Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 15 usuários online :: 0 registrados, 0 invisíveis e 15 visitantes :: 1 motor de buscaNenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Computador infectado por malwares
3 participantes
Página 1 de 1
Computador infectado por malwares
por pamonha Ter 13 maio 2014, 23:08
Boa noite,
Por gentileza, necessito de ajuda urgente para me livrar dos caronistas indesejáveis "istart.webssearches.com", "22.find" e possivelmente muitos outros. A Internet Explorer não responde, navegação péssima e vídeos não abrem. Aproveito para postar o log gerado pelo ZHPDiag. Meu muito obrigado.
~ Relatório do ZHPDiag v2014.5.13.62 - Nicolas Coolman (13/05/2014)
~ Iniciado por Haroldo (13/05/2014 22:40:51)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Blog de análise de software : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17105
MFIE: Mozilla Firefox 29.0.1
GCIE: Google Chrome v34.0.1847.131 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.13
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 55
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3766.8 MB (66% free)
System Restore: Activé (Enable)
System drive C: has 80 GB (42%) free of 187 GB
---\\ Modo de conexão ao sistema
~ Computer Name: HAROLDO-PC
~ User Name: Haroldo
~ All Users Names: HomeGroupUser$, Haroldo, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Haroldo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Haroldo\AppData\Roaming\
~ %Desktop% : C:\Users\Haroldo\Desktop\
~ %Favorites% : C:\Users\Haroldo\Favorites\
~ %LocalAppData% : C:\Users\Haroldo\AppData\Local\
~ %StartMenu% : C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 80 Go of 187 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 94 Go of 98 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 03:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 10:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 08:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/348
~ Mes musiques (My Musics) : 1/44
~ Mes Videos (My Videos) : 1/910
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/386
~ Mon Bureau (My Desktop) : 1/51
~ Menu demarrer (Programs) : 1/41
~ Hidden Files: Scanned in 00mn 05s
---\\ Processos lançados
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2232]
[MD5.07322C7B12AF81F00AC248190BBF69BE] - (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [100200] [PID.3712]
[MD5.EAA666E9DD8DCDA6E075087091CB85EE] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [275072] [PID.3852]
[MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704] [PID.3944]
[MD5.EBE6AD4AE1CB00559C10B206225673F8] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\Dropbox.exe [33604728] [PID.2464]
[MD5.AB47E7B4E19B3776681697EAB1937999] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7874560] [PID.4532]
[MD5.ED5501CBCA525947FF6985B38253B872] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [520520] [PID.888]
[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1424]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2884]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.3024]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.2088]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nnjbodopomfddehlalfilheomcahbpei] GBBD Caixa Economica Federal v.3.2.0 (Désactivé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 19 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\se6rb103.default\prefs.js
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\se6rb103.default\user.js
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\tvtiqzcf.default\prefs.js
M3 - MFPP: Plugins - [Haroldo] -- C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins\Web Search.xml =>Parasite.Pugi
M3 - MFPP: Plugins - [Haroldo] -- C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins\yahoo_ff.xml
M3 - MFPP: Plugins - [Haroldo] -- C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\se6rb103.default\searchplugins\Web Search.xml =>Parasite.Pugi
M3 - MFPP: Plugins - [Haroldo] -- C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\se6rb103.default\searchplugins\yahoo_ff.xml
M3 - MFPP: Plugins - [Haroldo] -- C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\tvtiqzcf.default\searchplugins\Web Search.xml =>Parasite.Pugi
M3 - MFPP: Plugins - [Haroldo] -- C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\tvtiqzcf.default\searchplugins\yahoo_ff.xml
M2 - MFEP: prefs.js [Haroldo - extensions\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (..)
M2 - MFEP: prefs.js [Haroldo - se6rb103.default\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (..)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CertifiedToolbar
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
~ IE Browser: 20 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Bnb [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540014} . (.Banco do Nordeste do Brasil S.A. - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehbnb.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! EasyPass Toolbar - [HKLM]{724d43a0-0d85-11d4-9908-00400523e39a} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{724D43A0-0D85-11D4-9908-00400523E39A} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
O4 - GS\QuickLaunch [Haroldo]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
O4 - GS\SystemTools [Haroldo]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
~ Global Startup: 3 Legitimates Filtered in 00mn 02s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKCU\..\Run: [RoboForm] . (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [hpqSRMon] . (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-21-1335456900-3083802626-1046228050-1000\..\Run: [RoboForm] . (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Preencher [64Bits] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Salvar Formulários [64Bits] - {320AF880-6646-11D3-ABEE-C5DBF3571F49} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show avast! EasyPass Toolbar [64Bits] - {724d43aa-0d85-11d4-9908-00400523e39a} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bnb.gov.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{47BE1B23-3286-49C2-87A8-F2F3ECF40FEC}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 =>.Google DNS Redirections
O17 - HKLM\System\CCS\Services\Tcpip\..\{5514D2E1-AE6A-4A5E-B596-549D02E4412F}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{B13A2361-A94E-49A9-9358-11CB6DFB0E28}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC75A982-D557-4909-BCDC-8BFEC9234D33}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{B22F580E-0A76-4D84-8996-8FCFD5F84A25}: DhcpNameServer = 192.168.1.1 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{47BE1B23-3286-49C2-87A8-F2F3ECF40FEC}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 =>.Google DNS Redirections
O17 - HKLM\System\CS1\Services\Tcpip\..\{5514D2E1-AE6A-4A5E-B596-549D02E4412F}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{B13A2361-A94E-49A9-9358-11CB6DFB0E28}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{EC75A982-D557-4909-BCDC-8BFEC9234D33}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{B22F580E-0A76-4D84-8996-8FCFD5F84A25}: DhcpNameServer = 192.168.1.1 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{47BE1B23-3286-49C2-87A8-F2F3ECF40FEC}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 =>.Google DNS Redirections
O17 - HKLM\System\CS2\Services\Tcpip\..\{5514D2E1-AE6A-4A5E-B596-549D02E4412F}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{B13A2361-A94E-49A9-9358-11CB6DFB0E28}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{EC75A982-D557-4909-BCDC-8BFEC9234D33}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{B22F580E-0A76-4D84-8996-8FCFD5F84A25}: DhcpNameServer = 192.168.1.1 8.8.8.8
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe =>Hijacker.Office
~ Services: 10 Legitimates Filtered in 00mn 06s
---\\ Tarefas planificadas automaticamente (039)
[MD5.DD17B734F49DED3147D99918EDA0839B] [APT] [{53A6980A-BA36-4FD5-96D0-1F97A82B64DE}] (.Serpro - Serviço Federal de Processamento d.) -- C:\Users\Haroldo\Downloads\Receitanet-1.04.exe [6182597]
[MD5.A33B6492086D1F03CCB029BCF39132C3] [APT] [{630983C1-05B8-4F20-86CD-8D4CBB21A9B6}] (...) -- C:\Arquivos de Programas RFB\IRPF2013\IRPF2013.exe [31232]
[MD5.27902E96B1E4661AB91F98434E408357] [APT] [{98FB337E-089B-4AAB-9FA2-ECF4075B703E}] (...) -- C:\Users\Haroldo\Downloads\ReceitanetJava2010.02d_setup_win32.exe [3798462]
[MD5.A92E34B28D6125E14DA74484E58EC410] [APT] [{C6BA3CFF-5A65-409E-ABD3-40CDCF2FE6C3}] (...) -- C:\Program Files (x86)\Java\j2re1.4.2_05\javaws\javaws.exe [135168]
[MD5.75527EA7A3B425057B56A6ED32235A49] [APT] [{CC33EF03-81DA-46CE-A364-A88BF0933152}] (.CAIXA.) -- C:\Users\Haroldo\Downloads\iGBPCEFsf.exe [2546504]
[MD5.A92E34B28D6125E14DA74484E58EC410] [APT] [{DB832CA8-2708-4467-8026-9429EC8018AA}] (...) -- C:\Program Files (x86)\Java\j2re1.4.2_05\javaws\javaws.exe [135168]
[MD5.A92E34B28D6125E14DA74484E58EC410] [APT] [{F4AAB967-B985-4618-93A9-47D6C488AB70}] (...) -- C:\Program Files (x86)\Java\j2re1.4.2_05\javaws\javaws.exe [135168]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
~ Scheduled Task: 35 Legitimates Filtered in 00mn 06s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 90 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Codec Pack Packages - (...) [HKCU][64Bits] -- Codec Pack Packages
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: RegUtility version 4.1 - (...) [HKLM][64Bits] -- RegUtility_is1
O42 - Logiciel: webssearches uninstaller - (.webssearches.) [HKLM][64Bits] -- webssearches uninstaller =>Hijacker.WebsSearches
~ Logic: 25 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\5Oftwares]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Baidu] =>Adware.BDSearch
