Problemas com ce_umbrellacert

por samuel100 Qua 14 maio 2014, 20:50

entaoo meu caso é o seguinte toda hora e derrepende começou a aparecer um aviso de segurança assim: ce_umbrellacert antes de postar aqui eu tentei limpar o pc com o adwcleaner e mesmo assim isso continua a aparecer como resolver?

por **Power Max** Qua 14 maio 2014, 20:59

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

por samuel100 Qua 14 maio 2014, 21:23

# AdwCleaner v3.208 - Relatório criado 14/05/2014 às 21:15:56
# Atualizado 11/05/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : adm - ADM-92AA9CA763F
# Executando de : C:\Documents and Settings\adm\Meus documentos\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

***** [ Atalhos ] *****

***** [ Registro ] *****

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v34.0.1847.137

[ Arquivo : C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [13691 octets] - [14/05/2014 19:40:16]
AdwCleaner[R1].txt - [10979 octets] - [14/05/2014 19:48:13]
AdwCleaner[R2].txt - [1039 octets] - [14/05/2014 20:32:37]
AdwCleaner[R3].txt - [1160 octets] - [14/05/2014 21:15:33]
AdwCleaner[S0].txt - [9535 octets] - [14/05/2014 19:49:00]
AdwCleaner[S1].txt - [1167 octets] - [14/05/2014 20:33:22]
AdwCleaner[S2].txt - [1079 octets] - [14/05/2014 21:15:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1139 octets] ##########

por **Power Max** Qua 14 maio 2014, 21:31

Você postou este relatório C:\AdwCleaner\AdwCleaner[S2].txt

Mas o que precisamos é deste: C:\AdwCleaner\AdwCleaner[S0].txt

por samuel100 Qua 14 maio 2014, 21:35

# AdwCleaner v3.208 - Relatório criado 14/05/2014 às 19:49:00
# Atualizado 11/05/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : adm - ADM-92AA9CA763F
# Executando de : C:\Documents and Settings\adm\Meus documentos\Downloads\adwcleaner_3.208.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : IePluginService

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\AVG SafeGuard toolbar
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\AVG Secure Search
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\AVG Security Toolbar
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\baidu
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\IePluginService
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\WPM
Pasta Deletada : C:\Arquivos de programas\003
Pasta Deletada : C:\Arquivos de programas\AVG SafeGuard toolbar
Pasta Deletada : C:\Arquivos de programas\BrowseSmart
Pasta Deletada : C:\Arquivos de programas\Mobogenie
Pasta Deletada : C:\Arquivos de programas\SupraSavings
Pasta Deletada : C:\Arquivos de programas\SupTab
Pasta Deletada : C:\Arquivos de programas\Arquivos comuns\AVG Secure Search
[!] Pasta Deletada : C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\AVG SafeGuard toolbar
Pasta Deletada : C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\genienext
Pasta Deletada : C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\Mobogenie
Pasta Deletada : C:\Documents and Settings\adm\Dados de aplicativos\AVG SafeGuard toolbar
Pasta Deletada : C:\Documents and Settings\adm\Dados de aplicativos\awesomehp
Pasta Deletada : C:\Documents and Settings\adm\Dados de aplicativos\baidu
Pasta Deletada : C:\Documents and Settings\adm\Dados de aplicativos\newnext.me
Pasta Deletada : C:\Documents and Settings\adm\Dados de aplicativos\OpenCandy
Pasta Deletada : C:\Documents and Settings\adm\Dados de aplicativos\SupTab
Pasta Deletada : C:\Documents and Settings\adm\Dados de aplicativos\SwvUpdater
[!] Pasta Deletada : C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Arquivo Deletada : C:\WINDOWS\system32\SecureAssist.dll
Arquivo Deletada : C:\Documents and Settings\adm\daemonprocess.txt
Arquivo Deletada : C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\newtabv2.crx

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Chave Deletedo : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Chave Deletedo : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Chave Deletedo : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Chave Deletedo : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Chave Deletedo : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Chave Deletedo : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Chave Deletedo : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Chave Deletedo : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFBB88A9-C663-4B9B-9170-70FA0A5A2786}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FFBB88A9-C663-4B9B-9170-70FA0A5A2786}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Chave Deletedo : HKCU\Software\AVG SafeGuard toolbar
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\AppDataLow\Software\Rr Savings
Chave Deletedo : HKCU\Software\AppDataLow\Software\Supra Savings
Chave Deletedo : HKLM\Software\AVG SafeGuard toolbar
Chave Deletedo : HKLM\Software\AVG Security Toolbar
Chave Deletedo : HKLM\Software\awesomehpSoftware
Chave Deletedo : HKLM\Software\IePlugin
Chave Deletedo : HKLM\Software\LevelQualityWatcher
Chave Deletedo : HKLM\Software\suprasavings
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IePlugins

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.6001.18702

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]

-\\ Google Chrome v34.0.1847.137

*************************

AdwCleaner[R0].txt - [13691 octets] - [14/05/2014 19:40:16]
AdwCleaner[R1].txt - [10979 octets] - [14/05/2014 19:48:13]
AdwCleaner[S0].txt - [9395 octets] - [14/05/2014 19:49:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9455 octets] ##########

por **Power Max** Qua 14 maio 2014, 21:44

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Problemas com ce_umbrellacert 772309

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

por samuel100 Qua 14 maio 2014, 22:32

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by adm on qua 14/05/2014 at 22:21:35,06.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\adm\Meus documentos\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-15-010420.log 11431 bytes

==== System Restore Info ======================

14/5/2014 22:22:05 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [07/03/2014 02:32]

==== Chrome Look ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
abmojiekfpcmkkfamgfcpgfgipocface - C:\Documents and Settings\adm\Configura‡äes locais\Dados de aplicativos\GAS Tecnologia\GBBD\abn\sf.crx[05/09/2013 09:42]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{20834156-247A-48FE-9725-C4C44FDF43F2}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{20834156-247A-48FE-9725-C4C44FDF43F2} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7NDKB_pt-BRBR563"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

Nothing found to reset

==== shortcuts on Users Desktops ======================

C:\Documents and Settings\adm\Desktop\CyberLink PowerDVD.lnk - C:\Arquivos de programas\CyberLink\PowerDVD\PowerDVD.exe
C:\Documents and Settings\adm\Desktop\Format Factory.lnk - C:\Arquivos de programas\FreeTime\FormatFactory\FormatFactory.exe
C:\Documents and Settings\adm\Desktop\Internet Explorer.lnk - C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\adm\Desktop\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Documents and Settings\adm\Desktop\Microsoft Office Excel 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
C:\Documents and Settings\adm\Desktop\Microsoft Office Word 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Documents and Settings\adm\Desktop\rs2\Counter Strike 2011.lnk - C:\Arquivos de programas\Valve\hl.exe -game cstrike
C:\Documents and Settings\adm\Desktop\rs2\Dedicated Server.lnk - C:\Arquivos de programas\Valve\hlds.exe
C:\Documents and Settings\adm\Desktop\rs2\Skype.lnk - C:\WINDOWS\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Documents and Settings\adm\Desktop\rs2\sXe Injected.lnk - C:\Arquivos de programas\sXe Injected\sXe Injected.exe

