilter) . (. - .) - C:\WINDOWS\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\WINDOWS\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\WINDOWS\system32\drivers\bnbase.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\WINDOWS\system32\drivers\bndef.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\WINDOWS\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: ({6fcd6092-9615-4f7f-8898-8df53980e5d2}t) . (.StdLib - StdLib.) - C:\WINDOWS\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}t.sys =>PUP.LinkiDoo
O41 - Driver: ({a3f28269-ad17-41a8-b032-3e0313ef8979}Gt) . (.StdLib - StdLib.) - C:\WINDOWS\system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gt.sys =>PUP.LinkiDoo
~ Drivers: 93 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Cadeias de Certificação Prodemge - 01/2012 - (.Prodemge.) [HKLM] -- Cadeias de Certificação Prodemge_is1
O42 - Logiciel: DOI - (...) [HKLM] -- DOI
O42 - Logiciel: Fix Print 3.7 - (.Nova Consultoria.) [HKLM] -- {91C9FA89-44F6-4D7A-A006-25816412CCCC}_is1
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: IRPF2010 - Declaração de Ajuste Anual e Final de Espólio - (...) [HKLM] -- IRPF2010 - Declaração de Ajuste Anual e Final de Espólio
O42 - Logiciel: IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2011
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2012
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: LIVE! Control Center 1.03 - (.OEM.) [HKLM] -- {271F5A67-A83A-4985-B41B-201EB267E6CF}
O42 - Logiciel: LIVE! OSD 1.03 - (.OEM.) [HKLM] -- {73289228-1853-4623-982A-EB17FF0270CA}
O42 - Logiciel: Módulo Adicional de Segurança CAIXA - (...) [HKLM] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1
O42 - Logiciel: Módulo de Proteção - Banco Santander (Brasil) S.A. - (...) [HKLM] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: Receitanet 2010 - (...) [HKLM] -- Receitanet
O42 - Logiciel: SafeSign - (.A.E.T. Europe B.V..) [HKLM] -- {2DF407D3-A8AD-4ACF-BFD5-5F7D42EC62FD}
O42 - Logiciel: Xenofex 1.0 - (...) [HKLM] -- Xenofex 1.0
O42 - Logiciel: ePass2000 (Somente remover) - (...) [HKLM] -- 4673551D-STFT12-4FE7-A218-48BDAE051E2B_std
~ Logic: 56 Legitimates Filtered in 00mn 03s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\A.E.T. Europe B.V.]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKCU\Software\ECS]
[HKCU\Software\EXPStudio]
[HKCU\Software\GbAs]
[HKCU\Software\UltraDownloads.com.br]
[HKCU\Software\Zhuk]
[HKLM\Software\A.E.T. Europe B.V.]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Baidu Security]
[HKLM\Software\Baidu_Drp_pos]
[HKLM\Software\FTDriver]
[HKLM\Software\NGSrv]
[HKLM\Software\Programas RFB]
[HKLM\Software\SiteFinder] =>Adware.ShoppingReport
[HKLM\Software\baidu]
~ Key Software: 694 Legitimates Filtered in 00mn 03s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 15/01/2012 - 16:47:08 - [] ----D C:\Arquivos de programas\3D Canvas 8
O43 - CFD: 26/02/2014 - 19:52:55 - [] ----D C:\Arquivos de programas\A.E.T. Europe B.V
O43 - CFD: 13/07/2010 - 17:07:20 - [] ----D C:\Arquivos de programas\Alterdata
O43 - CFD: 31/10/2009 - 13:57:10 - [] ----D C:\Arquivos de programas\Ares Music
O43 - CFD: 04/12/2013 - 17:47:28 - [] ----D C:\Arquivos de programas\Baidu Security
O43 - CFD: 18/06/2014 - 19:34:52 - [] ----D C:\Arquivos de programas\Baidu-Security-2014-4.4.4.73687
O43 - CFD: 18/01/2012 - 22:02:19 - [] ----D C:\Arquivos de programas\Baixo Cidade
O43 - CFD: 03/05/2013 - 12:10:41 - [] -S--D C:\Arquivos de programas\d3ed
O43 - CFD: 26/03/2010 - 09:46:05 - [] ----D C:\Arquivos de programas\Declaração Anual de Movimento Econômico
O43 - CFD: 06/01/2010 - 21:14:09 - [] ----D C:\Arquivos de programas\DigiPix
O43 - CFD: 07/07/2014 - 10:39:13 - [] ----D C:\Arquivos de programas\Expstudio
O43 - CFD: 25/09/2013 - 12:20:39 - [] ----D C:\Arquivos de programas\Fix Print
O43 - CFD: 01/02/2011 - 22:22:17 - [] ----D C:\Arquivos de programas\IPPS
O43 - CFD: 21/07/2010 - 09:56:32 - [] ----D C:\Arquivos de programas\MiniBiblio
O43 - CFD: 15/12/2009 - 20:36:57 - [] ----D C:\Arquivos de programas\ngsrv
O43 - CFD: 26/02/2014 - 20:02:56 - [] ----D C:\Arquivos de programas\Programas RFB
O43 - CFD: 01/09/2009 - 09:15:55 - [] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 18/06/2014 - 19:27:34 - [0] ----D C:\Arquivos de programas\SiteLookup
O43 - CFD: 22/02/2011 - 14:44:29 - [] ----D C:\Arquivos de programas\Zhuk
O43 - CFD: 06/09/2009 - 16:53:13 - [] ----D C:\Arquivos de programas\Arquivos comuns\Opus Shared
O43 - CFD: 01/09/2009 - 09:15:26 - [] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 26/02/2014 - 19:52:53 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\A.E.T. Europe B.V
O43 - CFD: 14/07/2014 - 11:54:39 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security
O43 - CFD: 29/08/2011 - 16:46:03 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\IM
O43 - CFD: 29/08/2011 - 16:44:44 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\IncrediMail
O43 - CFD: 04/12/2013 - 17:48:58 - [] ----D C:\Documents and Settings\Carol\Dados de aplicativos\Baidu Security
O43 - CFD: 04/05/2013 - 07:42:56 - [0] -S--D C:\Documents and Settings\Carol\Dados de aplicativos\cce5c
O43 - CFD: 26/02/2014 - 19:56:02 - [] ----D C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\A.E.T. Europe B.V
O43 - CFD: 14/08/2012 - 19:36:27 - [] ----D C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Ares
O43 - CFD: 10/08/2010 - 20:44:12 - [] ----D C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\bi
O43 - CFD: 22/02/2011 - 14:48:16 - [] ----D C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Oleg_Zhuk
O43 - CFD: 05/05/2010 - 18:24:38 - [] R---D C:\Documents and Settings\Carol\Menu Iniciar\Programas\Acessórios
O43 - CFD: 09/07/2014 - 12:34:09 - [] R---D C:\Documents and Settings\Carol\Menu Iniciar\Programas\Inicializar
O43 - CFD: 26/02/2012 - 08:56:11 - [] ----D C:\Documents and Settings\Carol\Menu Iniciar\Programas\Programas RFB2012
O43 - CFD: 01/03/2013 - 06:11:14 - [] ----D C:\Documents and Settings\Carol\Menu Iniciar\Programas\Programas RFB2013
O43 - CFD: 26/02/2014 - 20:06:30 - [] ----D C:\Documents and Settings\Carol\Menu Iniciar\Programas\Programas RFB2014
~ Program Folder: 287 Legitimates Filtered in 00mn 07s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.EDCEAF74C3345517A2F792ED64558A92] - 04/08/2014 - 22:30:36 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [116]
O44 - LFC:[MD5.B160951916A8001C38DBC47E21046C8B] - 05/08/2014 - 11:07:42 ---A- . (...) -- C:\WINDOWS\wiaservc.log [48]
O44 - LFC:[MD5.F3C5F83862C39854AEBA1863B63EF820] - 05/08/2014 - 11:07:45 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.8FCA7D8A9C8AE5CC7BD1C2D06995DC8D] - 05/08/2014 - 11:13:51 ---A- . (.GAS Tecnologia - GAS Tecnologia - IM Helper Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31448]
~ Files: 11 Legitimates Filtered in 00mn 19s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Ares\Ares.exe" [Enabled] .(...) -- C:\Arquivos de programas\Ares\Ares.exe (.not file.)
~ Keys Export: 17 Legitimates Filtered in 00mn 00s
---\\ Negação do serviço (Local Security Authority) (048)
~ LSA: 6 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\epsng_certd [Key] . (.OEM - Certificate Daemon.) -- C:\Arquivos de programas\ngsrv\epsng_certd.exe
~ SMSR Keys: 21 Legitimates Filtered in 00mn 01s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\WINDOWS\system32\Drivers\360FileOem.sys [146304]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\WINDOWS\system32\Drivers\360HookOem.sys [54912]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\WINDOWS\system32\Drivers\360RegOem.sys [23168]
O58 - SDL:13/02/2009 - 11:17:49 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver.) -- C:\WINDOWS\system32\Drivers\avgntdd.sys [45416]
O58 - SDL:07/12/2009 - 21:23:39 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\WINDOWS\system32\Drivers\avgntflt.sys [56816]
O58 - SDL:13/02/2009 - 11:29:11 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver Manager.) -- C:\WINDOWS\system32\Drivers\avgntmgr.sys [22360]
O58 - SDL:30/03/2009 - 09:33:07 ---A- . (.Avira GmbH - Avira Driver for RootKit Detection.) -- C:\WINDOWS\system32\Drivers\avipbb.sys [96104]
O58 - SDL:25/09/2010 - 19:09:01 ---A- . (.Windows ® 2000 DDK provider - Mirror Miniport Driver.) -- C:\WINDOWS\system32\Drivers\bbcap.sys [2944]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:22/05/2013 - 20:43:44 ---A- . (.Devguru Co., Ltd - Device Error Recovery SDK(x86).) -- C:\WINDOWS\system32\Drivers\dgderdrv.sys [20032]
O58 - SDL:16/03/2009 - 15:32:56 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\WINDOWS\system32\Drivers\ecskbc.sys [4096]
O58 - SDL:07/01/2009 - 11:27:06 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ECSLiveIO.sys [16336]
O58 - SDL:16/03/2009 - 15:47:16 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\WINDOWS\system32\Drivers\ecsmouclass.sys [3968]
O58 - SDL:15/12/2009 - 20:36:58 ---A- . (.No owner - USB Smart Card Driver.) -- C:\WINDOWS\system32\Drivers\ft12usb.sys [11904]
O58 - SDL:23/09/2013 - 19:10:32 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\WINDOWS\system32\Drivers\GbpKm.sys [46392]
O58 - SDL:05/08/2014 - 11:13:51 ---A- . (.GAS Tecnologia - GAS Tecnologia - IM Helper Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31448]
O58 - SDL:16/03/2009 - 15:33:48 ---A- . (.Windows ® Codename Longhorn DDK provider - KBFiltr.) -- C:\WINDOWS\system32\Drivers\GpdKBFilter.sys [4096]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:19/03/2007 - 16:00:14 ---A- . (...) -- C:\WINDOWS\system32\Drivers\RLVrtAuCbl.sys [31616]
O58 - SDL:15/12/2009 - 20:36:58 ---A- . (.OEM - This is used by FT12 Readers.) -- C:\WINDOWS\system32\Drivers\smccardc.sys [13056]
O58 - SDL:11/05/2009 - 09:12:24 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\Drivers\ssmdrv.sys [28520]
O58 - SDL:02/05/2013 - 01:23:50 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\WINDOWS\system32\Drivers\ssudbus.sys [83864]
O58 - SDL:02/05/2013 - 01:23:50 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\WINDOWS\system32\Drivers\ssudmdm.sys [181912]
O58 - SDL:25/10/2007 - 16:26:10 ---A- . (...) -- C:\WINDOWS\system32\Drivers\StarOpen.sys [5632]
O58 - SDL:04/05/2013 - 15:50:13 ---A- . (...) -- C:\WINDOWS\system32\Drivers\TrueSight.sys [15616]
O58 - SDL:13/07/2009 - 01:07:46 ---A- . (...) -- C:\WINDOWS\system32\Drivers\uxpatch.sys [25448]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:07/07/2014 - 05:44:56 ---A- . (.StdLib - StdLib.) -- C:\WINDOWS\system32\Drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}t.sys [55224] =>PUP.LinkiDoo
O58 - SDL:16/06/2014 - 15:52:00 ---A- . (.StdLib - StdLib.) -- C:\WINDOWS\system32\Drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gt.sys [55232] =>PUP.LinkiDoo
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:16/03/2009 - 15:32:56 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\WINDOWS\system32\ecskbc.sys [4096]
O58 - SDL:07/01/2009 - 11:27:06 ---A- . (...) -- C:\WINDOWS\system32\ECSLiveIO.sys [16336]
O58 - SDL:16/03/2009 - 15:47:16 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\WINDOWS\system32\ecsmouclass.sys [3968]
O58 - SDL:07/04/2009 - 08:39:44 ---A- . (...) -- C:\WINDOWS\system32\FsUsbExDisk.Sys [36608]
O58 - SDL:16/03/2009 - 15:33:48 ---A- . (.Windows ® Codename Longhorn DDK provider - KBFiltr.) -- C:\WINDOWS\system32\GpdKBFilter.sys [4096]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:13/12/2009 - 08:47:41 -SHA- . (...) -- C:\WINDOWS\system32\KGyGaAvL.sys [952]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 83 Legitimates Filtered in 00mn 03s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 31/05/2012 - C:\WINDOWS\system32\drivers\360HookOem.sys (360HookOem) .(.360安全中心 - 360HookOem.) - LEGACY_360HOOKOEM
O64 - Services: CurCS - 13/02/2009 - C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys (avgio) .(.Avira GmbH - Avira AntiVir Support for Minifilter.) - LEGACY_AVGIO
O64 - Services: CurCS - 28/02/2006 - C:\Arquivos de programas\Bonjour\mDNSResponder.exe (Bonjour Service) .(.Apple Computer, Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE
O64 - Services: CurCS - 23/09/2013 - C:\WINDOWS\system32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 21/02/2014 - C:\Arquivos de programas\GbPlugin\gbpsv.exe (GbpSv) .(.GAS Tecnologia - G-Buster Browser Defense - Service.) - LEGACY_GBPSV
O64 - Services: CurCS - 15/12/2009 - C:\Arquivos de programas\ngsrv\ngslotd.exe (ngSlotD) .(.OEM - ngslotd.) - LEGACY_NGSLOTD
O64 - Services: CurCS - 01/07/2010 - C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe (ScsiAccess) .(...) - LEGACY_SCSIACCESS
O64 - Services: CurCS - 07/07/2014 - C:\WINDOWS\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}t.sys ({6fcd6092-9615-4f7f-8898-8df53980e5d2}t) .(.StdLib - StdLib.) - LEGACY_{6FCD6092-9615-4F7F-8898-8DF53980E5D2}T =>PUP.LinkiDoo
O64 - Services: CurCS - 16/06/2014 - C:\WINDOWS\system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gt.sys ({a3f28269-ad17-41a8-b032-3e0313ef8979}Gt) .(.StdLib - StdLib.) - LEGACY_{A3F28269-AD17-41A8-B032-3E0313EF8979}GT =>PUP.LinkiDoo
~ Legacy: 167 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (...) -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: <Google Chrome.Carol> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.B3EB4098F08B2B50BF48BEEA0F1271D2] [sPRF][02/06/2014] (...) -- C:\Documents and Settings\Carol\Dados de aplicativos\unins000.dat [44697]
[MD5.47998C7FA68804E7C40FDED47C60736E] [sPRF][14/06/2013] (...) -- C:\Documents and Settings\Carol\Dados de aplicativos\unins001.dat [11878]
[MD5.E214648F8846D213C0C750691F46113B] [sPRF][08/03/2014] (...) -- C:\Documents and Settings\Carol\Dados de aplicativos\unins002.dat [34116]
[MD5.DB95B03031E66AC45495EDF1D16B8887] [sPRF][09/07/2014] (...) -- C:\Documents and Settings\Carol\Desktop\AdwCleaner.exe [1348263]
[MD5.C93911B62EA4BF0AEF1B16596302018E] [sPRF][18/06/2014] (...) -- C:\Documents and Settings\Carol\Desktop\atube-catcher-3-8-7971-32-bits.exe [670888]
[MD5.3D4A630F2DA832C1529CC6D2D8C3A95B] [sPRF][18/03/2013] (...) -- C:\Documents and Settings\Carol\Desktop\camtasia-studio-804-build-1060-baixaki-32-bits.exe [649968]
[MD5.9A4022CAA9CC2EF1820F360991502108] [sPRF][07/07/2014] (...) -- C:\Documents and Settings\Carol\Desktop\expstudio-audio-editor-free-4-31-32-bits.exe [670920]
[MD5.BD41EA356CB85FCD663588504B50113C] [sPRF][28/05/2014] (.Banco Santander (Brasil) S.A. - Módulo de Proteção - Banco Santander (Brasil) S.A..) -- C:\Documents and Settings\Carol\Desktop\gbplugin2.exe [5738152]
[MD5.20C80FB1BC968D22A1B248725BAF5E2D] [sPRF][22/05/2013] (...) -- C:\Documents and Settings\Carol\Desktop\LimpaPenDrive.bat [2050]
[MD5.352E8561E633B17ED22012366721FFDC] [sPRF][10/07/2014] (...) -- C:\Documents and Settings\Carol\Desktop\zoek.exe [1285120]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [sPRF][01/01/1601] (...) -- C:\WINDOWS\Downloaded Program Files\gbpdist.dll [99392]
[MD5.8F700DA1A1A75501D6EEF76BC866EB29] [sPRF][16/05/2011] (...) -- C:\WINDOWS\Downloaded Program Files\LMIProxyHelper.exe [70984]
[MD5.E20F38184ECB403A82FFE0096D3CCCCD] [sPRF][15/12/2011] (...) -- C:\WINDOWS\Downloaded Program Files\RACtrl.dll [4617616]
~ Files: 22 Legitimates Filtered in 00mn 15s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 09/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 13/05/2009 108289 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
SS - | Auto 21/07/2009 185089 | (AntiVirService) . (.Avira GmbH.) - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 02/09/2009 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 18/03/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 23/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 07/04/2008 430592 | (ServiceLayer) . (.Nokia..) - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 28/02/2006 229376 | (Bonjour Service) . (.Apple Computer, Inc..) - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
SR - | Auto 07/04/2009 233472 | (FsUsbExService) . (.Teruten.) - C:\WINDOWS\system32\FsUsbExService.exe
SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
SR - | Auto 18/03/2010 136176 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SR - | Auto 05/07/2012 161704 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
SR - | Auto 15/11/2010 138752 | (MSO_SpUsb_Service) . (.Sagem Securite.) - C:\WINDOWS\system32\Serv_SpUsb.exe
SR - | Auto 15/12/2009 56832 | (ngSlotD) . (.OEM.) - C:\Arquivos de programas\ngsrv\ngslotd.exe
SR - | Auto 03/03/2006 69632 | (Pml Driver HPZ12) . (.HP.) - C:\WINDOWS\system32\HPZipm12.exe
SR - | Auto 10/03/2010 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe
SR - | Auto 01/07/2010 186760 | (ScsiAccess) . (...) - C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe
~ Services: Scanned in 00mn 21s
---\\ Scâner Aditional (088)
Database Version : 13026 - (03/08/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2
[HKCU\Software\SoftwareUpdater] =>Hijacker.Eazel
C:\Arquivos de programas\Software Updater\SoftwareUpdater.exe =>PUP.Eorezo^
[HKLM\Software\SiteFinder] =>Adware.ShoppingReport^
~ Additionnel Scan: 472909 Items scanned in 02mn 21s
---\\ Informações complémentaires do módulos
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Gestão do Proxy (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects do navegador (02)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Barras do Internet Explorer (03))
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Aplicações iniciadas por registo & pastas (04)
~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50)
~ AMI: 5 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 4 link(s) detected in 00mn 00s
~ 1196 Legitimates filtered by white list
End of the scan (626 lines in 05mn 53s)(0)

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

:seta: Acesse o site https://www.virustotal.com e envie este arquivo destacado em negrito abaixo para ser analisado (se o site informar que ele já foi analisado, peça para analisar novamente):

 

C:\WINDOWS\system32\Serv_SpUsb.exe

 

Assim que a análise dele for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta juntamente com o relatório pedido nesta postagem.

 

Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:

 

Analise arquivos e links suspeitos de forma online e totalmente gratuita

___________________________________________________________________________

 

:seta: Selecione e copie todo o texto destacado em vermelho que te passei.

_____________________________________________________________________________________________________________

 

:seta: Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

 

Copie este relatório e poste em sua próxima resposta juntamente com o link da análise do arquivo no site Virus Total.

Compartilhar este post

Link para o post
Compartilhar em outros sites

carol2906    0

carol2906
Postado

Boa tarde,

 

Segue link do vírus total e log do ZH Fix.

 

https://www.virustotal.com/pt/file/fef7f7aee0324d88c6fc7dea407efa31ce333e0ac94a8a6e2ece7d82aadd150c/analysis/1407256185/

 

Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by Carol at 05/08/2014 13:32:53
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)
Reciclagem vazia (00mn 17s)
Reparação de atalhos do navegador
========== Processo memória ==========
ELIMINÉ: Memory Process: C:\Arquivos de programas\Software Updater\SoftwareUpdater.exe
========== Estado dos serviços ==========
{6FCD6092-9615-4F7F-8898-8DF53980E5D2}T Parado
{A3F28269-AD17-41A8-B032-3E0313EF8979}GT Parado
========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: {6fcd6092-9615-4f7f-8898-8df53980e5d2}t
ELIMINÉ Driver Key: {a3f28269-ad17-41a8-b032-3e0313ef8979}Gt
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baidu
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\SiteFinder
ELIMINÉ: HKLM\Software\baidu
ELIMINÉ: HKCU\Software\SoftwareUpdater
========== Valores do Registo ==========
ELIMINÉ RunValue: APN-Stub_ATU3
ELIMINÉ RunValue: AdobeBridge
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\windows\system32\drivers\360hookoem.sys
ELIMINÉ: c:\windows\system32\drivers\360regoem.sys
ELIMINÉ: c:\windows\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}t.sys
ELIMINÉ: c:\windows\system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}gt.sys
ELIMINÉ:* c:\arquivos de programas\software updater\softwareupdater.exe
ELIMINÉ Temporários windows (85) (20.685.969 octets)
ELIMINÉ Flash Cookies (4) (564 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Processo memória
14 : Chaves do Registo
2 : Valores do Registo
1 : Pastas
7 : Ficheiros
2 : Estado dos serviços
1 : Restauração Sistema
End of clean in 00mn 36s
========== Caminho do ficheiro do relatório ==========
C:\Documents and Settings\Carol\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 05/08/2014 13:33:11 [2146]

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

Abra novamente o ( ZHPDiag )

 

ZHPDiag_Pergaminho2_zps6e758639.jpg

 

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

 

ZHPDiag_Pesquisar_zps3acb0f25.jpg

 

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

 

zhpdia11.png

Compartilhar este post

Link para o post
Compartilhar em outros sites

carol2906    0

carol2906
Postado

Boa tarde,

 

Segue log do ZHP

 

~ Relatório do ZHPDiag v2014.8.3.113 - Nicolas Coolman (03/08/2014)
~ Iniciado por Carol (05/08/2014 15:51:50)
~ Endereço do Website : http://nicolascoolman.fr
~ Endereço do Webforum : http://forum.nicolascoolman.fr
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found
---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 30.0
GCIE: Google Chrome v36.0.1985.125 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
---\\ Softwares de proteçao do sistema
McAfee Security Scan Plus v3.8.141.11
---\\ Softwares d'optimização do sistema
CCleaner v3.11
---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.2.3.28705 =>P2P.µTorrent
---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3055 MB (48% free)
System Restore: Activé (Enable)
System drive C: has 40 GB (41%) free of 98 GB
---\\ Modo de conexão ao sistema
~ Computer Name: CASA-46997CABD5
~ User Name: Carol
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, Carol, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Carol\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\Carol\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\Carol\Desktop\
~ %Favorites% : C:\Documents and Settings\Carol\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\Carol\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 40 Go of 98 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 94 Go of 98 Go)
F: Hard drive, Flash drive, Thumb drive (Free 21 Go of 103 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 52 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.1BE73DF0AE36B73A8D097459EF0AC6E6] - (.Microsoft Corporation - Internet Extensions for Win32.) (.08/06/2013 - 03:24:02.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 10:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 10:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/04/2008 - 15:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/9852
~ Mes musiques (My Musics) : 2/675
~ Mes Videos (My Videos) : 1/259
~ Mes Favoris (My Favorites) : 1/10
~ Mes Documents (My Documents) : 4/15456
~ Mon Bureau (My Desktop) : 3/3294
~ Menu demarrer (Programs) : 1/46
~ Hidden Files: Scanned in 00mn 53s
---\\ Processos lançados
[MD5.B99C37364701D19F2B5C0A0E1ECCDB80] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe [519720] [PID.1492]
[MD5.6D4413938AF57EAB7CF4F06D652ACBD4] - (.Sagem Securite - Serv_SpUsb.) -- C:\WINDOWS\system32\Serv_SpUsb.exe [138752] [PID.1832]
[MD5.B122D463C76E0305C6F0C76932969F62] - (.Microsoft Corporation - Servidor de gerenciamento de recursos do ca.) -- C:\WINDOWS\System32\SCardSvr.exe [99328] [PID.508]
[MD5.73686FE0B2E0469F89FD2075BE724704] - (.Apple Computer, Inc. - Bonjour Service.) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe [229376] [PID.1192]
[MD5.D3F9205CC4CB07553F2F9472C767EA87] - (.Teruten - FsUsbDevice.) -- C:\WINDOWS\system32\FsUsbExService.exe [233472] [PID.132]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Google Installer.) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [136176] [PID.1504]
[MD5.4F2143570D2250CA4C4A4C98553C82CD] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [161704] [PID.1604]
[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.exe [322120] [PID.1628]
[MD5.6B5AF2DE1781726755B11FBDC57432F7] - (.OEM - ngslotd.) -- C:\Arquivos de programas\ngsrv\ngslotd.exe [56832] [PID.1532]
[MD5.D31F88C5F19EEFA366A415D6BC5F2ABC] - (.HP - PML Driver.) -- C:\WINDOWS\system32\HPZipm12.exe [69632] [PID.1916]
[MD5.543A4EF0923BF70D126625B034EF25AF] - (.Protexis Inc. - PsiService PsiService.) -- c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe [189728] [PID.1936]
[MD5.958E956E119EB7B9ABA142AFED1B5FF4] - (...) -- C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe [186760] [PID.160]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.844]
[MD5.18B6A913D2FBC0E5C02C14B24359E828] - (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\WINDOWS\system32\aetcrss1.exe [18944] [PID.836]
[MD5.BF8382259F4EAF534DC806D7C7B0AEAA] - (.Samsung - KiesPDLR.) -- C:\Arquivos de programas\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288] [PID.2180]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.2460]
[MD5.C155A13687144076286989EF078112C2] - (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Arquivos de programas\ZHPDiag\ZHPhep.exe [1917440] [PID.2828]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe [860488] [PID.2240]
[MD5.AAB9A24EC7199F18D588AA8BF705D345] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8084992] [PID.4264]
~ Processes Running: Scanned in 00mn 01s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@photodex.com/PhotodexPresenter] - (.No owner - Photodex Presenter Plugin 4,10,0,2737.) -- C:\Arquivos de programas\Photodex Presenter\npPxPlay.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_abn.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1
~ IE Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehAbn.dll
~ BHO: 12 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Carol]: Atalho para uTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Arquivos de programas\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 01s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [CertificateRegistration] . (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\WINDOWS\system32\aetcrss1.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Arquivos de programas\QuickTime\qttask.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-725345543-920026266-1801674531-1005\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancoreal.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancosantander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santanderempresarial.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} ((no name)) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} ((no name)) - https://imagem.caixa.gov.br/cab/gbpdist.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} ((no name)) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} ((no name)) - https://secure.logmein.com/activex/RACtrl.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E2A87FF-0AEA-49D3-90BD-D450CB5C356B}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{8E2A87FF-0AEA-49D3-90BD-D450CB5C356B}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{8E2A87FF-0AEA-49D3-90BD-D450CB5C356B}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.25.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginAbn . (.Banco Real - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WBSrv . (.Stardock Corporation - WBSrv.dll.) -- C:\Arquivos de programas\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - Pasta e monitor da bandeja UPNP.) -- C:\WINDOWS\system32\upnpui.dll
~ SSODL: 6 Legitimates Filtered in 00mn 00s
---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
O23 - Service: ngSlotDaemon (ngSlotD) . (.OEM - ngslotd.) - C:\Arquivos de programas\ngsrv\ngslotd.exe
O23 - Service: ScsiAccess (ScsiAccess) . (...) - C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe
~ Services: 12 Legitimates Filtered in 00mn 07s
---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for RootKit Detection.) - C:\WINDOWS\system32\DRIVERS\avipbb.sys
O41 - Driver: (Bfilter) . (. - .) - C:\WINDOWS\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\WINDOWS\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\WINDOWS\system32\drivers\bnbase.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\WINDOWS\system32\drivers\bndef.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\WINDOWS\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: ({6fcd6092-9615-4f7f-8898-8df53980e5d2}t) . (. - .) - C:\WINDOWS\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}t.sys (.not file.)
O41 - Driver: ({a3f28269-ad17-41a8-b032-3e0313ef8979}Gt) . (. - .) - C:\WINDOWS\system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gt.sys (.not file.)
~ Drivers: 79 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Cadeias de Certificação Prodemge - 01/2012 - (.Prodemge.) [HKLM] -- Cadeias de Certificação Prodemge_is1
O42 - Logiciel: DOI - (...) [HKLM] -- DOI
O42 - Logiciel: Fix Print 3.7 - (.Nova Consultoria.) [HKLM] -- {91C9FA89-44F6-4D7A-A006-25816412CCCC}_is1
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: IRPF2010 - Declaração de Ajuste Anual e Final de Espólio - (...) [HKLM] -- IRPF2010 - Declaração de Ajuste Anual e Final de Espólio
O42 - Logiciel: IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2011
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2012
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: LIVE! Control Center 1.03 - (.OEM.) [HKLM] -- {271F5A67-A83A-4985-B41B-201EB267E6CF}
O42 - Logiciel: LIVE! OSD 1.03 - (.OEM.) [HKLM] -- {73289228-1853-4623-982A-EB17FF0270CA}
O42 - Logiciel: Módulo Adicional de Segurança CAIXA - (...) [HKLM] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1
O42 - Logiciel: Módulo de Proteção - Banco Santander (Brasil) S.A. - (...) [HKLM] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: Receitanet 2010 - (...) [HKLM] -- Receitanet
O42 - Logiciel: SafeSign - (.A.E.T. Europe B.V..) [HKLM] -- {2DF407D3-A8AD-4ACF-BFD5-5F7D42EC62FD}
O42 - Logiciel: Xenofex 1.0 - (...) [HKLM] -- Xenofex 1.0
O42 - Logiciel: ePass2000 (Somente remover) - (...) [HKLM] -- 4673551D-STFT12-4FE7-A218-48BDAE051E2B_std
~ Logic: 56 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\A.E.T. Europe B.V.]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\ECS]
[HKCU\Software\EXPStudio]
[HKCU\Software\GbAs]
[HKCU\Software\UltraDownloads.com.br]
[HKCU\Software\Zhuk]
[HKLM\Software\A.E.T. Europe B.V.]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\FTDriver]
[HKLM\Software\NGSrv]
[HKLM\Software\Programas RFB]
~ Key Software: 687 Legitimates Filtered in 00mn 02s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 15/01/2012 - 16:47:08 - [] ----D C:\Arquivos de programas\3D Canvas 8
O43 - CFD: 26/02/2014 - 19:52:55 - [] ----D C:\Arquivos de programas\A.E.T. Europe B.V
O43 - CFD: 13/07/2010 - 17:07:20 - [] ----D C:\Arquivos de programas\Alterdata
O43 - CFD: 31/10/2009 - 13:57:10 - [] ----D C:\Arquivos de programas\Ares Music
O43 - CFD: 18/01/2012 - 22:02:19 - [] ----D C:\Arquivos de programas\Baixo Cidade
O43 - CFD: 03/05/2013 - 12:10:41 - [] -S--D C:\Arquivos de programas\d3ed
O43 - CFD: 26/03/2010 - 09:46:05 - [] ----D C:\Arquivos de programas\Declaração Anual de Movimento Econômico
O43 - CFD: 06/01/2010 - 21:14:09 - [] ----D C:\Arquivos de programas\DigiPix
O43 - CFD: 07/07/2014 - 10:39:13 - [] ----D C:\Arquivos de programas\Expstudio
O43 - CFD: 25/09/2013 - 12:20:39 - [] ----D C:\Arquivos de programas\Fix Print
O43 - CFD: 01/02/2011 - 22:22:17 - [] ----D C:\Arquivos de programas\IPPS
O43 - CFD: 21/07/2010 - 09:56:32 - [] ----D C:\Arquivos de programas\MiniBiblio
O43 - CFD: 15/12/2009 - 20:36:57 - [] ----D C:\Arquivos de programas\ngsrv
O43 - CFD: 26/02/2014 - 20:02:56 - [] ----D C:\Arquivos de programas\Programas RFB
O43 - CFD: 01/09/2009 - 09:15:55 - [] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 18/06/2014 - 19:27:34 - [0] ----D C:\Arquivos de programas\SiteLookup
O43 - CFD: 22/02/2011 - 14:44:29 - [] ----D C:\Arquivos de programas\Zhuk
O43 - CFD: 06/09/2009 - 16:53:13 - [] ----D C:\Arquivos de programas\Arquivos comuns\Opus Shared
O43 - CFD: 01/09/2009 - 09:15:26 - [] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 26/02/2014 - 19:52:53 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\A.E.T. Europe B.V
O43 - CFD: 29/08/2011 - 16:46:03 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\IM
O43 - CFD: 29/08/2011 - 16:44:44 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\IncrediMail
O43 - CFD: 26/02/2014 - 19:56:02 - [] ----D C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\A.E.T. Europe B.V
O43 - CFD: 14/08/2012 - 19:36:27 - [] ----D C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Ares
O43 - CFD: 10/08/2010 - 20:44:12 - [] ----D C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\bi
O43 - CFD: 22/02/2011 - 14:48:16 - [] ----D C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Oleg_Zhuk
O43 - CFD: 05/05/2010 - 18:24:38 - [] R---D C:\Documents and Settings\Carol\Menu Iniciar\Programas\Acessórios
O43 - CFD: 09/07/2014 - 12:34:09 - [] R---D C:\Documents and Settings\Carol\Menu Iniciar\Programas\Inicializar
O43 - CFD: 26/02/2012 - 08:56:11 - [] ----D C:\Documents and Settings\Carol\Menu Iniciar\Programas\Programas RFB2012
O43 - CFD: 01/03/2013 - 06:11:14 - [] ----D C:\Documents and Settings\Carol\Menu Iniciar\Programas\Programas RFB2013
O43 - CFD: 26/02/2014 - 20:06:30 - [] ----D C:\Documents and Settings\Carol\Menu Iniciar\Programas\Programas RFB2014
~ Program Folder: 282 Legitimates Filtered in 00mn 04s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.EDCEAF74C3345517A2F792ED64558A92] - 04/08/2014 - 22:30:36 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [116]
O44 - LFC:[MD5.B160951916A8001C38DBC47E21046C8B] - 05/08/2014 - 11:07:42 ---A- . (...) -- C:\WINDOWS\wiaservc.log [48]
O44 - LFC:[MD5.F3C5F83862C39854AEBA1863B63EF820] - 05/08/2014 - 11:07:45 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 05/08/2014 - 13:33:39 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31088]
~ Files: 11 Legitimates Filtered in 00mn 07s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Ares\Ares.exe" [Enabled] .(...) -- C:\Arquivos de programas\Ares\Ares.exe (.not file.)
~ Keys Export: 17 Legitimates Filtered in 00mn 00s
---\\ Negação do serviço (Local Security Authority) (048)
~ LSA: 6 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\epsng_certd [Key] . (.OEM - Certificate Daemon.) -- C:\Arquivos de programas\ngsrv\epsng_certd.exe
~ SMSR Keys: 21 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\WINDOWS\system32\Drivers\360FileOem.sys [146304]
O58 - SDL:13/02/2009 - 11:17:49 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver.) -- C:\WINDOWS\system32\Drivers\avgntdd.sys [45416]
O58 - SDL:07/12/2009 - 21:23:39 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\WINDOWS\system32\Drivers\avgntflt.sys [56816]
O58 - SDL:13/02/2009 - 11:29:11 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver Manager.) -- C:\WINDOWS\system32\Drivers\avgntmgr.sys [22360]
O58 - SDL:30/03/2009 - 09:33:07 ---A- . (.Avira GmbH - Avira Driver for RootKit Detection.) -- C:\WINDOWS\system32\Drivers\avipbb.sys [96104]
O58 - SDL:25/09/2010 - 19:09:01 ---A- . (.Windows ® 2000 DDK provider - Mirror Miniport Driver.) -- C:\WINDOWS\system32\Drivers\bbcap.sys [2944]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:22/05/2013 - 20:43:44 ---A- . (.Devguru Co., Ltd - Device Error Recovery SDK(x86).) -- C:\WINDOWS\system32\Drivers\dgderdrv.sys [20032]
O58 - SDL:16/03/2009 - 15:32:56 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\WINDOWS\system32\Drivers\ecskbc.sys [4096]
O58 - SDL:07/01/2009 - 11:27:06 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ECSLiveIO.sys [16336]
O58 - SDL:16/03/2009 - 15:47:16 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\WINDOWS\system32\Drivers\ecsmouclass.sys [3968]
O58 - SDL:15/12/2009 - 20:36:58 ---A- . (.No owner - USB Smart Card Driver.) -- C:\WINDOWS\system32\Drivers\ft12usb.sys [11904]
O58 - SDL:23/09/2013 - 19:10:32 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\WINDOWS\system32\Drivers\GbpKm.sys [46392]
O58 - SDL:05/08/2014 - 13:33:39 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31088]
O58 - SDL:16/03/2009 - 15:33:48 ---A- . (.Windows ® Codename Longhorn DDK provider - KBFiltr.) -- C:\WINDOWS\system32\Drivers\GpdKBFilter.sys [4096]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:19/03/2007 - 16:00:14 ---A- . (...) -- C:\WINDOWS\system32\Drivers\RLVrtAuCbl.sys [31616]
O58 - SDL:15/12/2009 - 20:36:58 ---A- . (.OEM - This is used by FT12 Readers.) -- C:\WINDOWS\system32\Drivers\smccardc.sys [13056]
O58 - SDL:11/05/2009 - 09:12:24 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\Drivers\ssmdrv.sys [28520]
O58 - SDL:02/05/2013 - 01:23:50 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\WINDOWS\system32\Drivers\ssudbus.sys [83864]
O58 - SDL:02/05/2013 - 01:23:50 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\WINDOWS\system32\Drivers\ssudmdm.sys [181912]
O58 - SDL:25/10/2007 - 16:26:10 ---A- . (...) -- C:\WINDOWS\system32\Drivers\StarOpen.sys [5632]
O58 - SDL:04/05/2013 - 15:50:13 ---A- . (...) -- C:\WINDOWS\system32\Drivers\TrueSight.sys [15616]
O58 - SDL:13/07/2009 - 01:07:46 ---A- . (...) -- C:\WINDOWS\system32\Drivers\uxpatch.sys [25448]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:16/03/2009 - 15:32:56 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\WINDOWS\system32\ecskbc.sys [4096]
O58 - SDL:07/01/2009 - 11:27:06 ---A- . (...) -- C:\WINDOWS\system32\ECSLiveIO.sys [16336]
O58 - SDL:16/03/2009 - 15:47:16 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\WINDOWS\system32\ecsmouclass.sys [3968]
O58 - SDL:07/04/2009 - 08:39:44 ---A- . (...) -- C:\WINDOWS\system32\FsUsbExDisk.Sys [36608]
O58 - SDL:16/03/2009 - 15:33:48 ---A- . (.Windows ® Codename Longhorn DDK provider - KBFiltr.) -- C:\WINDOWS\system32\GpdKBFilter.sys [4096]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:13/12/2009 - 08:47:41 -SHA- . (...) -- C:\WINDOWS\system32\KGyGaAvL.sys [952]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:14/04/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 79 Legitimates Filtered in 00mn 02s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 15/07/1744 - C:\WINDOWS\system32\drivers\360HookOem.sys (360HookOem) .(...) - LEGACY_360HOOKOEM
O64 - Services: CurCS - 13/02/2009 - C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys (avgio) .(.Avira GmbH - Avira AntiVir Support for Minifilter.) - LEGACY_AVGIO
O64 - Services: CurCS - 28/02/2006 - C:\Arquivos de programas\Bonjour\mDNSResponder.exe (Bonjour Service) .(.Apple Computer, Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE
O64 - Services: CurCS - 23/09/2013 - C:\WINDOWS\system32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 21/02/2014 - C:\Arquivos de programas\GbPlugin\gbpsv.exe (GbpSv) .(.GAS Tecnologia - G-Buster Browser Defense - Service.) - LEGACY_GBPSV
O64 - Services: CurCS - 15/12/2009 - C:\Arquivos de programas\ngsrv\ngslotd.exe (ngSlotD) .(.OEM - ngslotd.) - LEGACY_NGSLOTD
O64 - Services: CurCS - 01/07/2010 - C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe (ScsiAccess) .(...) - LEGACY_SCSIACCESS
~ Legacy: 167 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (...) -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: <Google Chrome.Carol> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.B3EB4098F08B2B50BF48BEEA0F1271D2] [sPRF][02/06/2014] (...) -- C:\Documents and Settings\Carol\Dados de aplicativos\unins000.dat [44697]
[MD5.47998C7FA68804E7C40FDED47C60736E] [sPRF][14/06/2013] (...) -- C:\Documents and Settings\Carol\Dados de aplicativos\unins001.dat [11878]
[MD5.E214648F8846D213C0C750691F46113B] [sPRF][08/03/2014] (...) -- C:\Documents and Settings\Carol\Dados de aplicativos\unins002.dat [34116]
[MD5.DB95B03031E66AC45495EDF1D16B8887] [sPRF][09/07/2014] (...) -- C:\Documents and Settings\Carol\Desktop\AdwCleaner.exe [1348263]
[MD5.C93911B62EA4BF0AEF1B16596302018E] [sPRF][18/06/2014] (...) -- C:\Documents and Settings\Carol\Desktop\atube-catcher-3-8-7971-32-bits.exe [670888]
[MD5.3D4A630F2DA832C1529CC6D2D8C3A95B] [sPRF][18/03/2013] (...) -- C:\Documents and Settings\Carol\Desktop\camtasia-studio-804-build-1060-baixaki-32-bits.exe [649968]
[MD5.9A4022CAA9CC2EF1820F360991502108] [sPRF][07/07/2014] (...) -- C:\Documents and Settings\Carol\Desktop\expstudio-audio-editor-free-4-31-32-bits.exe [670920]
[MD5.BD41EA356CB85FCD663588504B50113C] [sPRF][28/05/2014] (.Banco Santander (Brasil) S.A. - Módulo de Proteção - Banco Santander (Brasil) S.A..) -- C:\Documents and Settings\Carol\Desktop\gbplugin2.exe [5738152]
[MD5.20C80FB1BC968D22A1B248725BAF5E2D] [sPRF][22/05/2013] (...) -- C:\Documents and Settings\Carol\Desktop\LimpaPenDrive.bat [2050]
[MD5.352E8561E633B17ED22012366721FFDC] [sPRF][10/07/2014] (...) -- C:\Documents and Settings\Carol\Desktop\zoek.exe [1285120]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [sPRF][01/01/1601] (...) -- C:\WINDOWS\Downloaded Program Files\gbpdist.dll [99392]
[MD5.8F700DA1A1A75501D6EEF76BC866EB29] [sPRF][16/05/2011] (...) -- C:\WINDOWS\Downloaded Program Files\LMIProxyHelper.exe [70984]
[MD5.E20F38184ECB403A82FFE0096D3CCCCD] [sPRF][15/12/2011] (...) -- C:\WINDOWS\Downloaded Program Files\RACtrl.dll [4617616]
~ Files: 22 Legitimates Filtered in 00mn 01s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 09/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 13/05/2009 108289 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
SS - | Auto 21/07/2009 185089 | (AntiVirService) . (.Avira GmbH.) - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 02/09/2009 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 18/03/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 23/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 07/04/2008 430592 | (ServiceLayer) . (.Nokia..) - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 28/02/2006 229376 | (Bonjour Service) . (.Apple Computer, Inc..) - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
SR - | Auto 07/04/2009 233472 | (FsUsbExService) . (.Teruten.) - C:\WINDOWS\system32\FsUsbExService.exe
SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
SR - | Auto 18/03/2010 136176 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SR - | Auto 05/07/2012 161704 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
SR - | Auto 15/11/2010 138752 | (MSO_SpUsb_Service) . (.Sagem Securite.) - C:\WINDOWS\system32\Serv_SpUsb.exe
SR - | Auto 15/12/2009 56832 | (ngSlotD) . (.OEM.) - C:\Arquivos de programas\ngsrv\ngslotd.exe
SR - | Auto 03/03/2006 69632 | (Pml Driver HPZ12) . (.HP.) - C:\WINDOWS\system32\HPZipm12.exe
SR - | Auto 10/03/2010 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe
SR - | Auto 01/07/2010 186760 | (ScsiAccess) . (...) - C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe
~ Services: Scanned in 00mn 21s
---\\ Scâner Aditional (088)
Database Version : 13026 - (03/08/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 472852 Items scanned in 02mn 09s
---\\ Informações complémentaires do módulos
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Gestão do Proxy (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects do navegador (02)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Barras do Internet Explorer (03))
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Aplicações iniciadas por registo & pastas (04)
~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50)
~ AMI: 5 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s
~ 1170 Legitimates filtered by white list
End of the scan (598 lines in 04mn 25s)(0)

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

:seta: Selecione e copie todo o texto destacado em vermelho que te passei.

_____________________________________________________________________________________________________________

 

:seta: Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

 

Copie este relatório e poste em sua próxima resposta e nos diga como está seu PC depois disto.

Compartilhar este post

Link para o post
Compartilhar em outros sites

carol2906    0

carol2906
Postado

Boa tarde,

 

Segue log:

 

Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by Carol at 06/08/2014 15:09:52
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)
Reciclagem vazia (00mn 01s)
Reparação de atalhos do navegador
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (6) (750.312 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 13s
========== Caminho do ficheiro do relatório ==========
C:\Documents and Settings\Carol\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 05/08/2014 13:33:11 [2248]
C:\Documents and Settings\Carol\Dados de aplicativos\ZHP\ZHPFix[R2].txt - 06/08/2014 15:09:54 [866]

Compartilhar este post

Link para o post
Compartilhar em outros sites

carol2906    0

carol2906
Postado

Bom dia ,

 

Este computador agora está bacana, consigo acessar os sites sem problema.

Meu outro computador porém apresenta os mesmos problemas que este aqui estava apresentando antes, para fazer o procedimento com ele também preciso abrir outro tópico ou posso dar continuidade neste?

 

Abraço e obrigada pela ajuda!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

:) Fico feliz que o problema tenha sido resolvido.

 

:seta: Só para finalizar siga estes tutoriais abaixo, por gentileza:

 

Excluindo erros e otimizando seu PC com o CCleaner

 

Elimine arquivos inúteis de seu PC com o PureRa

_______________________________________________________________________________________________________________________

 

:seta: Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas deste tutorial.

_______________________________________________________________________________________________________________________

 

Foi um prazer ajudar. Conte sempre conosco!

PROBLEMA RESOLVIDO<br /><br />Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito