adrfaria 0 Denunciar post Postado Maio 28, 2015 Boa tarde. Logfile of Trend Micro HijackThis v2.0.4Scan saved at 17:42:54, on 28/05/2015Platform: Unknown Windows (WinNT 6.02.1008)MSIE: Internet Explorer v10.0 (10.00.9200.17267)Boot mode: NormalRunning processes:C:\PROGRA~2\GbPlugin\GbpSv.exeC:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exeC:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dllO2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dllO2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dllO2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLLO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dllO2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dllO3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dllO4 - HKLM\..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exeO4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO15 - Trusted Zone: imagem.caixa.gov.brO15 - Trusted Zone: internetbanking.caixa.gov.brO15 - Trusted Zone: www.caixa.gov.brO16 - DPF: {F66B9251-67CA-4D78-90A3-28C2BFAE89BF} (NBioBSP Class) - http://getran.detran.df.gov.br/sna/loginout/login/NBioBSPCOM.cabO18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLLO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLO20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dllO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exeO23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.23\bin\httpd.exeO23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exeO23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exeO23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)--End of file - 8273 bytes Compartilhar este post Link para o post Compartilhar em outros sites
adrfaria 0 Denunciar post Postado Maio 30, 2015 Boa noite. Segue: http://wikisend.com/download/593650/ZHPDiag.txt Obrigado. Compartilhar este post Link para o post Compartilhar em outros sites
adrfaria 0 Denunciar post Postado Junho 3, 2015 Desculpa a demora: Rapport de ZHPFix 2014.4.7.2 par Nicolas Coolman, Update du 07/04/2014Fichier d'export Registre :Run by Adriano at 03/06/2015 16:54:55High Elevated Privileges : OKWindows 8 Enterprise Edition, 64-bit (Build 9200)Reciclagem vazia (00mn 11s)Prefetcher vazio========== Chaves do Registo ==========ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\vbmz10_RASAPI32ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\vbmz10_RASMANCSELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VisualBeeSilent_RASAPI32ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VisualBeeSilent_RASMANCS========== Valores do Registo ==========Ausente Valor Perfil Padrão: FirewallRaz :Ausente Valor Perfil Domínio FirewallRaz :ELIMINÉ: FirewallRaz (Domain) : {808F1451-4108-46FD-ADBB-F17324B5F0BD}ELIMINÉ: FirewallRaz (Domain) : {E7985E1D-C36F-4787-80A8-6350D07E9266}ELIMINÉ: FirewallRaz (Domain) : NetPres-In-TCP-NoScopeELIMINÉ: FirewallRaz (Domain) : NetPres-Out-TCP-NoScopeELIMINÉ: FirewallRaz (None) : NetPres-WSD-In-UDPELIMINÉ: FirewallRaz (None) : NetPres-WSD-Out-UDPELIMINÉ: FirewallRaz (Public) : NetPres-In-TCPELIMINÉ: FirewallRaz (Public) : NetPres-Out-TCPELIMINÉ: FirewallRaz (None) : MCX-Prov-Out-TCPELIMINÉ: FirewallRaz (None) : MCX-McrMgr-Out-TCPELIMINÉ: FirewallRaz (Private) : TCP Query User{135723E3-3A98-4BE2-9F94-EB2BD5D3B70B}C:\windows\kmsemulator.exeELIMINÉ: FirewallRaz (Private) : UDP Query User{E57F03E0-0609-49E3-ACC1-E00998C65F73}C:\windows\kmsemulator.exeELIMINÉ: FirewallRaz (Private) : TCP Query User{744C9781-C9C2-472A-9D51-94759F95B5BF}C:\users\adriano\appdata\local\temp\kmsnano\qemu-system-i386.exeELIMINÉ: FirewallRaz (Private) : UDP Query User{B54BB662-006D-464A-BE05-2B40F8110781}C:\users\adriano\appdata\local\temp\kmsnano\qemu-system-i386.exeELIMINÉ: FirewallRaz (Private) : TCP Query User{D216CA9C-DFA3-4548-94AC-C1469B45ED10}C:\program files (x86)\java\jre7\bin\javaw.exeELIMINÉ: FirewallRaz (Private) : UDP Query User{37981122-BF18-4037-90BC-41F1E73DE91D}C:\program files (x86)\java\jre7\bin\javaw.exeELIMINÉ: FirewallRaz (Private) : TCP Query User{831E3E99-F0AA-4FAA-8E6E-800E0B88F361}C:\program files (x86)\java\jre7\bin\java.exeELIMINÉ: FirewallRaz (Private) : UDP Query User{348BE8D7-3CC3-4BFE-BB90-75225CDC70A3}C:\program files (x86)\java\jre7\bin\java.exeELIMINÉ: FirewallRaz (Private) : TCP Query User{D3B1A617-141E-423A-A63B-65EDA77B9EBA}C:\program files\realvnc\vnc server\vncserver.exeELIMINÉ: FirewallRaz (Private) : UDP Query User{E8754D01-D290-4923-BB51-28B4D551695E}C:\program files\realvnc\vnc server\vncserver.exe========== Pastas ==========Nenhuma pasta CLSID local utilizador vaziaELIMINÉ Temporários windows (0)ELIMINÉ Flash Cookies (0)========== Ficheiros ==========ELIMINÉ: c:\users\adriano\appdata\roaming\mozilla\firefox\profiles\otj7pmrk.default-1421580660330\extensions\{394dcba4-1f92-4f8e-8ec9-8d2cb90cb69b}\components\lightshot.dllELIMINÉ: c:\users\adriano\appdata\roaming\mozilla\firefox\profiles\otj7pmrk.default-1421580660330\extensions\{394dcba4-1f92-4f8e-8ec9-8d2cb90cb69b}\components\net.dllELIMINÉ: c:\users\adriano\appdata\roaming\mozilla\firefox\profiles\otj7pmrk.default-1421580660330\extensions\{394dcba4-1f92-4f8e-8ec9-8d2cb90cb69b}\components\uploader.dllELIMINÉ: C:\Windows\Installer\3643abf0.msiELIMINÉ Temporários windows (0) (0 octets)ELIMINÉ Flash Cookies (0) (0 octets)========== Restauração Sistema ==========Ponto de restauro do sistema criado com sucesso========== Recapitulativo ==========4 : Chaves do Registo22 : Valores do Registo3 : Pastas6 : Ficheiros1 : Restauração SistemaEnd of clean in 00mn 57s========== Caminho do ficheiro do relatório ==========C:\Users\Adriano\AppData\Roaming\ZHP\ZHPFix[R1].txt - 03/06/2015 16:55:09 [3767] Compartilhar este post Link para o post Compartilhar em outros sites