Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 10 usuários online :: 0 registrados, 0 invisíveis e 10 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Infecção Malware
2 participantes
Página 1 de 1
Infecção Malware
por mdescio Sex 25 Jul 2014, 10:57
Estou com problemas para desinstalar a extensão Movie Mode, ela volta constantemente. Segue log hijackthis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:55:37, on 25/07/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16561)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe
C:\Program Files (x86)\IBM\Places Connectors\DIMon.exe
C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\saplogon.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Lync\communicator.exe
C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
C:\Lotus\Notes\NLNOTES.EXE
C:\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe
C:\Lotus\Notes\ntaskldr.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync add-on BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
O2 - BHO: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\bin\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: ViewerHelper Class - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - Startup: Dropbox.lnk = C:\Users\Marcelo.Descio\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: Monitor de Locais.lnk = C:\Program Files (x86)\IBM\Places Connectors\DIMon.exe
O4 - Global Startup: PGP Tray.lnk = ?
O4 - Global Startup: vpngui.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.agenciatributaria.es
O15 - Trusted Zone: ip2.amadeus.be
O15 - Trusted Zone: *.assets-yammer.com
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: yamalytics-receiver.cloudapp.net
O15 - Trusted Zone: *.dell.com
O15 - Trusted Zone: pg.dofiscal.com
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: extraweb-americas.ey.com
O15 - Trusted Zone: extraweb-apac.ey.com
O15 - Trusted Zone: extraweb-emea.ey.com
O15 - Trusted Zone: extraweb2-americas.ey.com
O15 - Trusted Zone: extraweb2-apac.ey.com
O15 - Trusted Zone: extraweb2-emea.ey.com
O15 - Trusted Zone: gs.ey.com
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.eygaait.com
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.eysupplife.com
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.intellinex.com
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.itau.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.lexis-nexis.com
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.lexis.com
O15 - Trusted Zone: *.lexisnexis.com
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.sage.es
O15 - Trusted Zone: *.sagelogiccontrol.com
O15 - Trusted Zone: *.sagelogiccontrol.es
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.taleo.com
O15 - Trusted Zone: *.taleo.net
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.yammer.com
O15 - Trusted IP range: 142.221.55.49
O15 - Trusted IP range: 200.52.84.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ey.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: Domain = ey.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: NameServer = 199.52.242.242 199.49.100.12
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ey.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ey.net,us.na.ey.net,na.ey.net,sa.ey.net,eyua.net,de.eurw.ey.net,pacrim.ey.net,ey.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ey.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ey.net,us.na.ey.net,na.ey.net,sa.ey.net,eyua.net,de.eurw.ey.net,pacrim.ey.net,ey.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ey.net,us.na.ey.net,na.ey.net,sa.ey.net,eyua.net,de.eurw.ey.net,pacrim.ey.net,ey.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
O23 - Service: EAFRCliManager - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\EAFRCliManager.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: EY Tune Up Service - EY - C:\Program Files (x86)\Ernst & Young\EY Tune Up\EYTuneUpService.exe
O23 - Service: EY Stealth Runner (EYStealthRun) - Ernst & Young - C:\Program Files (x86)\EYStealthRun\EYStealthRun.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: KService - Kontiki Inc. - C:\Program Files (x86)\Kontiki\KService.exe
O23 - Service: Lotus Notes Diagnostics - IBM - C:\Lotus\Notes\nsd.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Aventail VPN Client (NgVpnMgr) - Unknown owner - C:\WINDOWS\system32\ngvpnmgr.exe (file missing)
O23 - Service: SAPSetup Automatic Workstation Update Service (NWSAPAutoWorkstationUpdateSvc) - SAP AG - C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
O23 - Service: OnDemandService - Ernst & Young - C:\Program Files (x86)\Ernst & Young\OnDemand\RunSCCMAdvert\OnDemandService.exe
O23 - Service: Windows Profile Management Service (PETService) - Ernst & Young - C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\winpro.exe
O23 - Service: PGP RDD Service - Symantec Corporation - C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: QTSracrj - GenTechnologies Apps, LLC - C:\ProgramData\MpZjOUOVZRA\QTSracrj.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Removable Storage Service (RemovableStorageService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\RemovableStorageService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Removable Storage Mgmt Service (RSMgmtSrvc) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\RemovableStorageMgmtService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: SCCM Health Status Service (SCCMHealthStatusService) - EY - C:\Program Files\EY\SCCM Health Status Tool\Service\SCCM_Health_Status_Service.exe
O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
O23 - Service: SetPEFilePermissions - Ernst & Young - C:\Program Files (x86)\AAP\ACQ\SetPEFilePermissions.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe
O23 - Service: SMS Task Sequence Agent (smstsmgr) - Unknown owner - C:\WINDOWS\SysWOW64\CCM\TSManager.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\snac64.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\WINDOWS\System32\TPHDEXLG64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
--
End of file - 17125 bytes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:55:37, on 25/07/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16561)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe
C:\Program Files (x86)\IBM\Places Connectors\DIMon.exe
C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\saplogon.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Lync\communicator.exe
C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
C:\Lotus\Notes\NLNOTES.EXE
C:\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe
C:\Lotus\Notes\ntaskldr.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync add-on BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
O2 - BHO: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\bin\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: ViewerHelper Class - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - Startup: Dropbox.lnk = C:\Users\Marcelo.Descio\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: Monitor de Locais.lnk = C:\Program Files (x86)\IBM\Places Connectors\DIMon.exe
O4 - Global Startup: PGP Tray.lnk = ?
O4 - Global Startup: vpngui.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.agenciatributaria.es
O15 - Trusted Zone: ip2.amadeus.be
O15 - Trusted Zone: *.assets-yammer.com
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: yamalytics-receiver.cloudapp.net
O15 - Trusted Zone: *.dell.com
O15 - Trusted Zone: pg.dofiscal.com
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: extraweb-americas.ey.com
O15 - Trusted Zone: extraweb-apac.ey.com
O15 - Trusted Zone: extraweb-emea.ey.com
O15 - Trusted Zone: extraweb2-americas.ey.com
O15 - Trusted Zone: extraweb2-apac.ey.com
O15 - Trusted Zone: extraweb2-emea.ey.com
O15 - Trusted Zone: gs.ey.com
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.eygaait.com
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.eysupplife.com
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.intellinex.com
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.itau.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.lexis-nexis.com
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.lexis.com
O15 - Trusted Zone: *.lexisnexis.com
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.sage.es
O15 - Trusted Zone: *.sagelogiccontrol.com
O15 - Trusted Zone: *.sagelogiccontrol.es
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.taleo.com
O15 - Trusted Zone: *.taleo.net
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.yammer.com
O15 - Trusted IP range: 142.221.55.49
O15 - Trusted IP range: 200.52.84.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ey.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: Domain = ey.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: NameServer = 199.52.242.242 199.49.100.12
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ey.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ey.net,us.na.ey.net,na.ey.net,sa.ey.net,eyua.net,de.eurw.ey.net,pacrim.ey.net,ey.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ey.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ey.net,us.na.ey.net,na.ey.net,sa.ey.net,eyua.net,de.eurw.ey.net,pacrim.ey.net,ey.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ey.net,us.na.ey.net,na.ey.net,sa.ey.net,eyua.net,de.eurw.ey.net,pacrim.ey.net,ey.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
O23 - Service: EAFRCliManager - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\EAFRCliManager.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: EY Tune Up Service - EY - C:\Program Files (x86)\Ernst & Young\EY Tune Up\EYTuneUpService.exe
O23 - Service: EY Stealth Runner (EYStealthRun) - Ernst & Young - C:\Program Files (x86)\EYStealthRun\EYStealthRun.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: KService - Kontiki Inc. - C:\Program Files (x86)\Kontiki\KService.exe
O23 - Service: Lotus Notes Diagnostics - IBM - C:\Lotus\Notes\nsd.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Aventail VPN Client (NgVpnMgr) - Unknown owner - C:\WINDOWS\system32\ngvpnmgr.exe (file missing)
O23 - Service: SAPSetup Automatic Workstation Update Service (NWSAPAutoWorkstationUpdateSvc) - SAP AG - C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
O23 - Service: OnDemandService - Ernst & Young - C:\Program Files (x86)\Ernst & Young\OnDemand\RunSCCMAdvert\OnDemandService.exe
O23 - Service: Windows Profile Management Service (PETService) - Ernst & Young - C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\winpro.exe
O23 - Service: PGP RDD Service - Symantec Corporation - C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: QTSracrj - GenTechnologies Apps, LLC - C:\ProgramData\MpZjOUOVZRA\QTSracrj.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Removable Storage Service (RemovableStorageService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\RemovableStorageService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Removable Storage Mgmt Service (RSMgmtSrvc) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\RemovableStorageMgmtService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: SCCM Health Status Service (SCCMHealthStatusService) - EY - C:\Program Files\EY\SCCM Health Status Tool\Service\SCCM_Health_Status_Service.exe
O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
O23 - Service: SetPEFilePermissions - Ernst & Young - C:\Program Files (x86)\AAP\ACQ\SetPEFilePermissions.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe
O23 - Service: SMS Task Sequence Agent (smstsmgr) - Unknown owner - C:\WINDOWS\SysWOW64\CCM\TSManager.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\snac64.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\WINDOWS\System32\TPHDEXLG64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
--
End of file - 17125 bytes
mdescio- Iniciante
- Mensagens : 11
Reputação : 0
Data de inscrição : 25/07/2014
Re: Infecção Malware
por Power Max Sex 25 Jul 2014, 10:58
Olá.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Infecção Malware
por mdescio Sex 25 Jul 2014, 11:06
# AdwCleaner v3.216 - Report created 25/07/2014 at 11:03:19
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)
# Username : Marcelo.Descio - BR25009069W0
# Running from : C:\Users\Marcelo.Descio\Downloads\adwcleaner_3.216.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Marcelo.Descio\AppData\Local\MovieMode
File Deleted : C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16561
-\\ Google Chrome v35.0.1916.153
[ File : C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [19776 octets] - [22/07/2014 15:26:43]
AdwCleaner[R1].txt - [1265 octets] - [22/07/2014 15:36:56]
AdwCleaner[R2].txt - [1039 octets] - [22/07/2014 15:42:29]
AdwCleaner[R3].txt - [1100 octets] - [22/07/2014 15:47:53]
AdwCleaner[R4].txt - [1630 octets] - [23/07/2014 10:25:33]
AdwCleaner[R5].txt - [1685 octets] - [25/07/2014 11:02:39]
AdwCleaner[S0].txt - [16899 octets] - [22/07/2014 15:29:33]
AdwCleaner[S1].txt - [1332 octets] - [22/07/2014 15:37:59]
AdwCleaner[S2].txt - [1162 octets] - [22/07/2014 15:48:55]
AdwCleaner[S3].txt - [1699 octets] - [23/07/2014 10:26:09]
AdwCleaner[S4].txt - [1612 octets] - [25/07/2014 11:03:19]
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1672 octets] ##########
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)
# Username : Marcelo.Descio - BR25009069W0
# Running from : C:\Users\Marcelo.Descio\Downloads\adwcleaner_3.216.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Marcelo.Descio\AppData\Local\MovieMode
File Deleted : C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16561
-\\ Google Chrome v35.0.1916.153
[ File : C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [19776 octets] - [22/07/2014 15:26:43]
AdwCleaner[R1].txt - [1265 octets] - [22/07/2014 15:36:56]
AdwCleaner[R2].txt - [1039 octets] - [22/07/2014 15:42:29]
AdwCleaner[R3].txt - [1100 octets] - [22/07/2014 15:47:53]
AdwCleaner[R4].txt - [1630 octets] - [23/07/2014 10:25:33]
AdwCleaner[R5].txt - [1685 octets] - [25/07/2014 11:02:39]
AdwCleaner[S0].txt - [16899 octets] - [22/07/2014 15:29:33]
AdwCleaner[S1].txt - [1332 octets] - [22/07/2014 15:37:59]
AdwCleaner[S2].txt - [1162 octets] - [22/07/2014 15:48:55]
AdwCleaner[S3].txt - [1699 octets] - [23/07/2014 10:26:09]
AdwCleaner[S4].txt - [1612 octets] - [25/07/2014 11:03:19]
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1672 octets] ##########
mdescio- Iniciante
- Mensagens : 11
Reputação : 0
Data de inscrição : 25/07/2014
Re: Infecção Malware
por mdescio Sex 25 Jul 2014, 11:08
Colei o txt errado.
Segue o correto
# AdwCleaner v3.216 - Report created 22/07/2014 at 15:29:33
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)
# Username : Marcelo.Descio - BR25009069W0
# Running from : C:\Users\Marcelo.Descio\Downloads\adwcleaner_3.216.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : IePluginServices
Service Deleted : WindowsProtectManger
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\WindowsProtectManger
Folder Deleted : C:\Program Files (x86)\IminentToolbar
Folder Deleted : C:\Program Files (x86)\SupTab
Folder Deleted : C:\Program Files (x86)\trolatunt
Folder Deleted : C:\Program Files (x86)\Common Files\Umbrella
Folder Deleted : C:\Users\Marcelo.Descio\AppData\Local\MovieMode
Folder Deleted : C:\Users\Marcelo.Descio\AppData\LocalLow\IminentToolbar
Folder Deleted : C:\Users\Marcelo.Descio\AppData\Roaming\337Games
Folder Deleted : C:\Users\Marcelo.Descio\AppData\Roaming\baidu
Folder Deleted : C:\Users\Marcelo.Descio\AppData\Roaming\IminentToolbar
File Deleted : C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx
File Deleted : C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
File Deleted : C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Inicializador de aplicativos do Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\E&Y Learning\EY Leads\EY Leads.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ainbkicbloikcngphmjfpjdemblcojdd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00100000-2001-0051-B4B6-006094B9D64F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00100000-2001-0054-B4B6-006094B9D64F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00100000-2001-0057-B4B6-006094B9D64F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\Software\delta-homesSoftware
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\qone8Software
Key Deleted : HKLM\Software\SupDp
Key Deleted : HKLM\Software\SupTab
Key Deleted : HKLM\Software\supWindowsProtectManger
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\Wpm
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : [x64] HKLM\SOFTWARE\Iminent
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16561
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Google Chrome v35.0.1916.153
[ File : C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*************************
AdwCleaner[R0].txt - [19776 octets] - [22/07/2014 15:26:43]
AdwCleaner[S0].txt - [16533 octets] - [22/07/2014 15:29:33]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16594 octets] ##########
Segue o correto
# AdwCleaner v3.216 - Report created 22/07/2014 at 15:29:33
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)
# Username : Marcelo.Descio - BR25009069W0
# Running from : C:\Users\Marcelo.Descio\Downloads\adwcleaner_3.216.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : IePluginServices
Service Deleted : WindowsProtectManger
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\WindowsProtectManger
Folder Deleted : C:\Program Files (x86)\IminentToolbar
Folder Deleted : C:\Program Files (x86)\SupTab
Folder Deleted : C:\Program Files (x86)\trolatunt
Folder Deleted : C:\Program Files (x86)\Common Files\Umbrella
Folder Deleted : C:\Users\Marcelo.Descio\AppData\Local\MovieMode
Folder Deleted : C:\Users\Marcelo.Descio\AppData\LocalLow\IminentToolbar
Folder Deleted : C:\Users\Marcelo.Descio\AppData\Roaming\337Games
Folder Deleted : C:\Users\Marcelo.Descio\AppData\Roaming\baidu
Folder Deleted : C:\Users\Marcelo.Descio\AppData\Roaming\IminentToolbar
File Deleted : C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx
File Deleted : C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
File Deleted : C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Inicializador de aplicativos do Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\E&Y Learning\EY Leads\EY Leads.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ainbkicbloikcngphmjfpjdemblcojdd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00100000-2001-0051-B4B6-006094B9D64F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00100000-2001-0054-B4B6-006094B9D64F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00100000-2001-0057-B4B6-006094B9D64F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\Software\delta-homesSoftware
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\qone8Software
Key Deleted : HKLM\Software\SupDp
Key Deleted : HKLM\Software\SupTab
Key Deleted : HKLM\Software\supWindowsProtectManger
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\Wpm
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : [x64] HKLM\SOFTWARE\Iminent
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16561
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Google Chrome v35.0.1916.153
[ File : C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*************************
AdwCleaner[R0].txt - [19776 octets] - [22/07/2014 15:26:43]
AdwCleaner[S0].txt - [16533 octets] - [22/07/2014 15:29:33]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16594 octets] ##########
mdescio- Iniciante
- Mensagens : 11
Reputação : 0
Data de inscrição : 25/07/2014
Re: Infecção Malware
por Power Max Sex 25 Jul 2014, 11:17
Desative temporariamente seu antivírus para evitar conflitos.
* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executá-lo corretamente siga as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executá-lo corretamente siga as dicas deste tutorial:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Infecção Malware
por mdescio Sex 25 Jul 2014, 11:40
Zoek.exe v5.0.0.0 Updated 24-07-2014
Tool run by Marcelo.Descio on 25/07/2014 at 11:19:07,86.
Microsoft Windows 7 Enterprise 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marcelo.Descio\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-07-22-192702.log 22421 bytes
==== System Restore Info ======================
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Users\Marcelo.Descio\Searches deleted
"C:\Users\Marcelo.Descio\AppData\Roaming\smkits" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [09/06/2014 19:40]
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 15:24]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
caimihdmbpgddfpkbochehpehdglpcim - C:\Users\Marcelo.Descio\AppData\Local\GAS Tecnologia\GBBD\uni\sf.crx[02/08/2013 10:28]
==== Chrome Fix ======================
C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com"
"Search Page"="http://google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com"
"Search Page"="http://google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\MARCEL~1.DES\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\MARCEL~1.DES\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Marcelo.Descio\Desktop\HiJackThis.lnk - C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
C:\Users\Marcelo.Descio\Desktop\Natura - Suporte APO - Rede.lnk - I:\Natura - Suporte APO
C:\Users\Marcelo.Descio\Desktop\NATURA.lnk - C:\Users\Marcelo.Descio\Documents\EY PROJETOS\NATURA
C:\Users\MARCEL~1.DES\Desktop\HiJackThis.lnk - C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
C:\Users\MARCEL~1.DES\Desktop\Natura - Suporte APO - Rede.lnk - I:\Natura - Suporte APO
C:\Users\MARCEL~1.DES\Desktop\NATURA.lnk - C:\Users\Marcelo.Descio\Documents\EY PROJETOS\NATURA
==== shortcuts in Users Start Menu ======================
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft\Browser Repair Tool\Browser Repair Tool.lnk - C:\Program Files (x86)\Anvisoft\Browser Repair Tool\BrowserRepairTool.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft\Browser Repair Tool\Uninstall.lnk - C:\Program Files (x86)\Anvisoft\Browser Repair Tool\uninst.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Marcelo.Descio\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Marcelo.Descio\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Inicializador de aplicativos do Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --show-app-list
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Marcelo.Descio\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft\Browser Repair Tool\Browser Repair Tool.lnk - C:\Program Files (x86)\Anvisoft\Browser Repair Tool\BrowserRepairTool.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft\Browser Repair Tool\Uninstall.lnk - C:\Program Files (x86)\Anvisoft\Browser Repair Tool\uninst.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Marcelo.Descio\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Marcelo.Descio\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Inicializador de aplicativos do Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --show-app-list
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Marcelo.Descio\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\E&Y Tools\EY Tune Up.lnk - C:\WINDOWS\Installer\{225A28E7-3993-4058-BC1B-EFAD7D7665A4}\Icon225A28E7.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Application Virtualization Client.lnk - C:\Program Files (x86)\Microsoft Application Virtualization Client\SftCMC.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft\Anvi Browser Repair Tool\Anvi Browser Repair Tool.lnk - C:\Program Files (x86)\Anvisoft\Anvi Browser Repair Tool\BrowserRepair.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft\Anvi Browser Repair Tool\Uninstall.lnk - C:\Program Files (x86)\Anvisoft\Anvi Browser Repair Tool\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\E&Y Learning\EY Leads\EY Leads.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Inicializador de aplicativos do Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync\Microsoft Lync 2010.lnk - C:\WINDOWS\Installer\{81BE0B17-563B-45D4-B198-5721E6C665CD}\Comm.Ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync\Microsoft Lync Recording Manager.lnk - C:\WINDOWS\Installer\{81BE0B17-563B-45D4-B198-5721E6C665CD}\ocpubmgr.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE /recycle
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\WINDOWS\system32\control.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\WINDOWS\system32\calc.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Excel 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk - C:\WINDOWS\system32\notepad.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\VPN Client.lnk - C:\WINDOWS\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A85.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Lotus Notes 8.5.lnk - C:\Lotus\Notes\notes.exe "=C:\Lotus\Notes\notes.ini"
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Excel 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\SAP Logon for Windows.lnk - C:\Program Files (x86)\SAP\FrontEnd\SAPgui\saplogon.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\WINDOWS\explorer.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE /recycle
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\WINDOWS\system32\control.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\WINDOWS\system32\calc.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Excel 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk - C:\WINDOWS\system32\notepad.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\VPN Client.lnk - C:\WINDOWS\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A85.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Lotus Notes 8.5.lnk - C:\Lotus\Notes\notes.exe "=C:\Lotus\Notes\notes.ini"
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Excel 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\SAP Logon for Windows.lnk - C:\Program Files (x86)\SAP\FrontEnd\SAPgui\saplogon.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\WINDOWS\explorer.exe
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000001
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marcelo.Descio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Marcelo.Descio\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\MARCEL~1.DES\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\MARCEL~1.DES\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marcelo.Descio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\MARCEL~1.DES\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\MARCEL~1.DES\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=17 folders=2 1985430 bytes)
==== Empty Temp Folders ======================
C:\Users\ADMINI~1\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Marcelo.Descio\AppData\Local\Temp will be emptied at reboot
C:\Users\MARCEL~1.DES\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\MARCEL~1.DES\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\Marcelo.Descio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\MARCEL~1.DES\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
==== EOF on 25/07/2014 at 11:39:28,72 ======================
mdescio- Iniciante
- Mensagens : 11
Reputação : 0
Data de inscrição : 25/07/2014
Re: Infecção Malware
por Power Max Sex 25 Jul 2014, 11:52
Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Infecção Malware
por mdescio Sex 25 Jul 2014, 12:04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Enterprise x64
Ran by Marcelo.Descio on 25/07/2014 at 11:53:03,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/07/2014 at 12:03:23,91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Enterprise x64
Ran by Marcelo.Descio on 25/07/2014 at 11:53:03,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/07/2014 at 12:03:23,91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mdescio- Iniciante
- Mensagens : 11
Reputação : 0
Data de inscrição : 25/07/2014
Re: Infecção Malware
por Power Max Sex 25 Jul 2014, 12:06
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Infecção Malware
por mdescio Sex 25 Jul 2014, 12:09
~ Relatório do ZHPDiag v2014.7.21.107 - Nicolas Coolman (21/07/2014)
~ Iniciado por Marcelo.Descio (25/07/2014 12:07:56)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program
---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Enterprise, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, VOLUME_KMSCLIENT channel
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Symantec Endpoint Protection v12.1.3001.165
Symantec Endpoint Protection v12.1.3001.165
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader Extended Language Support Font Pack
Java 7 Update 45
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 7987 MB (66% free)
System Restore: Activé (Enable)
System drive C: has 47 GB (21%) free of 224 GB
---\\ Modo de conexão ao sistema
~ Computer Name: BR25009069W0
~ User Name: Marcelo.Descio
~ All Users Names: LecheDeVaca, Jobu.Savvy, ITsupport, eypeer-assur,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as User
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Marcelo.Descio\AppData\Roaming\
~ %Desktop% : C:\Users\Marcelo.Descio\Desktop\
~ %Favorites% : C:\Users\Marcelo.Descio\Favorites\
~ %LocalAppData% : C:\Users\Marcelo.Descio\AppData\Local\
~ %StartMenu% : C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
B: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
C: Hard drive, Flash drive, Thumb drive (Free 47 Go of 224 Go)
E: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 48 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.21/11/2010 - 00:24:11.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.5550345E6C4130091C1E4C5F3EF5CF3A] - (.Microsoft Corporation - Internet Extensions for Win32.) (.06/06/2014 - 23:51:06.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.BDF76C3CE993FFB6214287272708364F] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:41:14.) -- C:\Windows\system32\Drivers\AFD.sys [496640]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.07/12/2012 - 10:32:39.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/11
~ Mes musiques (My Musics) : 1/4009
~ Mes Videos (My Videos) : 1/3
~ Mes Favoris (My Favorites) : 1/46
~ Mes Documents (My Documents) : 4/30730
~ Mon Bureau (My Desktop) : 3/1782
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 07s
---\\ Processos lançados
[MD5.94E826672988FBCE0979F7800EB770C9] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe [144368] [PID.2780]
[MD5.4456621E53D007C20C8D828A6C737F26] - (.Microsoft Corporation - Microsoft Application Virtualization Deskto.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe [143080] [PID.3272]
[MD5.06602AAC468BFACD8E5344DB0AE3DDD3] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [230912] [PID.6248]
[MD5.B473FF13AE849C1CBD578071040F0114] - (.IBM, Corp - File Monitor.) -- C:\Program Files (x86)\IBM\Places Connectors\DIMon.exe [410048] [PID.6496]
[MD5.6473E577CEF7722E60E931F5D6BFDF3B] - (.Symantec Corporation - PGP Tray.) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe [4195976] [PID.6512]
[MD5.099E24D4FE2ADA03F648B470830BD382] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Marcelo.descio\AppData\Roaming\Dropbox\bin\Dropbox.exe [35464216] [PID.6612]
[MD5.6A1DB1A5456BE0FC38772923C8C51246] - (.Microsoft Corporation - Microsoft SharePoint Workspace.) -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.exe [30806208] [PID.6688]
[MD5.E84DA43E726D043CA2DEE71F01DB261A] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe [228448] [PID.6732]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.2876]
[MD5.80410248840EAB113CE2A43494A6A292] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8079360] [PID.6976]
[MD5.591A7E5FC4A8121B2ABF4E768B64ABA7] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [527928] [PID.928]
[MD5.72551A9AE5F68905DFC3CBA0D5242566] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720] [PID.816]
[MD5.66257CB4E4FB69887CDDC71663741435] - (.Cisco Systems, Inc. - Cisco Systems VPN Client.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe [1528616] [PID.1388]
[MD5.E5862D1570052E9C5B54C1A95DC2AC40] - (.Ernst & Young - EYStealthRun.) -- C:\Program Files (x86)\EYStealthRun\EYStealthRun.exe [403968] [PID.2076]
[MD5.C36E4EF3F9EC0CB424F02223B25C8392] - (.Kontiki Inc. - Delivery Manager Service.) -- C:\Program Files (x86)\Kontiki\KService.exe [4860592] [PID.2296]
[MD5.CB9703A18F7EF2B7F11D3A9081C81DCB] - (.IBM - wnsd.) -- C:\Lotus\Notes\nsd.exe [4448256] [PID.2368]
[MD5.B13698034F9162D91DF8E22D3B54BB58] - (.SAP AG - Sap Frontend Software Installation SAPSetup.) -- C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe [263536] [PID.2600]
[MD5.3B387E6EABE3AA591A4B37D83E9B5CB1] - (.Symantec Corporation - PGP Universal RDD Client Service.) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [1589528] [PID.2972]
[MD5.1910C04BEFAF5D0CE85763FC700CEB68] - (.GenTechnologies Apps, LLC - Movie Mode Service.) -- C:\ProgramData\MpZjOUOVZRA\QTSracrj.exe [2297200] [PID.3020]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.2364]
[MD5.84DBE4108A5C4CABE0333367ABFCC71B] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207080] [PID.3360]
[MD5.A454A9BAA25B8C8E76735DD86BD4B017] - (.Microsoft Corporation - CCM Executive.) -- C:\WINDOWS\SysWOW64\CCM\Ccmexec.exe [764768] [PID.3612]
[MD5.0F1B052FA2A3506C287B271F6D99E101] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523496] [PID.3708]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe"
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
~ BHO: 8 Legitimates Filtered in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Notas &vinculadas de OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.a3software.com
O15 - Trusted Zone: [HKCU\...\Domains\www] http.adobe.com
O15 - Trusted Zone: [HKCU\...\Domains] *.agenciatributaria.es
O15 - Trusted Zone: [HKCU\...\Domains] *.assets-yammer.com
O15 - Trusted Zone: [HKCU\...\Domains\www] http.casso.ca
O15 - Trusted Zone: [HKCU\...\Domains\www] http.castore.ca
O15 - Trusted Zone: [HKCU\...\Domains] *.dell.com
O15 - Trusted Zone: [HKCU\...\Domains\www] *.dofiscal.com
O15 - Trusted Zone: [HKCU\...\Domains\www] *.dofiscal.net
O15 - Trusted Zone: [HKCU\...\Domains\www] http.ey-argentina.com.ar
O15 - Trusted Zone: [HKCU\...\Domains] *.eygaait.com
O15 - Trusted Zone: [HKCU\...\Domains] *.eysupplife.com
O15 - Trusted Zone: [HKCU\...\Domains] http.eytaxpro
O15 - Trusted Zone: [HKCU\...\Domains] http.eytaxpron05
O15 - Trusted Zone: [HKCU\...\Domains] http.eytaxpron06
O15 - Trusted Zone: [HKCU\...\Domains] http.fxgs.com.au
O15 - Trusted Zone: [HKCU\...\Domains] *.intellinex.com
O15 - Trusted Zone: [HKCU\...\Domains\www] http.irs.gov
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.knotia.ca
O15 - Trusted Zone: [HKCU\...\Domains] *.lexis-nexis.com
O15 - Trusted Zone: [HKCU\...\Domains] *.lexis.com
O15 - Trusted Zone: [HKCU\...\Domains] *.lexisnexis.com
O15 - Trusted Zone: [HKCU\...\Domains\www] *.personal-plans.com
O15 - Trusted Zone: [HKCU\...\Domains] *.sage.es
O15 - Trusted Zone: [HKCU\...\Domains] *.sagelogiccontrol.com
O15 - Trusted Zone: [HKCU\...\Domains] *.sagelogiccontrol.es
O15 - Trusted Zone: [HKCU\...\Domains] *.taleo.com
O15 - Trusted Zone: [HKCU\...\Domains] *.taleo.net
O15 - Trusted Zone: [HKCU\...\Domains\www] http.taxnavigator.ca
O15 - Trusted Zone: [HKCU\...\Domains] http.thomsonreuters.com
O15 - Trusted Zone: [HKCU\...\Domains] *.yammer.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpNameServer = 172.26.46.99 172.26.46.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: DhcpDomain = ey.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpDomain = br.natura
O17 - HKLM\System\CS1\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpNameServer = 172.26.46.99 172.26.46.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: DhcpDomain = ey.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpDomain = br.natura
O17 - HKLM\System\CS2\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpNameServer = 172.26.46.99 172.26.46.100
O17 - HKLM\System\CS2\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: DhcpDomain = ey.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpDomain = br.natura
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ey.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ey.net,us.na.ey.net,na.ey.net,sa.ey.net,eyua.net,de.eurw.ey.net,pacrim.ey.net,ey.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.26.46.99 172.26.46.100
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: EARSWlNotify . (...) -- EARSWlNotify.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: EY Stealth Runner (EYStealthRun) . (.Ernst & Young - EYStealthRun.) - C:\Program Files (x86)\EYStealthRun\EYStealthRun.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: HWDeviceService64.exe (HWDeviceService64.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: KService (KService) . (.Kontiki Inc. - Delivery Manager Service.) - C:\Program Files (x86)\Kontiki\KService.exe
O23 - Service: Windows Profile Management Service (PETService) . (.Ernst & Young - PET.Service.) - C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\winpro.exe
O23 - Service: QTSracrj (QTSracrj) . (.GenTechnologies Apps, LLC - Movie Mode Service.) - C:\ProgramData\MpZjOUOVZRA\QTSracrj.exe
O23 - Service: SetPEFilePermissions (SetPEFilePermissions) . (.Ernst & Young - SetPEFilePermissions.) - C:\Program Files (x86)\AAP\ACQ\SetPEFilePermissions.exe
~ Services: 24 Legitimates Filtered in 00mn 10s
---\\ Tarefas planificadas automaticamente (039)
[MD5.45740D0428C2E23DD573B9F139915155] [APT] [ProfileManagerExpiry] (.Ernst & Young.) -- C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\PET.Messages.exe [72704]
[MD5.45740D0428C2E23DD573B9F139915155] [APT] [ProfileManagerWarning] (.Ernst & Young.) -- C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\PET.Messages.exe [72704]
[MD5.2E9E8624E82BC115DC23875BE0D0693F] [APT] [SCCM Health Status Reporter - SYSTEM] (.EY.) -- C:\MAINTENANCE\INSTALLERS\SCCM_HEALTH_STATUS_REPORTER\SCCM_Health_Status_Reporter.exe [117760]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1080]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1084]
O39 - APT: - (..) -- C:\Windows\Tasks\ReclaimerUpdateFiles_Marcelo.descio.job [406]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Marcelo.descio [406]
O39 - APT: - (..) -- C:\Windows\Tasks\ReclaimerUpdateXML_Marcelo.descio.job [402]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ReclaimerUpdateXML_Marcelo.descio [402]
O39 - APT: - (..) -- C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Marcelo.descio.job [412]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Marcelo.descio [412]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 02s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\WINDOWS\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\WINDOWS\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\WINDOWS\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\WINDOWS\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: ({5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64) . (. - .) - C:\Windows\System32\drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64.sys (.not file.)
~ Drivers: 120 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: ACL 9 - (.ACL Software.) [HKLM][64Bits] -- {ADE4FB90-E08A-4EB0-AA3E-893DB26A8E08}
O42 - Logiciel: Audit Analytics Module - (.Ernst & Young.) [HKLM][64Bits] -- {941DD570-0FBA-4CB4-9FCA-83520A0B7AF3}
O42 - Logiciel: Audit Toolbar - (.Ernst & Young.) [HKLM][64Bits] -- {730AE311-40FE-4BA1-9641-7E17491E52A2}
O42 - Logiciel: EY Disclaimer - (.EY.) [HKLM][64Bits] -- {B68F383F-894F-42C7-9FC1-14947B0F7CD5}
O42 - Logiciel: EY Fonts - (.Ernst & Young.) [HKLM][64Bits] -- {4165E07B-DF6C-4715-8AEA-798931302848}
O42 - Logiciel: EY Global Analytics - (.Ernst & Young.) [HKLM][64Bits] -- {8CE085B8-F1F7-4878-923F-E58A1F4B582E}
O42 - Logiciel: EY Global Traval Services - (.E&Y.) [HKLM][64Bits] -- {5C467E39-DAF6-4D74-A8A0-17616F510F6C}
O42 - Logiciel: EY Options - (.Ernst & Young.) [HKLM][64Bits] -- {73CECEAC-446A-4BE4-8FCA-82EE4DE07538}
O42 - Logiciel: EY Random - (.Ernst & Young.) [HKLM][64Bits] -- {F21798D7-1E0B-4045-A5EF-FABA361F3EB9}
O42 - Logiciel: EY Stealth Run - (.Ernst & Young.) [HKLM][64Bits] -- {BB2C243B-BC81-4172-8C4A-F199834AA013}
O42 - Logiciel: EY Tune Up - (.EY.) [HKLM][64Bits] -- {225A28E7-3993-4058-BC1B-EFAD7D7665A4}
O42 - Logiciel: EY Workplace - At Your Service - (.EY.) [HKLM][64Bits] -- {0527509C-2381-48BA-87A0-DBC92A8FFE81}
O42 - Logiciel: EYRC Post Connect Utility - (.Ernst & Young.) [HKLM][64Bits] -- {55FEAD6F-43A4-4335-809F-7799BD3472FD}
O42 - Logiciel: Guardião Banco Itau 3.4.2.0 - (...) [HKLM][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: Kontiki Media Manager - (.Kontiki.) [HKLM][64Bits] -- {6E303EF2-FEBF-4B55-9380-83CA3AB0EB47}
O42 - Logiciel: Mtsorts - (.Ernst & Young.) [HKLM][64Bits] -- {D6ECC26F-3B07-4F44-B70D-C9E491A05C6F}
O42 - Logiciel: MyAppMarket - (.Ernst & Young.) [HKLM][64Bits] -- {40F39C17-753A-41E4-9C92-3ED7C901946D}
O42 - Logiciel: Privilege Elevation Tool - (.Ernst & Young.) [HKLM][64Bits] -- {51B91DFD-DB44-4409-AE49-B126C9772F9D}
O42 - Logiciel: Resolver Ballot 6.0.11 NA - (.Resolver Inc..) [HKLM][64Bits] -- {B48795E5-6F0D-42F0-BCB8-CC30B1AA2AE3}
O42 - Logiciel: SCCM Health Status Tool - (.EY.) [HKLM][64Bits] -- {EB9D0A36-A693-40E0-8B9C-3C589DC60E66}
O42 - Logiciel: Sampling Assistant - (.Ernst & Young.) [HKLM][64Bits] -- {929196FF-81EC-45EF-89F6-E317FF12ACE7}
O42 - Logiciel: TValue 5.11 - (..) [HKLM][64Bits] -- {169531B9-10F4-44D3-A380-36CB19A7BAA0}
O42 - Logiciel: Vivo - Guia Vivo Internet versão 1.0 - (.Vivo.) [HKLM][64Bits] -- {C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1
O42 - Logiciel: gT&E - (.Ernst & Young.) [HKLM][64Bits] -- {9CD4B827-2A6B-4614-8244-4D7139FA7510}
~ Logic: 32 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security]
[HKCU\Software\Ernst & Young]
[HKCU\Software\GbAs]
[HKCU\Software\MK Net.Work S.A.]
[HKCU\Software\Paisley]
[HKLM\Software\Baidu Security]
[HKLM\Software\Encryption Anywhere]
[HKLM\Software\Ernst & Young]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Ernst & Young]
[HKLM\Software\Wow6432Node\Kontiki]
[HKLM\Software\Wow6432Node\Paisley]
[HKLM\Software\Wow6432Node\SysNet]
~ Key Software: 285 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/09/2013 - 19:15:00 - [] ----D C:\Program Files (x86)\AAP
O43 - CFD: 23/07/2014 - 10:57:05 - [] ----D C:\Program Files (x86)\EMET 4.0
O43 - CFD: 22/07/2014 - 08:34:24 - [] ----D C:\Program Files (x86)\Ernst & Young
O43 - CFD: 23/07/2014 - 08:51:07 - [] ----D C:\Program Files (x86)\EY
O43 - CFD: 10/09/2013 - 19:44:31 - [] ----D C:\Program Files (x86)\EY Random
O43 - CFD: 10/09/2013 - 19:03:32 - [] ----D C:\Program Files (x86)\EYDecrypter
O43 - CFD: 23/07/2014 - 13:17:16 - [] ----D C:\Program Files (x86)\EYMIFGen
O43 - CFD: 16/01/2014 - 10:28:23 - [] ----D C:\Program Files (x86)\EYRCRoute
O43 - CFD: 11/09/2013 - 15:49:03 - [] ----D C:\Program Files (x86)\Groove Networks
O43 - CFD: 14/02/2014 - 08:19:58 - [] ----D C:\Program Files (x86)\Kontiki
O43 - CFD: 10/09/2013 - 19:48:00 - [] ----D C:\Program Files (x86)\Paisley
O43 - CFD: 23/07/2014 - 10:57:05 - [] ----D C:\Program Files (x86)\PWatch
O43 - CFD: 10/09/2013 - 19:47:39 - [] ----D C:\Program Files (x86)\Resolver
O43 - CFD: 22/10/2013 - 12:31:45 - [] ----D C:\Program Files (x86)\TempFolder
O43 - CFD: 21/12/2013 - 09:48:58 - [] ----D C:\Program Files (x86)\Time Tracker
O43 - CFD: 10/09/2013 - 19:03:50 - [] ----D C:\Program Files (x86)\TValue5
O43 - CFD: 20/01/2014 - 09:38:45 - [] ----D C:\Program Files (x86)\Vivo
O43 - CFD: 20/01/2014 - 09:40:54 - [] ----D C:\Program Files (x86)\VIVO INTERNET
O43 - CFD: 19/03/2014 - 14:31:06 - [] ----D C:\ProgramData\AAP
O43 - CFD: 09/11/2013 - 15:24:48 - [] ----D C:\ProgramData\Ernst & Young
O43 - CFD: 03/06/2014 - 17:42:11 - [] ----D C:\ProgramData\ETDArchiveLog
O43 - CFD: 11/09/2013 - 09:08:52 - [] ----D C:\ProgramData\EY Global Analytics
O43 - CFD: 11/04/2014 - 09:01:40 - [] ----D C:\ProgramData\EYRCRoute
O43 - CFD: 24/01/2014 - 09:11:56 - [] ----D C:\ProgramData\GAMx
O43 - CFD: 25/07/2014 - 12:08:15 - [] ----D C:\ProgramData\Kontiki
O43 - CFD: 16/07/2014 - 16:35:12 - [] ----D C:\ProgramData\MpZjOUOVZRA
O43 - CFD: 19/11/2013 - 09:43:00 - [] ----D C:\Users\Marcelo.Descio\AppData\Roaming\Paisley
O43 - CFD: 04/02/2014 - 08:35:05 - [] ----D C:\Users\Marcelo.Descio\AppData\Roaming\VIVO INTERNET
O43 - CFD: 20/01/2014 - 10:02:46 - [] ----D C:\Users\Marcelo.Descio\AppData\Local\Ernst & Young
O43 - CFD: 25/07/2014 - 11:06:33 - [] ----D C:\Users\Marcelo.Descio\AppData\Local\MovieMode =>PUP.MovieMode
~ Program Folder: 174 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.6D6905B8CA57FC8321941AEC0AB816B7] - 22/07/2014 - 16:27:02 ---A- . (...) -- C:\zoek-results2014-07-22-192702.log [22421]
O44 - LFC:[MD5.903D49D14D5F8AA32208B9DBF036EC9C] - 24/07/2014 - 12:19:48 ---A- . (...) -- C:\Windows\System32\GEProxyLocator.log [80526]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 25/07/2014 - 11:18:43 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.13AF86A7BC2C0AC5180B30447B3B5693] - 25/07/2014 - 11:38:51 ---A- . (...) -- C:\Windows\SMSCFG.INI [497]
O44 - LFC:[MD5.3685843BF013306837E924AACE757C69] - 25/07/2014 - 11:39:28 ---A- . (...) -- C:\zoek-results.log [22521]
~ Files: 39 Legitimates Filtered in 00mn 01s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj [64Bits] - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=3
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=1
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=1
O55 - MWPS:[HKLM\...\Policies\System] - "disablecad"=1
O55 - MWPS:[HKLM\...\Policies\System] - "DefaultLogonDomain"=1
~ MWPS: 20 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoInternetIcon"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "ClearRecentProgForNewUserInStartMenu"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "DisallowCpl"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=2
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoPublishingWizard"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoWebServices"=1
~ MWPE Keys: 13 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:23/03/2010 - 13:29:46 ---A- . (...) -- C:\Windows\System32\Drivers\CVPNDRVA.sys [304784]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:08/10/2010 - 15:59:40 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [32768]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:06/08/2010 - 06:43:20 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [1001472]
O58 - SDL:26/10/2009 - 15:52:00 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimspe64.sys [61952]
O58 - SDL:28/09/2009 - 17:46:00 ---A- . (.REDC - RICOH PCIe XD Driver.) -- C:\Windows\System32\Drivers\rixdpe64.sys [55808]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:12/03/2014 - 08:36:03 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 103 Legitimates Filtered in 00mn 09s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 09/05/2014 - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20140703.011\BHDrvx64.sys (BHDrvx64) .(.Symantec Corporation - BASH Driver.) - LEGACY_BHDRVX64
O64 - Services: CurCS - 29/04/2009 - C:\Windows\System32\DRIVERS\XAudio64.sys (XAudio) .(.Conexant Systems, Inc. - Modem Audio Device Driver.) - LEGACY_XAUDIO
~ Legacy: 112 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.D39345C629A76F6128349610730B8FD9] [SPRF][09/10/2013] (...) -- C:\Users\Marcelo.Descio\AppData\Roaming\unins000.dat [11573]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 29/06/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 14/05/2014 102400 | (EY Tune Up Service) . (.EY.) - C:\Program Files (x86)\Ernst & Young\EY Tune Up\EYTuneUpService.exe
SS - | Disabled 16/09/2011 62856 | (Lotus Notes Single Logon) . (.IBM Corp.) - C:\Lotus\Notes\nslsvice.exe
SS - | Demand 20/11/2012 69632 | (OnDemandService) . (.Ernst & Young.) - C:\Program Files (x86)\Ernst & Young\OnDemand\RunSCCMAdvert\OnDemandService.exe
SS - | Demand 01/11/2013 122880 | (SCCMHealthStatusService) . (.EY.) - C:\Program Files\EY\SCCM Health Status Tool\Service\SCCM_Health_Status_Service.exe
SS - | Auto 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 06/09/2012 46984 | (TPHDEXLGSVC) . (.Lenovo..) - C:\Windows\System32\TPHDEXLG64.exe
SS - | Disabled 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 23/03/2010 1528616 | (CVPND) . (.Cisco Systems, Inc..) - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
SR - | Auto 11/10/2013 9281840 | (DisplayLinkService) . (.DisplayLink Corp..) - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
SR - | Auto 19/10/2012 364704 | (EAFRCliManager) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\EAFRCliManager.exe
SR - | Auto 23/08/2012 629040 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 05/08/2013 403968 | (EYStealthRun) . (.Ernst & Young.) - C:\Program Files (x86)\EYStealthRun\EYStealthRun.exe
SR - | Auto 05/05/2014 527928 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 13/07/2009 27136 | C:\WINDOWS\SysWOW64\XAudio64.dll (HsfXAudioService) . (.Conexant Systems, Inc..) - C:\Windows\System32\svchost.exe
SR - | Auto 16/11/2010 339456 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SR - | Auto 11/04/2012 47440 | (IBMPMSVC) . (.Lenovo..) - C:\Windows\System32\ibmpmsvc.exe
SR - | Auto 04/09/2013 4860592 | (KService) . (.Kontiki Inc..) - C:\Program Files (x86)\Kontiki\KService.exe
SR - | Auto 10/09/2013 4448256 | (Lotus Notes Diagnostics) . (.IBM.) - C:\Lotus\Notes\nsd.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 22/09/2011 510536 | (NgVpnMgr) . (.Aventail Corporation.) - C:\WINDOWS\system32\ngvpnmgr.exe
SR - | Auto 25/02/2010 263536 | (NWSAPAutoWorkstationUpdateSvc) . (.SAP AG.) - C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
SR - | Auto 23/11/2012 49664 | (PETService) . (.Ernst & Young.) - C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\winpro.exe
SR - | Auto 01/02/2013 1589528 | (PGP RDD Service) . (.Symantec Corporation.) - C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 07/06/2014 2297200 | (QTSracrj) . (.GenTechnologies Apps, LLC.) - C:\ProgramData\MpZjOUOVZRA\QTSracrj.exe
SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 23/08/2012 149296 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 19/10/2012 2772640 | (RemovableStorageService) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\RemovableStorageService.exe
SR - | Auto 19/10/2012 16544 | (RSMgmtSrvc) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\RemovableStorageMgmtService.exe
SR - | Auto 25/05/2013 144368 | (SepMasterService) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
SR - | Auto 23/07/2012 12800 | (SetPEFilePermissions) . (.Ernst & Young.) - C:\Program Files (x86)\AAP\ACQ\SetPEFilePermissions.exe
SR - | Demand 25/05/2013 2316184 | (SmcService) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe
SR - | Auto 25/05/2013 334736 | (SNAC) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\snac64.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 23/08/2012 3342640 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: Scanned in 00mn 07s
---\\ Scâner Aditional (088)
Database Version : 13026 - (21/07/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0
C:\Users\Marcelo.Descio\AppData\Local\MovieMode =>PUP.MovieMode^
~ Additionnel Scan: 337059 Items scanned in 00mn 21s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ AMI: 3 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s
~ 867 Legitimates filtered by white list
End of the scan (552 lines in 01mn 15s)(0)
~ Iniciado por Marcelo.Descio (25/07/2014 12:07:56)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program
---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Enterprise, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, VOLUME_KMSCLIENT channel
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Symantec Endpoint Protection v12.1.3001.165
Symantec Endpoint Protection v12.1.3001.165
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader Extended Language Support Font Pack
Java 7 Update 45
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 7987 MB (66% free)
System Restore: Activé (Enable)
System drive C: has 47 GB (21%) free of 224 GB
---\\ Modo de conexão ao sistema
~ Computer Name: BR25009069W0
~ User Name: Marcelo.Descio
~ All Users Names: LecheDeVaca, Jobu.Savvy, ITsupport, eypeer-assur,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as User
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Marcelo.Descio\AppData\Roaming\
~ %Desktop% : C:\Users\Marcelo.Descio\Desktop\
~ %Favorites% : C:\Users\Marcelo.Descio\Favorites\
~ %LocalAppData% : C:\Users\Marcelo.Descio\AppData\Local\
~ %StartMenu% : C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
B: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
C: Hard drive, Flash drive, Thumb drive (Free 47 Go of 224 Go)
E: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 48 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.21/11/2010 - 00:24:11.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.5550345E6C4130091C1E4C5F3EF5CF3A] - (.Microsoft Corporation - Internet Extensions for Win32.) (.06/06/2014 - 23:51:06.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.BDF76C3CE993FFB6214287272708364F] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:41:14.) -- C:\Windows\system32\Drivers\AFD.sys [496640]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.07/12/2012 - 10:32:39.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/11
~ Mes musiques (My Musics) : 1/4009
~ Mes Videos (My Videos) : 1/3
~ Mes Favoris (My Favorites) : 1/46
~ Mes Documents (My Documents) : 4/30730
~ Mon Bureau (My Desktop) : 3/1782
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 07s
---\\ Processos lançados
[MD5.94E826672988FBCE0979F7800EB770C9] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe [144368] [PID.2780]
[MD5.4456621E53D007C20C8D828A6C737F26] - (.Microsoft Corporation - Microsoft Application Virtualization Deskto.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe [143080] [PID.3272]
[MD5.06602AAC468BFACD8E5344DB0AE3DDD3] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [230912] [PID.6248]
[MD5.B473FF13AE849C1CBD578071040F0114] - (.IBM, Corp - File Monitor.) -- C:\Program Files (x86)\IBM\Places Connectors\DIMon.exe [410048] [PID.6496]
[MD5.6473E577CEF7722E60E931F5D6BFDF3B] - (.Symantec Corporation - PGP Tray.) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe [4195976] [PID.6512]
[MD5.099E24D4FE2ADA03F648B470830BD382] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Marcelo.descio\AppData\Roaming\Dropbox\bin\Dropbox.exe [35464216] [PID.6612]
[MD5.6A1DB1A5456BE0FC38772923C8C51246] - (.Microsoft Corporation - Microsoft SharePoint Workspace.) -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.exe [30806208] [PID.6688]
[MD5.E84DA43E726D043CA2DEE71F01DB261A] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe [228448] [PID.6732]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.2876]
[MD5.80410248840EAB113CE2A43494A6A292] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8079360] [PID.6976]
[MD5.591A7E5FC4A8121B2ABF4E768B64ABA7] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [527928] [PID.928]
[MD5.72551A9AE5F68905DFC3CBA0D5242566] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720] [PID.816]
[MD5.66257CB4E4FB69887CDDC71663741435] - (.Cisco Systems, Inc. - Cisco Systems VPN Client.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe [1528616] [PID.1388]
[MD5.E5862D1570052E9C5B54C1A95DC2AC40] - (.Ernst & Young - EYStealthRun.) -- C:\Program Files (x86)\EYStealthRun\EYStealthRun.exe [403968] [PID.2076]
[MD5.C36E4EF3F9EC0CB424F02223B25C8392] - (.Kontiki Inc. - Delivery Manager Service.) -- C:\Program Files (x86)\Kontiki\KService.exe [4860592] [PID.2296]
[MD5.CB9703A18F7EF2B7F11D3A9081C81DCB] - (.IBM - wnsd.) -- C:\Lotus\Notes\nsd.exe [4448256] [PID.2368]
[MD5.B13698034F9162D91DF8E22D3B54BB58] - (.SAP AG - Sap Frontend Software Installation SAPSetup.) -- C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe [263536] [PID.2600]
[MD5.3B387E6EABE3AA591A4B37D83E9B5CB1] - (.Symantec Corporation - PGP Universal RDD Client Service.) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [1589528] [PID.2972]
[MD5.1910C04BEFAF5D0CE85763FC700CEB68] - (.GenTechnologies Apps, LLC - Movie Mode Service.) -- C:\ProgramData\MpZjOUOVZRA\QTSracrj.exe [2297200] [PID.3020]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.2364]
[MD5.84DBE4108A5C4CABE0333367ABFCC71B] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207080] [PID.3360]
[MD5.A454A9BAA25B8C8E76735DD86BD4B017] - (.Microsoft Corporation - CCM Executive.) -- C:\WINDOWS\SysWOW64\CCM\Ccmexec.exe [764768] [PID.3612]
[MD5.0F1B052FA2A3506C287B271F6D99E101] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523496] [PID.3708]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe"
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
~ BHO: 8 Legitimates Filtered in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Notas &vinculadas de OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.a3software.com
O15 - Trusted Zone: [HKCU\...\Domains\www] http.adobe.com
O15 - Trusted Zone: [HKCU\...\Domains] *.agenciatributaria.es
O15 - Trusted Zone: [HKCU\...\Domains] *.assets-yammer.com
O15 - Trusted Zone: [HKCU\...\Domains\www] http.casso.ca
O15 - Trusted Zone: [HKCU\...\Domains\www] http.castore.ca
O15 - Trusted Zone: [HKCU\...\Domains] *.dell.com
O15 - Trusted Zone: [HKCU\...\Domains\www] *.dofiscal.com
O15 - Trusted Zone: [HKCU\...\Domains\www] *.dofiscal.net
O15 - Trusted Zone: [HKCU\...\Domains\www] http.ey-argentina.com.ar
O15 - Trusted Zone: [HKCU\...\Domains] *.eygaait.com
O15 - Trusted Zone: [HKCU\...\Domains] *.eysupplife.com
O15 - Trusted Zone: [HKCU\...\Domains] http.eytaxpro
O15 - Trusted Zone: [HKCU\...\Domains] http.eytaxpron05
O15 - Trusted Zone: [HKCU\...\Domains] http.eytaxpron06
O15 - Trusted Zone: [HKCU\...\Domains] http.fxgs.com.au
O15 - Trusted Zone: [HKCU\...\Domains] *.intellinex.com
O15 - Trusted Zone: [HKCU\...\Domains\www] http.irs.gov
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.knotia.ca
O15 - Trusted Zone: [HKCU\...\Domains] *.lexis-nexis.com
O15 - Trusted Zone: [HKCU\...\Domains] *.lexis.com
O15 - Trusted Zone: [HKCU\...\Domains] *.lexisnexis.com
O15 - Trusted Zone: [HKCU\...\Domains\www] *.personal-plans.com
O15 - Trusted Zone: [HKCU\...\Domains] *.sage.es
O15 - Trusted Zone: [HKCU\...\Domains] *.sagelogiccontrol.com
O15 - Trusted Zone: [HKCU\...\Domains] *.sagelogiccontrol.es
O15 - Trusted Zone: [HKCU\...\Domains] *.taleo.com
O15 - Trusted Zone: [HKCU\...\Domains] *.taleo.net
O15 - Trusted Zone: [HKCU\...\Domains\www] http.taxnavigator.ca
O15 - Trusted Zone: [HKCU\...\Domains] http.thomsonreuters.com
O15 - Trusted Zone: [HKCU\...\Domains] *.yammer.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpNameServer = 172.26.46.99 172.26.46.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: DhcpDomain = ey.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpDomain = br.natura
O17 - HKLM\System\CS1\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpNameServer = 172.26.46.99 172.26.46.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: DhcpDomain = ey.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpDomain = br.natura
O17 - HKLM\System\CS2\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpNameServer = 172.26.46.99 172.26.46.100
O17 - HKLM\System\CS2\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: DhcpDomain = ey.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpDomain = br.natura
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ey.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ey.net,us.na.ey.net,na.ey.net,sa.ey.net,eyua.net,de.eurw.ey.net,pacrim.ey.net,ey.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.26.46.99 172.26.46.100
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: EARSWlNotify . (...) -- EARSWlNotify.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: EY Stealth Runner (EYStealthRun) . (.Ernst & Young - EYStealthRun.) - C:\Program Files (x86)\EYStealthRun\EYStealthRun.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: HWDeviceService64.exe (HWDeviceService64.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: KService (KService) . (.Kontiki Inc. - Delivery Manager Service.) - C:\Program Files (x86)\Kontiki\KService.exe
O23 - Service: Windows Profile Management Service (PETService) . (.Ernst & Young - PET.Service.) - C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\winpro.exe
O23 - Service: QTSracrj (QTSracrj) . (.GenTechnologies Apps, LLC - Movie Mode Service.) - C:\ProgramData\MpZjOUOVZRA\QTSracrj.exe
O23 - Service: SetPEFilePermissions (SetPEFilePermissions) . (.Ernst & Young - SetPEFilePermissions.) - C:\Program Files (x86)\AAP\ACQ\SetPEFilePermissions.exe
~ Services: 24 Legitimates Filtered in 00mn 10s
---\\ Tarefas planificadas automaticamente (039)
[MD5.45740D0428C2E23DD573B9F139915155] [APT] [ProfileManagerExpiry] (.Ernst & Young.) -- C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\PET.Messages.exe [72704]
[MD5.45740D0428C2E23DD573B9F139915155] [APT] [ProfileManagerWarning] (.Ernst & Young.) -- C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\PET.Messages.exe [72704]
[MD5.2E9E8624E82BC115DC23875BE0D0693F] [APT] [SCCM Health Status Reporter - SYSTEM] (.EY.) -- C:\MAINTENANCE\INSTALLERS\SCCM_HEALTH_STATUS_REPORTER\SCCM_Health_Status_Reporter.exe [117760]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1080]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1084]
O39 - APT: - (..) -- C:\Windows\Tasks\ReclaimerUpdateFiles_Marcelo.descio.job [406]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Marcelo.descio [406]
O39 - APT: - (..) -- C:\Windows\Tasks\ReclaimerUpdateXML_Marcelo.descio.job [402]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ReclaimerUpdateXML_Marcelo.descio [402]
O39 - APT: - (..) -- C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Marcelo.descio.job [412]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Marcelo.descio [412]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 02s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\WINDOWS\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\WINDOWS\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\WINDOWS\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\WINDOWS\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: ({5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64) . (. - .) - C:\Windows\System32\drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64.sys (.not file.)
~ Drivers: 120 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: ACL 9 - (.ACL Software.) [HKLM][64Bits] -- {ADE4FB90-E08A-4EB0-AA3E-893DB26A8E08}
O42 - Logiciel: Audit Analytics Module - (.Ernst & Young.) [HKLM][64Bits] -- {941DD570-0FBA-4CB4-9FCA-83520A0B7AF3}
O42 - Logiciel: Audit Toolbar - (.Ernst & Young.) [HKLM][64Bits] -- {730AE311-40FE-4BA1-9641-7E17491E52A2}
O42 - Logiciel: EY Disclaimer - (.EY.) [HKLM][64Bits] -- {B68F383F-894F-42C7-9FC1-14947B0F7CD5}
O42 - Logiciel: EY Fonts - (.Ernst & Young.) [HKLM][64Bits] -- {4165E07B-DF6C-4715-8AEA-798931302848}
O42 - Logiciel: EY Global Analytics - (.Ernst & Young.) [HKLM][64Bits] -- {8CE085B8-F1F7-4878-923F-E58A1F4B582E}
O42 - Logiciel: EY Global Traval Services - (.E&Y.) [HKLM][64Bits] -- {5C467E39-DAF6-4D74-A8A0-17616F510F6C}
O42 - Logiciel: EY Options - (.Ernst & Young.) [HKLM][64Bits] -- {73CECEAC-446A-4BE4-8FCA-82EE4DE07538}
O42 - Logiciel: EY Random - (.Ernst & Young.) [HKLM][64Bits] -- {F21798D7-1E0B-4045-A5EF-FABA361F3EB9}
O42 - Logiciel: EY Stealth Run - (.Ernst & Young.) [HKLM][64Bits] -- {BB2C243B-BC81-4172-8C4A-F199834AA013}
O42 - Logiciel: EY Tune Up - (.EY.) [HKLM][64Bits] -- {225A28E7-3993-4058-BC1B-EFAD7D7665A4}
O42 - Logiciel: EY Workplace - At Your Service - (.EY.) [HKLM][64Bits] -- {0527509C-2381-48BA-87A0-DBC92A8FFE81}
O42 - Logiciel: EYRC Post Connect Utility - (.Ernst & Young.) [HKLM][64Bits] -- {55FEAD6F-43A4-4335-809F-7799BD3472FD}
O42 - Logiciel: Guardião Banco Itau 3.4.2.0 - (...) [HKLM][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: Kontiki Media Manager - (.Kontiki.) [HKLM][64Bits] -- {6E303EF2-FEBF-4B55-9380-83CA3AB0EB47}
O42 - Logiciel: Mtsorts - (.Ernst & Young.) [HKLM][64Bits] -- {D6ECC26F-3B07-4F44-B70D-C9E491A05C6F}
O42 - Logiciel: MyAppMarket - (.Ernst & Young.) [HKLM][64Bits] -- {40F39C17-753A-41E4-9C92-3ED7C901946D}
O42 - Logiciel: Privilege Elevation Tool - (.Ernst & Young.) [HKLM][64Bits] -- {51B91DFD-DB44-4409-AE49-B126C9772F9D}
O42 - Logiciel: Resolver Ballot 6.0.11 NA - (.Resolver Inc..) [HKLM][64Bits] -- {B48795E5-6F0D-42F0-BCB8-CC30B1AA2AE3}
O42 - Logiciel: SCCM Health Status Tool - (.EY.) [HKLM][64Bits] -- {EB9D0A36-A693-40E0-8B9C-3C589DC60E66}
O42 - Logiciel: Sampling Assistant - (.Ernst & Young.) [HKLM][64Bits] -- {929196FF-81EC-45EF-89F6-E317FF12ACE7}
O42 - Logiciel: TValue 5.11 - (.
O42 - Logiciel: Vivo - Guia Vivo Internet versão 1.0 - (.Vivo.) [HKLM][64Bits] -- {C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1
O42 - Logiciel: gT&E - (.Ernst & Young.) [HKLM][64Bits] -- {9CD4B827-2A6B-4614-8244-4D7139FA7510}
~ Logic: 32 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security]
[HKCU\Software\Ernst & Young]
[HKCU\Software\GbAs]
[HKCU\Software\MK Net.Work S.A.]
[HKCU\Software\Paisley]
[HKLM\Software\Baidu Security]
[HKLM\Software\Encryption Anywhere]
[HKLM\Software\Ernst & Young]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Ernst & Young]
[HKLM\Software\Wow6432Node\Kontiki]
[HKLM\Software\Wow6432Node\Paisley]
[HKLM\Software\Wow6432Node\SysNet]
~ Key Software: 285 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/09/2013 - 19:15:00 - [] ----D C:\Program Files (x86)\AAP
O43 - CFD: 23/07/2014 - 10:57:05 - [] ----D C:\Program Files (x86)\EMET 4.0
O43 - CFD: 22/07/2014 - 08:34:24 - [] ----D C:\Program Files (x86)\Ernst & Young
O43 - CFD: 23/07/2014 - 08:51:07 - [] ----D C:\Program Files (x86)\EY
O43 - CFD: 10/09/2013 - 19:44:31 - [] ----D C:\Program Files (x86)\EY Random
O43 - CFD: 10/09/2013 - 19:03:32 - [] ----D C:\Program Files (x86)\EYDecrypter
O43 - CFD: 23/07/2014 - 13:17:16 - [] ----D C:\Program Files (x86)\EYMIFGen
O43 - CFD: 16/01/2014 - 10:28:23 - [] ----D C:\Program Files (x86)\EYRCRoute
O43 - CFD: 11/09/2013 - 15:49:03 - [] ----D C:\Program Files (x86)\Groove Networks
O43 - CFD: 14/02/2014 - 08:19:58 - [] ----D C:\Program Files (x86)\Kontiki
O43 - CFD: 10/09/2013 - 19:48:00 - [] ----D C:\Program Files (x86)\Paisley
O43 - CFD: 23/07/2014 - 10:57:05 - [] ----D C:\Program Files (x86)\PWatch
O43 - CFD: 10/09/2013 - 19:47:39 - [] ----D C:\Program Files (x86)\Resolver
O43 - CFD: 22/10/2013 - 12:31:45 - [] ----D C:\Program Files (x86)\TempFolder
O43 - CFD: 21/12/2013 - 09:48:58 - [] ----D C:\Program Files (x86)\Time Tracker
O43 - CFD: 10/09/2013 - 19:03:50 - [] ----D C:\Program Files (x86)\TValue5
O43 - CFD: 20/01/2014 - 09:38:45 - [] ----D C:\Program Files (x86)\Vivo
O43 - CFD: 20/01/2014 - 09:40:54 - [] ----D C:\Program Files (x86)\VIVO INTERNET
O43 - CFD: 19/03/2014 - 14:31:06 - [] ----D C:\ProgramData\AAP
O43 - CFD: 09/11/2013 - 15:24:48 - [] ----D C:\ProgramData\Ernst & Young
O43 - CFD: 03/06/2014 - 17:42:11 - [] ----D C:\ProgramData\ETDArchiveLog
O43 - CFD: 11/09/2013 - 09:08:52 - [] ----D C:\ProgramData\EY Global Analytics
O43 - CFD: 11/04/2014 - 09:01:40 - [] ----D C:\ProgramData\EYRCRoute
O43 - CFD: 24/01/2014 - 09:11:56 - [] ----D C:\ProgramData\GAMx
O43 - CFD: 25/07/2014 - 12:08:15 - [] ----D C:\ProgramData\Kontiki
O43 - CFD: 16/07/2014 - 16:35:12 - [] ----D C:\ProgramData\MpZjOUOVZRA
O43 - CFD: 19/11/2013 - 09:43:00 - [] ----D C:\Users\Marcelo.Descio\AppData\Roaming\Paisley
O43 - CFD: 04/02/2014 - 08:35:05 - [] ----D C:\Users\Marcelo.Descio\AppData\Roaming\VIVO INTERNET
O43 - CFD: 20/01/2014 - 10:02:46 - [] ----D C:\Users\Marcelo.Descio\AppData\Local\Ernst & Young
O43 - CFD: 25/07/2014 - 11:06:33 - [] ----D C:\Users\Marcelo.Descio\AppData\Local\MovieMode =>PUP.MovieMode
~ Program Folder: 174 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.6D6905B8CA57FC8321941AEC0AB816B7] - 22/07/2014 - 16:27:02 ---A- . (...) -- C:\zoek-results2014-07-22-192702.log [22421]
O44 - LFC:[MD5.903D49D14D5F8AA32208B9DBF036EC9C] - 24/07/2014 - 12:19:48 ---A- . (...) -- C:\Windows\System32\GEProxyLocator.log [80526]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 25/07/2014 - 11:18:43 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.13AF86A7BC2C0AC5180B30447B3B5693] - 25/07/2014 - 11:38:51 ---A- . (...) -- C:\Windows\SMSCFG.INI [497]
O44 - LFC:[MD5.3685843BF013306837E924AACE757C69] - 25/07/2014 - 11:39:28 ---A- . (...) -- C:\zoek-results.log [22521]
~ Files: 39 Legitimates Filtered in 00mn 01s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj [64Bits] - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=3
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=1
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=1
O55 - MWPS:[HKLM\...\Policies\System] - "disablecad"=1
O55 - MWPS:[HKLM\...\Policies\System] - "DefaultLogonDomain"=1
~ MWPS: 20 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoInternetIcon"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "ClearRecentProgForNewUserInStartMenu"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "DisallowCpl"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=2
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoPublishingWizard"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoWebServices"=1
~ MWPE Keys: 13 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:23/03/2010 - 13:29:46 ---A- . (...) -- C:\Windows\System32\Drivers\CVPNDRVA.sys [304784]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:08/10/2010 - 15:59:40 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [32768]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:06/08/2010 - 06:43:20 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [1001472]
O58 - SDL:26/10/2009 - 15:52:00 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimspe64.sys [61952]
O58 - SDL:28/09/2009 - 17:46:00 ---A- . (.REDC - RICOH PCIe XD Driver.) -- C:\Windows\System32\Drivers\rixdpe64.sys [55808]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:12/03/2014 - 08:36:03 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 103 Legitimates Filtered in 00mn 09s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 09/05/2014 - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20140703.011\BHDrvx64.sys (BHDrvx64) .(.Symantec Corporation - BASH Driver.) - LEGACY_BHDRVX64
O64 - Services: CurCS - 29/04/2009 - C:\Windows\System32\DRIVERS\XAudio64.sys (XAudio) .(.Conexant Systems, Inc. - Modem Audio Device Driver.) - LEGACY_XAUDIO
~ Legacy: 112 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.D39345C629A76F6128349610730B8FD9] [SPRF][09/10/2013] (...) -- C:\Users\Marcelo.Descio\AppData\Roaming\unins000.dat [11573]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 29/06/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 14/05/2014 102400 | (EY Tune Up Service) . (.EY.) - C:\Program Files (x86)\Ernst & Young\EY Tune Up\EYTuneUpService.exe
SS - | Disabled 16/09/2011 62856 | (Lotus Notes Single Logon) . (.IBM Corp.) - C:\Lotus\Notes\nslsvice.exe
SS - | Demand 20/11/2012 69632 | (OnDemandService) . (.Ernst & Young.) - C:\Program Files (x86)\Ernst & Young\OnDemand\RunSCCMAdvert\OnDemandService.exe
SS - | Demand 01/11/2013 122880 | (SCCMHealthStatusService) . (.EY.) - C:\Program Files\EY\SCCM Health Status Tool\Service\SCCM_Health_Status_Service.exe
SS - | Auto 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 06/09/2012 46984 | (TPHDEXLGSVC) . (.Lenovo..) - C:\Windows\System32\TPHDEXLG64.exe
SS - | Disabled 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 23/03/2010 1528616 | (CVPND) . (.Cisco Systems, Inc..) - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
SR - | Auto 11/10/2013 9281840 | (DisplayLinkService) . (.DisplayLink Corp..) - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
SR - | Auto 19/10/2012 364704 | (EAFRCliManager) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\EAFRCliManager.exe
SR - | Auto 23/08/2012 629040 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 05/08/2013 403968 | (EYStealthRun) . (.Ernst & Young.) - C:\Program Files (x86)\EYStealthRun\EYStealthRun.exe
SR - | Auto 05/05/2014 527928 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 13/07/2009 27136 | C:\WINDOWS\SysWOW64\XAudio64.dll (HsfXAudioService) . (.Conexant Systems, Inc..) - C:\Windows\System32\svchost.exe
SR - | Auto 16/11/2010 339456 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SR - | Auto 11/04/2012 47440 | (IBMPMSVC) . (.Lenovo..) - C:\Windows\System32\ibmpmsvc.exe
SR - | Auto 04/09/2013 4860592 | (KService) . (.Kontiki Inc..) - C:\Program Files (x86)\Kontiki\KService.exe
SR - | Auto 10/09/2013 4448256 | (Lotus Notes Diagnostics) . (.IBM.) - C:\Lotus\Notes\nsd.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 22/09/2011 510536 | (NgVpnMgr) . (.Aventail Corporation.) - C:\WINDOWS\system32\ngvpnmgr.exe
SR - | Auto 25/02/2010 263536 | (NWSAPAutoWorkstationUpdateSvc) . (.SAP AG.) - C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
SR - | Auto 23/11/2012 49664 | (PETService) . (.Ernst & Young.) - C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\winpro.exe
SR - | Auto 01/02/2013 1589528 | (PGP RDD Service) . (.Symantec Corporation.) - C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 07/06/2014 2297200 | (QTSracrj) . (.GenTechnologies Apps, LLC.) - C:\ProgramData\MpZjOUOVZRA\QTSracrj.exe
SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 23/08/2012 149296 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 19/10/2012 2772640 | (RemovableStorageService) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\RemovableStorageService.exe
SR - | Auto 19/10/2012 16544 | (RSMgmtSrvc) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\RemovableStorageMgmtService.exe
SR - | Auto 25/05/2013 144368 | (SepMasterService) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
SR - | Auto 23/07/2012 12800 | (SetPEFilePermissions) . (.Ernst & Young.) - C:\Program Files (x86)\AAP\ACQ\SetPEFilePermissions.exe
SR - | Demand 25/05/2013 2316184 | (SmcService) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe
SR - | Auto 25/05/2013 334736 | (SNAC) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\snac64.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 23/08/2012 3342640 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: Scanned in 00mn 07s
---\\ Scâner Aditional (088)
Database Version : 13026 - (21/07/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0
C:\Users\Marcelo.Descio\AppData\Local\MovieMode =>PUP.MovieMode^
~ Additionnel Scan: 337059 Items scanned in 00mn 21s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ AMI: 3 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s
~ 867 Legitimates filtered by white list
End of the scan (552 lines in 01mn 15s)(0)
mdescio- Iniciante
- Mensagens : 11
Reputação : 0
Data de inscrição : 25/07/2014
Re: Infecção Malware
por Power Max Sex 25 Jul 2014, 13:14
Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.
Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
_______________________________________________________________________________________
Desative temporariamente seu antivírus para evitar conflitos.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta juntamente com o log do Zoek que estará em C:\zoek-results.txt
Última edição por Power Max em Sáb 26 Jul 2014, 20:05, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Infecção Malware
por mdescio Sex 25 Jul 2014, 14:34
Zoek.exe v5.0.0.0 Updated 24-07-2014
Tool run by Marcelo.Descio on 25/07/2014 at 14:24:47,12.
Microsoft Windows 7 Enterprise 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marcelo.Descio\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-07-22-192702.log 22421 bytes
C:\zoek-results2014-07-25-143928.log 22521 bytes
==== VirusTotal Scan ======================
C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Marcelo.descio.job not found
C:\Windows\System32\Tasks\ReclaimerUpdateXML_Marcelo.descio.job not found
C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Marcelo.descio.job not found
C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\winpro.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Program Files (x86)\AAP\ACQ\SetPEFilePermissions.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\PET.Messages.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\MAINTENANCE\INSTALLERS\SCCM_HEALTH_STATUS_REPORTER\SCCM_Health_Status_Reporter.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Windows\Tasks\ReclaimerUpdateFiles_Marcelo.Descio.job [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Marcelo.Descio [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Windows\Tasks\ReclaimerUpdateXML_Marcelo.Descio.job [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Windows\System32\Tasks\ReclaimerUpdateXML_Marcelo.Descio [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Marcelo.Descio.job [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Marcelo.Descio [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
==== C:\zoek_backup content ======================
C:\zoek_backup (files=17 folders=2 1985430 bytes)
==== EOF on 25/07/2014 at 14:27:00,29 ======================
Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014
Fichier d'export Registre :
Run by Marcelo.Descio at 25/07/2014 13:18:10
High Elevated Privileges : OK
Windows 7 Enterprise Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 01s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ: Service: QTSracrj
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: {5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu Security
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\programdata\mpzjouovzra\qtsracrj.exe
ELIMINÉ Temporários windows (125) (3.448.622 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Nenhum ponto de restauro do sistema foi criado
========== Recapitulativo ==========
9 : Chaves do Registo
1 : Pastas
3 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 06s
========== Caminho do ficheiro do relatório ==========
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R10].txt - 23/07/2014 11:30:22 [1465]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R11].txt - 23/07/2014 11:32:16 [1386]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R12].txt - 23/07/2014 11:45:03 [1618]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R13].txt - 25/07/2014 10:30:35 [1708]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R14].txt - 25/07/2014 10:31:51 [1656]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R15].txt - 25/07/2014 10:34:24 [2165]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R16].txt - 25/07/2014 10:35:05 [1921]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R17].txt - 25/07/2014 10:35:58 [2610]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R18].txt - 25/07/2014 10:37:24 [2442]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R1].txt - 23/07/2014 09:28:49 [1265]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R2].txt - 23/07/2014 09:34:36 [5183]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R3].txt - 23/07/2014 10:40:30 [807]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R4].txt - 23/07/2014 10:40:42 [1028]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R5].txt - 23/07/2014 10:40:49 [1221]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R6].txt - 23/07/2014 10:48:26 [2402]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R7].txt - 23/07/2014 10:55:50 [4206]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R8].txt - 23/07/2014 11:05:01 [1957]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R9].txt - 23/07/2014 11:21:46 [1439]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R19].txt - 25/07/2014 13:18:11 [2837]
mdescio- Iniciante
- Mensagens : 11
Reputação : 0
Data de inscrição : 25/07/2014
Re: Infecção Malware
por Power Max Sex 25 Jul 2014, 14:37
Reinicie o PC.
____________________________________
Depois de ter reiniciado, faça o seguinte:
Abra novamente o ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
____________________________________
Depois de ter reiniciado, faça o seguinte:
Abra novamente o ( ZHPDiag )[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Infecção Malware
por mdescio Sex 25 Jul 2014, 14:40
~ Relatório do ZHPDiag v2014.7.21.107 - Nicolas Coolman (21/07/2014)
~ Iniciado por Marcelo.Descio (25/07/2014 14:39:00)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Enterprise, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, VOLUME_KMSCLIENT channel
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Symantec Endpoint Protection v12.1.3001.165
Symantec Endpoint Protection v12.1.3001.165
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader Extended Language Support Font Pack
Java 7 Update 45
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 7987 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 47 GB (21%) free of 224 GB
---\\ Modo de conexão ao sistema
~ Computer Name: BR25009069W0
~ User Name: Marcelo.Descio
~ All Users Names: LecheDeVaca, Jobu.Savvy, ITsupport, eypeer-assur,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as User
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Marcelo.Descio\AppData\Roaming\
~ %Desktop% : C:\Users\Marcelo.Descio\Desktop\
~ %Favorites% : C:\Users\Marcelo.Descio\Favorites\
~ %LocalAppData% : C:\Users\Marcelo.Descio\AppData\Local\
~ %StartMenu% : C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
B: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
C: Hard drive, Flash drive, Thumb drive (Free 47 Go of 224 Go)
E: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 48 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.21/11/2010 - 00:24:11.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.5550345E6C4130091C1E4C5F3EF5CF3A] - (.Microsoft Corporation - Internet Extensions for Win32.) (.06/06/2014 - 23:51:06.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.BDF76C3CE993FFB6214287272708364F] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:41:14.) -- C:\Windows\system32\Drivers\AFD.sys [496640]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.07/12/2012 - 10:32:39.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/11
~ Mes musiques (My Musics) : 1/4009
~ Mes Videos (My Videos) : 1/3
~ Mes Favoris (My Favorites) : 1/46
~ Mes Documents (My Documents) : 4/30730
~ Mon Bureau (My Desktop) : 3/1784
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 08s
---\\ Processos lançados
[MD5.94E826672988FBCE0979F7800EB770C9] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe [144368] [PID.2780]
[MD5.4456621E53D007C20C8D828A6C737F26] - (.Microsoft Corporation - Microsoft Application Virtualization Deskto.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe [143080] [PID.3272]
[MD5.06602AAC468BFACD8E5344DB0AE3DDD3] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [230912] [PID.6248]
[MD5.B473FF13AE849C1CBD578071040F0114] - (.IBM, Corp - File Monitor.) -- C:\Program Files (x86)\IBM\Places Connectors\DIMon.exe [410048] [PID.6496]
[MD5.6473E577CEF7722E60E931F5D6BFDF3B] - (.Symantec Corporation - PGP Tray.) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe [4195976] [PID.6512]
[MD5.099E24D4FE2ADA03F648B470830BD382] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Marcelo.descio\AppData\Roaming\Dropbox\bin\Dropbox.exe [35464216] [PID.6612]
[MD5.6A1DB1A5456BE0FC38772923C8C51246] - (.Microsoft Corporation - Microsoft SharePoint Workspace.) -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.exe [30806208] [PID.6688]
[MD5.E84DA43E726D043CA2DEE71F01DB261A] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe [228448] [PID.6732]
[MD5.A80C173AC5C75706BB74AE4D78F2A53D] - (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe [164864] [PID.3292]
[MD5.D2383BEF4DC65F5A301B84F29D2A09D1] - (.Microsoft Corporation - Microsoft Lync 2010.) -- C:\Program Files (x86)\Microsoft Lync\communicator.exe [12117312] [PID.2792]
[MD5.A09D272AA5C4CE836C5347EA36210FEA] - (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.exe [15997608] [PID.1204]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.6488]
[MD5.90410140466400F345B1AEC7314441A5] - (.SAP, Walldorf - SAP Logon for Windows.) -- C:\Program Files (x86)\SAP\FrontEnd\SAPgui\saplogon.exe [1031488] [PID.8960]
[MD5.0F144ECA8CFEC8882A3809D176886255] - (.Microsoft Corporation - Microsoft PowerPoint.) -- C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.exe [2162024] [PID.8720]
[MD5.9E0DB699737D8775F8E3FDB9C0C5E96E] - (.Microsoft Corporation - Microsoft Excel.) -- C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.exe [20394144] [PID.4188]
[MD5.80410248840EAB113CE2A43494A6A292] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8079360] [PID.3500]
[MD5.591A7E5FC4A8121B2ABF4E768B64ABA7] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [527928] [PID.928]
[MD5.72551A9AE5F68905DFC3CBA0D5242566] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720] [PID.816]
[MD5.66257CB4E4FB69887CDDC71663741435] - (.Cisco Systems, Inc. - Cisco Systems VPN Client.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe [1528616] [PID.1388]
[MD5.E5862D1570052E9C5B54C1A95DC2AC40] - (.Ernst & Young - EYStealthRun.) -- C:\Program Files (x86)\EYStealthRun\EYStealthRun.exe [403968] [PID.2076]
[MD5.C36E4EF3F9EC0CB424F02223B25C8392] - (.Kontiki Inc. - Delivery Manager Service.) -- C:\Program Files (x86)\Kontiki\KService.exe [4860592] [PID.2296]
[MD5.CB9703A18F7EF2B7F11D3A9081C81DCB] - (.IBM - wnsd.) -- C:\Lotus\Notes\nsd.exe [4448256] [PID.2368]
[MD5.B13698034F9162D91DF8E22D3B54BB58] - (.SAP AG - Sap Frontend Software Installation SAPSetup.) -- C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe [263536] [PID.2600]
[MD5.3B387E6EABE3AA591A4B37D83E9B5CB1] - (.Symantec Corporation - PGP Universal RDD Client Service.) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [1589528] [PID.2972]
[MD5.1910C04BEFAF5D0CE85763FC700CEB68] - (.GenTechnologies Apps, LLC - Movie Mode Service.) -- C:\ProgramData\MpZjOUOVZRA\QTSracrj.exe [2297200] [PID.3020]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.2364]
[MD5.84DBE4108A5C4CABE0333367ABFCC71B] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207080] [PID.3360]
[MD5.A454A9BAA25B8C8E76735DD86BD4B017] - (.Microsoft Corporation - CCM Executive.) -- C:\WINDOWS\SysWOW64\CCM\Ccmexec.exe [764768] [PID.3612]
[MD5.0F1B052FA2A3506C287B271F6D99E101] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523496] [PID.3708]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 13 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe"
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
~ BHO: 8 Legitimates Filtered in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Wow6432Node\Run: [Communicator] . (.Microsoft Corporation - Microsoft Lync 2010.) -- C:\Program Files (x86)\Microsoft Lync\communicator.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Notas &vinculadas de OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.a3software.com
O15 - Trusted Zone: [HKCU\...\Domains\www] http.adobe.com
O15 - Trusted Zone: [HKCU\...\Domains] *.agenciatributaria.es
O15 - Trusted Zone: [HKCU\...\Domains] *.assets-yammer.com
O15 - Trusted Zone: [HKCU\...\Domains\www] http.casso.ca
O15 - Trusted Zone: [HKCU\...\Domains\www] http.castore.ca
O15 - Trusted Zone: [HKCU\...\Domains] *.dell.com
O15 - Trusted Zone: [HKCU\...\Domains\www] *.dofiscal.com
O15 - Trusted Zone: [HKCU\...\Domains\www] *.dofiscal.net
O15 - Trusted Zone: [HKCU\...\Domains\www] http.ey-argentina.com.ar
O15 - Trusted Zone: [HKCU\...\Domains] *.eygaait.com
O15 - Trusted Zone: [HKCU\...\Domains] *.eysupplife.com
O15 - Trusted Zone: [HKCU\...\Domains] http.eytaxpro
O15 - Trusted Zone: [HKCU\...\Domains] http.eytaxpron05
O15 - Trusted Zone: [HKCU\...\Domains] http.eytaxpron06
O15 - Trusted Zone: [HKCU\...\Domains] http.fxgs.com.au
O15 - Trusted Zone: [HKCU\...\Domains] *.intellinex.com
O15 - Trusted Zone: [HKCU\...\Domains\www] http.irs.gov
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.knotia.ca
O15 - Trusted Zone: [HKCU\...\Domains] *.lexis-nexis.com
O15 - Trusted Zone: [HKCU\...\Domains] *.lexis.com
O15 - Trusted Zone: [HKCU\...\Domains] *.lexisnexis.com
O15 - Trusted Zone: [HKCU\...\Domains\www] *.personal-plans.com
O15 - Trusted Zone: [HKCU\...\Domains] *.sage.es
O15 - Trusted Zone: [HKCU\...\Domains] *.sagelogiccontrol.com
O15 - Trusted Zone: [HKCU\...\Domains] *.sagelogiccontrol.es
O15 - Trusted Zone: [HKCU\...\Domains] *.taleo.com
O15 - Trusted Zone: [HKCU\...\Domains] *.taleo.net
O15 - Trusted Zone: [HKCU\...\Domains\www] http.taxnavigator.ca
O15 - Trusted Zone: [HKCU\...\Domains] http.thomsonreuters.com
O15 - Trusted Zone: [HKCU\...\Domains] *.yammer.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: NameServer = 199.52.242.242 199.49.100.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpNameServer = 172.26.46.99 172.26.46.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: DhcpDomain = ey.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpDomain = br.natura
O17 - HKLM\System\CCS\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: Domain = ey.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: NameServer = 199.52.242.242 199.49.100.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpNameServer = 172.26.46.99 172.26.46.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: DhcpDomain = ey.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpDomain = br.natura
O17 - HKLM\System\CS1\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: Domain = ey.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpNameServer = 172.26.46.99 172.26.46.100
O17 - HKLM\System\CS2\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: DhcpDomain = ey.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpDomain = br.natura
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ey.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ey.net,us.na.ey.net,na.ey.net,sa.ey.net,eyua.net,de.eurw.ey.net,pacrim.ey.net,ey.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.26.46.99 172.26.46.100
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: EARSWlNotify . (...) -- EARSWlNotify.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: EY Stealth Runner (EYStealthRun) . (.Ernst & Young - EYStealthRun.) - C:\Program Files (x86)\EYStealthRun\EYStealthRun.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: HWDeviceService64.exe (HWDeviceService64.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: KService (KService) . (.Kontiki Inc. - Delivery Manager Service.) - C:\Program Files (x86)\Kontiki\KService.exe
O23 - Service: Windows Profile Management Service (PETService) . (.Ernst & Young - PET.Service.) - C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\winpro.exe
O23 - Service: SetPEFilePermissions (SetPEFilePermissions) . (.Ernst & Young - SetPEFilePermissions.) - C:\Program Files (x86)\AAP\ACQ\SetPEFilePermissions.exe
~ Services: 23 Legitimates Filtered in 00mn 10s
---\\ Tarefas planificadas automaticamente (039)
[MD5.45740D0428C2E23DD573B9F139915155] [APT] [ProfileManagerExpiry] (.Ernst & Young.) -- C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\PET.Messages.exe [72704]
[MD5.45740D0428C2E23DD573B9F139915155] [APT] [ProfileManagerWarning] (.Ernst & Young.) -- C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\PET.Messages.exe [72704]
[MD5.2E9E8624E82BC115DC23875BE0D0693F] [APT] [SCCM Health Status Reporter - SYSTEM] (.EY.) -- C:\MAINTENANCE\INSTALLERS\SCCM_HEALTH_STATUS_REPORTER\SCCM_Health_Status_Reporter.exe [117760]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1080]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1084]
O39 - APT: - (..) -- C:\Windows\Tasks\ReclaimerUpdateFiles_Marcelo.descio.job [406]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Marcelo.descio [406]
O39 - APT: - (..) -- C:\Windows\Tasks\ReclaimerUpdateXML_Marcelo.descio.job [402]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ReclaimerUpdateXML_Marcelo.descio [402]
O39 - APT: - (..) -- C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Marcelo.descio.job [412]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Marcelo.descio [412]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 02s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\WINDOWS\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\WINDOWS\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\WINDOWS\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\WINDOWS\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: ({5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64) . (. - .) - C:\Windows\System32\drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64.sys (.not file.)
~ Drivers: 108 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: ACL 9 - (.ACL Software.) [HKLM][64Bits] -- {ADE4FB90-E08A-4EB0-AA3E-893DB26A8E08}
O42 - Logiciel: Audit Analytics Module - (.Ernst & Young.) [HKLM][64Bits] -- {941DD570-0FBA-4CB4-9FCA-83520A0B7AF3}
O42 - Logiciel: Audit Toolbar - (.Ernst & Young.) [HKLM][64Bits] -- {730AE311-40FE-4BA1-9641-7E17491E52A2}
O42 - Logiciel: EY Disclaimer - (.EY.) [HKLM][64Bits] -- {B68F383F-894F-42C7-9FC1-14947B0F7CD5}
O42 - Logiciel: EY Fonts - (.Ernst & Young.) [HKLM][64Bits] -- {4165E07B-DF6C-4715-8AEA-798931302848}
O42 - Logiciel: EY Global Analytics - (.Ernst & Young.) [HKLM][64Bits] -- {8CE085B8-F1F7-4878-923F-E58A1F4B582E}
O42 - Logiciel: EY Global Traval Services - (.E&Y.) [HKLM][64Bits] -- {5C467E39-DAF6-4D74-A8A0-17616F510F6C}
O42 - Logiciel: EY Options - (.Ernst & Young.) [HKLM][64Bits] -- {73CECEAC-446A-4BE4-8FCA-82EE4DE07538}
O42 - Logiciel: EY Random - (.Ernst & Young.) [HKLM][64Bits] -- {F21798D7-1E0B-4045-A5EF-FABA361F3EB9}
O42 - Logiciel: EY Stealth Run - (.Ernst & Young.) [HKLM][64Bits] -- {BB2C243B-BC81-4172-8C4A-F199834AA013}
O42 - Logiciel: EY Tune Up - (.EY.) [HKLM][64Bits] -- {225A28E7-3993-4058-BC1B-EFAD7D7665A4}
O42 - Logiciel: EY Workplace - At Your Service - (.EY.) [HKLM][64Bits] -- {0527509C-2381-48BA-87A0-DBC92A8FFE81}
O42 - Logiciel: EYRC Post Connect Utility - (.Ernst & Young.) [HKLM][64Bits] -- {55FEAD6F-43A4-4335-809F-7799BD3472FD}
O42 - Logiciel: Guardião Banco Itau 3.4.2.0 - (...) [HKLM][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: Kontiki Media Manager - (.Kontiki.) [HKLM][64Bits] -- {6E303EF2-FEBF-4B55-9380-83CA3AB0EB47}
O42 - Logiciel: Mtsorts - (.Ernst & Young.) [HKLM][64Bits] -- {D6ECC26F-3B07-4F44-B70D-C9E491A05C6F}
O42 - Logiciel: MyAppMarket - (.Ernst & Young.) [HKLM][64Bits] -- {40F39C17-753A-41E4-9C92-3ED7C901946D}
O42 - Logiciel: Privilege Elevation Tool - (.Ernst & Young.) [HKLM][64Bits] -- {51B91DFD-DB44-4409-AE49-B126C9772F9D}
O42 - Logiciel: Resolver Ballot 6.0.11 NA - (.Resolver Inc..) [HKLM][64Bits] -- {B48795E5-6F0D-42F0-BCB8-CC30B1AA2AE3}
O42 - Logiciel: SCCM Health Status Tool - (.EY.) [HKLM][64Bits] -- {EB9D0A36-A693-40E0-8B9C-3C589DC60E66}
O42 - Logiciel: Sampling Assistant - (.Ernst & Young.) [HKLM][64Bits] -- {929196FF-81EC-45EF-89F6-E317FF12ACE7}
O42 - Logiciel: TValue 5.11 - (..) [HKLM][64Bits] -- {169531B9-10F4-44D3-A380-36CB19A7BAA0}
O42 - Logiciel: Vivo - Guia Vivo Internet versão 1.0 - (.Vivo.) [HKLM][64Bits] -- {C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1
O42 - Logiciel: gT&E - (.Ernst & Young.) [HKLM][64Bits] -- {9CD4B827-2A6B-4614-8244-4D7139FA7510}
~ Logic: 32 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Ernst & Young]
[HKCU\Software\GbAs]
[HKCU\Software\MK Net.Work S.A.]
[HKCU\Software\Paisley]
[HKLM\Software\Encryption Anywhere]
[HKLM\Software\Ernst & Young]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Ernst & Young]
[HKLM\Software\Wow6432Node\Kontiki]
[HKLM\Software\Wow6432Node\Paisley]
[HKLM\Software\Wow6432Node\SysNet]
~ Key Software: 282 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/09/2013 - 19:15:00 - [] ----D C:\Program Files (x86)\AAP
O43 - CFD: 23/07/2014 - 10:57:05 - [] ----D C:\Program Files (x86)\EMET 4.0
O43 - CFD: 22/07/2014 - 08:34:24 - [] ----D C:\Program Files (x86)\Ernst & Young
O43 - CFD: 23/07/2014 - 08:51:07 - [] ----D C:\Program Files (x86)\EY
O43 - CFD: 10/09/2013 - 19:44:31 - [] ----D C:\Program Files (x86)\EY Random
O43 - CFD: 10/09/2013 - 19:03:32 - [] ----D C:\Program Files (x86)\EYDecrypter
O43 - CFD: 23/07/2014 - 13:17:16 - [] ----D C:\Program Files (x86)\EYMIFGen
O43 - CFD: 16/01/2014 - 10:28:23 - [] ----D C:\Program Files (x86)\EYRCRoute
O43 - CFD: 11/09/2013 - 15:49:03 - [] ----D C:\Program Files (x86)\Groove Networks
O43 - CFD: 14/02/2014 - 08:19:58 - [] ----D C:\Program Files (x86)\Kontiki
O43 - CFD: 10/09/2013 - 19:48:00 - [] ----D C:\Program Files (x86)\Paisley
O43 - CFD: 23/07/2014 - 10:57:05 - [] ----D C:\Program Files (x86)\PWatch
O43 - CFD: 10/09/2013 - 19:47:39 - [] ----D C:\Program Files (x86)\Resolver
O43 - CFD: 22/10/2013 - 12:31:45 - [] ----D C:\Program Files (x86)\TempFolder
O43 - CFD: 21/12/2013 - 09:48:58 - [] ----D C:\Program Files (x86)\Time Tracker
O43 - CFD: 10/09/2013 - 19:03:50 - [] ----D C:\Program Files (x86)\TValue5
O43 - CFD: 20/01/2014 - 09:38:45 - [] ----D C:\Program Files (x86)\Vivo
O43 - CFD: 20/01/2014 - 09:40:54 - [] ----D C:\Program Files (x86)\VIVO INTERNET
O43 - CFD: 19/03/2014 - 14:31:06 - [] ----D C:\ProgramData\AAP
O43 - CFD: 09/11/2013 - 15:24:48 - [] ----D C:\ProgramData\Ernst & Young
O43 - CFD: 03/06/2014 - 17:42:11 - [] ----D C:\ProgramData\ETDArchiveLog
O43 - CFD: 11/09/2013 - 09:08:52 - [] ----D C:\ProgramData\EY Global Analytics
O43 - CFD: 11/04/2014 - 09:01:40 - [] ----D C:\ProgramData\EYRCRoute
O43 - CFD: 24/01/2014 - 09:11:56 - [] ----D C:\ProgramData\GAMx
O43 - CFD: 25/07/2014 - 14:39:16 - [] ----D C:\ProgramData\Kontiki
O43 - CFD: 16/07/2014 - 16:35:12 - [] ----D C:\ProgramData\MpZjOUOVZRA
O43 - CFD: 19/11/2013 - 09:43:00 - [] ----D C:\Users\Marcelo.Descio\AppData\Roaming\Paisley
O43 - CFD: 04/02/2014 - 08:35:05 - [] ----D C:\Users\Marcelo.Descio\AppData\Roaming\VIVO INTERNET
O43 - CFD: 20/01/2014 - 10:02:46 - [] ----D C:\Users\Marcelo.Descio\AppData\Local\Ernst & Young
O43 - CFD: 25/07/2014 - 13:20:39 - [] ----D C:\Users\Marcelo.Descio\AppData\Local\MovieMode =>PUP.MovieMode
~ Program Folder: 174 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.6D6905B8CA57FC8321941AEC0AB816B7] - 22/07/2014 - 16:27:02 ---A- . (...) -- C:\zoek-results2014-07-22-192702.log [22421]
O44 - LFC:[MD5.13AF86A7BC2C0AC5180B30447B3B5693] - 25/07/2014 - 11:38:51 ---A- . (...) -- C:\Windows\SMSCFG.INI [497]
O44 - LFC:[MD5.3685843BF013306837E924AACE757C69] - 25/07/2014 - 11:39:28 ---A- . (...) -- C:\zoek-results2014-07-25-143928.log [22521]
O44 - LFC:[MD5.F297F5DB10417A1F8B7A33328DA65D6E] - 25/07/2014 - 12:38:23 ---A- . (...) -- C:\Windows\System32\GEProxyLocator.log [80690]
O44 - LFC:[MD5.456E1234A96E0F3B58DC143422D6660F] - 25/07/2014 - 14:27:00 ---A- . (...) -- C:\zoek-results.log [2654]
~ Files: 39 Legitimates Filtered in 00mn 01s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj [64Bits] - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=3
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=1
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=1
O55 - MWPS:[HKLM\...\Policies\System] - "disablecad"=1
O55 - MWPS:[HKLM\...\Policies\System] - "DefaultLogonDomain"=1
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoInternetIcon"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "ClearRecentProgForNewUserInStartMenu"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "DisallowCpl"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=2
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoPublishingWizard"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoWebServices"=1
~ MWPE Keys: 13 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:23/03/2010 - 13:29:46 ---A- . (...) -- C:\Windows\System32\Drivers\CVPNDRVA.sys [304784]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:08/10/2010 - 15:59:40 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [32768]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:06/08/2010 - 06:43:20 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [1001472]
O58 - SDL:26/10/2009 - 15:52:00 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimspe64.sys [61952]
O58 - SDL:28/09/2009 - 17:46:00 ---A- . (.REDC - RICOH PCIe XD Driver.) -- C:\Windows\System32\Drivers\rixdpe64.sys [55808]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:12/03/2014 - 08:36:03 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 103 Legitimates Filtered in 00mn 00s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.D39345C629A76F6128349610730B8FD9] [SPRF][09/10/2013] (...) -- C:\Users\Marcelo.Descio\AppData\Roaming\unins000.dat [11573]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 29/06/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 14/05/2014 102400 | (EY Tune Up Service) . (.EY.) - C:\Program Files (x86)\Ernst & Young\EY Tune Up\EYTuneUpService.exe
SS - | Disabled 16/09/2011 62856 | (Lotus Notes Single Logon) . (.IBM Corp.) - C:\Lotus\Notes\nslsvice.exe
SS - | Demand 20/11/2012 69632 | (OnDemandService) . (.Ernst & Young.) - C:\Program Files (x86)\Ernst & Young\OnDemand\RunSCCMAdvert\OnDemandService.exe
SS - | Demand 01/11/2013 122880 | (SCCMHealthStatusService) . (.EY.) - C:\Program Files\EY\SCCM Health Status Tool\Service\SCCM_Health_Status_Service.exe
SS - | Auto 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 06/09/2012 46984 | (TPHDEXLGSVC) . (.Lenovo..) - C:\Windows\System32\TPHDEXLG64.exe
SS - | Disabled 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 23/03/2010 1528616 | (CVPND) . (.Cisco Systems, Inc..) - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
SR - | Auto 11/10/2013 9281840 | (DisplayLinkService) . (.DisplayLink Corp..) - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
SR - | Auto 19/10/2012 364704 | (EAFRCliManager) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\EAFRCliManager.exe
SR - | Auto 23/08/2012 629040 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 05/08/2013 403968 | (EYStealthRun) . (.Ernst & Young.) - C:\Program Files (x86)\EYStealthRun\EYStealthRun.exe
SR - | Auto 05/05/2014 527928 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 13/07/2009 27136 | C:\WINDOWS\SysWOW64\XAudio64.dll (HsfXAudioService) . (.Conexant Systems, Inc..) - C:\Windows\System32\svchost.exe
SR - | Auto 16/11/2010 339456 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SR - | Auto 11/04/2012 47440 | (IBMPMSVC) . (.Lenovo..) - C:\Windows\System32\ibmpmsvc.exe
SR - | Auto 04/09/2013 4860592 | (KService) . (.Kontiki Inc..) - C:\Program Files (x86)\Kontiki\KService.exe
SR - | Auto 10/09/2013 4448256 | (Lotus Notes Diagnostics) . (.IBM.) - C:\Lotus\Notes\nsd.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 22/09/2011 510536 | (NgVpnMgr) . (.Aventail Corporation.) - C:\WINDOWS\system32\ngvpnmgr.exe
SR - | Auto 25/02/2010 263536 | (NWSAPAutoWorkstationUpdateSvc) . (.SAP AG.) - C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
SR - | Auto 23/11/2012 49664 | (PETService) . (.Ernst & Young.) - C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\winpro.exe
SR - | Auto 01/02/2013 1589528 | (PGP RDD Service) . (.Symantec Corporation.) - C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 23/08/2012 149296 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 19/10/2012 2772640 | (RemovableStorageService) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\RemovableStorageService.exe
SR - | Auto 19/10/2012 16544 | (RSMgmtSrvc) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\RemovableStorageMgmtService.exe
SR - | Auto 25/05/2013 144368 | (SepMasterService) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
SR - | Auto 23/07/2012 12800 | (SetPEFilePermissions) . (.Ernst & Young.) - C:\Program Files (x86)\AAP\ACQ\SetPEFilePermissions.exe
SR - | Demand 25/05/2013 2316184 | (SmcService) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe
SR - | Auto 25/05/2013 334736 | (SNAC) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\snac64.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 23/08/2012 3342640 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: Scanned in 00mn 07s
---\\ Scâner Aditional (088)
Database Version : 13026 - (21/07/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0
C:\Users\Marcelo.Descio\AppData\Local\MovieMode =>PUP.MovieMode^
~ Additionnel Scan: 338460 Items scanned in 00mn 21s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 4 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s
~ 850 Legitimates filtered by white list
End of the scan (557 lines in 01mn 09s)(0)
~ Iniciado por Marcelo.Descio (25/07/2014 14:39:00)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Enterprise, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, VOLUME_KMSCLIENT channel
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Symantec Endpoint Protection v12.1.3001.165
Symantec Endpoint Protection v12.1.3001.165
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader Extended Language Support Font Pack
Java 7 Update 45
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 7987 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 47 GB (21%) free of 224 GB
---\\ Modo de conexão ao sistema
~ Computer Name: BR25009069W0
~ User Name: Marcelo.Descio
~ All Users Names: LecheDeVaca, Jobu.Savvy, ITsupport, eypeer-assur,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as User
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Marcelo.Descio\AppData\Roaming\
~ %Desktop% : C:\Users\Marcelo.Descio\Desktop\
~ %Favorites% : C:\Users\Marcelo.Descio\Favorites\
~ %LocalAppData% : C:\Users\Marcelo.Descio\AppData\Local\
~ %StartMenu% : C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
B: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
C: Hard drive, Flash drive, Thumb drive (Free 47 Go of 224 Go)
E: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 48 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.21/11/2010 - 00:24:11.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.5550345E6C4130091C1E4C5F3EF5CF3A] - (.Microsoft Corporation - Internet Extensions for Win32.) (.06/06/2014 - 23:51:06.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.BDF76C3CE993FFB6214287272708364F] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:41:14.) -- C:\Windows\system32\Drivers\AFD.sys [496640]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.07/12/2012 - 10:32:39.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/11
~ Mes musiques (My Musics) : 1/4009
~ Mes Videos (My Videos) : 1/3
~ Mes Favoris (My Favorites) : 1/46
~ Mes Documents (My Documents) : 4/30730
~ Mon Bureau (My Desktop) : 3/1784
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 08s
---\\ Processos lançados
[MD5.94E826672988FBCE0979F7800EB770C9] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe [144368] [PID.2780]
[MD5.4456621E53D007C20C8D828A6C737F26] - (.Microsoft Corporation - Microsoft Application Virtualization Deskto.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe [143080] [PID.3272]
[MD5.06602AAC468BFACD8E5344DB0AE3DDD3] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [230912] [PID.6248]
[MD5.B473FF13AE849C1CBD578071040F0114] - (.IBM, Corp - File Monitor.) -- C:\Program Files (x86)\IBM\Places Connectors\DIMon.exe [410048] [PID.6496]
[MD5.6473E577CEF7722E60E931F5D6BFDF3B] - (.Symantec Corporation - PGP Tray.) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe [4195976] [PID.6512]
[MD5.099E24D4FE2ADA03F648B470830BD382] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Marcelo.descio\AppData\Roaming\Dropbox\bin\Dropbox.exe [35464216] [PID.6612]
[MD5.6A1DB1A5456BE0FC38772923C8C51246] - (.Microsoft Corporation - Microsoft SharePoint Workspace.) -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.exe [30806208] [PID.6688]
[MD5.E84DA43E726D043CA2DEE71F01DB261A] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe [228448] [PID.6732]
[MD5.A80C173AC5C75706BB74AE4D78F2A53D] - (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe [164864] [PID.3292]
[MD5.D2383BEF4DC65F5A301B84F29D2A09D1] - (.Microsoft Corporation - Microsoft Lync 2010.) -- C:\Program Files (x86)\Microsoft Lync\communicator.exe [12117312] [PID.2792]
[MD5.A09D272AA5C4CE836C5347EA36210FEA] - (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.exe [15997608] [PID.1204]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.6488]
[MD5.90410140466400F345B1AEC7314441A5] - (.SAP, Walldorf - SAP Logon for Windows.) -- C:\Program Files (x86)\SAP\FrontEnd\SAPgui\saplogon.exe [1031488] [PID.8960]
[MD5.0F144ECA8CFEC8882A3809D176886255] - (.Microsoft Corporation - Microsoft PowerPoint.) -- C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.exe [2162024] [PID.8720]
[MD5.9E0DB699737D8775F8E3FDB9C0C5E96E] - (.Microsoft Corporation - Microsoft Excel.) -- C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.exe [20394144] [PID.4188]
[MD5.80410248840EAB113CE2A43494A6A292] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8079360] [PID.3500]
[MD5.591A7E5FC4A8121B2ABF4E768B64ABA7] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [527928] [PID.928]
[MD5.72551A9AE5F68905DFC3CBA0D5242566] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720] [PID.816]
[MD5.66257CB4E4FB69887CDDC71663741435] - (.Cisco Systems, Inc. - Cisco Systems VPN Client.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe [1528616] [PID.1388]
[MD5.E5862D1570052E9C5B54C1A95DC2AC40] - (.Ernst & Young - EYStealthRun.) -- C:\Program Files (x86)\EYStealthRun\EYStealthRun.exe [403968] [PID.2076]
[MD5.C36E4EF3F9EC0CB424F02223B25C8392] - (.Kontiki Inc. - Delivery Manager Service.) -- C:\Program Files (x86)\Kontiki\KService.exe [4860592] [PID.2296]
[MD5.CB9703A18F7EF2B7F11D3A9081C81DCB] - (.IBM - wnsd.) -- C:\Lotus\Notes\nsd.exe [4448256] [PID.2368]
[MD5.B13698034F9162D91DF8E22D3B54BB58] - (.SAP AG - Sap Frontend Software Installation SAPSetup.) -- C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe [263536] [PID.2600]
[MD5.3B387E6EABE3AA591A4B37D83E9B5CB1] - (.Symantec Corporation - PGP Universal RDD Client Service.) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [1589528] [PID.2972]
[MD5.1910C04BEFAF5D0CE85763FC700CEB68] - (.GenTechnologies Apps, LLC - Movie Mode Service.) -- C:\ProgramData\MpZjOUOVZRA\QTSracrj.exe [2297200] [PID.3020]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.2364]
[MD5.84DBE4108A5C4CABE0333367ABFCC71B] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207080] [PID.3360]
[MD5.A454A9BAA25B8C8E76735DD86BD4B017] - (.Microsoft Corporation - CCM Executive.) -- C:\WINDOWS\SysWOW64\CCM\Ccmexec.exe [764768] [PID.3612]
[MD5.0F1B052FA2A3506C287B271F6D99E101] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523496] [PID.3708]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 13 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe"
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
~ BHO: 8 Legitimates Filtered in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Wow6432Node\Run: [Communicator] . (.Microsoft Corporation - Microsoft Lync 2010.) -- C:\Program Files (x86)\Microsoft Lync\communicator.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Notas &vinculadas de OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.a3software.com
O15 - Trusted Zone: [HKCU\...\Domains\www] http.adobe.com
O15 - Trusted Zone: [HKCU\...\Domains] *.agenciatributaria.es
O15 - Trusted Zone: [HKCU\...\Domains] *.assets-yammer.com
O15 - Trusted Zone: [HKCU\...\Domains\www] http.casso.ca
O15 - Trusted Zone: [HKCU\...\Domains\www] http.castore.ca
O15 - Trusted Zone: [HKCU\...\Domains] *.dell.com
O15 - Trusted Zone: [HKCU\...\Domains\www] *.dofiscal.com
O15 - Trusted Zone: [HKCU\...\Domains\www] *.dofiscal.net
O15 - Trusted Zone: [HKCU\...\Domains\www] http.ey-argentina.com.ar
O15 - Trusted Zone: [HKCU\...\Domains] *.eygaait.com
O15 - Trusted Zone: [HKCU\...\Domains] *.eysupplife.com
O15 - Trusted Zone: [HKCU\...\Domains] http.eytaxpro
O15 - Trusted Zone: [HKCU\...\Domains] http.eytaxpron05
O15 - Trusted Zone: [HKCU\...\Domains] http.eytaxpron06
O15 - Trusted Zone: [HKCU\...\Domains] http.fxgs.com.au
O15 - Trusted Zone: [HKCU\...\Domains] *.intellinex.com
O15 - Trusted Zone: [HKCU\...\Domains\www] http.irs.gov
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.knotia.ca
O15 - Trusted Zone: [HKCU\...\Domains] *.lexis-nexis.com
O15 - Trusted Zone: [HKCU\...\Domains] *.lexis.com
O15 - Trusted Zone: [HKCU\...\Domains] *.lexisnexis.com
O15 - Trusted Zone: [HKCU\...\Domains\www] *.personal-plans.com
O15 - Trusted Zone: [HKCU\...\Domains] *.sage.es
O15 - Trusted Zone: [HKCU\...\Domains] *.sagelogiccontrol.com
O15 - Trusted Zone: [HKCU\...\Domains] *.sagelogiccontrol.es
O15 - Trusted Zone: [HKCU\...\Domains] *.taleo.com
O15 - Trusted Zone: [HKCU\...\Domains] *.taleo.net
O15 - Trusted Zone: [HKCU\...\Domains\www] http.taxnavigator.ca
O15 - Trusted Zone: [HKCU\...\Domains] http.thomsonreuters.com
O15 - Trusted Zone: [HKCU\...\Domains] *.yammer.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: NameServer = 199.52.242.242 199.49.100.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpNameServer = 172.26.46.99 172.26.46.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: DhcpDomain = ey.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpDomain = br.natura
O17 - HKLM\System\CCS\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: Domain = ey.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: NameServer = 199.52.242.242 199.49.100.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpNameServer = 172.26.46.99 172.26.46.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: DhcpDomain = ey.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpDomain = br.natura
O17 - HKLM\System\CS1\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: Domain = ey.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpNameServer = 172.26.46.99 172.26.46.100
O17 - HKLM\System\CS2\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: DhcpDomain = ey.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpDomain = br.natura
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ey.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ey.net,us.na.ey.net,na.ey.net,sa.ey.net,eyua.net,de.eurw.ey.net,pacrim.ey.net,ey.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.26.46.99 172.26.46.100
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: EARSWlNotify . (...) -- EARSWlNotify.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: EY Stealth Runner (EYStealthRun) . (.Ernst & Young - EYStealthRun.) - C:\Program Files (x86)\EYStealthRun\EYStealthRun.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: HWDeviceService64.exe (HWDeviceService64.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: KService (KService) . (.Kontiki Inc. - Delivery Manager Service.) - C:\Program Files (x86)\Kontiki\KService.exe
O23 - Service: Windows Profile Management Service (PETService) . (.Ernst & Young - PET.Service.) - C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\winpro.exe
O23 - Service: SetPEFilePermissions (SetPEFilePermissions) . (.Ernst & Young - SetPEFilePermissions.) - C:\Program Files (x86)\AAP\ACQ\SetPEFilePermissions.exe
~ Services: 23 Legitimates Filtered in 00mn 10s
---\\ Tarefas planificadas automaticamente (039)
[MD5.45740D0428C2E23DD573B9F139915155] [APT] [ProfileManagerExpiry] (.Ernst & Young.) -- C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\PET.Messages.exe [72704]
[MD5.45740D0428C2E23DD573B9F139915155] [APT] [ProfileManagerWarning] (.Ernst & Young.) -- C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\PET.Messages.exe [72704]
[MD5.2E9E8624E82BC115DC23875BE0D0693F] [APT] [SCCM Health Status Reporter - SYSTEM] (.EY.) -- C:\MAINTENANCE\INSTALLERS\SCCM_HEALTH_STATUS_REPORTER\SCCM_Health_Status_Reporter.exe [117760]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1080]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1084]
O39 - APT: - (..) -- C:\Windows\Tasks\ReclaimerUpdateFiles_Marcelo.descio.job [406]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Marcelo.descio [406]
O39 - APT: - (..) -- C:\Windows\Tasks\ReclaimerUpdateXML_Marcelo.descio.job [402]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ReclaimerUpdateXML_Marcelo.descio [402]
O39 - APT: - (..) -- C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Marcelo.descio.job [412]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Marcelo.descio [412]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 02s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\WINDOWS\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\WINDOWS\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\WINDOWS\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\WINDOWS\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: ({5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64) . (. - .) - C:\Windows\System32\drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64.sys (.not file.)
~ Drivers: 108 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: ACL 9 - (.ACL Software.) [HKLM][64Bits] -- {ADE4FB90-E08A-4EB0-AA3E-893DB26A8E08}
O42 - Logiciel: Audit Analytics Module - (.Ernst & Young.) [HKLM][64Bits] -- {941DD570-0FBA-4CB4-9FCA-83520A0B7AF3}
O42 - Logiciel: Audit Toolbar - (.Ernst & Young.) [HKLM][64Bits] -- {730AE311-40FE-4BA1-9641-7E17491E52A2}
O42 - Logiciel: EY Disclaimer - (.EY.) [HKLM][64Bits] -- {B68F383F-894F-42C7-9FC1-14947B0F7CD5}
O42 - Logiciel: EY Fonts - (.Ernst & Young.) [HKLM][64Bits] -- {4165E07B-DF6C-4715-8AEA-798931302848}
O42 - Logiciel: EY Global Analytics - (.Ernst & Young.) [HKLM][64Bits] -- {8CE085B8-F1F7-4878-923F-E58A1F4B582E}
O42 - Logiciel: EY Global Traval Services - (.E&Y.) [HKLM][64Bits] -- {5C467E39-DAF6-4D74-A8A0-17616F510F6C}
O42 - Logiciel: EY Options - (.Ernst & Young.) [HKLM][64Bits] -- {73CECEAC-446A-4BE4-8FCA-82EE4DE07538}
O42 - Logiciel: EY Random - (.Ernst & Young.) [HKLM][64Bits] -- {F21798D7-1E0B-4045-A5EF-FABA361F3EB9}
O42 - Logiciel: EY Stealth Run - (.Ernst & Young.) [HKLM][64Bits] -- {BB2C243B-BC81-4172-8C4A-F199834AA013}
O42 - Logiciel: EY Tune Up - (.EY.) [HKLM][64Bits] -- {225A28E7-3993-4058-BC1B-EFAD7D7665A4}
O42 - Logiciel: EY Workplace - At Your Service - (.EY.) [HKLM][64Bits] -- {0527509C-2381-48BA-87A0-DBC92A8FFE81}
O42 - Logiciel: EYRC Post Connect Utility - (.Ernst & Young.) [HKLM][64Bits] -- {55FEAD6F-43A4-4335-809F-7799BD3472FD}
O42 - Logiciel: Guardião Banco Itau 3.4.2.0 - (...) [HKLM][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: Kontiki Media Manager - (.Kontiki.) [HKLM][64Bits] -- {6E303EF2-FEBF-4B55-9380-83CA3AB0EB47}
O42 - Logiciel: Mtsorts - (.Ernst & Young.) [HKLM][64Bits] -- {D6ECC26F-3B07-4F44-B70D-C9E491A05C6F}
O42 - Logiciel: MyAppMarket - (.Ernst & Young.) [HKLM][64Bits] -- {40F39C17-753A-41E4-9C92-3ED7C901946D}
O42 - Logiciel: Privilege Elevation Tool - (.Ernst & Young.) [HKLM][64Bits] -- {51B91DFD-DB44-4409-AE49-B126C9772F9D}
O42 - Logiciel: Resolver Ballot 6.0.11 NA - (.Resolver Inc..) [HKLM][64Bits] -- {B48795E5-6F0D-42F0-BCB8-CC30B1AA2AE3}
O42 - Logiciel: SCCM Health Status Tool - (.EY.) [HKLM][64Bits] -- {EB9D0A36-A693-40E0-8B9C-3C589DC60E66}
O42 - Logiciel: Sampling Assistant - (.Ernst & Young.) [HKLM][64Bits] -- {929196FF-81EC-45EF-89F6-E317FF12ACE7}
O42 - Logiciel: TValue 5.11 - (.
O42 - Logiciel: Vivo - Guia Vivo Internet versão 1.0 - (.Vivo.) [HKLM][64Bits] -- {C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1
O42 - Logiciel: gT&E - (.Ernst & Young.) [HKLM][64Bits] -- {9CD4B827-2A6B-4614-8244-4D7139FA7510}
~ Logic: 32 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Ernst & Young]
[HKCU\Software\GbAs]
[HKCU\Software\MK Net.Work S.A.]
[HKCU\Software\Paisley]
[HKLM\Software\Encryption Anywhere]
[HKLM\Software\Ernst & Young]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Ernst & Young]
[HKLM\Software\Wow6432Node\Kontiki]
[HKLM\Software\Wow6432Node\Paisley]
[HKLM\Software\Wow6432Node\SysNet]
~ Key Software: 282 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/09/2013 - 19:15:00 - [] ----D C:\Program Files (x86)\AAP
O43 - CFD: 23/07/2014 - 10:57:05 - [] ----D C:\Program Files (x86)\EMET 4.0
O43 - CFD: 22/07/2014 - 08:34:24 - [] ----D C:\Program Files (x86)\Ernst & Young
O43 - CFD: 23/07/2014 - 08:51:07 - [] ----D C:\Program Files (x86)\EY
O43 - CFD: 10/09/2013 - 19:44:31 - [] ----D C:\Program Files (x86)\EY Random
O43 - CFD: 10/09/2013 - 19:03:32 - [] ----D C:\Program Files (x86)\EYDecrypter
O43 - CFD: 23/07/2014 - 13:17:16 - [] ----D C:\Program Files (x86)\EYMIFGen
O43 - CFD: 16/01/2014 - 10:28:23 - [] ----D C:\Program Files (x86)\EYRCRoute
O43 - CFD: 11/09/2013 - 15:49:03 - [] ----D C:\Program Files (x86)\Groove Networks
O43 - CFD: 14/02/2014 - 08:19:58 - [] ----D C:\Program Files (x86)\Kontiki
O43 - CFD: 10/09/2013 - 19:48:00 - [] ----D C:\Program Files (x86)\Paisley
O43 - CFD: 23/07/2014 - 10:57:05 - [] ----D C:\Program Files (x86)\PWatch
O43 - CFD: 10/09/2013 - 19:47:39 - [] ----D C:\Program Files (x86)\Resolver
O43 - CFD: 22/10/2013 - 12:31:45 - [] ----D C:\Program Files (x86)\TempFolder
O43 - CFD: 21/12/2013 - 09:48:58 - [] ----D C:\Program Files (x86)\Time Tracker
O43 - CFD: 10/09/2013 - 19:03:50 - [] ----D C:\Program Files (x86)\TValue5
O43 - CFD: 20/01/2014 - 09:38:45 - [] ----D C:\Program Files (x86)\Vivo
O43 - CFD: 20/01/2014 - 09:40:54 - [] ----D C:\Program Files (x86)\VIVO INTERNET
O43 - CFD: 19/03/2014 - 14:31:06 - [] ----D C:\ProgramData\AAP
O43 - CFD: 09/11/2013 - 15:24:48 - [] ----D C:\ProgramData\Ernst & Young
O43 - CFD: 03/06/2014 - 17:42:11 - [] ----D C:\ProgramData\ETDArchiveLog
O43 - CFD: 11/09/2013 - 09:08:52 - [] ----D C:\ProgramData\EY Global Analytics
O43 - CFD: 11/04/2014 - 09:01:40 - [] ----D C:\ProgramData\EYRCRoute
O43 - CFD: 24/01/2014 - 09:11:56 - [] ----D C:\ProgramData\GAMx
O43 - CFD: 25/07/2014 - 14:39:16 - [] ----D C:\ProgramData\Kontiki
O43 - CFD: 16/07/2014 - 16:35:12 - [] ----D C:\ProgramData\MpZjOUOVZRA
O43 - CFD: 19/11/2013 - 09:43:00 - [] ----D C:\Users\Marcelo.Descio\AppData\Roaming\Paisley
O43 - CFD: 04/02/2014 - 08:35:05 - [] ----D C:\Users\Marcelo.Descio\AppData\Roaming\VIVO INTERNET
O43 - CFD: 20/01/2014 - 10:02:46 - [] ----D C:\Users\Marcelo.Descio\AppData\Local\Ernst & Young
O43 - CFD: 25/07/2014 - 13:20:39 - [] ----D C:\Users\Marcelo.Descio\AppData\Local\MovieMode =>PUP.MovieMode
~ Program Folder: 174 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.6D6905B8CA57FC8321941AEC0AB816B7] - 22/07/2014 - 16:27:02 ---A- . (...) -- C:\zoek-results2014-07-22-192702.log [22421]
O44 - LFC:[MD5.13AF86A7BC2C0AC5180B30447B3B5693] - 25/07/2014 - 11:38:51 ---A- . (...) -- C:\Windows\SMSCFG.INI [497]
O44 - LFC:[MD5.3685843BF013306837E924AACE757C69] - 25/07/2014 - 11:39:28 ---A- . (...) -- C:\zoek-results2014-07-25-143928.log [22521]
O44 - LFC:[MD5.F297F5DB10417A1F8B7A33328DA65D6E] - 25/07/2014 - 12:38:23 ---A- . (...) -- C:\Windows\System32\GEProxyLocator.log [80690]
O44 - LFC:[MD5.456E1234A96E0F3B58DC143422D6660F] - 25/07/2014 - 14:27:00 ---A- . (...) -- C:\zoek-results.log [2654]
~ Files: 39 Legitimates Filtered in 00mn 01s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj [64Bits] - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=3
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=1
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=1
O55 - MWPS:[HKLM\...\Policies\System] - "disablecad"=1
O55 - MWPS:[HKLM\...\Policies\System] - "DefaultLogonDomain"=1
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoInternetIcon"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "ClearRecentProgForNewUserInStartMenu"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "DisallowCpl"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=2
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoPublishingWizard"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoWebServices"=1
~ MWPE Keys: 13 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:23/03/2010 - 13:29:46 ---A- . (...) -- C:\Windows\System32\Drivers\CVPNDRVA.sys [304784]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:08/10/2010 - 15:59:40 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [32768]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:06/08/2010 - 06:43:20 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [1001472]
O58 - SDL:26/10/2009 - 15:52:00 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimspe64.sys [61952]
O58 - SDL:28/09/2009 - 17:46:00 ---A- . (.REDC - RICOH PCIe XD Driver.) -- C:\Windows\System32\Drivers\rixdpe64.sys [55808]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:12/03/2014 - 08:36:03 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 103 Legitimates Filtered in 00mn 00s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.D39345C629A76F6128349610730B8FD9] [SPRF][09/10/2013] (...) -- C:\Users\Marcelo.Descio\AppData\Roaming\unins000.dat [11573]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 29/06/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 14/05/2014 102400 | (EY Tune Up Service) . (.EY.) - C:\Program Files (x86)\Ernst & Young\EY Tune Up\EYTuneUpService.exe
SS - | Disabled 16/09/2011 62856 | (Lotus Notes Single Logon) . (.IBM Corp.) - C:\Lotus\Notes\nslsvice.exe
SS - | Demand 20/11/2012 69632 | (OnDemandService) . (.Ernst & Young.) - C:\Program Files (x86)\Ernst & Young\OnDemand\RunSCCMAdvert\OnDemandService.exe
SS - | Demand 01/11/2013 122880 | (SCCMHealthStatusService) . (.EY.) - C:\Program Files\EY\SCCM Health Status Tool\Service\SCCM_Health_Status_Service.exe
SS - | Auto 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 06/09/2012 46984 | (TPHDEXLGSVC) . (.Lenovo..) - C:\Windows\System32\TPHDEXLG64.exe
SS - | Disabled 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 23/03/2010 1528616 | (CVPND) . (.Cisco Systems, Inc..) - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
SR - | Auto 11/10/2013 9281840 | (DisplayLinkService) . (.DisplayLink Corp..) - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
SR - | Auto 19/10/2012 364704 | (EAFRCliManager) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\EAFRCliManager.exe
SR - | Auto 23/08/2012 629040 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 05/08/2013 403968 | (EYStealthRun) . (.Ernst & Young.) - C:\Program Files (x86)\EYStealthRun\EYStealthRun.exe
SR - | Auto 05/05/2014 527928 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 13/07/2009 27136 | C:\WINDOWS\SysWOW64\XAudio64.dll (HsfXAudioService) . (.Conexant Systems, Inc..) - C:\Windows\System32\svchost.exe
SR - | Auto 16/11/2010 339456 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SR - | Auto 11/04/2012 47440 | (IBMPMSVC) . (.Lenovo..) - C:\Windows\System32\ibmpmsvc.exe
SR - | Auto 04/09/2013 4860592 | (KService) . (.Kontiki Inc..) - C:\Program Files (x86)\Kontiki\KService.exe
SR - | Auto 10/09/2013 4448256 | (Lotus Notes Diagnostics) . (.IBM.) - C:\Lotus\Notes\nsd.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 22/09/2011 510536 | (NgVpnMgr) . (.Aventail Corporation.) - C:\WINDOWS\system32\ngvpnmgr.exe
SR - | Auto 25/02/2010 263536 | (NWSAPAutoWorkstationUpdateSvc) . (.SAP AG.) - C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
SR - | Auto 23/11/2012 49664 | (PETService) . (.Ernst & Young.) - C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\winpro.exe
SR - | Auto 01/02/2013 1589528 | (PGP RDD Service) . (.Symantec Corporation.) - C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 23/08/2012 149296 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 19/10/2012 2772640 | (RemovableStorageService) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\RemovableStorageService.exe
SR - | Auto 19/10/2012 16544 | (RSMgmtSrvc) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\RemovableStorageMgmtService.exe
SR - | Auto 25/05/2013 144368 | (SepMasterService) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
SR - | Auto 23/07/2012 12800 | (SetPEFilePermissions) . (.Ernst & Young.) - C:\Program Files (x86)\AAP\ACQ\SetPEFilePermissions.exe
SR - | Demand 25/05/2013 2316184 | (SmcService) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe
SR - | Auto 25/05/2013 334736 | (SNAC) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\snac64.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 23/08/2012 3342640 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: Scanned in 00mn 07s
---\\ Scâner Aditional (088)
Database Version : 13026 - (21/07/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0
C:\Users\Marcelo.Descio\AppData\Local\MovieMode =>PUP.MovieMode^
~ Additionnel Scan: 338460 Items scanned in 00mn 21s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 4 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s
~ 850 Legitimates filtered by white list
End of the scan (557 lines in 01mn 09s)(0)
mdescio- Iniciante
- Mensagens : 11
Reputação : 0
Data de inscrição : 25/07/2014
Re: Infecção Malware
por Power Max Sex 25 Jul 2014, 15:04
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Sáb 26 Jul 2014, 20:06, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Infecção Malware
por mdescio Sex 25 Jul 2014, 16:00
Segue o log:
Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014
Fichier d'export Registre :
Run by Marcelo.Descio at 25/07/2014 16:00:03
High Elevated Privileges : OK
Windows 7 Enterprise Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 01s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: {5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (25) (5.795.357 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Nenhum ponto de restauro do sistema foi criado
========== Recapitulativo ==========
6 : Chaves do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 05s
========== Caminho do ficheiro do relatório ==========
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R10].txt - 23/07/2014 11:30:22 [1465]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R11].txt - 23/07/2014 11:32:16 [1386]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R12].txt - 23/07/2014 11:45:03 [1618]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R13].txt - 25/07/2014 10:30:35 [1708]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R14].txt - 25/07/2014 10:31:51 [1656]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R15].txt - 25/07/2014 10:34:24 [2165]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R16].txt - 25/07/2014 10:35:05 [1921]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R17].txt - 25/07/2014 10:35:58 [2610]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R18].txt - 25/07/2014 10:37:24 [2442]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R19].txt - 25/07/2014 13:18:11 [2927]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R1].txt - 23/07/2014 09:28:49 [1265]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R2].txt - 23/07/2014 09:34:36 [5183]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R3].txt - 23/07/2014 10:40:30 [807]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R4].txt - 23/07/2014 10:40:42 [1028]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R5].txt - 23/07/2014 10:40:49 [1221]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R6].txt - 23/07/2014 10:48:26 [2402]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R7].txt - 23/07/2014 10:55:50 [4206]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R8].txt - 23/07/2014 11:05:01 [1957]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R9].txt - 23/07/2014 11:21:46 [1439]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R20].txt - 25/07/2014 16:00:04 [2759]
Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014
Fichier d'export Registre :
Run by Marcelo.Descio at 25/07/2014 16:00:03
High Elevated Privileges : OK
Windows 7 Enterprise Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 01s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: {5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (25) (5.795.357 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Nenhum ponto de restauro do sistema foi criado
========== Recapitulativo ==========
6 : Chaves do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 05s
========== Caminho do ficheiro do relatório ==========
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R10].txt - 23/07/2014 11:30:22 [1465]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R11].txt - 23/07/2014 11:32:16 [1386]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R12].txt - 23/07/2014 11:45:03 [1618]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R13].txt - 25/07/2014 10:30:35 [1708]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R14].txt - 25/07/2014 10:31:51 [1656]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R15].txt - 25/07/2014 10:34:24 [2165]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R16].txt - 25/07/2014 10:35:05 [1921]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R17].txt - 25/07/2014 10:35:58 [2610]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R18].txt - 25/07/2014 10:37:24 [2442]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R19].txt - 25/07/2014 13:18:11 [2927]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R1].txt - 23/07/2014 09:28:49 [1265]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R2].txt - 23/07/2014 09:34:36 [5183]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R3].txt - 23/07/2014 10:40:30 [807]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R4].txt - 23/07/2014 10:40:42 [1028]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R5].txt - 23/07/2014 10:40:49 [1221]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R6].txt - 23/07/2014 10:48:26 [2402]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R7].txt - 23/07/2014 10:55:50 [4206]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R8].txt - 23/07/2014 11:05:01 [1957]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R9].txt - 23/07/2014 11:21:46 [1439]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R20].txt - 25/07/2014 16:00:04 [2759]
mdescio- Iniciante
- Mensagens : 11
Reputação : 0
Data de inscrição : 25/07/2014
Re: Infecção Malware
por Power Max Sex 25 Jul 2014, 16:02
Faça o download do Malwarebytes em um destes links abaixo:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Na sua próxima resposta poste este log (relatório) do Malwarebytes.
Ficamos no aguardo.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Infecção Malware
por mdescio Sex 25 Jul 2014, 16:35
Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Scan Date: 25/07/2014
Scan Time: 16:16:26
Logfile: log.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.07.25.06
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Marcelo.Descio
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 310458
Time Elapsed: 10 min, 23 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
Adware.MovieMode, C:\ProgramData\MpZjOUOVZRA\QTSracrj.exe, 3020, Delete-on-Reboot, [5a60dec51b604cea7102cc9f6f92e51b]
Modules: 1
PUP.Optional.MovieMode.A, C:\ProgramData\MpZjOUOVZRA\dat\GLRkxpG.dll, Delete-on-Reboot, [2a90faa9bdbece6847477e22b64e6b95],
Registry Keys: 0
(No malicious items detected)
Registry Values: 1
Malware.Trace, HKU\S-1-5-21-1078081533-113007714-725345543-146458-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWCPL|1, BitLocker Drive Encryption, Quarantined, [07b3edb6f289bb7b0fd7b6ac45be07f9]
Registry Data: 0
(No malicious items detected)
Folders: 1
PUP.Optional.MovieMode.A, C:\Users\Marcelo.Descio\AppData\Local\MovieMode, Quarantined, [d8e2841f3843dd599a4d74706b97d62a],
Files: 5
Adware.MovieMode, C:\ProgramData\MpZjOUOVZRA\QTSracrj.exe, Delete-on-Reboot, [5a60dec51b604cea7102cc9f6f92e51b],
PUP.Optional.MovieMode.A, C:\ProgramData\MpZjOUOVZRA\dat\GLRkxpG.dll, Delete-on-Reboot, [2a90faa9bdbece6847477e22b64e6b95],
PUP.Optional.Superfish.A, C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Delete-on-Reboot, [f7c3d5ce067539fd4557bd1d58aa8b75],
PUP.Optional.Superfish.A, C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [d3e7911281fa80b68913c2184db5ea16],
PUP.Optional.MovieMode.A, C:\Users\Marcelo.Descio\AppData\Local\MovieMode\data2.dat, Quarantined, [d8e2841f3843dd599a4d74706b97d62a],
Physical Sectors: 0
(No malicious items detected)
(end)
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Scan Date: 25/07/2014
Scan Time: 16:16:26
Logfile: log.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.07.25.06
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Marcelo.Descio
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 310458
Time Elapsed: 10 min, 23 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
Adware.MovieMode, C:\ProgramData\MpZjOUOVZRA\QTSracrj.exe, 3020, Delete-on-Reboot, [5a60dec51b604cea7102cc9f6f92e51b]
Modules: 1
PUP.Optional.MovieMode.A, C:\ProgramData\MpZjOUOVZRA\dat\GLRkxpG.dll, Delete-on-Reboot, [2a90faa9bdbece6847477e22b64e6b95],
Registry Keys: 0
(No malicious items detected)
Registry Values: 1
Malware.Trace, HKU\S-1-5-21-1078081533-113007714-725345543-146458-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWCPL|1, BitLocker Drive Encryption, Quarantined, [07b3edb6f289bb7b0fd7b6ac45be07f9]
Registry Data: 0
(No malicious items detected)
Folders: 1
PUP.Optional.MovieMode.A, C:\Users\Marcelo.Descio\AppData\Local\MovieMode, Quarantined, [d8e2841f3843dd599a4d74706b97d62a],
Files: 5
Adware.MovieMode, C:\ProgramData\MpZjOUOVZRA\QTSracrj.exe, Delete-on-Reboot, [5a60dec51b604cea7102cc9f6f92e51b],
PUP.Optional.MovieMode.A, C:\ProgramData\MpZjOUOVZRA\dat\GLRkxpG.dll, Delete-on-Reboot, [2a90faa9bdbece6847477e22b64e6b95],
PUP.Optional.Superfish.A, C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Delete-on-Reboot, [f7c3d5ce067539fd4557bd1d58aa8b75],
PUP.Optional.Superfish.A, C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [d3e7911281fa80b68913c2184db5ea16],
PUP.Optional.MovieMode.A, C:\Users\Marcelo.Descio\AppData\Local\MovieMode\data2.dat, Quarantined, [d8e2841f3843dd599a4d74706b97d62a],
Physical Sectors: 0
(No malicious items detected)
(end)
mdescio- Iniciante
- Mensagens : 11
Reputação : 0
Data de inscrição : 25/07/2014
Re: Infecção Malware
por Power Max Sex 25 Jul 2014, 16:37
Como está o PC depois destes procedimentos?
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Infecção Malware
por mdescio Sex 25 Jul 2014, 19:22
Melhorou demais, as paginas estão abrindo muito mais rapido! Obrigado!
mdescio- Iniciante
- Mensagens : 11
Reputação : 0
Data de inscrição : 25/07/2014
Re: Infecção Malware
por Power Max Sex 25 Jul 2014, 20:07
Fico feliz que o problema tenha sido resolvido. Só para finalizar siga estes tutoriais abaixo, por gentileza:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]._______________________________________________________________________________________________________________________
Foi um prazer ajudar. Conte sempre conosco!
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Infecção Malware
por Power Max Sáb 26 Jul 2014, 20:06
CASO RESOLVIDO
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Tópicos semelhantes» Infecção por malware
» PC com infecção
» Note com infecção
» Problema com o MSE ; podendo ser infecção
» Maquina com infecção
» PC com infecção
» Note com infecção
» Problema com o MSE ; podendo ser infecção
» Maquina com infecção
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|