==== shortcuts on All Users Desktop ======================

C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk - C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk - C:\Arquivos de programas\AVG\AVG2014\avgui.exe
C:\Documents and Settings\All Users\Desktop\CCleaner.lnk - C:\Arquivos de programas\CCleaner\CCleaner.exe
C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Desktop\Nero Home.lnk - C:\Arquivos de programas\Nero\Nero8\Nero Home\NeroHome.exe -ScParameter=65
C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk - C:\Arquivos de programas\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe -ScParameter=65
C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk - C:\Arquivos de programas\Paint.NET\PaintDotNet.exe
C:\Documents and Settings\All Users\Desktop\Programa da Multifuncional Lexmark 1200 Series.lnk - C:\Arquivos de programas\Lexmark 1200 Series\lxczaiox.exe
C:\Documents and Settings\All Users\Desktop\Receitanet 1.04 .lnk - C:\Arquivos de programas\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\Documents and Settings\All Users\Desktop\Skype.lnk - C:\WINDOWS\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe

==== shortcuts in Users Start Menu ======================

C:\Documents and Settings\adm\Menu Iniciar\Programas\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Ajuda do IRPF2014.lnk -
C:\Documents and Settings\adm\Menu Iniciar\Programas\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Desinstalar IRPF2014.lnk -
C:\Documents and Settings\adm\Menu Iniciar\Programas\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Documents and Settings\adm\Menu Iniciar\Programas\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Leia-me do IRPF2014.lnk -

==== shortcuts in All Users Start Menu ======================

C:\Documents and Settings\All Users\Menu Iniciar\Programas\AVG\AVG 2014.lnk - C:\Arquivos de programas\AVG\AVG2014\avgui.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office Word 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

==== shortcuts in Quick Launch ======================

C:\Documents and Settings\adm\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\adm\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o navegador Internet Explorer.lnk - C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\adm\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk - C:\Arquivos de programas\Nero\Nero8\Nero Home\NeroHome.exe -ScParameter=65
C:\Documents and Settings\adm\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Arquivos de programas\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe -ScParameter=65
C:\Documents and Settings\adm\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Arquivos de programas\Windows Media Player\wmplayer.exe /prefetch:1

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"="http=127.0.0.1:3971;https=127.0.0.1:3971;"
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000001

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Documents and Settings\adm\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\adm\Configuraþ§es locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Configuraþ§es locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configuraþ§es locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configuraþ§es locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Configuraþ§es locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=5 folders=4 3136 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\adm\CONFIG~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== EOF on qua 14/05/2014 at 22:28:10,00 ======================

por **Power Max** Sex 16 maio 2014, 10:45

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

por samuel100 Sáb 17 maio 2014, 00:13

entao adm depois que eu fiz td isso citado acima meu pc fico lentao e o face ta bugando demias o bate papo fica sumindo se desconectando obs: antes tava bom o pc antes de eu passar os programas acima

por **Power Max** Sáb 17 maio 2014, 00:15

O seu PC estava com muitos adwares e outros itens perigosos que fazem várias modificações no sistema. Seria bom usar o ZHP como lhe passei acima e postar o relatório dele para vermos se ainda há vírus no PC que possam estar causando esta lentidão.

por samuel100 Sáb 17 maio 2014, 00:28

ta esse zhp é so baixar ele faz td sozinho?

por **Power Max** Sáb 17 maio 2014, 00:30

Não, depois de baixar execute ele seguindo as dicas do tutorial dele que te passei. Aí ele vai gerar um relatório e você posta este relatório aqui no tópico para eu poder analisar.

por samuel100 Sáb 17 maio 2014, 00:44

~ Relatório do ZHPDiag v2014.5.16.65 - Nicolas Coolman (16/5/2014)
~ Iniciado por adm (17/5/2014 00:40:56)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Blog de análise de software : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found

---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702
GCIE: Google Chrome v34.0.1847.137 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ Softwares de proteçao do sistema
AVG 2014 v14.0.3950

---\\ Softwares d'optimização do sistema
CCleaner v4.05

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 ActiveX
Adobe Reader 9.4.0 - Português
Java 7 Update 45

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (49% free)
System Restore: Activé (Enable)
System drive C: has 274 GB (91%) free of 298 GB

---\\ Modo de conexão ao sistema
~ Computer Name: ADM-92AA9CA763F
~ User Name: adm
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, ASPNET, Administrador, adm,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\adm\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\adm\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\adm\Desktop\
~ %Favorites% : C:\Documents and Settings\adm\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\adm\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 274 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/4/2008 - 18:21:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.E2FFA50357056ADE4FCDB5FD09F9D2FF] - (.Microsoft Corporation - Internet Extensions for Win32.) (.6/3/2014 - 14:58:35.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/4/2008 - 18:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/8/2011 - 10:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 10:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/4/2008 - 11:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/4/2008 - 10:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/4/2008 - 17:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/4/2008 - 08:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.13/4/2008 - 17:55:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/4/2008 - 10:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/4/2008 - 10:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/4/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/7/2011 - 10:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/4/2008 - 11:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/4/2008 - 11:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.13/4/2008 - 18:34:10.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/4/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 15:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/4/2008 - 17:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/631
~ Mes musiques (My Musics) : 2/3
~ Mes Videos (My Videos) : 2/4
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/706
~ Mon Bureau (My Desktop) : 0/297
~ Menu demarrer (Programs) : 1/43
~ Hidden Files: Scanned in 00mn 00s

---\\ Processos lançados
[MD5.151E2ACD558A05428BB7BB9A81C4279D] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe [519224] [PID.1912]
[MD5.A1043645D16915DF12A6F2E049922A18] - (.Lexmark International, Inc. - LexBce Service.) -- C:\WINDOWS\system32\LEXBCES.exe [311296] [PID.1176]
[MD5.AF31E60B6BF71BD74B16DDF5C679FBA3] - (.Lexmark International, Inc. - LEXPPS.EXE.) -- C:\WINDOWS\system32\LEXPPS.exe [174592] [PID.1232]
[MD5.DBAEB3D23C653018629A76E53260E122] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Arquivos de programas\AVG\AVG2014\avgwdsvc.exe [291912] [PID.1668]
[MD5.6D4028D458EAAA1782099750790DC8C9] - (.Nero AG - Nero BackItUp.) -- C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe [853288] [PID.604]
[MD5.BD517C7FB119997EFFBE39D5E4B37B05] - (.No owner - RichVideo Module.) -- C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe [167936] [PID.1060]
[MD5.013A269E7AF8B01FF20B384FEEBFFDA5] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [16862720] [PID.2836]
[MD5.8EA6E15586B1063AB1190B082DB0995D] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [166912] [PID.3016]
[MD5.187B4E045DDB3B3FAD5C714A65420C1D] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [135680] [PID.3200]
[MD5.D7B0304F6B8BC6FF1FF42105AA7043DD] - (.Lexmark International, Inc. - Lexmark 1200 Series Button Manager.) -- C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe [57344] [PID.3284]
[MD5.496DB4918FA5F915885D7B599409D463] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [243712] [PID.3316]
[MD5.6041683BD131110B462D41263DCDB4F9] - (.Lexmark International, Inc. - Lexmark 1200 Series Button Monitor.) -- C:\Arquivos de programas\Lexmark 1200 Series\lxczbmon.exe [53248] [PID.3340]
[MD5.5FA7D3322DA8E6A6D92B49130E48A0D7] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Arquivos de programas\AVG\AVG2014\avgui.exe [5180432] [PID.3348]
[MD5.1E40EF882A2AFC3A715969AD7BF531B1] - (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe [202024] [PID.3452]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.3460] =>Toolbar.Google
[MD5.8EF6C627E537C218A13E10A352F61729] - (.ContentExplorer - ContentExplorer.) -- C:\Documents and Settings\adm\Dados de aplicativos\ContentExplorer\ContentExplorer.exe [1063664] [PID.3516]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.3924]
[MD5.1BEF5464C06F4AF0C704378824C52ADB] - (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe [382248] [PID.1804]
[MD5.279A2F9A8626E0BCEAC222BA7C3C02EF] - (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe [1410344] [PID.2536]
[MD5.4DC6FCBA01803BAFF7C14336F698E00F] - (.Developed by Alejandro Cortés - sXe Injected Client - Anticheat System.) -- C:\Arquivos de programas\sXe Injected\sXe Injected.exe [4241904] [PID.2108]
[MD5.345B1798395CEA9C178AFF1784FA2A37] - (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe [841032] [PID.3600]
[MD5.317235FAE521626B9EBED5F47A9ED75A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [7876096] [PID.5600]
~ Processes Running: Scanned in 00mn 00s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_abn.dll
~ Firefox Browser: 8 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 8 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:3746;https=127.0.0.1:3746; =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehabn.dll
~ BHO: 14 Legitimates Filtered in 00mn 00s

---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [NBKeyScan] . (.Nero AG - Nero BackItUp.) -- C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] . (.Lexmark International, Inc. - Lexmark 1200 Series Button Manager.) -- C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] Chave orfã
O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Arquivos de programas\AVG\AVG2014\avgui.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Documents and Settings\adm\Dados de aplicativos\ContentExplorer\ContentExplorer.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1060284298-1078081533-1644491937-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1060284298-1078081533-1644491937-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-1060284298-1078081533-1644491937-1003\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-1060284298-1078081533-1644491937-1003\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Documents and Settings\adm\Dados de aplicativos\ContentExplorer\ContentExplorer.exe
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancoreal.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancosantander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F99689B-C9BC-4EB2-83BE-4987839D53B0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED007597-8610-484B-B521-707EF8968E54}: DhcpNameServer = 200.189.80.123 200.189.80.109
O17 - HKLM\System\CS1\Services\Tcpip\..\{2F99689B-C9BC-4EB2-83BE-4987839D53B0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{ED007597-8610-484B-B521-707EF8968E54}: DhcpNameServer = 200.189.80.123 200.189.80.109 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{2F99689B-C9BC-4EB2-83BE-4987839D53B0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{ED007597-8610-484B-B521-707EF8968E54}: DhcpNameServer = 200.189.80.123 200.189.80.109
O17 - HKLM\System\CS3\Services\Tcpip\..\{2F99689B-C9BC-4EB2-83BE-4987839D53B0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{ED007597-8610-484B-B521-707EF8968E54}: DhcpNameServer = 200.189.80.123 200.189.80.109
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.189.80.123 200.189.80.109
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginAbn . (.Banco Real - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notificações do Programa de Vantagens do Wi.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
O23 - Service: xmkysecqun32 (xmkysecqun32) . (...) - C:\Arquivos de programas\003\xmkysecqun32.exe (.not file.)
~ Services: 8 Legitimates Filtered in 00mn 02s

---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Logon para Notificação de Término de Serviço do Microsoft Windows XP.job [218]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Notificação Mensal de Término de Serviço do Microsoft Windows XP.job [212]
~ Scheduled Task: 14 Legitimates Filtered in 00mn 00s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\WINDOWS\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\WINDOWS\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\WINDOWS\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (AswRdr) . (. - .) - C:\WINDOWS\system32\drivers\aswRdr.sys (.not file.)
O41 - Driver: (aswSnx) . (. - .) - C:\WINDOWS\system32\drivers\aswSnx.sys (.not file.)
O41 - Driver: (aswSP) . (. - .) - C:\WINDOWS\system32\drivers\aswSP.sys (.not file.)
O41 - Driver: (aswTdi) . (. - .) - C:\WINDOWS\system32\drivers\aswTdi.sys (.not file.)
O41 - Driver: (BprotectEx) . (. - .) - C:\WINDOWS\system32\drivers\BprotectEx.sys (.not file.)
~ Drivers: 115 Legitimates Filtered in 00mn 00s

---\\ Software instalados (042)
O42 - Logiciel: ContentExplorer - (.ContentExplorer.net.) [HKLM] -- ContentExplorer
O42 - Logiciel: Counter Strike 2011 - (...) [HKCU] -- Counter Strike 2011
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: Módulo de Proteção Banco Santander 3.4.3.1 - (...) [HKLM] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: sXe Injected - (.Alejandro Cortés.) [HKLM] -- sXe Injected
~ Logic: 16 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Baidu] =>Adware.BDSearch
[HKCU\Software\ContentExplorer]
[HKCU\Software\SERPRO]
[HKCU\Software\sXe Injected]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\Wocarson]
[HKLM\Software\baidu] =>Adware.BDSearch
[HKLM\Software\sXe_Injected]
~ Key Software: 363 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/5/2014 - 19:09:16 - [] ----D C:\Arquivos de programas\Baidu Security =>Adware.BDSearch
O43 - CFD: 11/4/2014 - 15:21:54 - [] ----D C:\Arquivos de programas\Programas RFB
O43 - CFD: 25/1/2013 - 17:07:34 - [] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 16/5/2014 - 20:29:33 - [] ----D C:\Arquivos de programas\sXe Injected
O43 - CFD: 25/1/2013 - 17:06:35 - [] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 6/3/2014 - 10:06:58 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security =>Adware.BDSearch
O43 - CFD: 16/5/2014 - 00:06:13 - [] -SH-D C:\Documents and Settings\All Users\Dados de aplicativos\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
O43 - CFD: 11/1/2014 - 09:19:34 - [] ----D C:\Documents and Settings\adm\Dados de aplicativos\Baidu Security =>Adware.BDSearch
O43 - CFD: 14/5/2014 - 19:09:24 - [] ----D C:\Documents and Settings\adm\Dados de aplicativos\ContentExplorer
O43 - CFD: 26/1/2013 - 09:31:11 - [] R---D C:\Documents and Settings\adm\Menu Iniciar\Programas\Acessórios
O43 - CFD: 12/3/2014 - 00:13:44 - [] ----D C:\Documents and Settings\adm\Menu Iniciar\Programas\Counter Strike 2011
O43 - CFD: 19/1/2014 - 09:24:05 - [] R---D C:\Documents and Settings\adm\Menu Iniciar\Programas\Inicializar
O43 - CFD: 20/3/2014 - 19:56:42 - [] ----D C:\Documents and Settings\adm\Menu Iniciar\Programas\Programas RFB2014
O43 - CFD: 25/2/2014 - 15:04:34 - [] ----D C:\Documents and Settings\adm\Menu Iniciar\Programas\sXe Injected
~ Program Folder: 124 Legitimates Filtered in 00mn 00s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.2BC43FB502B363F7AC5A4B894BE5D16E] - 12/5/2014 - 21:58:02 ---A- . (...) -- C:\WINDOWS\win.ini [603]
O44 - LFC:[MD5.BE125797A510CD7E9E77D0D79CB989EF] - 14/5/2014 - 19:14:14 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\WINDOWS\system32\Drivers\Bhbase.sys [47456]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 14/5/2014 - 19:40:34 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\WINDOWS\system32\sqlite3.dll [536576]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 14/5/2014 - 22:21:19 ---A- . (...) -- C:\WINDOWS\zoek-delete.exe [24064]
O44 - LFC:[MD5.A88D55E71995DD5D4215C040CCC09A35] - 14/5/2014 - 22:28:10 ---A- . (...) -- C:\zoek-results.log [11073]
O44 - LFC:[MD5.ADE5BACE84FEDD979D65F9E33781FCE6] - 16/5/2014 - 11:40:29 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.07DF78DA7F8686F665EEC0DE88D086B9] - 16/5/2014 - 11:40:33 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.8FCA7D8A9C8AE5CC7BD1C2D06995DC8D] - 16/5/2014 - 11:40:40 ---A- . (.GAS Tecnologia - GAS Tecnologia - IM Helper Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31448]
O44 - LFC:[MD5.8EA246E7785DBB8F6B9411B311BFCC06] - 3/5/2014 - 02:36:50 ---A- . (...) -- C:\WINDOWS\updspapi.log [11520]
O44 - LFC:[MD5.DD9B83DC7D1C8AA7A31F4DA76EF189A2] - 3/5/2014 - 02:36:51 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [92742]
O44 - LFC:[MD5.2F10AF4A08F223E6D63D85F68183D910] - 3/5/2014 - 02:36:51 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [6375]
O44 - LFC:[MD5.7FF5A0BD15D9F9F638C9C0048B1D3D78] - 3/5/2014 - 02:36:51 ---A- . (...) -- C:\WINDOWS\comsetup.log [30653]
O44 - LFC:[MD5.722A7C091BD39FF7597008E2C9F47AB2] - 3/5/2014 - 02:36:51 ---A- . (...) -- C:\WINDOWS\iis6.log [97794]
O44 - LFC:[MD5.EDA84342ED2208A2D5047124EEC5BFEF] - 3/5/2014 - 02:36:51 ---A- . (...) -- C:\WINDOWS\imsins.log [1355]
O44 - LFC:[MD5.7B66799DD585E3DFCC41F4A2D25CF52C] - 3/5/2014 - 02:36:51 ---A- . (...) -- C:\WINDOWS\msgsocm.log [4635]
O44 - LFC:[MD5.A65B085607D1158B679934533815B919] - 3/5/2014 - 02:36:51 ---A- . (...) -- C:\WINDOWS\msmqinst.log [28472]
O44 - LFC:[MD5.AB4E87DA5401C5FEF304F74291B62FC2] - 3/5/2014 - 02:36:51 ---A- . (...) -- C:\WINDOWS\netfxocm.log [16245]
O44 - LFC:[MD5.9F585772BB9292F82406AE0686F5B86A] - 3/5/2014 - 02:36:51 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [18489]
O44 - LFC:[MD5.1F956A9CB8435DDA2D78B4A33A19DD84] - 3/5/2014 - 02:36:51 ---A- . (...) -- C:\WINDOWS\ocgen.log [44340]
O44 - LFC:[MD5.992F6D6365D18354565192D581D7063E] - 3/5/2014 - 02:36:51 ---A- . (...) -- C:\WINDOWS\ocmsn.log [5790]
O44 - LFC:[MD5.56211F8D22EAE34AE4D76757F7835ACE] - 3/5/2014 - 02:36:51 ---A- . (...) -- C:\WINDOWS\tabletoc.log [4665]
O44 - LFC:[MD5.ECF3A68ABA50DD655F0A98B6FB6A8616] - 3/5/2014 - 02:36:51 ---A- . (...) -- C:\WINDOWS\tsoc.log [42315]
O44 - LFC:[MD5.C7BC96C3711C0D269DA26D1F0ECEC547] - 7/5/2014 - 19:02:38 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [69]
~ Files: 38 Legitimates Filtered in 00mn 02s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:11/3/2014 - 00:14:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\WINDOWS\system32\Drivers\Bhbase.sys [47456]
O58 - SDL:2/9/2007 - 13:44:14 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:27/2/2014 - 13:55:12 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\WINDOWS\system32\Drivers\gbpkm.sys [46392]
O58 - SDL:16/5/2014 - 11:40:40 ---A- . (.GAS Tecnologia - GAS Tecnologia - IM Helper Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31448]
O58 - SDL:13/4/2008 - 08:36:06 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:21/7/2007 - 17:40:58 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:2/9/2007 - 13:44:14 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:21/7/2007 - 17:40:06 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:21/7/2007 - 17:40:10 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:21/7/2007 - 17:40:26 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:21/7/2007 - 17:40:34 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:13/4/2008 - 08:50:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:21/7/2007 - 17:40:50 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:21/7/2007 - 17:40:50 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:21/7/2007 - 17:40:50 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:21/7/2007 - 17:40:50 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:21/7/2007 - 17:40:50 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:13/4/2008 - 08:49:48 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:13/4/2008 - 08:49:44 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:13/4/2008 - 08:49:40 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:13/4/2008 - 08:49:44 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:13/4/2008 - 08:49:42 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 50 Legitimates Filtered in 00mn 02s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 11/3/2014 - C:\WINDOWS\system32\drivers\Bhbase.sys (Bhbase) .(.Baidu, Inc. - Baidu Antivirus Hook Base.) - LEGACY_BHBASE
O64 - Services: CurCS - 8/3/2014 - C:\Arquivos de programas\sXe Injected\ddsxei.sys (ddsxeiservice) .(.Developed by Alejandro Cortés - sXe Injected Driver.) - LEGACY_DDSXEISERVICE
O64 - Services: CurCS - 27/2/2014 - C:\WINDOWS\system32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 27/2/2014 - C:\Arquivos de programas\GbPlugin\gbpsv.exe (GbpSv) .(.GAS Tecnologia - G-Buster Browser Defense - Service.) - LEGACY_GBPSV
~ Legacy: 145 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {20834156-247A-48FE-9725-C4C44FDF43F2} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.88DAFC0460473CCAC0CE258291865A54] [SPRF][28/11/2013] (...) -- C:\Documents and Settings\adm\Dados de aplicativos\unins000.dat [13451]
[MD5.FEE1D58C6AD73F25EB0DAD4F690560AD] [SPRF][18/12/2013] (.Facebook Inc. - Setup.) -- C:\Documents and Settings\adm\Desktop\FacebookVideoCallSetup_v1.2.205.0.exe [501248]
~ Files: 2 Legitimates Filtered in 00mn 00s

---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.404608905CB50EDA98699F6DDE7F13FD] [WIS][23/11/2013] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\938d63.msi [24576] =>Toolbar.Google
~ WIS: 1 Legitimates Filtered in 00mn 01s

---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] (Google Toolbar Notifier BHO) =>Toolbar.Google
~ BCK: 5960 Legitimates Filtered in 00mn 05s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 14/5/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 18/4/2014 3645456 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Arquivos de programas\AVG\AVG2014\avgidsagent.exe
SS - | Demand 13/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 23/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 23/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 23/11/2013 194032 | (gusvc) . (.Google.) - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 30/10/2013 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Arquivos de programas\Skype\Updater\Updater.exe
SS - | Auto 10/7/1658 0 | (xmkysecqun32) . (...) - C:\Arquivos de programas\003\xmkysecqun32.exe
SR - | Auto 27/3/2014 291912 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Arquivos de programas\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 27/2/2014 519224 | (GbpSv) . (.GAS Tecnologia.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
SR - | Auto 18/4/2006 311296 | (LexBceS) . (.Lexmark International, Inc..) - C:\WINDOWS\system32\LEXBCES.exe
SR - | Auto 20/9/2007 853288 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
SR - | Demand 20/9/2007 382248 | (NMIndexingService) . (.Nero AG.) - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
SR - | Auto 8/8/2005 167936 | (RichVideo) . (...) - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
~ Services: Scanned in 00mn 06s

---\\ Scâner Aditional (088)
Database Version : 13045 - (16/5/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 10

[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Arquivos de programas\Baidu Security =>Adware.BDSearch^
C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security =>Adware.BDSearch^
C:\Documents and Settings\adm\Dados de aplicativos\Baidu Security =>Adware.BDSearch^
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\Baidu] =>Adware.BDSearch^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch^
[HKLM\Software\baidu] =>Adware.BDSearch^
C:\Windows\Installer\938d63.msi =>Toolbar.Google^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] (Google Toolbar Notifier BHO) =>Toolbar.Google^
~ Additionnel Scan: 202921 Items scanned in 00mn 22s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Proxy
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ MSI: 2 link(s) detected in 00mn 00s

~ 820 Legitimates filtered by white list
End of the scan (564 lines in 00mn 47s)(0)

por **Power Max** Sáb 17 maio 2014, 10:58

Sugiro que desinstale a Google Toolbar para deixar sua navegação mais rápida.
_____________________________________________________________________________________________________________

Problemas com ce_umbrellacert 772309

Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
______________________________________________________________________________________________________________

Problemas com ce_umbrellacert 772309

Selecione e copie todo o texto destacado em vermelho abaixo (começando em script zhpfix e indo até emptyclsid)

script zhpfix
SysRestore
[MD5.8EF6C627E537C218A13E10A352F61729] - (.ContentExplorer - ContentExplorer.) -- C:\Documents and Settings\adm\Dados de aplicativos\ContentExplorer\ContentExplorer.exe [1063664] [PID.3516]
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:3746;https=127.0.0.1:3746; =>Hijacker.Proxy
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
O4 - HKLM\..\Run: [KernelFaultCheck] Chave orfã
O4 - HKCU\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Documents and Settings\adm\Dados de aplicativos\ContentExplorer\ContentExplorer.exe
O4 - HKUS\S-1-5-21-1060284298-1078081533-1644491937-1003\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Documents and Settings\adm\Dados de aplicativos\ContentExplorer\ContentExplorer.exe
O23 - Service: xmkysecqun32 (xmkysecqun32) . (...) - C:\Arquivos de programas\003\xmkysecqun32.exe (.not file.)
O41 - Driver: (Bfilter) . (. - .) - C:\WINDOWS\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\WINDOWS\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\WINDOWS\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (AswRdr) . (. - .) - C:\WINDOWS\system32\drivers\aswRdr.sys (.not file.)
O41 - Driver: (aswSnx) . (. - .) - C:\WINDOWS\system32\drivers\aswSnx.sys (.not file.)
O41 - Driver: (aswSP) . (. - .) - C:\WINDOWS\system32\drivers\aswSP.sys (.not file.)
O41 - Driver: (aswTdi) . (. - .) - C:\WINDOWS\system32\drivers\aswTdi.sys (.not file.)
O41 - Driver: (BprotectEx) . (. - .) - C:\WINDOWS\system32\drivers\BprotectEx.sys (.not file.)
O42 - Logiciel: ContentExplorer - (.ContentExplorer.net.) [HKLM] -- ContentExplorer
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Baidu] =>Adware.BDSearch
[HKCU\Software\ContentExplorer]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\Wocarson]
[HKLM\Software\baidu] =>Adware.BDSearch
O43 - CFD: 14/5/2014 - 19:09:16 - [] ----D C:\Arquivos de programas\Baidu Security =>Adware.BDSearch
O43 - CFD: 6/3/2014 - 10:06:58 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security =>Adware.BDSearch
O43 - CFD: 11/1/2014 - 09:19:34 - [] ----D C:\Documents and Settings\adm\Dados de aplicativos\Baidu Security =>Adware.BDSearch
O43 - CFD: 14/5/2014 - 19:09:24 - [] ----D C:\Documents and Settings\adm\Dados de aplicativos\ContentExplorer
O44 - LFC:[MD5.BE125797A510CD7E9E77D0D79CB989EF] - 14/5/2014 - 19:14:14 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\WINDOWS\system32\Drivers\Bhbase.sys [47456]
O58 - SDL:11/3/2014 - 00:14:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\WINDOWS\system32\Drivers\Bhbase.sys [47456]
O64 - Services: CurCS - 11/3/2014 - C:\WINDOWS\system32\drivers\Bhbase.sys (Bhbase) .(.Baidu, Inc. - Baidu Antivirus Hook Base.) - LEGACY_BHBASE
SS - | Auto 10/7/1658 0 | (xmkysecqun32) . (...) - C:\Arquivos de programas\003\xmkysecqun32.exe
C:\Arquivos de programas\Baidu Security =>Adware.BDSearch^
C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security =>Adware.BDSearch^
C:\Documents and Settings\adm\Dados de aplicativos\Baidu Security =>Adware.BDSearch^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\Baidu] =>Adware.BDSearch^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch^
[HKLM\Software\baidu] =>Adware.BDSearch^
ShortcutFix
ProxyFix
EmptyTemp
EmptyFlash
emptyclsid
_____________________________________________________________________________________________________________

Problemas com ce_umbrellacert 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

por samuel100 Sáb 17 maio 2014, 20:34

entao adm quando eu vou em zhpfix antes de eu clicar em go eu apago o que tem nele e colo isso em vermelho que vc mostro acima?

por **Power Max** Sáb 17 maio 2014, 20:36

Não precisa apagar nada. Você copia o texto em vermelho e depois vai no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

por samuel100 Sáb 17 maio 2014, 21:03

nao eu sei mas quando eu vou la tem isso> ver: (Bfmon) . (. - .) - C:\WINDOWS\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\WINDOWS\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (AswRdr) . (. - .) - C:\WINDOWS\system32\drivers\aswRdr.sys (.not file.)
O41 - Driver: (aswSnx) . (. - .) - C:\WINDOWS\system32\drivers\aswSnx.sys (.not file.)
O41 - Driver: (aswSP) . (. - .) - C:\WINDOWS\system32\drivers\aswSP.sys (.not file.)
O41 - Driver: (aswTdi) . (. - .) - C:\WINDOWS\system32\drivers\aswTdi.sys (.not file.)
O41 - Driver: (BprotectEx) . (. - .) - C:\WINDOWS\system32\drivers\BprotectEx.sys (.not file.)
O42 - Logiciel: ContentExplorer - (.ContentExplorer.net.) [HKLM] -- ContentExplorer e tem mais coisas se eu clica em go elas vao apagar nao vai isso nao prejudicara meu pc?

por **Power Max** Sáb 17 maio 2014, 21:06

Isto aí é os conteúdos perigosos que serão removidos. Clique em Go e siga os procedimentos que te passei.

por samuel100 Sáb 17 maio 2014, 21:18

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by adm at 17/5/2014 21:16:55
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)

Reciclagem vazia (00mn 00s)

========== Softwares ==========
AUSENTE Uninstall Process: c:\documents and settings\adm\dados de aplicativos\contentexplorer\uninstall.exe

========== Restauração Sistema ==========
Nenhum ponto de restauro do sistema foi criado

========== Recapitulativo ==========
1 : Softwares
1 : Restauração Sistema

End of clean in 00mn 17s

========== Caminho do ficheiro do relatório ==========
\ZHP\ZHPFix[R1].txt - 17/5/2014 21:16:55 [659] ai ele apagou o ccleaner aff

por **Power Max** Sáb 17 maio 2014, 21:20

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

por samuel100 Sáb 17 maio 2014, 21:23

adm acontece que eu peguei aqueles negocio em vermelho e substitui por aqueles que vc falo que era virus ai cliquei em go

por **Power Max** Sáb 17 maio 2014, 21:25

Cara, siga os passos que estou te indicando, senão não tenho como te ajudar,

por samuel100 Sáb 17 maio 2014, 21:33

~ Relatório do ZHPDiag v2014.5.16.65 - Nicolas Coolman (16/5/2014)
~ Iniciado por adm (17/5/2014 21:31:59)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Blog de análise de software : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found

---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702
GCIE: Google Chrome v34.0.1847.137 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ Softwares de proteçao do sistema
AVG 2014 v14.0.3950

---\\ Softwares d'optimização do sistema
CCleaner v4.13

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 ActiveX
Adobe Reader 9.4.0 - Português
Java 7 Update 45

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (44% free)
System Restore: Activé (Enable)
System drive C: has 274 GB (92%) free of 298 GB

---\\ Modo de conexão ao sistema
~ Computer Name: ADM-92AA9CA763F
~ User Name: adm
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, ASPNET, Administrador, adm,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\adm\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\adm\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\adm\Desktop\
~ %Favorites% : C:\Documents and Settings\adm\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\adm\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 274 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/4/2008 - 18:21:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.E2FFA50357056ADE4FCDB5FD09F9D2FF] - (.Microsoft Corporation - Internet Extensions for Win32.) (.6/3/2014 - 14:58:35.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/4/2008 - 18:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/8/2011 - 10:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 10:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/4/2008 - 11:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/4/2008 - 10:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/4/2008 - 17:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/4/2008 - 08:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.13/4/2008 - 17:55:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/4/2008 - 10:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/4/2008 - 10:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/4/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/7/2011 - 10:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/4/2008 - 11:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/4/2008 - 11:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.13/4/2008 - 18:34:10.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/4/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 15:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/4/2008 - 17:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/631
~ Mes musiques (My Musics) : 2/3
~ Mes Videos (My Videos) : 2/4
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/709
~ Mon Bureau (My Desktop) : 0/297
~ Menu demarrer (Programs) : 1/43
~ Hidden Files: Scanned in 00mn 00s

---\\ Processos lançados
[MD5.151E2ACD558A05428BB7BB9A81C4279D] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe [519224] [PID.1960]
[MD5.A1043645D16915DF12A6F2E049922A18] - (.Lexmark International, Inc. - LexBce Service.) -- C:\WINDOWS\system32\LEXBCES.exe [311296] [PID.1084]
[MD5.AF31E60B6BF71BD74B16DDF5C679FBA3] - (.Lexmark International, Inc. - LEXPPS.EXE.) -- C:\WINDOWS\system32\LEXPPS.exe [174592] [PID.1184]
[MD5.7645B56EE79C68DFE19298BD531A66A3] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Arquivos de programas\AVG\AVG2014\avgidsagent.exe [3645456] [PID.2040]
[MD5.DBAEB3D23C653018629A76E53260E122] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Arquivos de programas\AVG\AVG2014\avgwdsvc.exe [291912] [PID.428]
[MD5.6D4028D458EAAA1782099750790DC8C9] - (.Nero AG - Nero BackItUp.) -- C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe [853288] [PID.948]
[MD5.8655B6C6B4E23EA561D63503FED61B8C] - (.AVG Technologies CZ, s.r.o. - AVG Online Shield Service.) -- C:\Arquivos de programas\AVG\AVG2014\avgnsx.exe [886800] [PID.868]
[MD5.BD517C7FB119997EFFBE39D5E4B37B05] - (.No owner - RichVideo Module.) -- C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe [167936] [PID.1780]
[MD5.DF34F66308F8FFEBFD0D66795EEDBB51] - (.AVG Technologies CZ, s.r.o. - AVG E-mail Scanner.) -- C:\Arquivos de programas\AVG\AVG2014\avgemcx.exe [669200] [PID.828]
[MD5.013A269E7AF8B01FF20B384FEEBFFDA5] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [16862720] [PID.2852]
[MD5.8EA6E15586B1063AB1190B082DB0995D] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [166912] [PID.3120]
[MD5.187B4E045DDB3B3FAD5C714A65420C1D] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [135680] [PID.3356]
[MD5.496DB4918FA5F915885D7B599409D463] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [243712] [PID.3432]
[MD5.D7B0304F6B8BC6FF1FF42105AA7043DD] - (.Lexmark International, Inc. - Lexmark 1200 Series Button Manager.) -- C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe [57344] [PID.3472]
[MD5.5FA7D3322DA8E6A6D92B49130E48A0D7] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Arquivos de programas\AVG\AVG2014\avgui.exe [5180432] [PID.3564]
[MD5.6041683BD131110B462D41263DCDB4F9] - (.Lexmark International, Inc. - Lexmark 1200 Series Button Monitor.) -- C:\Arquivos de programas\Lexmark 1200 Series\lxczbmon.exe [53248] [PID.3644]
[MD5.1E40EF882A2AFC3A715969AD7BF531B1] - (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe [202024] [PID.3692]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.3908]
[MD5.8EF6C627E537C218A13E10A352F61729] - (.ContentExplorer - ContentExplorer.) -- C:\Documents and Settings\adm\Dados de aplicativos\ContentExplorer\ContentExplorer.exe [1063664] [PID.3928]
[MD5.1BEF5464C06F4AF0C704378824C52ADB] - (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe [382248] [PID.2956]
[MD5.279A2F9A8626E0BCEAC222BA7C3C02EF] - (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe [1410344] [PID.3148]
[MD5.345B1798395CEA9C178AFF1784FA2A37] - (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe [841032] [PID.1832]
[MD5.C155A13687144076286989EF078112C2] - (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Arquivos de programas\ZHPDiag\ZHPhep.exe [1917440] [PID.2780]
[MD5.317235FAE521626B9EBED5F47A9ED75A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [7876096] [PID.4580]
~ Processes Running: Scanned in 00mn 01s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_abn.dll
~ Firefox Browser: 8 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 8 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:3859;https=127.0.0.1:3859; =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehabn.dll
~ BHO: 10 Legitimates Filtered in 00mn 00s

---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Arquivos de programas\AVG\AVG2014\avgui.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1060284298-1078081533-1644491937-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancoreal.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancosantander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F99689B-C9BC-4EB2-83BE-4987839D53B0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED007597-8610-484B-B521-707EF8968E54}: DhcpNameServer = 200.189.80.123 200.189.80.109
O17 - HKLM\System\CS1\Services\Tcpip\..\{2F99689B-C9BC-4EB2-83BE-4987839D53B0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{ED007597-8610-484B-B521-707EF8968E54}: DhcpNameServer = 200.189.80.123 200.189.80.109 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{2F99689B-C9BC-4EB2-83BE-4987839D53B0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{ED007597-8610-484B-B521-707EF8968E54}: DhcpNameServer = 200.189.80.123 200.189.80.109
O17 - HKLM\System\CS3\Services\Tcpip\..\{2F99689B-C9BC-4EB2-83BE-4987839D53B0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{ED007597-8610-484B-B521-707EF8968E54}: DhcpNameServer = 200.189.80.123 200.189.80.109
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.189.80.123 200.189.80.109
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginAbn . (.Banco Real - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notificações do Programa de Vantagens do Wi.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
~ Services: 8 Legitimates Filtered in 00mn 02s

---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Logon para Notificação de Término de Serviço do Microsoft Windows XP.job [218]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Notificação Mensal de Término de Serviço do Microsoft Windows XP.job [212]
~ Scheduled Task: 14 Legitimates Filtered in 00mn 00s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\WINDOWS\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\WINDOWS\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\WINDOWS\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (AswRdr) . (. - .) - C:\WINDOWS\system32\drivers\aswRdr.sys (.not file.)
O41 - Driver: (aswSnx) . (. - .) - C:\WINDOWS\system32\drivers\aswSnx.sys (.not file.)
O41 - Driver: (aswSP) . (. - .) - C:\WINDOWS\system32\drivers\aswSP.sys (.not file.)
O41 - Driver: (aswTdi) . (. - .) - C:\WINDOWS\system32\drivers\aswTdi.sys (.not file.)
O41 - Driver: (BprotectEx) . (. - .) - C:\WINDOWS\system32\drivers\BprotectEx.sys (.not file.)
~ Drivers: 115 Legitimates Filtered in 00mn 00s

---\\ Software instalados (042)
O42 - Logiciel: ContentExplorer - (.ContentExplorer.net.) [HKLM] -- ContentExplorer
O42 - Logiciel: Counter Strike 2011 - (...) [HKCU] -- Counter Strike 2011
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: sXe Injected - (.Alejandro Cortés.) [HKLM] -- sXe Injected
~ Logic: 16 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Baidu] =>Adware.BDSearch
[HKCU\Software\ContentExplorer]
[HKCU\Software\SERPRO]
[HKCU\Software\sXe Injected]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wocarson]
[HKLM\Software\baidu] =>Adware.BDSearch
[HKLM\Software\sXe_Injected]
~ Key Software: 359 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/5/2014 - 19:09:16 - [] ----D C:\Arquivos de programas\Baidu Security =>Adware.BDSearch
O43 - CFD: 11/4/2014 - 15:21:54 - [] ----D C:\Arquivos de programas\Programas RFB
O43 - CFD: 25/1/2013 - 17:07:34 - [] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 16/5/2014 - 20:29:33 - [] ----D C:\Arquivos de programas\sXe Injected
O43 - CFD: 25/1/2013 - 17:06:35 - [] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 6/3/2014 - 10:06:58 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security =>Adware.BDSearch
O43 - CFD: 16/5/2014 - 00:06:13 - [] -SH-D C:\Documents and Settings\All Users\Dados de aplicativos\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
O43 - CFD: 11/1/2014 - 09:19:34 - [] ----D C:\Documents and Settings\adm\Dados de aplicativos\Baidu Security =>Adware.BDSearch
O43 - CFD: 14/5/2014 - 19:09:24 - [] ----D C:\Documents and Settings\adm\Dados de aplicativos\ContentExplorer
O43 - CFD: 26/1/2013 - 09:31:11 - [] R---D C:\Documents and Settings\adm\Menu Iniciar\Programas\Acessórios
O43 - CFD: 12/3/2014 - 00:13:44 - [] ----D C:\Documents and Settings\adm\Menu Iniciar\Programas\Counter Strike 2011
O43 - CFD: 19/1/2014 - 09:24:05 - [] R---D C:\Documents and Settings\adm\Menu Iniciar\Programas\Inicializar
O43 - CFD: 20/3/2014 - 19:56:42 - [] ----D C:\Documents and Settings\adm\Menu Iniciar\Programas\Programas RFB2014
O43 - CFD: 25/2/2014 - 15:04:34 - [] ----D C:\Documents and Settings\adm\Menu Iniciar\Programas\sXe Injected
~ Program Folder: 124 Legitimates Filtered in 00mn 00s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.2BC43FB502B363F7AC5A4B894BE5D16E] - 12/5/2014 - 21:58:02 ---A- . (...) -- C:\WINDOWS\win.ini [603]
O44 - LFC:[MD5.BE125797A510CD7E9E77D0D79CB989EF] - 14/5/2014 - 19:14:14 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\WINDOWS\system32\Drivers\Bhbase.sys [47456]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 14/5/2014 - 19:40:34 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\WINDOWS\system32\sqlite3.dll [536576]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 14/5/2014 - 22:21:19 ---A- . (...) -- C:\WINDOWS\zoek-delete.exe [24064]
O44 - LFC:[MD5.A88D55E71995DD5D4215C040CCC09A35] - 14/5/2014 - 22:28:10 ---A- . (...) -- C:\zoek-results.log [11073]
O44 - LFC:[MD5.898842D2E900F52C63FC45C504EA6BAC] - 17/5/2014 - 12:05:54 ----- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.8FCA7D8A9C8AE5CC7BD1C2D06995DC8D] - 17/5/2014 - 12:05:57 ---A- . (.GAS Tecnologia - GAS Tecnologia - IM Helper Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31448]
O44 - LFC:[MD5.C7BC96C3711C0D269DA26D1F0ECEC547] - 17/5/2014 - 13:44:00 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [69]
O44 - LFC:[MD5.9CD127DE699E9EA57594856BA0CD65C0] - 17/5/2014 - 13:45:10 ----- . (...) -- C:\WINDOWS\wiadebug.log [264]
~ Files: 20 Legitimates Filtered in 00mn 06s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\ContentExplorer [Key] . (.ContentExplorer - ContentExplorer.) -- C:\Documents and Settings\adm\Dados de aplicativos\ContentExplorer\ContentExplorer.exe
~ SMSR Keys: 6 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:11/3/2014 - 00:14:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\WINDOWS\system32\Drivers\Bhbase.sys [47456]
O58 - SDL:2/9/2007 - 13:44:14 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:27/2/2014 - 13:55:12 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\WINDOWS\system32\Drivers\gbpkm.sys [46392]
O58 - SDL:17/5/2014 - 12:05:57 ---A- . (.GAS Tecnologia - GAS Tecnologia - IM Helper Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31448]
O58 - SDL:13/4/2008 - 08:36:06 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:21/7/2007 - 17:40:58 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:2/9/2007 - 13:44:14 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:21/7/2007 - 17:40:06 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:21/7/2007 - 17:40:10 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:21/7/2007 - 17:40:26 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:21/7/2007 - 17:40:34 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:13/4/2008 - 08:50:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:21/7/2007 - 17:40:50 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:21/7/2007 - 17:40:50 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:21/7/2007 - 17:40:50 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:21/7/2007 - 17:40:50 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:21/7/2007 - 17:40:50 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:13/4/2008 - 08:49:48 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:13/4/2008 - 08:49:44 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:13/4/2008 - 08:49:40 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:13/4/2008 - 08:49:44 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:13/4/2008 - 08:49:42 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 50 Legitimates Filtered in 00mn 02s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 11/3/2014 - C:\WINDOWS\system32\drivers\Bhbase.sys (Bhbase) .(.Baidu, Inc. - Baidu Antivirus Hook Base.) - LEGACY_BHBASE
O64 - Services: CurCS - 27/2/2014 - C:\WINDOWS\system32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 27/2/2014 - C:\Arquivos de programas\GbPlugin\gbpsv.exe (GbpSv) .(.GAS Tecnologia - G-Buster Browser Defense - Service.) - LEGACY_GBPSV
~ Legacy: 144 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {20834156-247A-48FE-9725-C4C44FDF43F2} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.88DAFC0460473CCAC0CE258291865A54] [SPRF][28/11/2013] (...) -- C:\Documents and Settings\adm\Dados de aplicativos\unins000.dat [13451]
[MD5.FEE1D58C6AD73F25EB0DAD4F690560AD] [SPRF][18/12/2013] (.Facebook Inc. - Setup.) -- C:\Documents and Settings\adm\Desktop\FacebookVideoCallSetup_v1.2.205.0.exe [501248]
~ Files: 2 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 14/5/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 13/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 23/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 23/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 30/10/2013 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Arquivos de programas\Skype\Updater\Updater.exe
SR - | Auto 18/4/2014 3645456 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Arquivos de programas\AVG\AVG2014\avgidsagent.exe
SR - | Auto 27/3/2014 291912 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Arquivos de programas\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 27/2/2014 519224 | (GbpSv) . (.GAS Tecnologia.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
SR - | Auto 18/4/2006 311296 | (LexBceS) . (.Lexmark International, Inc..) - C:\WINDOWS\system32\LEXBCES.exe
SR - | Auto 20/9/2007 853288 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
SR - | Demand 20/9/2007 382248 | (NMIndexingService) . (.Nero AG.) - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
SR - | Auto 8/8/2005 167936 | (RichVideo) . (...) - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
~ Services: Scanned in 00mn 06s

---\\ Scâner Aditional (088)
Database Version : 13045 - (16/5/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 4

C:\Arquivos de programas\Baidu Security =>Adware.BDSearch^
C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security =>Adware.BDSearch^
C:\Documents and Settings\adm\Dados de aplicativos\Baidu Security =>Adware.BDSearch^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\Baidu] =>Adware.BDSearch^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\baidu] =>Adware.BDSearch^
~ Additionnel Scan: 202692 Items scanned in 00mn 21s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Proxy
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ MSI: 2 link(s) detected in 00mn 00s

~ 802 Legitimates filtered by white list
End of the scan (519 lines in 00mn 50s)(0)

por **Power Max** Sáb 17 maio 2014, 21:45

Selecione e copie todo o texto destacado em vermelho abaixo (começando em script zhpfix e indo até emptyclsid)

script zhpfix
SysRestore
[MD5.8EF6C627E537C218A13E10A352F61729] - (.ContentExplorer - ContentExplorer.) -- C:\Documents and Settings\adm\Dados de aplicativos\ContentExplorer\ContentExplorer.exe [1063664] [PID.3928]
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:3859;https=127.0.0.1:3859; =>Hijacker.Proxy
O41 - Driver: (Bfilter) . (. - .) - C:\WINDOWS\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\WINDOWS\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\WINDOWS\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (AswRdr) . (. - .) - C:\WINDOWS\system32\drivers\aswRdr.sys (.not file.)
O41 - Driver: (aswSnx) . (. - .) - C:\WINDOWS\system32\drivers\aswSnx.sys (.not file.)
O41 - Driver: (aswSP) . (. - .) - C:\WINDOWS\system32\drivers\aswSP.sys (.not file.)
O41 - Driver: (aswTdi) . (. - .) - C:\WINDOWS\system32\drivers\aswTdi.sys (.not file.)
O41 - Driver: (BprotectEx) . (. - .) - C:\WINDOWS\system32\drivers\BprotectEx.sys (.not file.)
O42 - Logiciel: ContentExplorer - (.ContentExplorer.net.) [HKLM] -- ContentExplorer
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Baidu] =>Adware.BDSearch
[HKCU\Software\ContentExplorer]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wocarson]
[HKLM\Software\baidu] =>Adware.BDSearch
O43 - CFD: 14/5/2014 - 19:09:16 - [] ----D C:\Arquivos de programas\Baidu Security =>Adware.BDSearch
O43 - CFD: 6/3/2014 - 10:06:58 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security =>Adware.BDSearch
O43 - CFD: 11/1/2014 - 09:19:34 - [] ----D C:\Documents and Settings\adm\Dados de aplicativos\Baidu Security =>Adware.BDSearch
O43 - CFD: 14/5/2014 - 19:09:24 - [] ----D C:\Documents and Settings\adm\Dados de aplicativos\ContentExplorer
O44 - LFC:[MD5.BE125797A510CD7E9E77D0D79CB989EF] - 14/5/2014 - 19:14:14 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\WINDOWS\system32\Drivers\Bhbase.sys [47456]
O53 - SMSR:HKLM\...\startupreg\ContentExplorer [Key] . (.ContentExplorer - ContentExplorer.) -- C:\Documents and Settings\adm\Dados de aplicativos\ContentExplorer\ContentExplorer.exe
O58 - SDL:11/3/2014 - 00:14:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\WINDOWS\system32\Drivers\Bhbase.sys [47456]
O64 - Services: CurCS - 11/3/2014 - C:\WINDOWS\system32\drivers\Bhbase.sys (Bhbase) .(.Baidu, Inc. - Baidu Antivirus Hook Base.) - LEGACY_BHBASE
C:\Arquivos de programas\Baidu Security =>Adware.BDSearch^
C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security =>Adware.BDSearch^
C:\Documents and Settings\adm\Dados de aplicativos\Baidu Security =>Adware.BDSearch^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\Baidu] =>Adware.BDSearch^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\baidu] =>Adware.BDSearch^
ShortcutFix
ProxyFix
EmptyTemp
EmptyFlash
emptyclsid
_____________________________________________________________________________________________________________

Problemas com ce_umbrellacert 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

por samuel100 Sáb 17 maio 2014, 21:52

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by adm at 17/5/2014 21:48:23
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)

Reciclagem vazia (00mn 08s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\documents and settings\adm\dados de aplicativos\contentexplorer\uninstall.exe

========== Estado dos serviços ==========
BHBASE Parado

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentExplorer]
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: AswRdr
ELIMINÉ Driver Key: aswSnx
ELIMINÉ Driver Key: aswSP
ELIMINÉ Driver Key: aswTdi
ELIMINÉ Driver Key: BprotectEx
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baidu
ELIMINÉ: HKCU\Software\ContentExplorer
ELIMINÉ:³ HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wocarson
ELIMINÉ: HKLM\Software\baidu
ELIMINÉ: StartupReg: ContentExplorer

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page =

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\windows\system32\drivers\bhbase.sys
ELIMINA REINICIAR: c:\documents and settings\adm\dados de aplicativos\contentexplorer\contentexplorer.exe
ELIMINÉ Temporários windows (10) (2.542.045 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
16 : Chaves do Registo
6 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
4 : Ficheiros
1 : Softwares
1 : Estado dos serviços
1 : Restauração Sistema

End of clean in 00mn 38s

========== Caminho do ficheiro do relatório ==========
C:\Documents and Settings\adm\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 17/5/2014 21:48:32 [2190]

por Conteúdo patrocinado

Problemas com ce_umbrellacert

Problemas com ce_umbrellacert

Re: Problemas com ce_umbrellacert

Problemas com ce_umbrellacert

Re: Problemas com ce_umbrellacert

Re: Problemas com ce_umbrellacert

Re: Problemas com ce_umbrellacert

Re: Problemas com ce_umbrellacert

Re: Problemas com ce_umbrellacert

Re: Problemas com ce_umbrellacert

Re: Problemas com ce_umbrellacert

Re: Problemas com ce_umbrellacert

Re: Problemas com ce_umbrellacert

relatorio zhp

Re: Problemas com ce_umbrellacert

Re: Problemas com ce_umbrellacert

Re: Problemas com ce_umbrellacert

Re: Problemas com ce_umbrellacert

Re: Problemas com ce_umbrellacert

Re: Problemas com ce_umbrellacert

Re: Problemas com ce_umbrellacert

Re: Problemas com ce_umbrellacert

Re: Problemas com ce_umbrellacert

(RESOLVIDO) tabom ta ai o relatorio novamente do zhp

Re: Problemas com ce_umbrellacert

(RESOLVIDO) ta ai

Re: Problemas com ce_umbrellacert

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30