Meu servidor não me permite acessar os sites dos bancos que trabalho....

por Severino Ter 25 Fev 2014, 12:07

Bom tarde,

Amigos, preciso de ajuda. Meu Servidor aqui da empresa não me deixa mais acessar as contas bancárias. Isto está causando um enorme problema para mim.

Meu AVG está dizendo que tem virús e mostra a seguinte mensagem: C:\WINDOWS\system32\drivers\etc\hosts está infectado...

Andei lendo alguns posts aqui e me parece que é um virús chamado Rootkit ZeroAccess... porém não sei o que fazer!

Já verifiquei com o Hijackthis e segue o resultado:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:01:54, on 25/2/2014
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe
C:\Arquivos de programas\AVG\AVG9\avgrsx.exe
C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\Arquivos de programas\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\AVG\AVG9\avgam.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\Arquivos de programas\Java\jre7\bin\jqs.exe
C:\Arquivos de programas\PDF Architect\HelperService.exe
C:\Arquivos de programas\PDF Architect\ConversionService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sysdown.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\ARQUIV~1\AVG\AVG9\avgtray.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Audatex\AudaUpdate\AudaUpdt.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Transmissao.exe
C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\Transmissao.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Meus documentos\Downloads\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O1 - Hosts: 118.215.152.145 wwws2.santandernet.com.br # GbPlugin
O1 - Hosts: 23.56.197.109 guardiao.itau.com.br # GbPlugin
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Arquivos de programas\PDF Architect\PDFIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Arquivos de programas\PDF Architect\PDFIEPlugin.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HPUsageTracking] C:\Arquivos de programas\HP\HP UT\bin\hppusg.exe "C:\Arquivos de programas\HP\HP UT\"
O4 - HKLM\..\Run: [AudaUpdate] c:\Audatex\AudaUpdate\AudaUpdate.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Arquivos de programas\HP\HP UT LEDM\bin\hppusg.exe" "C:\Arquivos de programas\HP\HP UT LEDM\"
O4 - HKLM\..\Run: [APSDaemon] "C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ApnTBMon] "C:\Arquivos de programas\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AudatexAtu]
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Transmissao.exe
O4 - Global Startup: AudaUpdate.lnk = C:\Audatex\AudaUpdate\AudaUpdt.exe
O4 - Global Startup: Transmissao.exe
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Arquivos de programas\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Arquivos de programas\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.qword.com
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] target="_blank" rel="nofollow">http://hp-www.baynote.net
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: bankline.itau.com.br
O15 - ESC Trusted Zone: clickbanking.itau.com.br
O15 - ESC Trusted Zone: guardiao.itau.com.br
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: *.itau.com.br
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: wwws.realsecureweb.com.br
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: *.santander.com.br
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: wwws.santandernet.com.br
O15 - ESC Trusted Zone: wwws2.santandernet.com.br
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} (GeraCert Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3E107C4-70D6-4552-859F-E68A44BC9D8D}: NameServer = 8.8.8.8,10.0.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Serviço de atualização Ask (APNMCP) - APN LLC. - C:\Arquivos de programas\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Arquivos de programas\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\WINDOWS\system32\HPSIsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Arquivos de programas\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Arquivos de programas\PDF Architect\ConversionService.exe
O23 - Service: Ponto4Online - Unknown owner - C:\Arquivos de programas\Ponto4\Ponto4OnlineServ.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Arquivos de programas\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Hewlett-Packard Company - C:\WINDOWS\system32\sysdown.exe

--
End of file - 15124 bytes

por **Power Max** Ter 25 Fev 2014, 12:09

Meu servidor não me permite acessar os sites dos bancos que trabalho.... 648673379

Olá Severino. Seja bem vindo ao Fórum PC Brasil.

Meu servidor não me permite acessar os sites dos bancos que trabalho.... 772309

Siga, por gentileza, as dicas do tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste, por gentileza, o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

por Severino Ter 25 Fev 2014, 12:43

Power Max....

segue ai abaixo o resultado....

# AdwCleaner v3.019 - Relatório criado 25/02/2014 às 12:19:43
# Atualizado 17/02/2014 por Xplode
# Sistema Operacional : Microsoft Windows Server 2003 Service Pack 2 (32 bits)
# Usuário : Administrador - SERVIDOR1
# Executando de : C:\Documents and Settings\Administrador\Meus documentos\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : APNMCP

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\apn
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\AskPartnerNetwork
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess
Pasta Deletada : C:\Arquivos de programas\AskPartnerNetwork
Pasta Deletada : C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\apn
Pasta Deletada : C:\Documents and Settings\Administrador\Dados de aplicativos\pdfforge

***** [ Atalhos ] *****

Atalho Desinfectada : C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Versalsoft Internet Download\Qword Search Engine.lnk

***** [ Registro ] *****

Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\qword.com
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F48DA960-0FD9-4BB5-9826-C0C271C6C74D}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Chave Deletedo : HKCU\Software\AskPartnerNetwork
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\YahooPartnerToolbar
Chave Deletedo : HKLM\Software\AskPartnerNetwork

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.6001.18702

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v27.0.1 (pt-BR)

[ Arquivo : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\0cwz080n.default\prefs.js ]

-\\ Google Chrome v33.0.1750.117

[ Arquivo : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3260 octets] - [25/02/2014 12:19:01]
AdwCleaner[S0].txt - [2978 octets] - [25/02/2014 12:19:43]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [3038 octets] ##########

por **Power Max** Ter 25 Fev 2014, 12:48

Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log do Malwarebytes.

Ficamos no aguardo.

por Severino Ter 25 Fev 2014, 14:27

Power Max

Segue abaixo o relatório:

Malwarebytes Anti-Malware 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Versão da Base de Dados: v2014.02.25.06

Windows Server 2003 Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrador :: SERVIDOR1 [administrador]

25/2/2014 12:58:37
mbam-log-2014-02-25 (12-58-37).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|F:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 308446
Tempo decorrido: 1 hora(s), 28 minuto(s), 25 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\AUDATEX\EXECATUALIZACAOMENSAL.EXE (Trojan.Banker.Gen) -> Data: 1 -> Enviado para a Quarentena e deletado com sucesso.

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 6
C:\Audatex\ExecAtualizacaoMensal.exe (Trojan.Banker.Gen) -> Enviado para a Quarentena e deletado com sucesso.
C:\bkp_03-02-2012_Auda\ExecAtualizacaoMensal.exe (Trojan.Banker.Gen) -> Enviado para a Quarentena e deletado com sucesso.
C:\BKP_AUDATEX\Audatex\ExecAtualizacaoMensal.exe (Trojan.Banker.Gen) -> Enviado para a Quarentena e deletado com sucesso.
C:\RECYCLER\S-1-5-21-2122388327-1923504705-4077574955-500\Dc187.exe (PUP.Optional.Softonic.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\WINDOWS\system32\lygywzp.hqe (Worm.Conficker) -> Enviado para a Quarentena e deletado com sucesso.
C:\Documents and Settings\Administrador\Favoritos\Qword Search Engine.url (Adware.QWO) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

por **Power Max** Ter 25 Fev 2014, 14:32

Siga, por gentileza, as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste o conteúdo do relatorio.txt do BankerFix que estará em C:\LinhaDefensiva\relatorio.txt

Ficamos na espera.

por Severino Ter 25 Fev 2014, 14:50

Power Max...

segue ai resposta do bankerfix:

BankerFix 3.5 VALKYRIE - Removedor de Bankers
Linha Defensiva | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
-------------------------------------------------------
Data: 2014-02-25 - 14:51
-------------------------------------------------------
Lista de Definição: 2014-01-18-1 | CORE: 2012-08-22-6
=======================================================

----- Fim -------------------------

por **Power Max** Ter 25 Fev 2014, 14:57

Siga, por gentileza, as dicas do tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste, por gentileza, o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

por Severino Ter 25 Fev 2014, 15:16

Power Max...

Depois fiz este procedimento, meu chrome e firefox não funcionam mais....
Somente o IE que tem um monte de pop-up na tela que fica piscando e não me deixa escrever direito....

segue abaixo o resultado:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows Server 2003 x86
Ran by Administrador on ter 25/02/2014 at 15:03:34,25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore

~~~ Files

~~~ Folders

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ter 25/02/2014 at 15:10:20,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

por **Power Max** Ter 25 Fev 2014, 15:23

Desative temporariamente seu antivírus para evitar conflitos.

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por Severino Ter 25 Fev 2014, 16:01

Power Max...

Segue ai o relatório....

Zoek.exe v5.0.0.0 Updated 19-February-2014
Tool run by Administrador on ter 25/02/2014 at 15:31:06,23.
Microsoft(R) Windows(R) Server 2003, Standard Edition 5.2.3790 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Administrador\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

Failed to create System Restore Point

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Suspicious Entries Found ======================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP"="5985:TCP:*:Disabled:Windows Remote Management "
"80:TCP"="80:TCP:*:Disabled:Windows Remote Management - Modo de Compatibilidade (HTTP-In) "
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
"1437:TCP"="1437:TCP:*:Enabled:1437"
"1437:UDP"="1437:UDP:*:Enabled:1437"

==== Creating Sample_20142502_1549.zip ======================

Process iexplore.exe killed
Copied file C:\Documents and Settings\Administrador\Dados de aplicativos\unins000.exe to sample\unins000.exe
Copied file C:\Documents and Settings\Administrador\Dados de aplicativos\unins001.exe to sample\unins001.exe
Copied file C:\Documents and Settings\Administrador\Dados de aplicativos\unins002.exe to sample\unins002.exe
sample\unins000.exe renamed to 717734829161ED8635258310EC060D90
sample\unins001.exe renamed to F88889972BAD4CE5CEC690CA883BC0EE
sample\unins002.exe renamed to 1D222A4479392F6AC21737D5B05715AF

C:\Documents and Settings\All Users\Desktop\sample_20142502_1549.zip created successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Documents and Settings\ADMINI~1\Dados de aplicativos\Mozilla\Firefox\Profiles\0cwz080n.default\prefs.js:

Added to C:\Documents and Settings\ADMINI~1\Dados de aplicativos\Mozilla\Firefox\Profiles\0cwz080n.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\DOCUME~1\ALLUSE~1\DADOSD~1\boost_interprocess deleted
C:\WINDOWS\System32\OLD2E1.tmp deleted
C:\WINDOWS\System32\_r_a_p_.tmp deleted
C:\Documents and Settings\Administrador\Dados de aplicativos\unins000.exe deleted
C:\Documents and Settings\Administrador\Dados de aplicativos\unins001.exe deleted
C:\Documents and Settings\Administrador\Dados de aplicativos\unins002.exe deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"FFPDFArchitectConverter@pdfarchitect.com"=hex(2):43,00,3a,00,5c,00,41,00,72,\ []
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E8874}"="C:\Documents and Settings\Administrador\Configura‡äes locais\Dados de aplicativos\GAS Tecnologia\GBBD\abn\xpi" [16/12/2013 09:12]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\ADMINI~1\Dados de aplicativos\Mozilla\Firefox\Profiles\0cwz080n.default
- PDF Architect Converter For Firefox - C:\Arquivos de programas\PDF Architect\FFPDFArchitectExt

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\0cwz080n.default
A9191AE22A8F1287B5E2DF33E3A57253 - C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U51
9B10927CFD0F7AD39E40C0E34005B1AD - C:\Arquivos de programas\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13
D775FA6F1E88B3B99E69E8A0D6C3A819 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll - Shockwave Flash
A9C86900D2A61728C8326FE7147617C5 - C:\Arquivos de programas\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update
3220B1254AEF7A191187EC03F51B3D61 - C:\Arquivos de programas\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
B2576571746839180833E048AC2CCA5C - C:\Arquivos de programas\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
BE501CBC29B2025A263D80D399F1797A - C:\Arquivos de programas\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In
099CB18EA60FB962CE324D32C95DB3A5 - C:\Arquivos de programas\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4
B0E0DA307E454E0342A433FA8A5F3801 - C:\Arquivos de programas\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4
CFC0BF89AEC7F4EB034BB20CDE0C1174 - C:\Arquivos de programas\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4
9A792830E58717538C0B8CCFFE060CE5 - C:\Arquivos de programas\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4
E2FD06835049C9F3F06E5088E00A3065 - C:\Arquivos de programas\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4
3CFE1412C5B99ADEBAB31EEEF32948BC - C:\Arquivos de programas\PDF Architect\FFPDFArchitectExt\plugins\NPPDFArchitectPreviewerPlugin.dll - FireFox PDF Architect Previewer
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
1A68E0203EC67AF21C43D93CC23660F7 - C:\Arquivos de programas\Windows Media Player\npdrmv2.dll - Microsoft® DRM
BF57167CFD6C62BE82C3CF371C057E24 - C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
B27CCB1168B1960AEC6E9D3E0E0F0D2A - C:\Arquivos de programas\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
pljcgbedjplidkdjahbaalanadmjfgop - C:\Documents and Settings\All Users\Dados de aplicativos\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
abmojiekfpcmkkfamgfcpgfgipocface - C:\Documents and Settings\Administrador\Configura‡äes locais\Dados de aplicativos\GAS Tecnologia\GBBD\abn\sf.crx[16/12/2013 09:12]
caimihdmbpgddfpkbochehpehdglpcim - C:\Documents and Settings\Administrador\Configura‡äes locais\Dados de aplicativos\GAS Tecnologia\GBBD\uni\sf.crx[03/12/2013 13:32]
nnjbodopomfddehlalfilheomcahbpei - C:\Documents and Settings\Administrador\Configura‡äes locais\Dados de aplicativos\GAS Tecnologia\GBBD\cef\sf.crx[01/03/2013 16:06]

GBBD Banco Santander (Brasil) S.A. - Administrador\CONFIG~1\DADOSD~1\Google\Chrome\User Data\Default\Extensions\abmojiekfpcmkkfamgfcpgfgipocface
Google Docs - Administrador\CONFIG~1\DADOSD~1\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Administrador\CONFIG~1\DADOSD~1\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Administrador\CONFIG~1\DADOSD~1\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
GBBD Guardi\u00E3o - Ita\u00FA 30 horas - Administrador\CONFIG~1\DADOSD~1\Google\Chrome\User Data\Default\Extensions\caimihdmbpgddfpkbochehpehdglpcim
Google Search - Administrador\CONFIG~1\DADOSD~1\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
GBBD Guardi\u00E3o - Ita\u00FA 30 horas - Administrador\CONFIG~1\DADOSD~1\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg
Google Wallet - Administrador\CONFIG~1\DADOSD~1\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Caixa Economica Federal - Administrador\CONFIG~1\DADOSD~1\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei
Gmail - Administrador\CONFIG~1\DADOSD~1\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Documents and Settings\Administrador\CONFIG~1\DADOSD~1\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Documents and Settings\Administrador\CONFIG~1\DADOSD~1\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\FFPDFArchitectConverter@pdfarchitect.com deleted successfully

==== shortcuts on All Users Desktop ======================

C:\Documents and Settings\All Users\Desktop\Arruma.lnk - C:\Audatex\Launcher.exe Arruma
C:\Documents and Settings\All Users\Desktop\Comunicação.lnk -
C:\Documents and Settings\All Users\Desktop\Fibra.lnk -
C:\Documents and Settings\All Users\Desktop\Licença.lnk -
C:\Documents and Settings\All Users\Desktop\Oracle VM VirtualBox.lnk - C:\Arquivos de programas\Oracle\VirtualBox\VirtualBox.exe
C:\Documents and Settings\All Users\Desktop\Receptor.lnk - C:\Audatex\Launcher.exe Receptor
C:\Documents and Settings\All Users\Desktop\Sistema Audatex.lnk - C:\Audatex\Launcher.exe Molicar3

==== shortcuts in All Users Start Menu ======================

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Administrador de cluster.lnk - C:\WINDOWS\Cluster\CluAdmin.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Java\About Java.lnk - C:\Arquivos de programas\Java\jre7\bin\javacpl.exe -tab about
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Java\Check For Updates.lnk - C:\Arquivos de programas\Java\jre7\bin\javacpl.exe -tab update
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Java\Configure Java.lnk - C:\Arquivos de programas\Java\jre7\bin\javacpl.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Java\Get Help.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Java\Visit Java.com.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.chm
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Arquivos de programas\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office Word 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Proteção de Terminal Trusteer\Console do Trusteer Endpoint Protection.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Proteção de Terminal Trusteer\Encerrar Trusteer Endpoint Protection.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Proteção de Terminal Trusteer\Iniciar Trusteer Endpoint Protection.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\UniversalSoft\Community.lnk - C:\Program Files\Internet Explorer\IEXPLORE.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Documents and Settings\All Users\Menu Iniciar\Programas\UniversalSoft\Contact.lnk - C:\Program Files\Internet Explorer\IEXPLORE.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Documents and Settings\All Users\Menu Iniciar\Programas\UniversalSoft\Purchase.lnk - C:\Program Files\Internet Explorer\IEXPLORE.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Documents and Settings\All Users\Menu Iniciar\Programas\UniversalSoft\UniversalSoft.lnk - C:\Program Files\Internet Explorer\IEXPLORE.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Documents and Settings\All Users\Menu Iniciar\Programas\UniversalSoft\ActiveX Download Control Trial Version\ActiveX Download Control Document.lnk - C:\Program Files\Universal\UFileDownloadD\UDownloadHelp.chm
C:\Documents and Settings\All Users\Menu Iniciar\Programas\UniversalSoft\ActiveX Download Control Trial Version\Application demo.lnk - C:\Program Files\Universal\UFileDownloadD\TestFileDownload.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\UniversalSoft\ActiveX Download Control Trial Version\Contact us.lnk - C:\Program Files\Universal\UFileDownloadD\ContactMethod.txt
C:\Documents and Settings\All Users\Menu Iniciar\Programas\UniversalSoft\ActiveX Download Control Trial Version\FileDownload HomePage.lnk - C:\Program Files\Internet Explorer\IEXPLORE.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Documents and Settings\All Users\Menu Iniciar\Programas\UniversalSoft\ActiveX Download Control Trial Version\Online demo.lnk - C:\Program Files\Internet Explorer\IEXPLORE.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Documents and Settings\All Users\Menu Iniciar\Programas\UniversalSoft\ActiveX Download Control Trial Version\Overview.lnk - C:\Program Files\Universal\UFileDownloadD\Description.txt
C:\Documents and Settings\All Users\Menu Iniciar\Programas\UniversalSoft\ActiveX Download Control Trial Version\Uninstall ActiveX Download Control.lnk - C:\Program Files\Universal\UFileDownloadD\USetup.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\UniversalSoft\ActiveX Download Control Trial Version\VB sample.lnk - C:\Program Files\Universal\UFileDownloadD\VBSample
C:\Documents and Settings\All Users\Menu Iniciar\Programas\UniversalSoft\ActiveX Download Control Trial Version\VC sample.lnk - C:\Program Files\Universal\UFileDownloadD\VCSample
C:\Documents and Settings\All Users\Menu Iniciar\Programas\UniversalSoft\ActiveX Download Control Trial Version\Web sample.lnk - C:\Program Files\Universal\UFileDownloadD\WebSample

==== shortcuts After Repair ======================

C:\Documents and Settings\All Users\Menu Iniciar\Programas\UniversalSoft\Community.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\UniversalSoft\Contact.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\UniversalSoft\Purchase.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\UniversalSoft\UniversalSoft.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\UniversalSoft\ActiveX Download Control Trial Version\FileDownload HomePage.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\UniversalSoft\ActiveX Download Control Trial Version\Online demo.lnk - C:\Program Files\Internet Explorer\iexplore.exe

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pljcgbedjplidkdjahbaalanadmjfgop deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Administrador\Configurações locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Documents and Settings\Administrador\CONFIG~1\DADOSD~1\Mozilla\Firefox\Profiles\0cwz080n.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Documents and Settings\Administrador\CONFIG~1\DADOSD~1\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=7 folders=1 2271317 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\Administrador\CONFIG~1\Temp will be emptied at reboot
C:\Documents and Settings\Default User\CONFIG~1\Temp emptied successfully
C:\Documents and Settings\LocalService\CONFIG~1\Temp emptied successfully
C:\Documents and Settings\NetworkService\CONFIG~1\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== EOF on ter 25/02/2014 at 16:01:03,26 ======================

por **Power Max** Ter 25 Fev 2014, 16:04

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.

|- Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

por Severino Ter 25 Fev 2014, 16:10

Power Max....

segue ai o resultado...

~ Relatório do ZHPDiag v2014.2.23.20 - Nicolas Coolman (23/2/2014)
~ Iniciado por Administrador (25/2/2014 16:11:49)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador :

---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
MFIE: Mozilla Firefox 27.0.1
GCIE: Google Chrome v33.0.1750.117

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows Server 2003, 32-bit Service Pack 2 (Build 3790)
Windows Server License Manager Script : Absent (Not found)
Windows ID Activation : Inconnue (Unknown)
Windows Licence : Inconnue (Unknown)
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 1.75.0.1300

---\\ Softwares d'optimização do sistema
CCleaner v3.23 =>Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader X
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 30 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4086 MB (76% free)
System Restore: Inconnu (Unknown)
System drive C: has 33 GB (33%) free of 98 GB

---\\ Modo de conexão ao sistema
~ Computer Name: SERVIDOR1
~ User Name: Administrador
~ All Users Names: SUPPORT_388945a0, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Administrador\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\Administrador\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\Administrador\desktop\
~ %Favorites% : C:\Documents and Settings\Administrador\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\Administrador\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 33 Go of 98 Go)
D: CD-ROM drive (Free 0 Go of 3 Go)
F: Hard drive, Flash drive, Thumb drive (Free 826 Go of 834 Go)

---\\ Estado do Centro de Segurança do Windows
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyDocs: Modified
~ Security Center: 37 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.1009481DDF9C0D51EE5F945214908515] - (.Microsoft Corporation - Windows Explorer.) (.28/2/2007 - 15:57:32.) -- C:\WINDOWS\Explorer.exe [1055744]
[MD5.137B48B05854D7A252B843B0B688C0B9] - (.Microsoft Corporation - Internet Extensions for Win32.) (.6/2/2014 - 02:05:02.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.29182F3172DCC3E9E3E6737B90E6C299] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.28/2/2007 - 15:52:48.) -- C:\WINDOWS\system32\Winlogon.exe [530944]
[MD5.317E75D96065AC6AF5EF8857CE2E399B] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/12/2011 - 11:13:47.) -- C:\WINDOWS\system32\Drivers\AFD.sys [150528]
[MD5.FF953A8F08CA3F822127654375786BBE] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.28/2/2007 - 15:43:50.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96768]
[MD5.E6D72780C957B69C48BFC66BC3ECDAD4] - (.Microsoft Corporation - CD-ROM File System Driver.) (.28/2/2007 - 15:43:52.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [65536]
[MD5.825AA877A852ECC731FA0C39C8C37744] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.28/2/2007 - 15:43:52.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [52224]
[MD5.4EB8B962D71CC04EAC8148303E1EF381] - (.Microsoft Corporation - FIPS Crypto Driver.) (.28/2/2007 - 15:57:34.) -- C:\WINDOWS\system32\Drivers\Fips.sys [45568]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.28/2/2007 - 15:44:04.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.44C132B35921B54B4A9AC64369D86D83] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.28/2/2007 - 15:44:06.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [43520]
[MD5.890E7A14A63AEC2EA9257A79A88BE784] - (.Microsoft Corporation - IP Network Address Translator.) (.28/2/2007 - 15:44:06.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [119296]
[MD5.1A9AEAC49683B32DF55B7FB1516F3028] - (.Microsoft Corporation - IPSec Driver.) (.28/2/2007 - 15:44:06.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [82432]
[MD5.16936142FA1D989CF63FD22C8B9D4A6D] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.6/7/2011 - 11:36:52.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [439296]
[MD5.5CD7CCA08498EC8753B22E92D367CA11] - (.Microsoft Corporation - MBT Transport driver.) (.28/2/2007 - 15:44:26.) -- C:\WINDOWS\system32\Drivers\netBT.sys [180224]
[MD5.482EA51AADB8763A0F67588C394EC693] - (.Microsoft Corporation - NT File System Driver.) (.28/2/2007 - 17:25:56.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [589824]
[MD5.B48E77074A0EDA49AC4C03BBE7CC83E0] - (.Microsoft Corporation - Driver de porta paralela.) (.28/2/2007 - 15:53:28.) -- C:\WINDOWS\system32\Drivers\Parport.sys [81920]
[MD5.3633175613E052ECB41776DEE2777A89] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.28/2/2007 - 15:44:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [65536]
[MD5.FF678596B761E1CCBA79F49981EF51BC] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.28/2/2007 - 15:44:44.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [200192]
[MD5.9C52229206D9D65C0B3F225ACC6B33E6] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.28/2/2007 - 15:53:44.) -- C:\WINDOWS\system32\Drivers\redbook.sys [61440]
[MD5.3A79E0BF1C622F798C6C9B00CB82463E] - (.Microsoft Corporation - SMB Transport driver.) (.28/2/2007 - 15:44:52.) -- C:\WINDOWS\system32\Drivers\smb.sys [59392]
[MD5.8975DD6DC3E860763375582076701A4F] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.22/8/2012 - 15:57:55.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [155648]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/4
~ Mes musiques (My Musics) : 1/7
~ Mes Favoris (My Favorites) : 1/35
~ Mes Documents (My Documents) : 2/21
~ Mon Bureau (My Desktop) : 1/8158
~ Menu demarrer (Programs) : 1/35
~ Hidden Files: Scanned in 00mn 08s

---\\ Processos lançados
[MD5.99738954CDFF4BBFEED59513195D5064] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe [449592] [PID.628]
[MD5.FC0BF82B3968F1D8CD13B3F721668193] - (.Trusteer Ltd. - RapportMgmtService.) -- C:\Arquivos de programas\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120] [PID.812]
[MD5.031DD8DBD4B958B5765C8C111CB1EA03] - (.AVG Technologies CZ, s.r.o. - AVG Cache Server.) -- C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe [1101152] [PID.1172]
[MD5.5654DB4719A3C52684A20C1CA443BF8F] - (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Service.) -- C:\Arquivos de programas\AVG\AVG9\avgrsx.exe [515424] [PID.1188]
[MD5.737A5253008BE7F12ACEDD6876F24B4B] - (.AVG Technologies CZ, s.r.o. - AVG Scanning Core Module - Server Part.) -- C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe [725344] [PID.1252]
[MD5.C4D15594DB5BE042D3346EA58DF87D89] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe [308136] [PID.1572]
[MD5.3C23AE0B05DF45CE256E94D6F5CEDF50] - (.AVG Technologies CZ, s.r.o. - AVG Alert Manager.) -- C:\Arquivos de programas\AVG\AVG9\avgam.exe [842592] [PID.1796]
[MD5.29D484B97EA0E4BD0AE85E23A7656021] - (.HP - HP Smart-Install Service.) -- C:\WINDOWS\system32\HPSIsvc.exe [100256] [PID.2100]
[MD5.B9436A665A8621073A12338B16D7BFD4] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe [182696] [PID.2180]
[MD5.20372BE109FEE1C37E2D5216680DB9EB] - (.pdfforge GmbH - PDF Architect Helper Service.) -- C:\Arquivos de programas\PDF Architect\HelperService.exe [1320496] [PID.2308]
[MD5.B90A279073A815A4AA2C45A09EE004FA] - (.pdfforge GmbH - PDF Architect Conversion Service.) -- C:\Arquivos de programas\PDF Architect\ConversionService.exe [799280] [PID.2428]
[MD5.E6FABB8286E34EF6A2E38E2518C8AD0D] - (.Hewlett-Packard Company - HP ProLiant System Shutdown Service.) -- C:\WINDOWS\system32\sysdown.exe [17960] [PID.2544]
[MD5.8425F465603DF09E885FB0569CFFA85F] - (...) -- C:\Arquivos de programas\FindRight\updateFindRight.exe [111392] [PID.2864] =>Hijacker.FindrToolbar
[MD5.539F7BB77BA706575B3DAFF575CAA4D0] - (...) -- C:\Arquivos de programas\FindRight\bin\utilFindRight.exe [111904] [PID.2976] =>Hijacker.FindrToolbar
[MD5.29FB6EF1EFB1357E2883FE297F1EBC31] - (.AVG Technologies CZ, s.r.o. - AVG Tray Monitor.) -- C:\Arquivos de programas\AVG\AVG9\avgtray.exe [2077536] [PID.4040]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [30040] [PID.220]
[MD5.D51F9443E97EE4546685591E8FC66646] - (.Hewlett-Packard Company - HP UT Driver.) -- C:\Arquivos de programas\HP\HP UT\bin\hppusg.exe [24576] [PID.272]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [254336] [PID.1068]
[MD5.01039FCB98D0A5CA88596DF7F0367570] - (.Audatex (Switzerland) GmbH, Zurich - No Comment.) -- C:\Audatex\AudaUpdate\AudaUpdt.exe [3271152] [PID.1848]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe [638816] [PID.1936]
[MD5.C23156C02307661F27ACDF4BCD7E89E9] - (.Microsoft Corporation - Windows® installer.) -- C:\WINDOWS\system32\msiexec.exe [78848] [PID.3224]
[MD5.42FEDBCB3ED926F6F529E0FDDF750BE0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8339968] [PID.444]
~ Processes Running: Scanned in 00mn 00s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_abn.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_cef.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 12 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 14 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: FindRight - {2c774641-5504-46a8-b63f-6715ae3fe376} . (.FindRight - FindRight.) -- C:\Arquivos de programas\FindRight\FindRightbho.dll =>Hijacker.FindrToolbar
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Banco Bradesco S.A. - scpsssh2 Module.) -- C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehAbn.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehuni.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s

---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Chave orfã
~ Toolbar: Scanned in 00mn 00s

---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [AllUsers]: Arruma.lnk . (.Audatex Brasil Serviços Ltda - No Comment.) -- C:\Audatex\Launcher.exe
O4 - GS\Desktop [AllUsers]: Comunicação.lnk . (.Audatex Brasil Serviços Ltda - No Comment.) -- C:\Audatex\Launcher.exe
O4 - GS\Desktop [AllUsers]: Fibra.lnk - Chave orfã
O4 - GS\Desktop [AllUsers]: Licença.lnk . (.Audatex Brasil Serviços Ltda - No Comment.) -- C:\Audatex\Launcher.exe
O4 - GS\Desktop [AllUsers]: Oracle VM VirtualBox.lnk . (.Oracle Corporation - Oracle VM VirtualBox Manager.) -- C:\Arquivos de programas\Oracle\VirtualBox\VirtualBox.exe
O4 - GS\Desktop [AllUsers]: Receptor.lnk . (.Audatex Brasil Serviços Ltda - No Comment.) -- C:\Audatex\Launcher.exe
O4 - GS\Desktop [AllUsers]: Sistema Audatex.lnk . (.Audatex Brasil Serviços Ltda - No Comment.) -- C:\Audatex\Launcher.exe
O4 - GS\Desktop [Administrador]: Atalho para CARROS EM SERVIÇO - HELTON.lnk . (...) -- \vistorias\SharedDocs\CARROS EM SERVIÇO - HELTON.xls (.not file.)
O4 - GS\Desktop [Administrador]: Atalho para Liberar.lnk . (.GDR SIGMA Tecnológia em Informática Ltda - No Comment.) -- C:\GDR\SIGMA\Programas\Liberar.exe
O4 - GS\Desktop [Administrador]: AudaUpdate.lnk . (.Audatex (Switzerland) GmbH, Zurich - No Comment.) -- C:\Audatex\AudaUpdate\AudaUpdt.exe
O4 - GS\Desktop [Administrador]: GDR SIGMA.lnk . (...) -- \Servidor1\GDR\SIGMA\Programas\Administracao.exe (.not file.)
O4 - GS\Desktop [Administrador]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
~ Global Startup: 18 Legitimates Filtered in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [AVG9_TRAY] . (.AVG Technologies CZ, s.r.o. - AVG Tray Monitor.) -- C:\Arquivos de programas\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [HPUsageTracking] . (.Hewlett-Packard Company - HP UT Driver.) -- C:\Arquivos de programas\HP\HP UT\bin\hppusg.exe
O4 - HKLM\..\Run: [AudaUpdate] c:\Audatex\AudaUpdate\AudaUpdate.exe (.not file.)
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [HPUsageTrackingLEDM] . (.Hewlett-Packard Company - HP UT LEDM Driver.) -- C:\Arquivos de programas\HP\HP UT LEDM\bin\hppusg.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Arquivos de programas\QuickTime\qttask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DWTRIG20.exe
O4 - HKLM\..\Run: [UserFaultCheck] Chave orfã
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AudatexAtu] Chave orfã
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] . (.Microsoft Corporation - Dll de ação de personalização do Programa d.) -- C:\WINDOWS\system32\tscupgrd.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] . (.Microsoft Corporation - Dll de ação de personalização do Programa d.) -- C:\WINDOWS\system32\tscupgrd.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] . (.Microsoft Corporation - Dll de ação de personalização do Programa d.) -- C:\WINDOWS\system32\tscupgrd.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] . (.Microsoft Corporation - Dll de ação de personalização do Programa d.) -- C:\WINDOWS\system32\tscupgrd.exe
O4 - HKUS\S-1-5-21-2122388327-1923504705-4077574955-500\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2122388327-1923504705-4077574955-500\..\Run: [AudatexAtu] Chave orfã
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} . (...) -- C:\Arquivos de programas\Hewlett-Packard\SmartPrint\smartprint.ico
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancoreal.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancosantander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\EscDomains\www] http.bradescopessoajuridica.com.br
O15 - Trusted Zone: [HKCU\...\EscDomains\www] http.bradescoseguranca.com.br
O15 - Trusted Zone: [HKCU\...\EscDomains\www] http.google-analytics.com
O15 - Trusted Zone: [HKCU\...\EscDomains\www] http.google.com
O15 - Trusted Zone: [HKCU\...\EscDomains\www] http.google.com.br
O15 - Trusted Zone: [HKCU\...\EscDomains\www] http.hp.com
O15 - Trusted Zone: [HKCU\...\EscDomains\www] http.hsbc.com.br
O15 - Trusted Zone: [HKCU\...\EscDomains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\EscDomains\www] http.itau.com.br
O15 - Trusted Zone: [HKCU\...\EscDomains] http.java.com
O15 - Trusted Zone: [HKCU\...\EscDomains\www] http.pcforum.com.br
O15 - Trusted Zone: [HKCU\...\EscDomains] *.santander.com.br
O15 - Trusted Zone: [HKCU\...\EscDomains\www] *.santander.com.br
O15 - Trusted Zone: [HKCU\...\EscDomains\www] *.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\EscDomains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\EscDomains\www] *.santandernetibe.com.br
O15 - Trusted Zone: [HKCU\...\EscDomains\www] *.secureweb.com.br
O15 - Trusted Zone: [HKCU\...\EscDomains\www] http.uol.com.br
O15 - Trusted Zone: [HKCU\...\EscDomains\www] http.youtube.com
~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3E107C4-70D6-4552-859F-E68A44BC9D8D}: NameServer = 8.8.8.8,10.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F3E107C4-70D6-4552-859F-E68A44BC9D8D}: DhcpNameServer = 201.75.168.15 201.75.168.16
O17 - HKLM\System\CS2\Services\Tcpip\..\{F3E107C4-70D6-4552-859F-E68A44BC9D8D}: NameServer = 8.8.8.8,10.0.0.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{F3E107C4-70D6-4552-859F-E68A44BC9D8D}: NameServer = 8.8.8.8,10.0.0.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginAbn . (.Banco Real - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: GbPluginUni . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehuni.dll
O20 - Winlogon Notify: avgrsstarter . (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Starter.) -- C:\WINDOWS\system32\avgrsstx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} . (.Banco Bradesco S.A. - scpIBLoad Module.) -- C:\Arquivos de programas\Scpad\scpLIB.dll
~ SSODL: 5 Legitimates Filtered in 00mn 00s

---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
O23 - Service: Update FindRight (Update FindRight) . (...) - C:\Arquivos de programas\FindRight\updateFindRight.exe =>Hijacker.FindrToolbar
O23 - Service: Util FindRight (Util FindRight) . (...) - C:\Arquivos de programas\FindRight\bin\utilFindRight.exe =>Hijacker.FindrToolbar
~ Services: 12 Legitimates Filtered in 00mn 02s

---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

---\\ Chaves de Gerenciamento Sessão (AppCertDlls,KnownDLLs) (O36)
O36 - KnownDLLs: (wow64) . (...) -- C:\WINDOWS\system32\wow64.dll
O36 - KnownDLLs: (wow64cpu) . (...) -- C:\WINDOWS\system32\wow64cpu.dll
O36 - KnownDLLs: (wow64win) . (...) -- C:\WINDOWS\system32\wow64win.dll
~ Keys: Scanned in 00mn 00s

---\\ Software instalados (042)
O42 - Logiciel: ActiveX Download Control Trial Version - (...) [HKLM] -- UFileDownloadD
O42 - Logiciel: Ask Toolbar - (.APN, LLC.) [HKLM] -- {4F524A2D-5637-4300-76A7-A758B70C0A03} =>Toolbar.Ask
O42 - Logiciel: AudaDirect 24.00 (Remove Only) - (...) [HKLM] -- {474107E0-32BE-48C6-87AF-E83EA64AC08F}
O42 - Logiciel: AudaPen/AudaStation v.25.00 (Remove Only) - (.Audatex.) [HKLM] -- {FE58DBD8-129B-11D7-8D51-005056CAD6CB}
O42 - Logiciel: Audatex - (.Audatex.) [HKLM] -- {A8B91365-3197-4F2F-8956-4731266027A2}
O42 - Logiciel: DLLs dos Sistemas - (...) [HKLM] -- DLLs dos Sistemas_is1
O42 - Logiciel: FindRight - (.FindRight.) [HKLM] -- FindRight =>Hijacker.FindrToolbar
O42 - Logiciel: GDR Sigma (C:\SIGMA\) - (...) [HKLM] -- ST6UNST #2
O42 - Logiciel: GDR Sigma - (...) [HKLM] -- ST6UNST #1
O42 - Logiciel: Guardião Banco Itaú - (...) [HKCU] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: Módulo Adicional de Segurança CAIXA - (...) [HKLM] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1
O42 - Logiciel: Módulo de Proteção Banco Santander 3.4.3.1 - (...) [HKLM] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1
~ Logic: 19 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\Audatex]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\FindRight] =>Hijacker.FindrToolbar
[HKCU\Software\GbAs]
[HKCU\Software\Scopus]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\Audatex]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Molicar3]
[HKLM\Software\Receptor]
[HKLM\Software\Universal]
~ Key Software: 443 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/4/2011 - 13:16:52 - [0,021] ----D C:\Arquivos de programas\cmak
O43 - CFD: 25/2/2014 - 15:59:14 - [1,203] ----D C:\Arquivos de programas\FindRight =>Hijacker.FindrToolbar
O43 - CFD: 11/4/2013 - 18:03:26 - [63,720] ----D C:\Arquivos de programas\MegaJogos
O43 - CFD: 28/6/2012 - 10:27:52 - [0,039] ----D C:\Arquivos de programas\Ponto4
O43 - CFD: 27/1/2014 - 09:02:35 - [1,245] --H-D C:\Arquivos de programas\Scpad
O43 - CFD: 28/7/2011 - 08:21:12 - [0,003] ----D C:\Arquivos de programas\SERIUS-FA
O43 - CFD: 13/4/2011 - 12:21:18 - [0,001] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 3/2/2012 - 08:39:53 - [0,544] ----D C:\Arquivos de programas\Arquivos comuns\Dao
O43 - CFD: 13/4/2011 - 12:20:28 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 9/1/2014 - 15:46:32 - [5,321] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Audatex
O43 - CFD: 14/1/2014 - 09:20:06 - [1,653] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Necomp
O43 - CFD: 25/2/2014 - 16:09:15 - [0,837] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Scpad
O43 - CFD: 28/7/2011 - 09:28:55 - [0,654] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\OdbcFb32
O43 - CFD: 13/4/2011 - 14:36:55 - [0,014] R---D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Acessórios
O43 - CFD: 17/10/2013 - 14:26:52 - [0,082] R---D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar
O43 - CFD: 27/4/2011 - 10:24:56 - [0,005] ----D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Sistema Audatex
~ Program Folder: 127 Legitimates Filtered in 00mn 17s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.C6EBC10EAE41DBCF0BCE9C354F8F4C83] - 12/2/2014 - 11:23:42 ---A- . (...) -- C:\WINDOWS\updspapi.log [54069]
O44 - LFC:[MD5.F570EBFC42698F3FFA6A3062735236C9] - 12/2/2014 - 11:23:51 ---A- . (...) -- C:\WINDOWS\imsins.BAK [3423]
O44 - LFC:[MD5.2865D6FDC65D65D5A64365BCF99915BE] - 24/2/2014 - 12:35:56 ---A- . (...) -- C:\WINDOWS\DtcInstall.log [701]
O44 - LFC:[MD5.6781911C72A1976182274D2FEF29C235] - 24/2/2014 - 12:36:16 ---A- . (...) -- C:\WINDOWS\uddisetup.log [264340]
O44 - LFC:[MD5.743CDB7EF4F0802D28311C0F46444856] - 24/2/2014 - 12:36:20 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [543802]
O44 - LFC:[MD5.666962FF94DCCA0DE6F81B54EB760945] - 24/2/2014 - 12:36:20 ---A- . (...) -- C:\WINDOWS\LicenOc.log [42140]
O44 - LFC:[MD5.9FBB20B446BB0AF7552FEB7DE5C813C8] - 24/2/2014 - 12:36:20 ---A- . (...) -- C:\WINDOWS\aspnetocm.log [74648]
O44 - LFC:[MD5.C30D2C1600DEB12EDB8BD203623F2429] - 24/2/2014 - 12:36:20 ---A- . (...) -- C:\WINDOWS\certocm.log [101147]
O44 - LFC:[MD5.393AD061AC14E3B0FDF430EBB13A1D6C] - 24/2/2014 - 12:36:20 ---A- . (...) -- C:\WINDOWS\comsetup.log [158015]
O44 - LFC:[MD5.A5B1BBC1C273A18A0CAAC79F230428AF] - 24/2/2014 - 12:36:20 ---A- . (...) -- C:\WINDOWS\iis6.log [551569]
O44 - LFC:[MD5.BDBBDA5C7991C2E7474783C61176FC3D] - 24/2/2014 - 12:36:20 ---A- . (...) -- C:\WINDOWS\imsins.log [10473]
O44 - LFC:[MD5.75632E0CF55B39887F68DB897EDB1847] - 24/2/2014 - 12:36:20 ---A- . (...) -- C:\WINDOWS\msmqinst.log [217018]
O44 - LFC:[MD5.E6CA548ABA3D2EDF6FE303AAD5380AED] - 24/2/2014 - 12:36:20 ---A- . (...) -- C:\WINDOWS\netfxocm.log [83835]
O44 - LFC:[MD5.A5E882DFA7F0C5898C28929C602018CF] - 24/2/2014 - 12:36:20 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [102193]
O44 - LFC:[MD5.07BCED3A7651993BB8D9CBB547C2BADA] - 24/2/2014 - 12:36:20 ---A- . (...) -- C:\WINDOWS\ocgen.log [387661]
O44 - LFC:[MD5.E995F0DAC16CB1B4E80A88CE4D846E6C] - 24/2/2014 - 12:36:20 ---A- . (...) -- C:\WINDOWS\pop3oc.log [26468]
O44 - LFC:[MD5.8D1D64B3214659FEC0227024034B9486] - 24/2/2014 - 12:36:20 ---A- . (...) -- C:\WINDOWS\tsoc.log [225570]
O44 - LFC:[MD5.B3C63AFC8434F3B5F1F00F5D953AEC93] - 24/2/2014 - 14:13:34 ---A- . (...) -- C:\WINDOWS\ie8_main.log [879]
O44 - LFC:[MD5.3D9EE442CDA918957EC836C72C64BCB3] - 24/2/2014 - 14:14:44 ---A- . (...) -- C:\WINDOWS\ie7_main.log [1121]
O44 - LFC:[MD5.415AB42609843D39BFFCC6C4FC724B02] - 24/2/2014 - 22:00:06 RSHA- . (...) -- C:\TCERID.SYS [23]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 25/2/2014 - 15:30:20 ---A- . (...) -- C:\WINDOWS\zoek-delete.exe [24064]
O44 - LFC:[MD5.7E4C7EE3ADDCD7277241A32C26040CDA] - 25/2/2014 - 16:01:03 ---A- . (...) -- C:\zoek-results.log [20154]
O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 25/2/2014 - 16:01:08 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\WINDOWS\system32\Drivers\gbpndisrd.sys [31088]
~ Files: 58 Legitimates Filtered in 00mn 08s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" [Enabled] .(.Software 2000 Limited.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.exe
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\xming\Xming.exe" [Enabled] .(.No owner.) -- C:\Arquivos de programas\xming\Xming.exe
O47 - AAKE:Key Export SP - "C:\Audatex\AudaUpdate\AudaUpdate.exe" [Enabled] .(...) -- C:\Audatex\AudaUpdate\AudaUpdate.exe (.not file.)
O47 - AAKE:Key Export SP - "E:\Portable's\xming\Xming.exe" [Enabled] .(...) -- E:\Portable's\xming\Xming.exe (.not file.)
~ Keys Export: 7 Legitimates Filtered in 00mn 00s

---\\ Controlo do Modo de Segurança (CSB) (49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\wd.sys . (...) -- C:\WINDOWS\system32\Drivers\wd.sys (.not file.)
~ CSB: 22 Legitimates Filtered in 00mn 00s

---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "disablecad"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=0
~ MWPS: 9 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "ShowSuperHidden"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.E87F31116298D4D4839E50FCE87B9F6F] - 22/11/2013 - 08:48:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\WINDOWS\system32\Drivers\gbpkm.sys [46392]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 25/2/2014 - 16:01:08 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\WINDOWS\system32\Drivers\gbpndisrd.sys [31088]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 28/2/2007 - 15:44:04 ----- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.D9F3B9310CF37BEA9AD4031BD977CEE4] - 28/2/2007 - 15:44:04 ----- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Function Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudio.sys [153600]
O58 - SDL:[MD5.0320FD91FB5ED4298355977CECFC0EB4] - 28/2/2007 - 15:44:42 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [20480]
O58 - SDL:[MD5.D550FDB78B4D96B5FAD540525EC7CEA3] - 29/9/2003 - 02:50:54 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58752]
O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 29/9/2003 - 02:49:52 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 29/9/2003 - 02:50:14 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.912150FE88E79AFEE0BB72216FAB2617] - 29/9/2003 - 02:51:12 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 29/9/2003 - 02:51:44 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 29/9/2003 - 02:51:44 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.19D4F0DAD3F393C13DE7F849ADE72EFE] - 29/9/2003 - 02:52:50 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 29/9/2003 - 02:52:50 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 29/9/2003 - 02:52:50 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 29/9/2003 - 02:52:50 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 29/9/2003 - 02:52:50 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.86BB7AF2533B342B8E274590AD2190FA] - 29/9/2003 - 02:52:52 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 29/9/2003 - 02:52:52 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 29/9/2003 - 02:52:52 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 29/9/2003 - 02:52:52 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 29/9/2003 - 02:52:52 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 9 Legitimates Filtered in 00mn 00s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 22/11/2013 - C:\WINDOWS\system32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 22/11/2013 - C:\Arquivos de programas\GbPlugin\gbpsv.exe (GbpSv) .(.GAS Tecnologia - G-Buster Browser Defense - Service.) - LEGACY_GBPSV
O64 - Services: CurCS - 24/2/2014 - C:\Arquivos de programas\FindRight\updateFindRight.exe (Update FindRight) .(...) - LEGACY_UPDATE_FINDRIGHT =>Hijacker.FindrToolbar
O64 - Services: CurCS - 25/2/2014 - C:\Arquivos de programas\FindRight\bin\utilFindRight.exe (Util FindRight) .(...) - LEGACY_UTIL_FINDRIGHT =>Hijacker.FindrToolbar
~ Legacy: 129 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.063DF6C8DAAD11E59E58F066C5486548] [SPRF][10/6/2013] (...) -- C:\Documents and Settings\Administrador\Dados de aplicativos\unins000.dat [14011]
[MD5.F64F0BCB7B1BF204E0C6008AC8094C60] [SPRF][25/11/2013] (...) -- C:\Documents and Settings\Administrador\Dados de aplicativos\unins001.dat [17003]
[MD5.FABA2B048E669CC793279C004D13CC68] [SPRF][13/12/2013] (...) -- C:\Documents and Settings\Administrador\Dados de aplicativos\unins002.dat [15133]
[MD5.5C83BAC99F44EA4CDC7AB65884496A87] [SPRF][12/12/2012] (.Audatex do Brasil - No Comment.) -- C:\Documents and Settings\Administrador\desktop\AudaLiberaComplemento.exe [45056]
[MD5.9E66D07BD346C1128BAE0582C731C146] [SPRF][25/2/2014] (...) -- C:\Documents and Settings\Administrador\desktop\zoek.exe [1284608]
[MD5.97DBD460DDCE07374BA12F84DD1AB235] [SPRF][27/6/2012] (...) -- C:\Arquivos de programas\unins000.dat [1075]
[MD5.BFF210EDE1F378176863B93208AA7F4B] [SPRF][27/6/2012] (.No owner - Setup/Uninstall.) -- C:\Arquivos de programas\unins000.exe [697376]
[MD5.6C033A1EC8317DFF6AC977BF75726BE6] [SPRF][26/4/2011] (.No owner - GbpDist Module.) -- C:\WINDOWS\Downloaded Program Files\gbpdist.dll [119288]
[MD5.29635D7FB62AF7492C57AE9493471E6E] [SPRF][26/4/2011] (.No owner - G-Buster Browser Defense - Service.) -- C:\WINDOWS\Downloaded Program Files\gbpsv.exe [57336]
~ Files: 12 Legitimates Filtered in 00mn 00s

---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "56319B8A7913F2F4986574136206722A" . (.Audatex.) -- C:\WINDOWS\Installer\{A8B91365-3197-4F2F-8956-4731266027A2}\ARPPRODUCTICON.exe
O90 - PUC: "D2A425F473650034677A7A857BC0A030" . (.Ask Toolbar.) -- C:\WINDOWS\Installer\{4F524A2D-5637-4300-76A7-A758B70C0A03}\ToolbarIcon.exe =>Toolbar.Ask
~ Update Products: 53 Legitimates Filtered in 00mn 00s

---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.7B9C00FE277556999F9E095C108D9D75] [WIS][21/2/2014] (.APN, LLC - Ask Toolbar.) -- C:\Windows\Installer\1566dca.msi [460288] =>Toolbar.Ask
[MD5.322D952A1058EB594BEDFE942039DFCA] [WIS][14/4/2011] (.MySQL AB - MySQL Connector/ODBC.) -- C:\Windows\Installer\1af179.msi [188928]
[MD5.8E70D4893DFB834B05782ED03BC1F6F3] [WIS][2/5/2013] (.pdfforge GmbH - PDF Architect Installer.) -- C:\Windows\Installer\5ff9c26b.msi [7331328]
~ WIS: 55 Legitimates Filtered in 00mn 08s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 25/2/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 11/4/2013 116648 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 11/4/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Auto 24/6/2009 136704 | (HP LaserJet Service) . (.HP.) - C:\Arquivos de programas\HP\HPLaserJetService\HPLaserJetService.exe
SS - | Demand 18/2/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/7/1658 0 | (Ponto4Online) . (...) - C:\Arquivos de programas\Ponto4\Ponto4OnlineServ.exe

SR - | Auto 13/4/2011 308136 | (avg9wd) . (.AVG Technologies CZ, s.r.o..) - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe
SR - | Auto 22/11/2013 449592 | (GbpSv) . (.GAS Tecnologia.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
SR - | Auto 26/9/2012 100256 | (HPSIService) . (.HP.) - C:\WINDOWS\system32\HPSIsvc.exe
SR - | Auto 25/2/2014 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SR - | Auto 8/4/2013 1320496 | (PDF Architect Helper Service) . (.pdfforge GmbH.) - C:\Arquivos de programas\PDF Architect\HelperService.exe
SR - | Auto 8/4/2013 799280 | (PDF Architect Service) . (.pdfforge GmbH.) - C:\Arquivos de programas\PDF Architect\ConversionService.exe
SR - | Auto 10/2/2014 1444120 | (RapportMgmtService) . (.Trusteer Ltd..) - C:\Arquivos de programas\Trusteer\Rapport\bin\RapportMgmtService.exe
SR - | Auto 1/2/2010 17960 | (sysdown) . (.Hewlett-Packard Company.) - C:\WINDOWS\system32\sysdown.exe
SR - | Auto 24/2/2014 111392 | (Update FindRight) . (...) - C:\Arquivos de programas\FindRight\updateFindRight.exe =>Hijacker.FindrToolbar
SR - | Auto 25/2/2014 111904 | (Util FindRight) . (...) - C:\Arquivos de programas\FindRight\bin\utilFindRight.exe =>Hijacker.FindrToolbar

~ Services: Scanned in 00mn 09s

---\\ Scâner Aditional (088)
Database Version : 13031 - (23/2/2014)
Clés trouvées (Keys found) : 6
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 6

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C774641-5504-46A8-B63F-6715AE3FE376}] =>Hijacker.FindrToolbar^
[HKLM\SYSTEM\CurrentControlSet\Services\Update FindRight] =>Hijacker.FindrToolbar^
[HKLM\SYSTEM\CurrentControlSet\Services\Util FindRight] =>Hijacker.FindrToolbar^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5637-4300-76A7-A758B70C0A03}] =>Toolbar.Ask^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\FindRight] =>Hijacker.FindrToolbar^
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
C:\Arquivos de programas\FindRight =>Hijacker.FindrToolbar^
C:\Arquivos de programas\FindRight\updateFindRight.exe =>Hijacker.FindrToolbar^
C:\Arquivos de programas\FindRight\bin\utilFindRight.exe =>Hijacker.FindrToolbar^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\FindRight] =>Hijacker.FindrToolbar^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
C:\Windows\Installer\1566dca.msi =>Toolbar.Ask^
~ Additionnel Scan: 212471 Items scanned in 00mn 14s

---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.FindrToolbar
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BrowseFox
~ MSI: 4 link(s) detected in 00mn 14s

~ 831 Legitimates filtered by white list
End of the scan (648 lines in 01mn 10s)(0)

por **Power Max** Ter 25 Fev 2014, 17:37

Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e envie estes arquivos destacados em azul abaixo para serem analisados (um de cada vez) e à medida em que cada um deles tiver sido analisado, copie o link que aparecerá na barra de endereços de seu navegador e poste estes links em sua próxima resposta juntamente com o log do ZHPFix:

C:\Audatex\AudaUpdate\AudaUpdt.exe
C:\Arquivos de programas\Ponto4\Ponto4OnlineServ.exe
___________________________________________________________________________________________________

Meu servidor não me permite acessar os sites dos bancos que trabalho.... 772309

Copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até SysRestore)
_____________________________________________________________________________________________________________

Meu servidor não me permite acessar os sites dos bancos que trabalho.... 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Abra o Zhpfix > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com os links das análises dos arquivos no Virus Total.

por Severino Ter 25 Fev 2014, 17:55

Power Max...

segue ai resultados:

Link do 1º arquivo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Link do 2º arquivo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Fiz todo o procedimento orientado... porém ao tentar acessar o zhpfix deu um erro, o que eu envio um arquivo de imagem em anexo para exemplificar...
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Dai não consegui prosseguir...
E agora?

por **Power Max** Ter 25 Fev 2014, 18:45

Quanto ao segundo arquivo creio que você enviou um outro arquivo diferente do que pedi, confira aí para você ver.
______________________

Quanto ao Zhpfix, salve aquele esquema que te passei em um arquivo do Word ou outro local qualquer. inicie o PC no modo seguro (apertando várias vezes a tecla F8 quando o computador estiver iniciando e escolhendo a opção de Modo Seguro (ou modo seguro com rede).

Quando o computador estiver no modo seguro tente refazer o procedimento e veja se dá certo.

por Severino Ter 25 Fev 2014, 19:26

Power Max....

seguem os 2 links novamente (eu verifiquei todos os arquivos lá no site e todos estão limpos) - Só não encontrei o arquivo (.exe )

- [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
- [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Segue imagem para constar que o arquivo .exe não exite no diretório:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Acessei o mode de segurança do windows e tentei acessar o ZHPFix porém o mesmo não rodou, nem em mode de segurança nem normalmente apresentando o mesmo erro *SrClient.dll* não foi encontrado.

Aguardo suas considerações.

Obrigado.

por **Power Max** Ter 25 Fev 2014, 20:34

Desculpa pela demora, é que estou no trabalho.

Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:
C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

Na sua próxima resposta poste este log do Nod32 Online e nos diga, por gentileza, como está o seu PC após seguir este procedimento. Ficamos no aguardo de sua resposta.

por Severino Qua 26 Fev 2014, 12:16

Power Max...

Segue abaixo o relatório conforme solicitado....

(meu micro ficou bem mais rápido, porém ainda não abre o acesso dos bancos, toda vez que tento acessar, aparece a mensagem que a página não pode ser exibida, simplesmente bloqueia....

Observei que quando acesso o site do itau.com.br aparece no menu de navegação quando trava o seguinte endereço: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Aparece o símbolo #

achei bem estranho.

Log abaixo:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f86602a7e7ca19468507b54070bf3186
# engine=17232
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-26 01:17:28
# local_time=2014-02-26 10:17:28 (-0300, Hora oficial do Brasil)
# country="Brazil"
# lang=1033
# osver=5.2.3790 NT Service Pack 2
# compatibility_mode=1029 16777213 100 69 162046 89789971 0 0
# scanned=106906
# found=22
# cleaned=22
# scan_time=4180
sh=0AB7E14045C76206A8733C6E4D36220A58C85A77 ft=1 fh=9f671b8e7a289dd3 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Arquivos de programas\AskPartnerNetwork\Toolbar\apnmcp.exe.vir"
sh=87308D8C57EB38DFEC4D327733CD72AD8B8F1979 ft=1 fh=cdfad42c0d85a394 vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Arquivos de programas\AskPartnerNetwork\Toolbar\APNSetup.exe.vir"
sh=B27AA1F8303815E20CE148744957CB3726BCDE96 ft=1 fh=e7bb97c341e31fcc vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Arquivos de programas\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir"
sh=0AB7E14045C76206A8733C6E4D36220A58C85A77 ft=1 fh=9f671b8e7a289dd3 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Arquivos de programas\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir"
sh=408E55A7D2D56C02EF844CA63C1EA8D440D1F8B2 ft=1 fh=cf5f3ba9cab9d1c3 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Arquivos de programas\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll.vir"
sh=EC5913DE16698FF281FE1F1108602BD300AFDA91 ft=1 fh=400322602d09beb6 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Arquivos de programas\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir"
sh=4E3A9EF57C71B5829AC8CD185CBED27AF6610C13 ft=1 fh=83a0e01ca2b69786 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Arquivos de programas\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\SO.dll.vir"
sh=698FB11D2C5D96C744D8602AD22309F10509063A ft=1 fh=c3312308a781a9fa vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Arquivos de programas\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll.vir"
sh=0111559B94F5572B6777EBE3E85CB9F9C94BC85B ft=1 fh=76e883fd9357c7a4 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Arquivos de programas\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe.vir"
sh=BB237CE0031AFF6ABD4E3626D7C6AE3D6ABEDB5A ft=1 fh=2522929e49563be6 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Arquivos de programas\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir"
sh=9C835C702D070F54C59E36FED31696261FEBFDA3 ft=1 fh=29643e02259e76bc vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Arquivos de programas\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll.vir"
sh=B27AA1F8303815E20CE148744957CB3726BCDE96 ft=1 fh=e7bb97c341e31fcc vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Arquivos de programas\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir"
sh=6CDE6B1DD298CA47510EB79334AE149F60FEFFCE ft=1 fh=0241d1e8e3e9ed03 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Arquivos de programas\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll.vir"
sh=84987AF48F5107F84A12BB7418C0A7A2106906B0 ft=1 fh=6e62188c597b6ea7 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Arquivos de programas\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll.vir"
sh=75A9BFE798ADFBFDFA8E0155A242E69ACD396E53 ft=1 fh=7e8b040c1a60dd55 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Arquivos de programas\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\VNT\vntldr.exe.vir"
sh=382093FECF4DB9496CD333F1D321CC426775DF17 ft=1 fh=10ea7a5903cf8511 vn="Win32/BrowseFox.E potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Arquivos de programas\FindRight\FindRightBHO.dll"
sh=76B96700213A6BC923BFEF5B0C02BACDC0FC7C23 ft=1 fh=2a980fe90fb2bade vn="Win32/BrowseFox.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Arquivos de programas\FindRight\FindRightUninstall.exe"
sh=24D76DB453B44EE36E502EE11712410ACA7EC972 ft=1 fh=cfac81e6bdc9a609 vn="a variant of Win32/BrowseFox.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Arquivos de programas\FindRight\updateFindRight.exe"
sh=24D76DB453B44EE36E502EE11712410ACA7EC972 ft=1 fh=cfac81e6bdc9a609 vn="a variant of Win32/BrowseFox.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Arquivos de programas\FindRight\bin\utilFindRight.exe"
sh=05E36B7D05AAE10A1F17943FDEA4CB9701A96F39 ft=1 fh=aefd6bdc6a86583f vn="Win32/BrowseFox.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\3CIHV61F\Setup[1].exe"
sh=2EE2AE821DC346081D834E11FEC82ECCCAEFBA29 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\0cwz080n.default\extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi"
sh=58EF470CB4821B46F9C4344A7C06BDAA4D2139F8 ft=1 fh=c71c00116af21664 vn="a variant of Win32/InstallCore.IO potentially unwanted application (deleted - quarantined)" ac=C fn="C:\RECYCLER\S-1-5-21-2122388327-1923504705-4077574955-500\Dc10.exe"

por **Power Max** Qua 26 Fev 2014, 12:36

O problema deste sistema operacional do Windows Server é que poucas ferramentas de remoção de vírus são compatíveis. Eu iria te recomendar uma muito boa para este caso, mas ela não é compatível.

Meu servidor não me permite acessar os sites dos bancos que trabalho.... 772309

Siga, por gentileza, as dicas do tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log do Dr. Web CureIt.

Ficamos no aguardo.

por Severino Qua 26 Fev 2014, 16:06

Power Max...

Fiz o procedimento que você orientou....

Eu fiz um teste aqui na minha empresa:
Antes eu tinha a internet da NET que era IP dinâmico, agora é da VIVI FIBRA que tem o IP fixo, na época da NET nunca tive problemas com site de banco algum, porém agora com a VIVO FIBRA comecei a ter.
Observei que ao acessar os sites dos bancos de qualquer computador da minha empresa, nenhum consegue acessar. Todos são bloqueados, porém do meu 3G acessa normalmente....

Será que devido aos virus que foram encontrados nesta minha máquina (e os que estão na rede) por tentarem acessar o banco inúmeras vezes o site de segurança do banco não bloqueou o meu IP? Talvez por meu computador enviar várias solicitações ao site do banco, o BANCO bloqueou o meu IP. Talvez eu devesse ligar na VIVO e pedir para eles trocarem meu IP. Será que pode ser isso?

O que você acha?

segue abaixo o resultado do LOG:

=============================================================================
Dr.Web Scanner SE for Windows v9.0.5.01160
(c) Doctor Web, Ltd., 1992-2013
Scan session started 2014/02/26 14:39:09
Module location : c:\documents and settings\administrador\configurações locais\temp\36C14E5E-BF4E00B4-C21E8272-32D939C4\
=============================================================================
OPTION [Automatic Apply Actions] NO
OPTION [Turn Off Computer After Scan] NO
OPTION [Use Sound Alerts] NO
OPTION [Block Network] NO
OPTION [Protect Process] NO
OPTION [Protect Raw Disk] NO
Using language: "English"
Available instances: 12
Instances used: 12
Platform: Windows Server 2003 Standard x86 (Build 3790), Service Pack 2
API Version: 2.2
Scanning Engine version: 9.0.8.2070
Virus Finding Engine version: 7.0.7.12100
Total 164 virus bases are loaded from c:\documents and settings\administrador\configurações locais\temp\36C14E5E-BF4E00B4-C21E8272-32D939C4
h0crft9r 7.0 44484344ce36aabdd9a089fde08bdda9d35b4229 2014/02/26 07:10:22 4432 records - OK
gdc4jkt0 7.0 d07fc5cc240588c772457e7df580f3cec20d9222 2011/07/25 11:20:03 2 records - OK
4sflui75 7.0 fce033488c94bdcbc3ed9ecf512a068a26b50442 2014/02/25 16:03:13 5063 records - OK
89pezgr5 7.0 ec1a9ea7dcfd8a5fbac623a06df46c8b9b404008 2014/02/24 00:06:08 20659 records - OK
z1g3s4gp 7.0 d9af357680a3a8e4972488588daa2093ad4e925b 2014/02/17 00:07:02 12119 records - OK
effx66od 7.0 8096cc58eae678b74939277d4d6e3b1f7a498c54 2014/02/10 01:06:00 21955 records - OK
reqyqzog 7.0 d2759d80da4df855cc56a1c3e14dc29721af2eb5 2014/02/03 01:11:13 21349 records - OK
745nxtfg 7.0 3d19003910067f044af4e5fee3ca6ba49b1e0dff 2014/01/27 01:08:07 11704 records - OK
fie9elps 7.0 9ec552f68211aadc7667cb8fbdeedee84e2ccaf4 2014/01/20 01:10:10 19301 records - OK
ahbkkld1 7.0 141e9b07b61877285ee8d35a4ca0a552be38d299 2014/01/13 01:07:28 15935 records - OK
ihu0k5si 7.0 e4963e7b03c06feda00ae36a7942659c0737c1bd 2014/01/06 01:07:22 12941 records - OK
loc6txin 7.0 c3164a886736d726e2441cad3a4de6f0b0e3219b 2013/12/30 01:07:50 18147 records - OK
x1w19xi1 7.0 1b3a9eb9e843e310051345db539364f71dcdce26 2013/12/23 01:07:36 24291 records - OK
215bkajv 7.0 3c6be998bcbacb19a30e4fd27fe02bb8d9401191 2013/12/16 01:08:17 22670 records - OK
3cupt4fa 7.0 17c7a62a967080ce25e28d47e4cf1035e145ddc1 2013/12/09 01:09:54 21015 records - OK
orma7fhz 7.0 6dbc5b701b6ffb1a8bc80c52f3454314e6d82273 2013/12/02 01:09:01 20471 records - OK
l12rnkkk 7.0 95e77d6bd2c5f5feabdd074d49272f3988737aac 2013/11/25 01:06:55 18641 records - OK
tpcqo2ef 7.0 8e677cc8b19dc0ad82c4b71202c0acd9e2e25827 2013/11/18 01:08:42 32245 records - OK
lf63lwob 7.0 bc2662842e39ed5dc010a39140fd82d7ad1b6006 2013/11/11 01:09:43 33084 records - OK
top0u0w3 7.0 8900859cec3affe1e5bbb086bdb2299d125acf7c 2013/11/04 01:09:28 30356 records - OK
spprefpa 7.0 0e9ca4f15f289ae826d213e6a1d672470a127b51 2013/10/28 01:09:43 18457 records - OK
f6xuaefg 7.0 eba0efa3e9d70063908fb5e41a704579c255ea33 2013/10/21 01:09:49 19594 records - OK
ghm6rxqv 7.0 0f5e49d3e5b4c931d1f2de5e7b3551b3290cae26 2013/10/14 00:07:20 22924 records - OK
59twqczo 7.0 11c09a3ae7c80058711dd699aeb1ca4f5ba0f5a5 2013/10/07 00:07:56 24694 records - OK
q7gmd8fv 7.0 27f46d939a14e1a0605b9762db1de5a2aca20a58 2013/09/30 00:08:23 24253 records - OK
reryhqge 7.0 e679853ff1af1082b1982cf226785128a26e1099 2013/09/23 00:07:56 18453 records - OK
o40fcwrd 7.0 690d8b937e4edb8176c3d466585662a6014e3d0e 2013/09/16 00:08:41 19662 records - OK
938ip6em 7.0 cf5d32d1091e0c33523e8c6f9697c32ef2bf4f29 2013/09/09 00:07:53 11289 records - OK
2uku7b0u 7.0 8f8258337f82d1dd4434e9b71f2e481f06baf7c2 2013/09/02 00:08:50 16486 records - OK
yqonex5e 7.0 f806ed4628669b46da54d1f2eb12aa9bcef603a6 2013/08/26 00:08:46 18051 records - OK
m22oxorn 7.0 b453f2d6f8659d9dd5b9aa92f2a4cfa16cbfa1db 2013/08/19 00:07:38 30970 records - OK
m14mfmc6 7.0 99da1df207839fb44ae24c23590c827a78b79624 2013/08/12 00:07:21 36983 records - OK
1a6v4slj 7.0 f00c8b50a0012e8c42c6739e1326d23df1894610 2013/08/05 00:06:47 34115 records - OK
x41h8exf 7.0 896fcf8d5d0cd958da3891b65648d2dc1592338b 2013/07/29 00:07:44 19463 records - OK
vl2lig7u 7.0 d690513befab3ea86af2fe671a7f24cc05c9feaa 2013/07/22 00:08:15 35067 records - OK
7sa802xj 7.0 5d7d11b0edc97be077b0771339ba3dc0c75de9e0 2013/07/15 00:08:05 29822 records - OK
qrep4l6i 7.0 67683402b8212ef4da87f649878865c52e5dc113 2013/07/08 00:08:35 39172 records - OK
ran3aq4q 7.0 613a3e4bae38b4e00a7432c24a9cd916fb1c654f 2013/07/01 00:06:34 24654 records - OK
bx5j9h7v 7.0 b81132c4abffd4d2949531a1219b6bb1c3bad6f7 2013/06/24 00:06:30 14062 records - OK
tqxcbd10 7.0 9aab251475626c658b193cfa2b5f91da471bf8f2 2013/06/17 00:05:57 13350 records - OK
7xzpqv8y 7.0 e1f8aca88745fcdd49dc7ae75e142c41e1faf178 2013/06/10 00:08:13 26371 records - OK
dm6fy7cl 7.0 4e8627555a073f6bad5218bad3e69ebc4b93069f 2013/06/03 00:07:47 25525 records - OK
c1y927o4 7.0 f562371c5115143824efde38c9567c34ccbe5d1a 2013/05/27 00:16:19 33200 records - OK
7u2n4xi5 7.0 eccb30ec8ed44456f9b88fe96d9fe0de40e4fa51 2013/05/20 00:11:05 46384 records - OK
fyp6kb9f 7.0 9b481fbfbe1f564a84f21552da1d30d24e7b01db 2013/05/13 00:07:01 34270 records - OK
d36s8ahy 7.0 1bf754dd720727b5d6803e081c16ff7f4ba7b40b 2013/05/06 00:08:46 41611 records - OK
8xklkfbt 7.0 4e883c92513c2d991968fb3e4f27910a63d9a2df 2013/04/29 00:06:36 36105 records - OK
27btl28w 7.0 b047d178295ecde53c3cf1c34e4361004569fa33 2013/04/22 00:07:26 31319 records - OK
9ltp41p9 7.0 9207e55a924e4aa989dfde4d8d219cf5cc200ce2 2013/04/15 00:07:56 28216 records - OK
4lonmkj1 7.0 78855cfb9fbc063889c5405a577fe73188f08789 2013/04/08 00:05:35 23589 records - OK
v1qxqjq3 7.0 cec6d34c79d50608520e81b90a23d91f39df0b27 2013/04/01 00:07:37 26946 records - OK
h84cydzj 7.0 fd3c78d78ea4dae4e252a7f7d76db22e1a679be9 2013/03/25 00:05:37 34778 records - OK
lg5wxmay 7.0 268e71b1123ab5e60fd2f38d269fe5f3d22b3697 2013/03/18 00:06:19 11271 records - OK
e85btbcj 7.0 d196879775b0dc0ee8286f2e4def9adedb5b88df 2013/03/11 00:05:36 12046 records - OK
oalv72cu 7.0 0db61d4e3235481da8493523538ced712db362c2 2013/03/04 00:05:18 21747 records - OK
4oglrjxv 7.0 65f99faf227b51883c9f1c854a3f76806b60affb 2013/02/25 00:06:28 11540 records - OK
nt1n2gr1 7.0 17bd7383b9c4b214c5c9029171db8ae1455984a0 2013/02/18 00:06:38 15568 records - OK
bnligppr 7.0 cbe8774953ae403e49370d552b522a5839aa9fdb 2013/02/11 01:06:00 18805 records - OK
enzvwqcs 7.0 fb6865c02a3680338e4ee0603579107227313b2b 2013/02/04 01:06:01 32488 records - OK
iq9xeuml 7.0 95fcd2e24cd9b2ec2610656ffa70b8bf46e86a8b 2013/01/28 01:04:52 15470 records - OK
84erf13o 7.0 3d710b3dd4580a7eca8c74d2c886d48f5b8b5172 2013/01/21 01:06:27 30093 records - OK
7xtsoksh 7.0 bddde0b5426b7e5bebd61e1239ca529c87ae6e36 2013/01/14 01:04:41 16158 records - OK
gxo58xul 7.0 bc40bd9330301e8d7796f489d03357fb711b3121 2013/01/07 01:04:45 19597 records - OK
un0agbv5 7.0 805b6089c867549c75f843eac96b759c3f8d101f 2012/12/31 01:05:41 18184 records - OK
1v2mc96i 7.0 c680da06ac6ec011d130e7ac765e33da89e2820a 2012/12/24 01:05:33 29945 records - OK
p4e2n2ch 7.0 33def496782eb5b7b1cc93fdb036a1b62fa6a2fd 2012/12/17 01:06:21 25519 records - OK
qqgxbacl 7.0 422abae03c588822f412aa9aae50578a1d61737e 2012/12/10 01:05:04 20358 records - OK
46c5hoxd 7.0 a4f0d0ecad4fb6e0afdb1925f4e0b7863b9d03fa 2012/12/03 01:06:19 20133 records - OK
00mlkx25 7.0 86daa918ee3de1e4c1e5dea6f9b5f63544cf8814 2012/11/26 01:05:22 27311 records - OK
eszhlgkm 7.0 6556881c748e1f894eb9c7943ebae67017e1aec2 2012/11/19 01:06:09 29434 records - OK
ozvl53q0 7.0 559141ef34f9e6226bb58560e9b52e4cc5165150 2012/11/12 01:06:22 26900 records - OK
izssxujl 7.0 cc55013e63ff89319ec772e34d77056c7108cd3b 2012/11/05 01:05:22 25164 records - OK
qx31eht2 7.0 f477dc247d9b562bb64fd4f46a7dcbdf7124eb60 2012/10/29 01:06:37 30226 records - OK
ft08i8ey 7.0 abaf5f7fda7308fcf7573b193bbf2116723e9802 2012/10/22 01:04:37 16441 records - OK
w9xccr4o 7.0 5adc85528fb49e201d4bc61eca580d6839cc4a4c 2012/10/15 00:05:04 26289 records - OK
te0afqtf 7.0 da8cf3fbd81206bb3d8103347a439f920a74bbe2 2012/10/08 00:05:51 27278 records - OK
6tod9ic6 7.0 5988744d3cb357f1a013427d466e2d79ab5f8907 2012/10/01 00:05:11 17444 records - OK
6xv69xfu 7.0 d4a0dabf4a4df0f79805c6ccdc025f796765e786 2012/09/24 00:06:30 21205 records - OK
o4xacns2 7.0 82ed005784d9e258213070a0cd8bfceff345018d 2012/09/17 00:05:43 11686 records - OK
64rq64rj 7.0 a95ae63004b8d857c2db055f4e47c15bfc97f626 2012/09/10 00:04:34 12677 records - OK
xkoip6lw 7.0 c39bf233d25242ae9ed8cf204b9b788c8f45ab79 2012/09/03 00:05:28 10118 records - OK
j11au35s 7.0 d37b5484b009947b7cdd3837dafe8148615401c2 2012/08/27 00:05:26 12602 records - OK
yx7ibiea 7.0 41bf1347794ab7060dec7aaecc1d1d95cf6fecb5 2012/08/20 00:04:05 18298 records - OK
n3as4u2y 7.0 1a997511e5892aaeb69b3db70e06676af36382e3 2012/08/13 00:05:19 17126 records - OK
vc6hqnkd 7.0 f7226c59914e3683e538e668c3b664af3232654d 2012/08/06 00:03:53 20539 records - OK
zuo24ad3 7.0 4035c8d3b617bf935a317a8c57efaa8e835a61f4 2012/07/30 00:05:26 19330 records - OK
hjv9ncbv 7.0 09b55bc000f184ed426f1d8b9665669346fe5e71 2012/07/23 00:05:34 19692 records - OK
2mrpeoso 7.0 f746c097f298e94faa9db94e6f64ef9fd4a7b010 2012/07/16 00:05:43 14727 records - OK
3v9wdt9a 7.0 792a6a25a17e764390440cd4c2c6ca5a97ab162f 2012/07/09 00:04:33 19485 records - OK
a8jivty0 7.0 ca9905c39e3d93428a4db65a192debe9fbd7acf7 2012/07/02 00:04:55 22898 records - OK
e0p6os13 7.0 dc29c610b866c66ba5327e7830452b2460149a35 2012/06/25 00:05:17 20551 records - OK
18o4ce82 7.0 c28739bea153508d12942ac9a61abd475d0a0404 2012/06/18 00:03:35 9661 records - OK
eu9lqe3f 7.0 e5b5835a7c512120c5348e31483a4caa2a845d28 2012/06/11 00:04:32 23632 records - OK
o0cyjsly 7.0 61853ce89026ef0ebbd80174f1b7dd5d25bbc63a 2012/06/04 00:04:41 12423 records - OK
2zlq8de0 7.0 4e6c9897e153b47ca97b7da48ceed23e555a7761 2012/05/28 00:04:26 15493 records - OK
l5wqic4o 7.0 35f4c105cecd8ec1fd01714abebf30f8f3efb96e 2012/05/21 00:03:29 13065 records - OK
kstf6ad4 7.0 3522aa84677411aa7d67796bb05ea3ab62f02a71 2012/05/14 00:04:24 16238 records - OK
09120tq0 7.0 7597333540eda537bd42c0a17d4a6526ad247a2e 2012/05/07 00:04:33 11570 records - OK
x6t92key 7.0 867814380363bc6ad605acf4b96e02c54dbd60f7 2012/04/30 00:03:28 15478 records - OK
2f246sbb 7.0 3c04f402d91a19039cb9c223c435dc4ea1bb3da4 2012/04/23 00:05:05 11881 records - OK
ud1j7al4 7.0 8d0220a2a50b367e61a51d3b29c2659cde41bb7f 2012/04/16 00:03:29 13578 records - OK
63g6fw6x 7.0 b79dc6f5832ad390108d1880694ec538e8b34bb0 2012/04/09 00:05:02 14292 records - OK
397hzw92 7.0 8ff7cc095c43c2154275b7a54a89bf365e8daf4a 2012/04/02 00:03:24 14084 records - OK
lzvavyl6 7.0 9502a428b32be4ad08556134e271c9ba03195398 2012/03/26 00:04:43 19126 records - OK
qhy5vlu4 7.0 28c2fabbc645aff41baac12b911a8499ea163536 2012/03/19 00:03:23 14920 records - OK
6xsq9iiy 7.0 86de597ff06e58206f94263f2eef33cb41b2530c 2012/03/12 00:03:25 19017 records - OK
gz73fis2 7.0 5bd1d666e7c9ca70c34e591dc6c55314ce4b11af 2012/03/05 00:04:32 19691 records - OK
fw9v3po2 7.0 15a9d10c451d2fcf124700f29f557d9bf338e671 2012/02/27 00:03:21 23605 records - OK
so7bm43t 7.0 5647d941e5358105ca6558dce78873f06c48d5dc 2012/02/20 00:03:45 19067 records - OK
n1do9m7v 7.0 c9b2600cb665ce34e0ccd0f19e0a88cd44437f51 2012/02/13 01:04:49 19019 records - OK
0fp8e3xi 7.0 9df2e129e78a9d9ab491186da1329c1dd1190e17 2012/02/06 01:05:25 28028 records - OK
zab9i2nv 7.0 b69b9504a51b8777b8e95a4680dc8ac1d8d8c25d 2012/01/30 01:08:41 29444 records - OK
1986625e 7.0 3d7431bdee1a22d6329e017f348db7760f2645ac 2012/01/23 06:22:13 19353 records - OK
3fph5ler 7.0 e04570f78fb00d758abdf77c534a460980e102c0 2012/01/16 01:12:31 20747 records - OK
vgg9ioa0 7.0 2de2479b112c4416e2375343f57ca789b042aecc 2012/01/09 01:04:30 28052 records - OK
vze2x5rh 7.0 c4bd9612ff1f71d8bd23b4f1bc114eed1ae2ee6b 2012/01/02 01:04:40 12183 records - OK
du0ueebq 7.0 28b1d218ade8f05fdc8550c7456ac3b74f705208 2011/12/26 01:03:33 19984 records - OK
wxfy9v1q 7.0 539e41e8f3d97a6f347600c7cef903d9f34e0518 2011/12/19 01:08:45 22627 records - OK
zkh7vvlk 7.0 f8e81968965f555bce0d02fc9933fee840b97aaf 2011/12/12 18:20:22 49580 records - OK
vghzzfua 7.0 14751e0f442bba3efc08ee12d82a2815c61cfeb6 2011/12/04 06:00:00 45195 records - OK
l7l678z3 7.0 1a1e6cb9b3096a2cbba2c31d05e11914c0357d52 2011/12/04 05:00:00 165532 records - OK
h5vvut6j 7.0 0f948a7d416c556bfc8a8be2c2c39f998fee6d9e 2011/12/04 04:00:00 170820 records - OK
q9ljfdy5 7.0 9357c3cc73a4a374346a678f197daa22496c7ae5 2011/12/04 03:00:00 171279 records - OK
qnckhyqv 7.0 ae56b06b3d6f1e13c5f10cce4ed68f2cccbf3298 2011/12/04 02:00:00 170253 records - OK
ush1a4bu 7.0 fdaab5c1079d02c94f20d07c39d638cad79d8771 2011/12/04 01:00:00 170291 records - OK
ub58wjts 7.0 b59d8841e65d7670b2aae7f2b65734269f6c4fe3 2011/12/04 00:00:00 170501 records - OK
z7k8rz9o 7.0 3946b1d195434cf7a70d144da71c87559475c58f 2011/12/03 23:00:00 353582 records - OK
lg0kdbb6 7.0 8df4695f74ea5949551df6044720694e204b13d7 2011/12/03 22:00:00 852776 records - OK
uhp41la2 7.0 c2c3a107f5d6687f3b0d7ccd0434dfc0e731f30f 2014/02/26 07:10:48 1377 records - OK
xtiwv5js 7.0 ce3100ec091fcc4cfffed117a4f62fb0bd553113 2013/11/25 01:15:53 1683 records - OK
ir6czkqq 7.0 6ede5b37423910c2f3ffff6d90fef6a16e565e5e 2013/09/02 00:14:42 1327 records - OK
h0w52k7m 7.0 c1d53c2aef72dfab36a8045897938e7a31f279ac 2013/07/15 00:15:07 1590 records - OK
t7vfnpzs 7.0 0cb77ee7a3e6545553585eb6df267a86d4fecbe4 2013/04/22 00:14:29 1680 records - OK
2wxs7bmp 7.0 6cb68b8fab821702ef054f864ff44917414e50fa 2013/02/04 01:13:43 2078 records - OK
5mf4noni 7.0 cfbe9cf43615f7856e4c35f0fc02e2baf12e39e7 2012/12/17 01:14:14 1725 records - OK
dklldwh0 7.0 047694e79b1a8d295f27ea9c6565062404f84a57 2012/11/12 01:12:52 2050 records - OK
xatu4b4q 7.0 f3413603f4ee1c88018a78c1f6faf2abeb8fa8c1 2012/09/24 00:13:14 1456 records - OK
1qxtssqw 7.0 8871f579eeb7e5e7b70c6dd898afd27391d7daf4 2012/06/25 00:12:36 1421 records - OK
bp3csk2f 7.0 3ee43130fe7fec4b367a791892a444d0a791b29b 2012/03/26 00:12:30 1385 records - OK
vd04qerm 7.0 fddc5d687537580c7166dbf117d591593bc62261 2012/01/23 02:56:09 1653 records - OK
ey6dvfsi 7.0 d1a16d98b6ed87ba29079cd3796fabfd1c5d08b5 2014/02/26 07:10:40 139 records - OK
lk4ntaf4 7.0 2c7af9317ddc3df65fb41d24594a97580a7e0368 2014/02/24 00:25:04 2844 records - OK
tumpc07f 7.0 79ee97945d406605f5330158ea8367948c6377de 2013/12/23 01:25:01 2352 records - OK
4eciyu7y 7.0 4ed4e052d8cc2df4eb5f1916da50e16da9e4e3da 2013/10/21 01:25:47 2062 records - OK
p40fog25 7.0 cc2fc58477a41d340f63e6d3d228133c927a9810 2013/09/16 00:25:22 3440 records - OK
0gjnzsxv 7.0 63ff62f7b5aa956912f6c29e7ad7be26569416ff 2013/08/19 00:25:05 1485 records - OK
spzjk482 7.0 d95d1ab4adf9a869001802f64960356e903dd478 2013/07/22 00:24:06 2214 records - OK
0716h3ar 7.0 45cdfad530697916adbfea43a8763a4ab0c95beb 2013/05/20 00:24:48 1426 records - OK
vujucj4f 7.0 bd9fd948b79e07c8676018e17a43ee81f5335e36 2013/04/22 00:24:10 1641 records - OK
p5ema6we 7.0 c7f70566b9bae9fd3f5a8d0b56d961f890a55508 2013/03/18 00:23:44 1742 records - OK
0bfmhz63 7.0 8893c0d254eb40c78b5c78ea17fbc3be60ea6304 2013/01/21 01:24:33 2016 records - OK
qyxar5gd 7.0 cdf3a9d2dcab57f90c378d9eefacbfd358a42699 2012/12/10 01:23:23 1620 records - OK
79rm43zv 7.0 c0726ba000e840272f0810b89051e6daa8799084 2012/11/05 01:23:16 1658 records - OK
7y6flhye 7.0 216611859de0125bf130d6324d43c9115cb05def 2012/10/08 00:23:20 1465 records - OK
tofg7udv 7.0 264c14ad60c4423ec292f5f8b182e4448504dfa9 2012/09/10 00:23:14 1588 records - OK
757k9idi 7.0 33197bfe9efefa9db33725d240757103c625b601 2012/07/23 00:22:36 1702 records - OK
esd2i6uo 7.0 74d8e114edb84b95bc09d5a2a36191d15a61e2cb 2012/06/11 00:22:36 1659 records - OK
mmdy2dmh 7.0 79ca8239f310688d2b9c314fa3d738a34985cce3 2012/04/30 00:22:34 1670 records - OK
9p41pznx 7.0 aac27e986e3731e5260cb76f5b14558e36660dec 2012/03/12 00:22:28 1729 records - OK
ofx5x33w 7.0 fa5c96b8be693a20c2a295e3545419e6f117fdc4 2012/01/30 01:23:00 1523 records - OK
raijk2vg 7.0 e9b21e0a3578ef2e2067f4876309671ddc78f65f 2011/12/19 01:22:29 1805 records - OK
g95z8723 7.0 8f7a8f6f55130f6becc5331ab38dc2108746b8aa 2011/12/03 21:00:00 26456 records - OK
p2a1k63h 7.0 e6d52b11d2f7d405ccd31347da3b6fde69825168 2011/12/03 20:00:00 74279 records - OK
krxt716d 7.0 e20ffde4bbc58e0585b0b3b2f324bc91272c2360 2011/12/03 19:00:00 1 record - OK
Total records count: 4976566

Anti-rootkit module version ( ver: 9.0.201402040, api: 6.10 )

Using c:\documents and settings\administrador\configurações locais\temp\36C14E5E-BF4E00B4-C21E8272-32D939C4\ye8ndhe8.key as Dr.Web (R) Key file
This Dr.Web (R) Key is for 1 computer (A User)
-----------------------------------------------------------------------------
Start scanning
-----------------------------------------------------------------------------
Command line used:-rpcep:\pipe\8F8B03588088 -rpcpr:np

Object(s) to scan:
- Scan processes in memory
- Scan boot sectors
- Scanning for rootkits
- C:\Audatex.Log
- C:\AUTOEXEC.BAT
- C:\boot.ini
- C:\bootfont.bin
- C:\CONFIG.SYS
- C:\Documents
- C:\inst.cfg
- C:\IO.SYS
- C:\MecanicabdmdbBK20110706_120249.zip
- C:\MecanicabdmdbBK20110706_120425.zip
- C:\MecanicabdmdbBK20110712_115047.zip
- C:\MSDOS.SYS
- C:\msvcp71.dll
- C:\NTDETECT.COM
- C:\ntldr
- C:\P1005.log
- C:\pagefile.sys
- C:\Parametros.Log
- C:\PatchTrans.exe
- C:\smh_installer.log
- C:\StpAudaDirect3.33_c.eXe
- C:\TCERID.SYS
- C:\UNWISE.EXE
- C:\zoek-results.log
- C:\WINDOWS\system32\
- C:\Documents and Settings\Administrador\Meus documentos\
- C:\WINDOWS\TEMP\
- C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\

Computer\Motherboard\SYSTEM BIOS - Ok
C:\WINDOWS\system32\drivers\etc\hosts - probably infected with DFH:HOSTS.corrupted
C:\WINDOWS\system32\drivers\etc\hosts - infected
c:\windows\system32\ntkrnlpa.exe - Ok
c:\windows\system32\hal.dll - Ok
c:\windows\system32\kdcom.dll - Ok
c:\windows\system32\bootvid.dll - Ok
c:\windows\system32\drivers\acpi.sys - Ok
c:\windows\system32\drivers\wmilib.sys - Ok
c:\windows\system32\drivers\pci.sys - Ok
c:\windows\system32\drivers\isapnp.sys - Ok
>c:\windows\system32\drivers\pciide.sys - packed by FLY-CODE
c:\windows\system32\drivers\pciide.sys - Ok
c:\windows\system32\drivers\pciidex.sys - Ok
c:\windows\system32\drivers\mountmgr.sys - Ok
c:\windows\system32\drivers\ftdisk.sys - Ok
c:\windows\system32\drivers\dmload.sys - Ok
c:\windows\system32\drivers\dmio.sys - Ok
c:\windows\system32\drivers\volsnap.sys - Ok
c:\windows\system32\drivers\partmgr.sys - Ok
c:\windows\system32\drivers\atapi.sys - Ok
c:\windows\system32\drivers\disk.sys - Ok
c:\windows\system32\drivers\classpnp.sys - Ok
c:\windows\system32\drivers\fltmgr.sys - Ok
c:\windows\system32\drivers\dfs.sys - Ok
c:\windows\system32\drivers\ksecdd.sys - Ok
c:\windows\system32\drivers\ntfs.sys - Ok

Total 6554624 bytes in 25 files scanned
Total 24 files are clean
Total 1 file are suspicious
Scan time is 00:00:19.172

=============================================================================
Dr.Web Scanner SE for Windows v9.0.5.01160
(c) Doctor Web, Ltd., 1992-2013
Scan session started 2014/02/26 14:40:07
Module location : c:\documents and settings\administrador\configurações locais\temp\5D69B3BC-3B590AC-2E7E956C-C53A1C78\
=============================================================================
OPTION [Automatic Apply Actions] NO
OPTION [Turn Off Computer After Scan] NO
OPTION [Use Sound Alerts] NO
OPTION [Block Network] NO
OPTION [Protect Process] NO
OPTION [Protect Raw Disk] NO
Using language: "English"
Available instances: 12
Instances used: 12
Platform: Windows Server 2003 Standard x86 (Build 3790), Service Pack 2
API Version: 2.2
Scanning Engine version: 9.0.8.2070
Virus Finding Engine version: 7.0.7.12100
Total 164 virus bases are loaded from c:\documents and settings\administrador\configurações locais\temp\5D69B3BC-3B590AC-2E7E956C-C53A1C78
h0crft9r 7.0 44484344ce36aabdd9a089fde08bdda9d35b4229 2014/02/26 07:10:22 4432 records - OK
gdc4jkt0 7.0 d07fc5cc240588c772457e7df580f3cec20d9222 2011/07/25 11:20:03 2 records - OK
4sflui75 7.0 fce033488c94bdcbc3ed9ecf512a068a26b50442 2014/02/25 16:03:13 5063 records - OK
89pezgr5 7.0 ec1a9ea7dcfd8a5fbac623a06df46c8b9b404008 2014/02/24 00:06:08 20659 records - OK
z1g3s4gp 7.0 d9af357680a3a8e4972488588daa2093ad4e925b 2014/02/17 00:07:02 12119 records - OK
effx66od 7.0 8096cc58eae678b74939277d4d6e3b1f7a498c54 2014/02/10 01:06:00 21955 records - OK
reqyqzog 7.0 d2759d80da4df855cc56a1c3e14dc29721af2eb5 2014/02/03 01:11:13 21349 records - OK
745nxtfg 7.0 3d19003910067f044af4e5fee3ca6ba49b1e0dff 2014/01/27 01:08:07 11704 records - OK
fie9elps 7.0 9ec552f68211aadc7667cb8fbdeedee84e2ccaf4 2014/01/20 01:10:10 19301 records - OK
ahbkkld1 7.0 141e9b07b61877285ee8d35a4ca0a552be38d299 2014/01/13 01:07:28 15935 records - OK
ihu0k5si 7.0 e4963e7b03c06feda00ae36a7942659c0737c1bd 2014/01/06 01:07:22 12941 records - OK
loc6txin 7.0 c3164a886736d726e2441cad3a4de6f0b0e3219b 2013/12/30 01:07:50 18147 records - OK
x1w19xi1 7.0 1b3a9eb9e843e310051345db539364f71dcdce26 2013/12/23 01:07:36 24291 records - OK
215bkajv 7.0 3c6be998bcbacb19a30e4fd27fe02bb8d9401191 2013/12/16 01:08:17 22670 records - OK
3cupt4fa 7.0 17c7a62a967080ce25e28d47e4cf1035e145ddc1 2013/12/09 01:09:54 21015 records - OK
orma7fhz 7.0 6dbc5b701b6ffb1a8bc80c52f3454314e6d82273 2013/12/02 01:09:01 20471 records - OK
l12rnkkk 7.0 95e77d6bd2c5f5feabdd074d49272f3988737aac 2013/11/25 01:06:55 18641 records - OK
tpcqo2ef 7.0 8e677cc8b19dc0ad82c4b71202c0acd9e2e25827 2013/11/18 01:08:42 32245 records - OK
lf63lwob 7.0 bc2662842e39ed5dc010a39140fd82d7ad1b6006 2013/11/11 01:09:43 33084 records - OK
top0u0w3 7.0 8900859cec3affe1e5bbb086bdb2299d125acf7c 2013/11/04 01:09:28 30356 records - OK
spprefpa 7.0 0e9ca4f15f289ae826d213e6a1d672470a127b51 2013/10/28 01:09:43 18457 records - OK
f6xuaefg 7.0 eba0efa3e9d70063908fb5e41a704579c255ea33 2013/10/21 01:09:49 19594 records - OK
ghm6rxqv 7.0 0f5e49d3e5b4c931d1f2de5e7b3551b3290cae26 2013/10/14 00:07:20 22924 records - OK
59twqczo 7.0 11c09a3ae7c80058711dd699aeb1ca4f5ba0f5a5 2013/10/07 00:07:56 24694 records - OK
q7gmd8fv 7.0 27f46d939a14e1a0605b9762db1de5a2aca20a58 2013/09/30 00:08:23 24253 records - OK
reryhqge 7.0 e679853ff1af1082b1982cf226785128a26e1099 2013/09/23 00:07:56 18453 records - OK
o40fcwrd 7.0 690d8b937e4edb8176c3d466585662a6014e3d0e 2013/09/16 00:08:41 19662 records - OK
938ip6em 7.0 cf5d32d1091e0c33523e8c6f9697c32ef2bf4f29 2013/09/09 00:07:53 11289 records - OK
2uku7b0u 7.0 8f8258337f82d1dd4434e9b71f2e481f06baf7c2 2013/09/02 00:08:50 16486 records - OK
yqonex5e 7.0 f806ed4628669b46da54d1f2eb12aa9bcef603a6 2013/08/26 00:08:46 18051 records - OK
m22oxorn 7.0 b453f2d6f8659d9dd5b9aa92f2a4cfa16cbfa1db 2013/08/19 00:07:38 30970 records - OK
m14mfmc6 7.0 99da1df207839fb44ae24c23590c827a78b79624 2013/08/12 00:07:21 36983 records - OK
1a6v4slj 7.0 f00c8b50a0012e8c42c6739e1326d23df1894610 2013/08/05 00:06:47 34115 records - OK
x41h8exf 7.0 896fcf8d5d0cd958da3891b65648d2dc1592338b 2013/07/29 00:07:44 19463 records - OK
vl2lig7u 7.0 d690513befab3ea86af2fe671a7f24cc05c9feaa 2013/07/22 00:08:15 35067 records - OK
7sa802xj 7.0 5d7d11b0edc97be077b0771339ba3dc0c75de9e0 2013/07/15 00:08:05 29822 records - OK
qrep4l6i 7.0 67683402b8212ef4da87f649878865c52e5dc113 2013/07/08 00:08:35 39172 records - OK
ran3aq4q 7.0 613a3e4bae38b4e00a7432c24a9cd916fb1c654f 2013/07/01 00:06:34 24654 records - OK
bx5j9h7v 7.0 b81132c4abffd4d2949531a1219b6bb1c3bad6f7 2013/06/24 00:06:30 14062 records - OK
tqxcbd10 7.0 9aab251475626c658b193cfa2b5f91da471bf8f2 2013/06/17 00:05:57 13350 records - OK
7xzpqv8y 7.0 e1f8aca88745fcdd49dc7ae75e142c41e1faf178 2013/06/10 00:08:13 26371 records - OK
dm6fy7cl 7.0 4e8627555a073f6bad5218bad3e69ebc4b93069f 2013/06/03 00:07:47 25525 records - OK
c1y927o4 7.0 f562371c5115143824efde38c9567c34ccbe5d1a 2013/05/27 00:16:19 33200 records - OK
7u2n4xi5 7.0 eccb30ec8ed44456f9b88fe96d9fe0de40e4fa51 2013/05/20 00:11:05 46384 records - OK
fyp6kb9f 7.0 9b481fbfbe1f564a84f21552da1d30d24e7b01db 2013/05/13 00:07:01 34270 records - OK
d36s8ahy 7.0 1bf754dd720727b5d6803e081c16ff7f4ba7b40b 2013/05/06 00:08:46 41611 records - OK
8xklkfbt 7.0 4e883c92513c2d991968fb3e4f27910a63d9a2df 2013/04/29 00:06:36 36105 records - OK
27btl28w 7.0 b047d178295ecde53c3cf1c34e4361004569fa33 2013/04/22 00:07:26 31319 records - OK
9ltp41p9 7.0 9207e55a924e4aa989dfde4d8d219cf5cc200ce2 2013/04/15 00:07:56 28216 records - OK
4lonmkj1 7.0 78855cfb9fbc063889c5405a577fe73188f08789 2013/04/08 00:05:35 23589 records - OK
v1qxqjq3 7.0 cec6d34c79d50608520e81b90a23d91f39df0b27 2013/04/01 00:07:37 26946 records - OK
h84cydzj 7.0 fd3c78d78ea4dae4e252a7f7d76db22e1a679be9 2013/03/25 00:05:37 34778 records - OK
lg5wxmay 7.0 268e71b1123ab5e60fd2f38d269fe5f3d22b3697 2013/03/18 00:06:19 11271 records - OK
e85btbcj 7.0 d196879775b0dc0ee8286f2e4def9adedb5b88df 2013/03/11 00:05:36 12046 records - OK
oalv72cu 7.0 0db61d4e3235481da8493523538ced712db362c2 2013/03/04 00:05:18 21747 records - OK
4oglrjxv 7.0 65f99faf227b51883c9f1c854a3f76806b60affb 2013/02/25 00:06:28 11540 records - OK
nt1n2gr1 7.0 17bd7383b9c4b214c5c9029171db8ae1455984a0 2013/02/18 00:06:38 15568 records - OK
bnligppr 7.0 cbe8774953ae403e49370d552b522a5839aa9fdb 2013/02/11 01:06:00 18805 records - OK
enzvwqcs 7.0 fb6865c02a3680338e4ee0603579107227313b2b 2013/02/04 01:06:01 32488 records - OK
iq9xeuml 7.0 95fcd2e24cd9b2ec2610656ffa70b8bf46e86a8b 2013/01/28 01:04:52 15470 records - OK
84erf13o 7.0 3d710b3dd4580a7eca8c74d2c886d48f5b8b5172 2013/01/21 01:06:27 30093 records - OK
7xtsoksh 7.0 bddde0b5426b7e5bebd61e1239ca529c87ae6e36 2013/01/14 01:04:41 16158 records - OK
gxo58xul 7.0 bc40bd9330301e8d7796f489d03357fb711b3121 2013/01/07 01:04:45 19597 records - OK
un0agbv5 7.0 805b6089c867549c75f843eac96b759c3f8d101f 2012/12/31 01:05:41 18184 records - OK
1v2mc96i 7.0 c680da06ac6ec011d130e7ac765e33da89e2820a 2012/12/24 01:05:33 29945 records - OK
p4e2n2ch 7.0 33def496782eb5b7b1cc93fdb036a1b62fa6a2fd 2012/12/17 01:06:21 25519 records - OK
qqgxbacl 7.0 422abae03c588822f412aa9aae50578a1d61737e 2012/12/10 01:05:04 20358 records - OK
46c5hoxd 7.0 a4f0d0ecad4fb6e0afdb1925f4e0b7863b9d03fa 2012/12/03 01:06:19 20133 records - OK
00mlkx25 7.0 86daa918ee3de1e4c1e5dea6f9b5f63544cf8814 2012/11/26 01:05:22 27311 records - OK
eszhlgkm 7.0 6556881c748e1f894eb9c7943ebae67017e1aec2 2012/11/19 01:06:09 29434 records - OK
ozvl53q0 7.0 559141ef34f9e6226bb58560e9b52e4cc5165150 2012/11/12 01:06:22 26900 records - OK
izssxujl 7.0 cc55013e63ff89319ec772e34d77056c7108cd3b 2012/11/05 01:05:22 25164 records - OK
qx31eht2 7.0 f477dc247d9b562bb64fd4f46a7dcbdf7124eb60 2012/10/29 01:06:37 30226 records - OK
ft08i8ey 7.0 abaf5f7fda7308fcf7573b193bbf2116723e9802 2012/10/22 01:04:37 16441 records - OK
w9xccr4o 7.0 5adc85528fb49e201d4bc61eca580d6839cc4a4c 2012/10/15 00:05:04 26289 records - OK
te0afqtf 7.0 da8cf3fbd81206bb3d8103347a439f920a74bbe2 2012/10/08 00:05:51 27278 records - OK
6tod9ic6 7.0 5988744d3cb357f1a013427d466e2d79ab5f8907 2012/10/01 00:05:11 17444 records - OK
6xv69xfu 7.0 d4a0dabf4a4df0f79805c6ccdc025f796765e786 2012/09/24 00:06:30 21205 records - OK
o4xacns2 7.0 82ed005784d9e258213070a0cd8bfceff345018d 2012/09/17 00:05:43 11686 records - OK
64rq64rj 7.0 a95ae63004b8d857c2db055f4e47c15bfc97f626 2012/09/10 00:04:34 12677 records - OK
xkoip6lw 7.0 c39bf233d25242ae9ed8cf204b9b788c8f45ab79 2012/09/03 00:05:28 10118 records - OK
j11au35s 7.0 d37b5484b009947b7cdd3837dafe8148615401c2 2012/08/27 00:05:26 12602 records - OK
yx7ibiea 7.0 41bf1347794ab7060dec7aaecc1d1d95cf6fecb5 2012/08/20 00:04:05 18298 records - OK
n3as4u2y 7.0 1a997511e5892aaeb69b3db70e06676af36382e3 2012/08/13 00:05:19 17126 records - OK
vc6hqnkd 7.0 f7226c59914e3683e538e668c3b664af3232654d 2012/08/06 00:03:53 20539 records - OK
zuo24ad3 7.0 4035c8d3b617bf935a317a8c57efaa8e835a61f4 2012/07/30 00:05:26 19330 records - OK
hjv9ncbv 7.0 09b55bc000f184ed426f1d8b9665669346fe5e71 2012/07/23 00:05:34 19692 records - OK
2mrpeoso 7.0 f746c097f298e94faa9db94e6f64ef9fd4a7b010 2012/07/16 00:05:43 14727 records - OK
3v9wdt9a 7.0 792a6a25a17e764390440cd4c2c6ca5a97ab162f 2012/07/09 00:04:33 19485 records - OK
a8jivty0 7.0 ca9905c39e3d93428a4db65a192debe9fbd7acf7 2012/07/02 00:04:55 22898 records - OK
e0p6os13 7.0 dc29c610b866c66ba5327e7830452b2460149a35 2012/06/25 00:05:17 20551 records - OK
18o4ce82 7.0 c28739bea153508d12942ac9a61abd475d0a0404 2012/06/18 00:03:35 9661 records - OK
eu9lqe3f 7.0 e5b5835a7c512120c5348e31483a4caa2a845d28 2012/06/11 00:04:32 23632 records - OK
o0cyjsly 7.0 61853ce89026ef0ebbd80174f1b7dd5d25bbc63a 2012/06/04 00:04:41 12423 records - OK
2zlq8de0 7.0 4e6c9897e153b47ca97b7da48ceed23e555a7761 2012/05/28 00:04:26 15493 records - OK
l5wqic4o 7.0 35f4c105cecd8ec1fd01714abebf30f8f3efb96e 2012/05/21 00:03:29 13065 records - OK
kstf6ad4 7.0 3522aa84677411aa7d67796bb05ea3ab62f02a71 2012/05/14 00:04:24 16238 records - OK
09120tq0 7.0 7597333540eda537bd42c0a17d4a6526ad247a2e 2012/05/07 00:04:33 11570 records - OK
x6t92key 7.0 867814380363bc6ad605acf4b96e02c54dbd60f7 2012/04/30 00:03:28 15478 records - OK
2f246sbb 7.0 3c04f402d91a19039cb9c223c435dc4ea1bb3da4 2012/04/23 00:05:05 11881 records - OK
ud1j7al4 7.0 8d0220a2a50b367e61a51d3b29c2659cde41bb7f 2012/04/16 00:03:29 13578 records - OK
63g6fw6x 7.0 b79dc6f5832ad390108d1880694ec538e8b34bb0 2012/04/09 00:05:02 14292 records - OK
397hzw92 7.0 8ff7cc095c43c2154275b7a54a89bf365e8daf4a 2012/04/02 00:03:24 14084 records - OK
lzvavyl6 7.0 9502a428b32be4ad08556134e271c9ba03195398 2012/03/26 00:04:43 19126 records - OK
qhy5vlu4 7.0 28c2fabbc645aff41baac12b911a8499ea163536 2012/03/19 00:03:23 14920 records - OK
6xsq9iiy 7.0 86de597ff06e58206f94263f2eef33cb41b2530c 2012/03/12 00:03:25 19017 records - OK
gz73fis2 7.0 5bd1d666e7c9ca70c34e591dc6c55314ce4b11af 2012/03/05 00:04:32 19691 records - OK
fw9v3po2 7.0 15a9d10c451d2fcf124700f29f557d9bf338e671 2012/02/27 00:03:21 23605 records - OK
so7bm43t 7.0 5647d941e5358105ca6558dce78873f06c48d5dc 2012/02/20 00:03:45 19067 records - OK
n1do9m7v 7.0 c9b2600cb665ce34e0ccd0f19e0a88cd44437f51 2012/02/13 01:04:49 19019 records - OK
0fp8e3xi 7.0 9df2e129e78a9d9ab491186da1329c1dd1190e17 2012/02/06 01:05:25 28028 records - OK
zab9i2nv 7.0 b69b9504a51b8777b8e95a4680dc8ac1d8d8c25d 2012/01/30 01:08:41 29444 records - OK
1986625e 7.0 3d7431bdee1a22d6329e017f348db7760f2645ac 2012/01/23 06:22:13 19353 records - OK
3fph5ler 7.0 e04570f78fb00d758abdf77c534a460980e102c0 2012/01/16 01:12:31 20747 records - OK
vgg9ioa0 7.0 2de2479b112c4416e2375343f57ca789b042aecc 2012/01/09 01:04:30 28052 records - OK
vze2x5rh 7.0 c4bd9612ff1f71d8bd23b4f1bc114eed1ae2ee6b 2012/01/02 01:04:40 12183 records - OK
du0ueebq 7.0 28b1d218ade8f05fdc8550c7456ac3b74f705208 2011/12/26 01:03:33 19984 records - OK
wxfy9v1q 7.0 539e41e8f3d97a6f347600c7cef903d9f34e0518 2011/12/19 01:08:45 22627 records - OK
zkh7vvlk 7.0 f8e81968965f555bce0d02fc9933fee840b97aaf 2011/12/12 18:20:22 49580 records - OK
vghzzfua 7.0 14751e0f442bba3efc08ee12d82a2815c61cfeb6 2011/12/04 06:00:00 45195 records - OK
l7l678z3 7.0 1a1e6cb9b3096a2cbba2c31d05e11914c0357d52 2011/12/04 05:00:00 165532 records - OK
h5vvut6j 7.0 0f948a7d416c556bfc8a8be2c2c39f998fee6d9e 2011/12/04 04:00:00 170820 records - OK
q9ljfdy5 7.0 9357c3cc73a4a374346a678f197daa22496c7ae5 2011/12/04 03:00:00 171279 records - OK
qnckhyqv 7.0 ae56b06b3d6f1e13c5f10cce4ed68f2cccbf3298 2011/12/04 02:00:00 170253 records - OK
ush1a4bu 7.0 fdaab5c1079d02c94f20d07c39d638cad79d8771 2011/12/04 01:00:00 170291 records - OK
ub58wjts 7.0 b59d8841e65d7670b2aae7f2b65734269f6c4fe3 2011/12/04 00:00:00 170501 records - OK
z7k8rz9o 7.0 3946b1d195434cf7a70d144da71c87559475c58f 2011/12/03 23:00:00 353582 records - OK
lg0kdbb6 7.0 8df4695f74ea5949551df6044720694e204b13d7 2011/12/03 22:00:00 852776 records - OK
uhp41la2 7.0 c2c3a107f5d6687f3b0d7ccd0434dfc0e731f30f 2014/02/26 07:10:48 1377 records - OK
xtiwv5js 7.0 ce3100ec091fcc4cfffed117a4f62fb0bd553113 2013/11/25 01:15:53 1683 records - OK
ir6czkqq 7.0 6ede5b37423910c2f3ffff6d90fef6a16e565e5e 2013/09/02 00:14:42 1327 records - OK
h0w52k7m 7.0 c1d53c2aef72dfab36a8045897938e7a31f279ac 2013/07/15 00:15:07 1590 records - OK
t7vfnpzs 7.0 0cb77ee7a3e6545553585eb6df267a86d4fecbe4 2013/04/22 00:14:29 1680 records - OK
2wxs7bmp 7.0 6cb68b8fab821702ef054f864ff44917414e50fa 2013/02/04 01:13:43 2078 records - OK
5mf4noni 7.0 cfbe9cf43615f7856e4c35f0fc02e2baf12e39e7 2012/12/17 01:14:14 1725 records - OK
dklldwh0 7.0 047694e79b1a8d295f27ea9c6565062404f84a57 2012/11/12 01:12:52 2050 records - OK
xatu4b4q 7.0 f3413603f4ee1c88018a78c1f6faf2abeb8fa8c1 2012/09/24 00:13:14 1456 records - OK
1qxtssqw 7.0 8871f579eeb7e5e7b70c6dd898afd27391d7daf4 2012/06/25 00:12:36 1421 records - OK
bp3csk2f 7.0 3ee43130fe7fec4b367a791892a444d0a791b29b 2012/03/26 00:12:30 1385 records - OK
vd04qerm 7.0 fddc5d687537580c7166dbf117d591593bc62261 2012/01/23 02:56:09 1653 records - OK
ey6dvfsi 7.0 d1a16d98b6ed87ba29079cd3796fabfd1c5d08b5 2014/02/26 07:10:40 139 records - OK
lk4ntaf4 7.0 2c7af9317ddc3df65fb41d24594a97580a7e0368 2014/02/24 00:25:04 2844 records - OK
tumpc07f 7.0 79ee97945d406605f5330158ea8367948c6377de 2013/12/23 01:25:01 2352 records - OK
4eciyu7y 7.0 4ed4e052d8cc2df4eb5f1916da50e16da9e4e3da 2013/10/21 01:25:47 2062 records - OK
p40fog25 7.0 cc2fc58477a41d340f63e6d3d228133c927a9810 2013/09/16 00:25:22 3440 records - OK
0gjnzsxv 7.0 63ff62f7b5aa956912f6c29e7ad7be26569416ff 2013/08/19 00:25:05 1485 records - OK
spzjk482 7.0 d95d1ab4adf9a869001802f64960356e903dd478 2013/07/22 00:24:06 2214 records - OK
0716h3ar 7.0 45cdfad530697916adbfea43a8763a4ab0c95beb 2013/05/20 00:24:48 1426 records - OK
vujucj4f 7.0 bd9fd948b79e07c8676018e17a43ee81f5335e36 2013/04/22 00:24:10 1641 records - OK
p5ema6we 7.0 c7f70566b9bae9fd3f5a8d0b56d961f890a55508 2013/03/18 00:23:44 1742 records - OK
0bfmhz63 7.0 8893c0d254eb40c78b5c78ea17fbc3be60ea6304 2013/01/21 01:24:33 2016 records - OK
qyxar5gd 7.0 cdf3a9d2dcab57f90c378d9eefacbfd358a42699 2012/12/10 01:23:23 1620 records - OK
79rm43zv 7.0 c0726ba000e840272f0810b89051e6daa8799084 2012/11/05 01:23:16 1658 records - OK
7y6flhye 7.0 216611859de0125bf130d6324d43c9115cb05def 2012/10/08 00:23:20 1465 records - OK
tofg7udv 7.0 264c14ad60c4423ec292f5f8b182e4448504dfa9 2012/09/10 00:23:14 1588 records - OK
757k9idi 7.0 33197bfe9efefa9db33725d240757103c625b601 2012/07/23 00:22:36 1702 records - OK
esd2i6uo 7.0 74d8e114edb84b95bc09d5a2a36191d15a61e2cb 2012/06/11 00:22:36 1659 records - OK
mmdy2dmh 7.0 79ca8239f310688d2b9c314fa3d738a34985cce3 2012/04/30 00:22:34 1670 records - OK
9p41pznx 7.0 aac27e986e3731e5260cb76f5b14558e36660dec 2012/03/12 00:22:28 1729 records - OK
ofx5x33w 7.0 fa5c96b8be693a20c2a295e3545419e6f117fdc4 2012/01/30 01:23:00 1523 records - OK
raijk2vg 7.0 e9b21e0a3578ef2e2067f4876309671ddc78f65f 2011/12/19 01:22:29 1805 records - OK
g95z8723 7.0 8f7a8f6f55130f6becc5331ab38dc2108746b8aa 2011/12/03 21:00:00 26456 records - OK
p2a1k63h 7.0 e6d52b11d2f7d405ccd31347da3b6fde69825168 2011/12/03 20:00:00 74279 records - OK
krxt716d 7.0 e20ffde4bbc58e0585b0b3b2f324bc91272c2360 2011/12/03 19:00:00 1 record - OK
Total records count: 4976566

Anti-rootkit module version ( ver: 9.0.201402040, api: 6.10 )

Using c:\documents and settings\administrador\configurações locais\temp\5D69B3BC-3B590AC-2E7E956C-C53A1C78\ye8ndhe8.key as Dr.Web (R) Key file
This Dr.Web (R) Key is for 1 computer (A User)
-----------------------------------------------------------------------------
Start scanning
-----------------------------------------------------------------------------
Command line used:-rpcep:\pipe\8FAE0ADEED72 -rpcpr:np

Object(s) to scan:
- Scan processes in memory
- Scan boot sectors
- Scan system restore points
- Scanning for rootkits
- C:\
- D:\
- F:\
- C:\Audatex.Log
- C:\AUTOEXEC.BAT
- C:\boot.ini
- C:\bootfont.bin
- C:\CONFIG.SYS
- C:\Documents
- C:\inst.cfg
- C:\IO.SYS
- C:\MecanicabdmdbBK20110706_120249.zip
- C:\MecanicabdmdbBK20110706_120425.zip
- C:\MecanicabdmdbBK20110712_115047.zip
- C:\MSDOS.SYS
- C:\msvcp71.dll
- C:\NTDETECT.COM
- C:\ntldr
- C:\P1005.log
- C:\pagefile.sys
- C:\Parametros.Log
- C:\PatchTrans.exe
- C:\smh_installer.log
- C:\StpAudaDirect3.33_c.eXe
- C:\TCERID.SYS
- C:\UNWISE.EXE
- C:\zoek-results.log
- C:\WINDOWS\system32\
- C:\Documents and Settings\Administrador\Meus documentos\
- C:\WINDOWS\TEMP\
- C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\

C:\WINDOWS\system32\drivers\etc\hosts - probably infected with DFH:HOSTS.corrupted
C:\WINDOWS\system32\drivers\etc\hosts - infected
c:\windows\system32\drivers\dump_atapi.sys - file not found
c:\windows\system32\drivers\dump_wmilib.sys - file not found
c:\documents and settings\administrador\configurações locais\temp\8f8b8b44fb1c.sys - file not found
c:\documents and settings\administrador\configurações locais\temp\8f908f5b217e.sys - file not found
System Process - file not found
c:\arquivos de programas\scpad\scpmib.dll - probably infected with DLOADER.Trojan
c:\arquivos de programas\scpad\scpmib.dll - infected
c:\windows\system32\logof.dll - infected with Trojan.PWS.Banker.55971
c:\windows\system32\logof.dll - infected
Process :0 - read error
C:\pagefile.sys - read error
C:\Arquivos de programas\Scpad\scpMIB.dll - probably infected with DLOADER.Trojan
C:\Documents and Settings\Administrador\NTUSER.DAT - read error
C:\Documents and Settings\Administrador\ntuser.dat.LOG - read error
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Current Session - read error
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Current Tabs - read error
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG - read error
C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\0ZEUHWJK\plugin[1].js - probably infected with SCRIPT.Virus
C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\0ZEUHWJK\plugin[1].js\JSFile_1[0][c6c2] - probably infected with SCRIPT.Virus
C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\0ZEUHWJK\plugin[1].js - infected container
C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\BW11ZIBB\smeenk[1].htm - probably infected with SCRIPT.Virus
C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\BW11ZIBB\smeenk[1].htm - infected container
C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.Word\~WRS{6528C3BA-B7AB-40AF-BFAA-9471826E3B2B}.tmp - read error
C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.Word\~WRS{6DF34035-5444-459F-ADC6-C4660ACB4737}.tmp - read error
C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.Word\~WRS{9E79EEF0-4A17-437A-A461-544FEADA0395}.tmp - read error
C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.Word\~WRS{B2B4389B-30F6-4D78-8B04-160BE0D4802F}.tmp - read error
C:\Documents and Settings\All Users\Dados de aplicativos\avg9\AvgAm\avgam.lck - read error
C:\Documents and Settings\LocalService\NTUSER.DAT - read error
C:\Documents and Settings\LocalService\ntuser.dat.LOG - read error
C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG - read error
C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - read error
C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG - read error
C:\GDR\Instalacao\Programas\Enviar.exe - probably infected with BACKDOOR.Trojan
C:\GDR\Instalacao\Programas\Enviar.exe - infected
C:\GDR\SIGMA\Programas\Enviar.exe - probably infected with BACKDOOR.Trojan
C:\GDR\SIGMA\Programas\Enviar.exe - infected
C:\WINDOWS\system32\Logof.dll - infected with Trojan.PWS.Banker.55971
C:\WINDOWS\system32\config\default - read error
C:\WINDOWS\system32\config\default.LOG - read error
C:\WINDOWS\system32\config\SAM - read error
C:\WINDOWS\system32\config\SAM.LOG - read error
C:\WINDOWS\system32\config\SECURITY - read error
C:\WINDOWS\system32\config\SECURITY.LOG - read error
C:\WINDOWS\system32\config\software - read error
C:\WINDOWS\system32\config\software.LOG - read error
C:\WINDOWS\system32\config\system - read error
C:\WINDOWS\system32\config\system.LOG - read error
C:\pagefile.sys - read error
C:\WINDOWS\system32\Logof.dll - infected with Trojan.PWS.Banker.55971
C:\WINDOWS\system32\config\default - read error
C:\WINDOWS\system32\config\default.LOG - read error
C:\WINDOWS\system32\config\SAM - read error
C:\WINDOWS\system32\config\SAM.LOG - read error
C:\WINDOWS\system32\config\SECURITY - read error
C:\WINDOWS\system32\config\SECURITY.LOG - read error
C:\WINDOWS\system32\config\software - read error
C:\WINDOWS\system32\config\software.LOG - read error
C:\WINDOWS\system32\config\system - read error
C:\WINDOWS\system32\config\system.LOG - read error
C:\Documents and Settings\Administrador\Configurações locais\Temp\JavaDeployReg.log - read error

Total 86717787430 bytes in 115685 files scanned (274849 objects)
Total 115633 files (274791 objects) are clean
Total 1 file (3 objects) are infected
Total 6 files (8 objects) are suspicious
Total 48 files are raised error condition
Scan time is 00:57:54.703

-----------------------------------------------------------------------------
Start curing
-----------------------------------------------------------------------------
C:\WINDOWS\system32\drivers\etc\hosts - cured
c:\arquivos de programas\scpad\scpmib.dll - quarantined, reboot required
c:\windows\system32\logof.dll - quarantined, reboot required
C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\0ZEUHWJK\plugin[1].js - quarantined, reboot required
C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\BW11ZIBB\smeenk[1].htm - quarantined, reboot required
C:\GDR\Instalacao\Programas\Enviar.exe - quarantined, reboot required
C:\GDR\SIGMA\Programas\Enviar.exe - quarantined, reboot required

Total 86717787430 bytes in 115685 files scanned (274849 objects)
Total 115633 files (274791 objects) are clean
Total 1 file (3 objects) are infected
Total 6 files (8 objects) are suspicious
Total 7 files (8 objects) are neutralized
Total 48 files are raised error condition
Scan time is 00:57:54.703

por **Power Max** Qua 26 Fev 2014, 16:09

Siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Depois nos diga, por gentileza, se resolveu.

por Severino Qua 26 Fev 2014, 16:27

Power Max...

fiz o procedimento do DNS, ficou com o coração verde.
Porém tentei acessar os sites do ITAU e Santander e nada! O do Santander não aparece o cabeçalho da página onde vc coloca a agência e a conta, e o do ITAU ao colocar a agencia e conta, trava e aparece o erro de página.

Não funcionou não!

Mas o meu servidor está muuuuuito mais rápido!

por **Power Max** Qua 26 Fev 2014, 16:28

Você já tentou fazer o acesso através de outros navegadores? Se já tiver tentado, em todos os navegadores dá o mesmo erro?

por Severino Qua 26 Fev 2014, 16:31

Power Max....

sim, já tentei pelo MOZILA, IE e CHROME... e em todos dá o mesmo erro... não acessa de jeito nenhum...

Será que não bloquearam meu IP nos servidores dos BANCOS?

por Conteúdo patrocinado

Meu servidor não me permite acessar os sites dos bancos que trabalho....

Meu servidor não me permite acessar os sites dos bancos que trabalho....

Re: Meu servidor não me permite acessar os sites dos bancos que trabalho....

Resposta

Re: Meu servidor não me permite acessar os sites dos bancos que trabalho....

Resposta

Re: Meu servidor não me permite acessar os sites dos bancos que trabalho....

Resposta

Re: Meu servidor não me permite acessar os sites dos bancos que trabalho....

Resposta

Re: Meu servidor não me permite acessar os sites dos bancos que trabalho....

Resposta

Re: Meu servidor não me permite acessar os sites dos bancos que trabalho....

Re: Meu servidor não me permite acessar os sites dos bancos que trabalho....

Re: Meu servidor não me permite acessar os sites dos bancos que trabalho....

Resposta

Re: Meu servidor não me permite acessar os sites dos bancos que trabalho....

Resposta

Re: Meu servidor não me permite acessar os sites dos bancos que trabalho....

Resposta

Re: Meu servidor não me permite acessar os sites dos bancos que trabalho....

Resposta

Re: Meu servidor não me permite acessar os sites dos bancos que trabalho....

Resposta

Re: Meu servidor não me permite acessar os sites dos bancos que trabalho....

Resposta

Re: Meu servidor não me permite acessar os sites dos bancos que trabalho....

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31