[HKCU\Software\Baixou Agora]
[HKCU\Software\GbAs]
[HKCU\Software\MiniGet]
[HKCU\Software\Pro-SoftNet]
[HKCU\Software\SERPRO]
[HKCU\Software\WeDlMngr] =>PUP.weDownloadManager
[HKCU\Software\Zugara Investment]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Deskmedia]
[HKLM\Software\Wow6432Node\IncrediMail]
[HKLM\Software\Wow6432Node\OnLineTV Toolbar]
[HKLM\Software\Wow6432Node\Programas RFB]
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\baidu] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
~ Key Software: 334 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/05/2014 - 16:22:29 - [] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 04/05/2014 - 05:11:34 - [] ----D C:\Program Files (x86)\iSafe =>Trojan.Staser
O43 - CFD: 30/04/2014 - 02:13:22 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 08/05/2014 - 15:06:39 - [0] ----D C:\Program Files (x86)\RBM
O43 - CFD: 21/04/2014 - 16:04:23 - [] ----D C:\Program Files (x86)\RegUtility
O43 - CFD: 04/05/2014 - 05:54:03 - [] ----D C:\Program Files (x86)\Common Files\Spigot =>PUP.Dealio
O43 - CFD: 08/05/2014 - 16:22:46 - [] ----D C:\ProgramData\baidu =>Adware.BDSearch
O43 - CFD: 08/05/2014 - 16:22:54 - [] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 11/02/2013 - 05:05:38 - [] ----D C:\ProgramData\IDriveSync
O43 - CFD: 04/05/2014 - 05:53:51 - [] ----D C:\ProgramData\ProductData
O43 - CFD: 01/05/2014 - 06:37:33 - [0] ----D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
O43 - CFD: 08/05/2014 - 16:23:09 - [] ----D C:\Users\Haroldo\AppData\Roaming\baidu =>Adware.BDSearch
O43 - CFD: 12/02/2013 - 05:24:58 - [] ----D C:\Users\Haroldo\AppData\Roaming\IDriveSync
O43 - CFD: 04/05/2014 - 05:53:48 - [] ----D C:\Users\Haroldo\AppData\Roaming\iSafe =>Trojan.Staser
O43 - CFD: 16/03/2013 - 02:22:48 - [] ----D C:\Users\Haroldo\AppData\Roaming\PCF
O43 - CFD: 09/05/2014 - 20:28:20 - [0] ----D C:\Users\Haroldo\AppData\Roaming\SupTab =>PUP.SupTab
O43 - CFD: 22/06/2013 - 14:34:40 - [] ----D C:\Users\Haroldo\AppData\Local\{35A3A4F2-B792-11D6-A78A-00B0D0142050}
O43 - CFD: 12/04/2013 - 12:23:40 - [] ----D C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 08/04/2014 - 21:44:28 - [] ----D C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 237 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.E72C7B5A855EB4FFA704E23B8BFFD0BD] - 01/05/2014 - 07:14:32 ---A- . (...) -- C:\log.txt [10058]
O44 - LFC:[MD5.6397F2BC53C0084EAF424AA8051847CB] - 05/05/2014 - 02:36:04 ---A- . (...) -- C:\Windows\hpoins46.dat [209789]
O44 - LFC:[MD5.D46D074B8BF3F42AB0820C49AD760823] - 08/05/2014 - 01:50:34 ---A- . (...) -- C:\AVScanner.ini [426]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 08/05/2014 - 15:06:35 ---A- . (...) -- C:\END [0]
O44 - LFC:[MD5.063D42714689B92821BE4CED71143D85] - 09/05/2014 - 04:23:29 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [157112]
O44 - LFC:[MD5.09229392AC7565BDE1589AB7332E6811] - 09/05/2014 - 04:23:29 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [739280]
O44 - LFC:[MD5.3B7E13C2CFD23F120AE02568475BAA17] - 09/05/2014 - 20:45:22 ---A- . (...) -- C:\PureRa.txt [15448]
O44 - LFC:[MD5.4B81FE3868B5FDB855DEC57EAAA3FD96] - 13/05/2014 - 04:43:15 ---A- . (...) -- C:\Windows\IE11_main.log [1344]
O44 - LFC:[MD5.3A5689806424CE911443ACAA0C735E9D] - 29/04/2014 - 01:11:45 ---A- . (...) -- C:\zoek-results2014-04-29-041145.log [35906]
O44 - LFC:[MD5.54F3CBBBA70F48526D3AEA0CEBA92D34] - 30/04/2014 - 02:13:24 ---A- . (...) -- C:\Windows\REC-NET.INI [176]
O44 - LFC:[MD5.BB3A34E78DBDB0D2575D7BFF58497B7F] - 30/04/2014 - 03:02:50 ---A- . (...) -- C:\zoek-results.log [34811]
~ Files: 30 Legitimates Filtered in 00mn 30s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\VDownloader [Key] . (.Vitzo - VDownloader.) -- C:\Program Files\VDownloader\VDownloader.exe
~ SMSR Keys: 13 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [289952]
O58 - SDL:25/04/2014 - 02:45:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:25/04/2014 - 02:45:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:25/04/2014 - 02:45:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:13/03/2014 - 23:34:01 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 64 Legitimates Filtered in 00mn 10s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 25/04/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 110 Legitimates Filtered in 00mn 01s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\Haroldo\AppData\Local\Beamrise\Application\beamrise.exe (.not file.) =>Hijacker.Beamrise
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: prefs.js [Haroldo - extensions] user_pref("browser.search.defaultengine", "Web Search");
O69 - SBI: prefs.js [Haroldo - extensions] user_pref("browser.search.defaultenginename", "Web Search");
O69 - SBI: prefs.js [Haroldo - extensions] user_pref("browser.search.order.1", "Web Search");
O69 - SBI: prefs.js [Haroldo - se6rb103.default] user_pref("browser.search.defaultengine", "Web Search");
O69 - SBI: prefs.js [Haroldo - se6rb103.default] user_pref("browser.search.defaultenginename", "Web Search");
O69 - SBI: prefs.js [Haroldo - se6rb103.default] user_pref("browser.search.order.1", "Web Search");
O69 - SBI: SearchScopes [HKCU] {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} - (Microsoft (Bing)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {9B59A51A-D2A2-4198-AB33-FB4AC652A274} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} [DefaultScope] - (Web Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CertifiedToolbar
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.B6A2B5F3230000E417EF9277D96E0E11] [SPRF][21/04/2014] (...) -- C:\Users\Haroldo\Desktop\hppiw.exe [2338824]
[MD5.AB112C0AEA9B839CD176595746344C39] [SPRF][22/04/2014] (...) -- C:\Users\Haroldo\Desktop\HPPSdr.exe [6598344]
[MD5.54A09129F5DF69BBBA3095894DF6788C] [SPRF][02/08/2013] (.No owner - K-Lite Codec Pack Setup.) -- C:\Users\Haroldo\Desktop\K-Lite_Codec_Pack_975_Standard.exe [14153812]
[MD5.16C317F08A0E24F8A059192F3AB7BC7B] [SPRF][11/04/2014] (...) -- C:\Users\Haroldo\Desktop\SUP_S922_V1.09.11830_20140411-maz.bin [3169264]
[MD5.EB337CDFA1E9B69F951A75631D2B484E] [SPRF][09/06/2010] (.No owner - GbpDist Module.) -- C:\Windows\Downloaded Program Files\gbpdist.dll [113192]
~ Files: 5 Legitimates Filtered in 00mn 00s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\deskSvc_RASAPI32 =>Hijacker.22Find
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\deskSvc_RASMANCS =>Hijacker.22Find
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\hometab_RASAPI32 =>PUP.CertifiedToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\hometab_RASMANCS =>PUP.CertifiedToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSpeedMaximizer_RASAPI32 =>Rogue.PCSpeedMaximizer
~ BTK: 489 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 08/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 13/07/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/07/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 10/07/1658 0 | (HOSTS Anti-PUPs) . (...) - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe
SS - | Auto 17/12/2013 46904 | (HPSupportSolutionsFrameworkService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
SS - | Demand 21/02/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 10/07/1658 0 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
SS - | Demand 11/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Disabled 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 25/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 21/09/2009 1420560 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 26/02/2014 520520 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Demand 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 21/09/2009 831760 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 14/05/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Demand 10/07/1658 1255736 | (WatAdminSvc) . (...) - C:\Windows\System32\Wat\WatAdminSvc.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 08s
---\\ Scâner Aditional (088)
Database Version : 13045 - (13/05/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 11
Fichiers trouvés (Files found) : 9
[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstaller] =>Hijacker.WebsSearches^
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\Program Files (x86)\iSafe =>Trojan.Staser^
C:\Program Files (x86)\Common Files\Spigot =>PUP.Dealio^
C:\ProgramData\baidu =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\Haroldo\AppData\Roaming\baidu =>Adware.BDSearch^
C:\Users\Haroldo\AppData\Roaming\iSafe =>Trojan.Staser^
C:\Users\Haroldo\AppData\Roaming\SupTab =>PUP.SupTab^
C:\Program Files (x86)\Application Updater =>PUP.Dealio
C:\Program Files (x86)\IObit Apps Toolbar =>PUP.Dealio
C:\Users\Haroldo\AppData\LocalLow\Search Settings =>PUP.Dealio
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\Baidu] =>Adware.BDSearch^
[HKCU\Software\WeDlMngr] =>PUP.weDownloadManager^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\baidu] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
~ Additionnel Scan: 343873 Items scanned in 00mn 55s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Parasite.Pugi
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CertifiedToolbar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Office
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.weDownloadManager
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.WpManager
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupTab
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Staser
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Dealio
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Beamrise
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.22Find
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Rogue.PCSpeedMaximizer
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.V9Software
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
~ MSI: 15 link(s) detected in 00mn 00s
~ 1008 Legitimates filtered by white list
End of the scan (575 lines in 02mn 33s)(0)
Por gentileza, necessito de ajuda urgente para me livrar dos caronistas indesejáveis "istart.webssearches.com", "22.find" e possivelmente muitos outros. A Internet Explorer não responde, navegação péssima e vídeos não abrem. Aproveito para postar o log gerado pelo ZHPDiag. Meu muito obrigado.
~ Relatório do ZHPDiag v2014.5.13.62 - Nicolas Coolman (13/05/2014)
~ Iniciado por Haroldo (13/05/2014 22:40:51)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Blog de análise de software : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17105
MFIE: Mozilla Firefox 29.0.1
GCIE: Google Chrome v34.0.1847.131 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.13
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 55
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3766.8 MB (66% free)
System Restore: Activé (Enable)
System drive C: has 80 GB (42%) free of 187 GB
---\\ Modo de conexão ao sistema
~ Computer Name: HAROLDO-PC
~ User Name: Haroldo
~ All Users Names: HomeGroupUser$, Haroldo, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Haroldo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Haroldo\AppData\Roaming\
~ %Desktop% : C:\Users\Haroldo\Desktop\
~ %Favorites% : C:\Users\Haroldo\Favorites\
~ %LocalAppData% : C:\Users\Haroldo\AppData\Local\
~ %StartMenu% : C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 80 Go of 187 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 94 Go of 98 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 03:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 10:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 08:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/348
~ Mes musiques (My Musics) : 1/44
~ Mes Videos (My Videos) : 1/910
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/386
~ Mon Bureau (My Desktop) : 1/51
~ Menu demarrer (Programs) : 1/41
~ Hidden Files: Scanned in 00mn 05s
---\\ Processos lançados
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2232]
[MD5.07322C7B12AF81F00AC248190BBF69BE] - (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [100200] [PID.3712]
[MD5.EAA666E9DD8DCDA6E075087091CB85EE] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [275072] [PID.3852]
[MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704] [PID.3944]
[MD5.EBE6AD4AE1CB00559C10B206225673F8] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\Dropbox.exe [33604728] [PID.2464]
[MD5.AB47E7B4E19B3776681697EAB1937999] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7874560] [PID.4532]
[MD5.ED5501CBCA525947FF6985B38253B872] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [520520] [PID.888]
[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1424]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2884]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.3024]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.2088]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nnjbodopomfddehlalfilheomcahbpei] GBBD Caixa Economica Federal v.3.2.0 (Désactivé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 19 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\se6rb103.default\prefs.js
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\se6rb103.default\user.js
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\tvtiqzcf.default\prefs.js
M3 - MFPP: Plugins - [Haroldo] -- C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins\Web Search.xml =>Parasite.Pugi
M3 - MFPP: Plugins - [Haroldo] -- C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins\yahoo_ff.xml
M3 - MFPP: Plugins - [Haroldo] -- C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\se6rb103.default\searchplugins\Web Search.xml =>Parasite.Pugi
M3 - MFPP: Plugins - [Haroldo] -- C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\se6rb103.default\searchplugins\yahoo_ff.xml
M3 - MFPP: Plugins - [Haroldo] -- C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\tvtiqzcf.default\searchplugins\Web Search.xml =>Parasite.Pugi
M3 - MFPP: Plugins - [Haroldo] -- C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\tvtiqzcf.default\searchplugins\yahoo_ff.xml
M2 - MFEP: prefs.js [Haroldo - extensions\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (..)
M2 - MFEP: prefs.js [Haroldo - se6rb103.default\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (..)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CertifiedToolbar
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
~ IE Browser: 20 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Bnb [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540014} . (.Banco do Nordeste do Brasil S.A. - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehbnb.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! EasyPass Toolbar - [HKLM]{724d43a0-0d85-11d4-9908-00400523e39a} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{724D43A0-0D85-11D4-9908-00400523E39A} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
O4 - GS\QuickLaunch [Haroldo]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
O4 - GS\SystemTools [Haroldo]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
~ Global Startup: 3 Legitimates Filtered in 00mn 02s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKCU\..\Run: [RoboForm] . (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [hpqSRMon] . (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-21-1335456900-3083802626-1046228050-1000\..\Run: [RoboForm] . (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Preencher [64Bits] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Salvar Formulários [64Bits] - {320AF880-6646-11D3-ABEE-C5DBF3571F49} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show avast! EasyPass Toolbar [64Bits] - {724d43aa-0d85-11d4-9908-00400523e39a} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bnb.gov.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{47BE1B23-3286-49C2-87A8-F2F3ECF40FEC}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 =>.Google DNS Redirections
O17 - HKLM\System\CCS\Services\Tcpip\..\{5514D2E1-AE6A-4A5E-B596-549D02E4412F}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{B13A2361-A94E-49A9-9358-11CB6DFB0E28}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC75A982-D557-4909-BCDC-8BFEC9234D33}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{B22F580E-0A76-4D84-8996-8FCFD5F84A25}: DhcpNameServer = 192.168.1.1 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{47BE1B23-3286-49C2-87A8-F2F3ECF40FEC}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 =>.Google DNS Redirections
O17 - HKLM\System\CS1\Services\Tcpip\..\{5514D2E1-AE6A-4A5E-B596-549D02E4412F}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{B13A2361-A94E-49A9-9358-11CB6DFB0E28}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{EC75A982-D557-4909-BCDC-8BFEC9234D33}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{B22F580E-0A76-4D84-8996-8FCFD5F84A25}: DhcpNameServer = 192.168.1.1 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{47BE1B23-3286-49C2-87A8-F2F3ECF40FEC}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 =>.Google DNS Redirections
O17 - HKLM\System\CS2\Services\Tcpip\..\{5514D2E1-AE6A-4A5E-B596-549D02E4412F}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{B13A2361-A94E-49A9-9358-11CB6DFB0E28}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{EC75A982-D557-4909-BCDC-8BFEC9234D33}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{B22F580E-0A76-4D84-8996-8FCFD5F84A25}: DhcpNameServer = 192.168.1.1 8.8.8.8
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe =>Hijacker.Office
~ Services: 10 Legitimates Filtered in 00mn 06s
---\\ Tarefas planificadas automaticamente (039)
[MD5.DD17B734F49DED3147D99918EDA0839B] [APT] [{53A6980A-BA36-4FD5-96D0-1F97A82B64DE}] (.Serpro - Serviço Federal de Processamento d.) -- C:\Users\Haroldo\Downloads\Receitanet-1.04.exe [6182597]
[MD5.A33B6492086D1F03CCB029BCF39132C3] [APT] [{630983C1-05B8-4F20-86CD-8D4CBB21A9B6}] (...) -- C:\Arquivos de Programas RFB\IRPF2013\IRPF2013.exe [31232]
[MD5.27902E96B1E4661AB91F98434E408357] [APT] [{98FB337E-089B-4AAB-9FA2-ECF4075B703E}] (...) -- C:\Users\Haroldo\Downloads\ReceitanetJava2010.02d_setup_win32.exe [3798462]
[MD5.A92E34B28D6125E14DA74484E58EC410] [APT] [{C6BA3CFF-5A65-409E-ABD3-40CDCF2FE6C3}] (...) -- C:\Program Files (x86)\Java\j2re1.4.2_05\javaws\javaws.exe [135168]
[MD5.75527EA7A3B425057B56A6ED32235A49] [APT] [{CC33EF03-81DA-46CE-A364-A88BF0933152}] (.CAIXA.) -- C:\Users\Haroldo\Downloads\iGBPCEFsf.exe [2546504]
[MD5.A92E34B28D6125E14DA74484E58EC410] [APT] [{DB832CA8-2708-4467-8026-9429EC8018AA}] (...) -- C:\Program Files (x86)\Java\j2re1.4.2_05\javaws\javaws.exe [135168]
[MD5.A92E34B28D6125E14DA74484E58EC410] [APT] [{F4AAB967-B985-4618-93A9-47D6C488AB70}] (...) -- C:\Program Files (x86)\Java\j2re1.4.2_05\javaws\javaws.exe [135168]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
~ Scheduled Task: 35 Legitimates Filtered in 00mn 06s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 90 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Codec Pack Packages - (...) [HKCU][64Bits] -- Codec Pack Packages
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: RegUtility version 4.1 - (...) [HKLM][64Bits] -- RegUtility_is1
O42 - Logiciel: webssearches uninstaller - (.webssearches.) [HKLM][64Bits] -- webssearches uninstaller =>Hijacker.WebsSearches
~ Logic: 25 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\5Oftwares]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Baidu] =>Adware.BDSearch
[HKCU\Software\Baixou Agora]
[HKCU\Software\GbAs]
[HKCU\Software\MiniGet]
[HKCU\Software\Pro-SoftNet]
[HKCU\Software\SERPRO]
[HKCU\Software\WeDlMngr] =>PUP.weDownloadManager
[HKCU\Software\Zugara Investment]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Deskmedia]
[HKLM\Software\Wow6432Node\IncrediMail]
[HKLM\Software\Wow6432Node\OnLineTV Toolbar]
[HKLM\Software\Wow6432Node\Programas RFB]
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\baidu] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
~ Key Software: 334 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/05/2014 - 16:22:29 - [] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 04/05/2014 - 05:11:34 - [] ----D C:\Program Files (x86)\iSafe =>Trojan.Staser
O43 - CFD: 30/04/2014 - 02:13:22 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 08/05/2014 - 15:06:39 - [0] ----D C:\Program Files (x86)\RBM
O43 - CFD: 21/04/2014 - 16:04:23 - [] ----D C:\Program Files (x86)\RegUtility
O43 - CFD: 04/05/2014 - 05:54:03 - [] ----D C:\Program Files (x86)\Common Files\Spigot =>PUP.Dealio
O43 - CFD: 08/05/2014 - 16:22:46 - [] ----D C:\ProgramData\baidu =>Adware.BDSearch
O43 - CFD: 08/05/2014 - 16:22:54 - [] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 11/02/2013 - 05:05:38 - [] ----D C:\ProgramData\IDriveSync
O43 - CFD: 04/05/2014 - 05:53:51 - [] ----D C:\ProgramData\ProductData
O43 - CFD: 01/05/2014 - 06:37:33 - [0] ----D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
O43 - CFD: 08/05/2014 - 16:23:09 - [] ----D C:\Users\Haroldo\AppData\Roaming\baidu =>Adware.BDSearch
O43 - CFD: 12/02/2013 - 05:24:58 - [] ----D C:\Users\Haroldo\AppData\Roaming\IDriveSync
O43 - CFD: 04/05/2014 - 05:53:48 - [] ----D C:\Users\Haroldo\AppData\Roaming\iSafe =>Trojan.Staser
O43 - CFD: 16/03/2013 - 02:22:48 - [] ----D C:\Users\Haroldo\AppData\Roaming\PCF
O43 - CFD: 09/05/2014 - 20:28:20 - [0] ----D C:\Users\Haroldo\AppData\Roaming\SupTab =>PUP.SupTab
O43 - CFD: 22/06/2013 - 14:34:40 - [] ----D C:\Users\Haroldo\AppData\Local\{35A3A4F2-B792-11D6-A78A-00B0D0142050}
O43 - CFD: 12/04/2013 - 12:23:40 - [] ----D C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 08/04/2014 - 21:44:28 - [] ----D C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 237 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.E72C7B5A855EB4FFA704E23B8BFFD0BD] - 01/05/2014 - 07:14:32 ---A- . (...) -- C:\log.txt [10058]
O44 - LFC:[MD5.6397F2BC53C0084EAF424AA8051847CB] - 05/05/2014 - 02:36:04 ---A- . (...) -- C:\Windows\hpoins46.dat [209789]
O44 - LFC:[MD5.D46D074B8BF3F42AB0820C49AD760823] - 08/05/2014 - 01:50:34 ---A- . (...) -- C:\AVScanner.ini [426]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 08/05/2014 - 15:06:35 ---A- . (...) -- C:\END [0]
O44 - LFC:[MD5.063D42714689B92821BE4CED71143D85] - 09/05/2014 - 04:23:29 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [157112]
O44 - LFC:[MD5.09229392AC7565BDE1589AB7332E6811] - 09/05/2014 - 04:23:29 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [739280]
O44 - LFC:[MD5.3B7E13C2CFD23F120AE02568475BAA17] - 09/05/2014 - 20:45:22 ---A- . (...) -- C:\PureRa.txt [15448]
O44 - LFC:[MD5.4B81FE3868B5FDB855DEC57EAAA3FD96] - 13/05/2014 - 04:43:15 ---A- . (...) -- C:\Windows\IE11_main.log [1344]
O44 - LFC:[MD5.3A5689806424CE911443ACAA0C735E9D] - 29/04/2014 - 01:11:45 ---A- . (...) -- C:\zoek-results2014-04-29-041145.log [35906]
O44 - LFC:[MD5.54F3CBBBA70F48526D3AEA0CEBA92D34] - 30/04/2014 - 02:13:24 ---A- . (...) -- C:\Windows\REC-NET.INI [176]
O44 - LFC:[MD5.BB3A34E78DBDB0D2575D7BFF58497B7F] - 30/04/2014 - 03:02:50 ---A- . (...) -- C:\zoek-results.log [34811]
~ Files: 30 Legitimates Filtered in 00mn 30s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\VDownloader [Key] . (.Vitzo - VDownloader.) -- C:\Program Files\VDownloader\VDownloader.exe
~ SMSR Keys: 13 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [289952]
O58 - SDL:25/04/2014 - 02:45:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:25/04/2014 - 02:45:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:25/04/2014 - 02:45:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:13/03/2014 - 23:34:01 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 64 Legitimates Filtered in 00mn 10s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 25/04/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 110 Legitimates Filtered in 00mn 01s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: prefs.js [Haroldo - extensions] user_pref("browser.search.defaultengine", "Web Search");
O69 - SBI: prefs.js [Haroldo - extensions] user_pref("browser.search.defaultenginename", "Web Search");
O69 - SBI: prefs.js [Haroldo - extensions] user_pref("browser.search.order.1", "Web Search");
O69 - SBI: prefs.js [Haroldo - se6rb103.default] user_pref("browser.search.defaultengine", "Web Search");
O69 - SBI: prefs.js [Haroldo - se6rb103.default] user_pref("browser.search.defaultenginename", "Web Search");
O69 - SBI: prefs.js [Haroldo - se6rb103.default] user_pref("browser.search.order.1", "Web Search");
O69 - SBI: SearchScopes [HKCU] {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} - (Microsoft (Bing)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {9B59A51A-D2A2-4198-AB33-FB4AC652A274} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} [DefaultScope] - (Web Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CertifiedToolbar
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.B6A2B5F3230000E417EF9277D96E0E11] [SPRF][21/04/2014] (...) -- C:\Users\Haroldo\Desktop\hppiw.exe [2338824]
[MD5.AB112C0AEA9B839CD176595746344C39] [SPRF][22/04/2014] (...) -- C:\Users\Haroldo\Desktop\HPPSdr.exe [6598344]
[MD5.54A09129F5DF69BBBA3095894DF6788C] [SPRF][02/08/2013] (.No owner - K-Lite Codec Pack Setup.) -- C:\Users\Haroldo\Desktop\K-Lite_Codec_Pack_975_Standard.exe [14153812]
[MD5.16C317F08A0E24F8A059192F3AB7BC7B] [SPRF][11/04/2014] (...) -- C:\Users\Haroldo\Desktop\SUP_S922_V1.09.11830_20140411-maz.bin [3169264]
[MD5.EB337CDFA1E9B69F951A75631D2B484E] [SPRF][09/06/2010] (.No owner - GbpDist Module.) -- C:\Windows\Downloaded Program Files\gbpdist.dll [113192]
~ Files: 5 Legitimates Filtered in 00mn 00s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\deskSvc_RASAPI32 =>Hijacker.22Find
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\deskSvc_RASMANCS =>Hijacker.22Find
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\hometab_RASAPI32 =>PUP.CertifiedToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\hometab_RASMANCS =>PUP.CertifiedToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSpeedMaximizer_RASAPI32 =>Rogue.PCSpeedMaximizer
~ BTK: 489 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 08/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 13/07/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/07/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 10/07/1658 0 | (HOSTS Anti-PUPs) . (...) - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe
SS - | Auto 17/12/2013 46904 | (HPSupportSolutionsFrameworkService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
SS - | Demand 21/02/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 10/07/1658 0 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
SS - | Demand 11/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Disabled 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 25/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 21/09/2009 1420560 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 26/02/2014 520520 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Demand 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 21/09/2009 831760 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 14/05/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Demand 10/07/1658 1255736 | (WatAdminSvc) . (...) - C:\Windows\System32\Wat\WatAdminSvc.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 08s
---\\ Scâner Aditional (088)
Database Version : 13045 - (13/05/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 11
Fichiers trouvés (Files found) : 9
[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstaller] =>Hijacker.WebsSearches^
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\Program Files (x86)\iSafe =>Trojan.Staser^
C:\Program Files (x86)\Common Files\Spigot =>PUP.Dealio^
C:\ProgramData\baidu =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\Haroldo\AppData\Roaming\baidu =>Adware.BDSearch^
C:\Users\Haroldo\AppData\Roaming\iSafe =>Trojan.Staser^
C:\Users\Haroldo\AppData\Roaming\SupTab =>PUP.SupTab^
C:\Program Files (x86)\Application Updater =>PUP.Dealio
C:\Program Files (x86)\IObit Apps Toolbar =>PUP.Dealio
C:\Users\Haroldo\AppData\LocalLow\Search Settings =>PUP.Dealio
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\Baidu] =>Adware.BDSearch^
[HKCU\Software\WeDlMngr] =>PUP.weDownloadManager^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\baidu] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
~ Additionnel Scan: 343873 Items scanned in 00mn 55s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Parasite.Pugi
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CertifiedToolbar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Office
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.weDownloadManager
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.WpManager
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupTab
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Staser
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Dealio
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Beamrise
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.22Find
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Rogue.PCSpeedMaximizer
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.V9Software
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
~ MSI: 15 link(s) detected in 00mn 00s
~ 1008 Legitimates filtered by white list
End of the scan (575 lines in 02mn 33s)(0)
pamonha- Membro
- Mensagens : 171
Reputação : 6
Data de inscrição : 14/02/2014
Re: Computador infectado por malwares
por Power Max Ter 13 maio 2014, 23:18
Olá.
Antes de darmos início a este novo tópico, acesse por gentileza seu tópico antigo e diga lá o que houve para podermos concluir o seu tópico:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Antes de darmos início a este novo tópico, acesse por gentileza seu tópico antigo e diga lá o que houve para podermos concluir o seu tópico:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Computador infectado por malwares
por Danii Qua 28 maio 2014, 21:41
TÓPICO ARQUIVADO
O acompanhamento deste caso encontra-se no seguinte endereço:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O acompanhamento deste caso encontra-se no seguinte endereço:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Danii- Membro Pleno
- Mensagens : 571
Reputação : 80
Data de inscrição : 04/04/2014
Localização : Brasil
Tópicos semelhantes» PC Infectado por Malwares
» Pc Infectado por varios malwares
» Possíveis Malwares
» Remover malwares !
» Remoção de malwares.
» Pc Infectado por varios malwares
» Possíveis Malwares
» Remover malwares !
» Remoção de malwares.
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos