Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14807 usuários registradosO último membro registrado é Costa24
Os nossos membros postaram um total de 36044 mensagens em 3685 assuntos
Quem está conectado?
Há 20 usuários online :: 0 registrados, 0 invisíveis e 20 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
Power Max | ||||
joram | ||||
Wings [In Memoriam] | ||||
caedurodrigues | ||||
Amigo Brasileiro | ||||
luizvilarinho | ||||
Danii | ||||
Admin | ||||
Danilo Marsaro | ||||
Andreata |
malware Websearches
3 participantes
Página 1 de 1
malware Websearches
Bom dia Pessoal, tbm estou com um probleminha na minha maquina, verifiquei as possibilidades de remover malware Websearches nas opções de internet e AdwCleaner e nada sair na pagina como principal dos navegadores, e também outros problema eh que não abre a maioria dos sites como google e entres outros sites.
Já fiz a pequisa com ZHPDiag segue abaixo...
~ Relatório do ZHPDiag v2014.8.28.125 - Nicolas Coolman (28/08/2014)
~ Iniciado por Douglas (17/12/2014 10:48:40)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 34.0 (Defaut)
GCIE: Google Chrome v39.0.2171.95
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Microsoft Security Client v4.6.0305.0
Windows Defender W7 (Deactivate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 15 Plugin
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 22 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2037 MB (43% free)
System Restore: Activé (Enable)
System drive C: has 37 GB (48%) free of 76 GB
---\\ Modo de conexão ao sistema
~ Computer Name: DOUGLAS-PC
~ User Name: Douglas
~ All Users Names: Douglas, Convidado, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Douglas\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Douglas\AppData\Roaming\
~ %Desktop% : C:\Users\Douglas\Desktop\
~ %Favorites% : C:\Users\Douglas\Favorites\
~ %LocalAppData% : C:\Users\Douglas\AppData\Local\
~ %StartMenu% : C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 37 Go of 76 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 100 Go of 406 Go)
F: Hard drive, Flash drive, Thumb drive (Free 60 Go of 60 Go)
G: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
H: Floppy drive, Flash card reader, USB Key (Free 2 Go of 2 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 43 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 09:17:09.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.927FA6456AD6D7630F6854828D2FD16B] - (.Microsoft Corporation - Internet Extensions para Win32.) (.26/11/2013 - 03:33:33.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 09:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/12/2013 - 18:03:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/36
~ Mes Favoris (My Favorites) : 1/24
~ Mes Documents (My Documents) : 1/34
~ Mon Bureau (My Desktop) : 1/1101
~ Menu demarrer (Programs) : 1/41
~ Hidden Files: Scanned in 00mn 01s
---\\ Processos lançados
[MD5.0F484CEBC0E6724B157E644787B66B68] - (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files\USB Disk Security\USBGuard.exe [623520] [PID.2444]
[MD5.312C7978F0A42DB0475CE31D884DCE88] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112] [PID.2452]
[MD5.68239842340DDFF8993DFD9127553EDA] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.2468]
[MD5.004763BDF8E48244DBB9FDFDE3065EBC] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.2576]
[MD5.CD1102E5D340216138C7F56FA8D26998] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.2652]
[MD5.18B6A913D2FBC0E5C02C14B24359E828] - (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\Windows\System32\aetcrss1.exe [18944] [PID.2724]
[MD5.D9C51528488EA0D98D3C4D02ABD16759] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.3292]
[MD5.86F0D0B3A07C142C81DAB47E8495A822] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872] [PID.3492]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] - (.Facebook Inc. - Facebook Installer.) -- C:\Users\Douglas\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096] [PID.3528]
[MD5.C10E5EF1B85DE5B79AC2815C9A677D1F] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe [1385808] [PID.3596] =>P2P.BitTorrent
[MD5.FFBD5650348D4F9E0AA8E72938DC6478] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1213736] [PID.3976]
[MD5.3CFB25DB09EB90FD2BD4C89D75611E6D] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [856904] [PID.1780]
[MD5.33BF80A2291C54DC7D7601CDEF63138E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8099328] [PID.192]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 03s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
M2 - MFEP: RegExtension {87F8774F-B485-47E2-A755-A40A8A5E8878} . (...) --
M2 - MFEP: RegExtension {87F8774F-B485-47E2-A755-A40A8A5E886D} . (...) -- C:\Users\Douglas\AppData\Local\GAS Tecnologia\GBBD\cef\xpi (.not file.)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bes] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Douglas\AppData\Local\GAS Tecnologia\GBBD\npsf_bes.dll
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean) (23)
~ Hosts File: Scanned in 00mn 00s
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: Adblock Pro - {F385C231-605B-4d8f-ACA9-DBFF765BBE17} . (.Adblock Pro Team - IE Anti-AD Add-ons.) -- C:\Program Files\Adblock Pro\AdblockPro.dll
~ BHO: 12 Legitimates Filtered in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Douglas]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 06s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [USB Security] . (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [CertificateRegistration] . (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\Windows\System32\aetcrss1.exe
O4 - HKLM\..\Run: [NetFxUpdate_v1.1.4322] . (.Microsoft - UpdateUtil Application.) -- C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [fst_br_210] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [HPUsageTracking] . (.Hewlett-Packard Company - HP UT Driver.) -- C:\Program Files\HP\HP UT\bin\hppusg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Douglas\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1013270533-3712062616-9224882-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-1013270533-3712062616-9224882-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Douglas\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1013270533-3712062616-9224882-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} . (.Adblock Pro Team - IE Anti-AD Add-ons.) -- C:\Program Files\Adblock Pro\AdblockPro.dll
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.caixa.gov.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A7F570F-47AB-4262-9D96-042DB0E7F28E}: NameServer = 4.4.4.4,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A7F570F-47AB-4262-9D96-042DB0E7F28E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A7F570F-47AB-4262-9D96-042DB0E7F28E}: DhcpDomain = domain.name
O17 - HKLM\System\CS1\Services\Tcpip\..\{6A7F570F-47AB-4262-9D96-042DB0E7F28E}: NameServer = 4.4.4.4,8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{6A7F570F-47AB-4262-9D96-042DB0E7F28E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6A7F570F-47AB-4262-9D96-042DB0E7F28E}: DhcpDomain = domain.name
O17 - HKLM\System\CS2\Services\Tcpip\..\{6A7F570F-47AB-4262-9D96-042DB0E7F28E}: NameServer = 4.4.4.4,8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{6A7F570F-47AB-4262-9D96-042DB0E7F28E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{6A7F570F-47AB-4262-9D96-042DB0E7F28E}: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: BRApps (BRApps) . (...) - C:\Program Files\BRApps\BRApps.exe (.not file.)
O23 - Service: Aplicação do Cash 'n Back (CashNBack Application) . (...) - C:\Program Files\RBM\CashNBack\CashNBack.exe
O23 - Service: Charismathics Smart Security Service (cmevtsrv) . (.charismathics GmbH - charismathics smart security service.) - C:\Windows\system32\cmEvtSrv.exe
O23 - Service: NJax (NJax) . (...) - C:\Program Files\NJax\NJax.exe
~ Services: 7 Legitimates Filtered in 00mn 12s
---\\ Tarefas planificadas automaticamente (039)
[MD5.4AD1C6066BDC00497BAFF665FA7FB264] [APT] [{0ADB78AB-E259-406C-B55E-8F273DEDD50B}] (.CAIXA ECONÔMICA FEDERAL.) -- C:\Program Files\CAIXA\CNS\cnsini.exe [620032]
[MD5.6D1E1FAB7950DFCEB4F4FE895D8EC778] [APT] [{C6C7A646-73A6-4AB9-BEC7-D6DEB5F5D5FB}] (.CAIXA.) -- C:\Users\Douglas\Downloads\iGBPCEFsf.exe [2514272]
[MD5.973567B98CDFC147DF4E60471D9DF072] [APT] [{EF8DDBEB-87F5-4363-9EA1-DAEECC6B63AF}] (...) -- C:\Program Files\GRRF\UNWISE.exe [153088]
[MD5.00000000000000000000000000000000] [APT] [SystemSockets] (...) -- C:\Program Files\HomeTab\WConnectorHandler.exe (.not file.) [0] =>PUP.CertifiedToolbar
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1058]
~ Scheduled Task: 18 Legitimates Filtered in 00mn 07s
---\\ Componentes instalados (ActiveSetup Installed Components) (040)
O40 - ASIC: Google Chrome - {8A69D345-D564-463c-AFF1-A69D9E530F96} . (...) -- C:\Program Files\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
~ Active Setup: 10 Legitimates Filtered in 00mn 00s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (brfilterdrv) . (. - .) - C:\Windows\System32\drivers\brfilterdrv.sys (.not file.)
O41 - Driver: (mosfilterdrv) . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - C:\Windows\System32\drivers\mosfilterdrv.sys
~ Drivers: 81 Legitimates Filtered in 00mn 01s
---\\ Software instalados (042)
O42 - Logiciel: ACI - (.Dataprev.) [HKCU] -- EBB7DDC5-F8A7-4C1A-8BDB-C64456D342A5
O42 - Logiciel: BRApps - (.BR SOFTWARE LLC.) [HKLM] -- BRApps
O42 - Logiciel: Giesecke & Devrient GmbH StarSign CUT - (...) [HKLM] -- SZCCID
O42 - Logiciel: Horizon v2.7.9.3 - (.Daring Development Inc..) [HKLM] -- d4cfeebc-b821-40b7-9f81-d366b1466f03_is1
O42 - Logiciel: Módulo de proteção BANESE - (.Banco do Estado de Sergipe.) [HKCU] -- {20644A06-6F30-4CCD-ADB0-1FA4EBE1DCC2}_is1
O42 - Logiciel: NJax - (.NINJASOFT LLC.) [HKLM] -- NJax
O42 - Logiciel: SEFIP 8.40 - (...) [HKLM] -- SEFIP 8.40
O42 - Logiciel: SafeSign - (.A.E.T. Europe B.V..) [HKLM] -- {66913111-2F8A-4950-AA93-51C26182FC35}
~ Logic: 11 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\A.E.T. Europe B.V.]
[HKCU\Software\ARL]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKCU\Software\Browser]
[HKCU\Software\GbAs]
[HKCU\Software\SERPRO]
[HKCU\Software\Tribo Gamer]
[HKCU\Software\WCA]
[HKCU\Software\charismathics]
[HKLM\Software\A.E.T. Europe B.V.]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Baidu Security]
[HKLM\Software\Baidu_Drp_pos]
[HKLM\Software\Caixa]
[HKLM\Software\Cash 'n Back]
[HKLM\Software\DesignSource]
[HKLM\Software\MaxPower]
[HKLM\Software\Programas RFB]
[HKLM\Software\baidu]
[HKLM\Software\charismathics]
~ Key Software: 192 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/01/2014 - 15:37:58 - [] ----D C:\Program Files\A.E.T. Europe B.V
O43 - CFD: 15/12/2014 - 10:32:57 - [] ----D C:\Program Files\Baidu Security
O43 - CFD: 22/10/2014 - 14:57:24 - [] ----D C:\Program Files\BRApp
O43 - CFD: 07/10/2014 - 08:31:32 - [] ----D C:\Program Files\CAGEDNet
O43 - CFD: 09/10/2014 - 09:10:26 - [] ----D C:\Program Files\CAIXA
O43 - CFD: 09/01/2014 - 11:54:10 - [] ----D C:\Program Files\Charismathics
O43 - CFD: 08/10/2014 - 14:50:11 - [] ----D C:\Program Files\Daring Development
O43 - CFD: 04/12/2013 - 09:01:14 - [] ----D C:\Program Files\G&D
O43 - CFD: 24/01/2014 - 14:04:57 - [] ----D C:\Program Files\GRRF
O43 - CFD: 11/10/2014 - 13:44:49 - [] ----D C:\Program Files\Jogando.net - Mu Online Season 6 - Extreme e War
O43 - CFD: 06/06/2014 - 08:33:44 - [] ----D C:\Program Files\My Logon Manager
O43 - CFD: 15/12/2014 - 11:18:29 - [] ----D C:\Program Files\NJax
O43 - CFD: 02/12/2013 - 14:51:05 - [] ----D C:\Program Files\Novo_Dicionario_Aurelio_5.0.40___Serial
O43 - CFD: 28/03/2014 - 14:46:39 - [] ----D C:\Program Files\Programas RFB
O43 - CFD: 03/10/2014 - 12:18:49 - [] ----D C:\Program Files\RBM
O43 - CFD: 08/01/2014 - 15:37:56 - [] ----D C:\ProgramData\A.E.T. Europe B.V
O43 - CFD: 11/12/2014 - 11:34:04 - [] ----D C:\ProgramData\Baidu
O43 - CFD: 15/12/2014 - 11:18:30 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 19/11/2014 - 17:11:00 - [] ----D C:\ProgramData\jgflmbfbjllenegldfiegbljahklebin
O43 - CFD: 11/03/2014 - 17:03:10 - [] ----D C:\ProgramData\SnowApp
O43 - CFD: 12/12/2014 - 11:05:25 - [] ----D C:\Users\Douglas\AppData\Roaming\Baidu
O43 - CFD: 23/09/2014 - 09:11:28 - [] ----D C:\Users\Douglas\AppData\Roaming\Baidu Security
O43 - CFD: 17/02/2014 - 11:52:16 - [] ----D C:\Users\Douglas\AppData\Roaming\rmi
O43 - CFD: 04/12/2013 - 09:08:21 - [] ----D C:\Users\Douglas\AppData\Local\A.E.T. Europe B.V
O43 - CFD: 17/07/2014 - 15:47:47 - [] ----D C:\Users\Douglas\AppData\Local\{7148F0A6-6813-11D6-A77B-00B0D0142190}
O43 - CFD: 11/12/2013 - 16:19:59 - [] ----D C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ACI
O43 - CFD: 11/12/2013 - 16:23:41 - [] ----D C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CAGEDNet
O43 - CFD: 02/12/2013 - 16:23:04 - [0] ----D C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CAIXA
O43 - CFD: 02/04/2014 - 10:09:45 - [0] ----D C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CapCAIXA
O43 - CFD: 24/01/2014 - 14:04:00 - [] ----D C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GdRaisJava
O43 - CFD: 04/02/2014 - 11:02:34 - [] ----D C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB
O43 - CFD: 28/03/2014 - 14:17:54 - [] ----D C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 210 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.74916E49E90F85FCE5996335B71DFF99] - 10/12/2014 - 09:37:44 ---A- . (...) -- C:\prox.log [15364160]
O44 - LFC:[MD5.65A8762527BF5CA098AD43298135EE79] - 17/12/2014 - 09:29:09 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [132936]
O44 - LFC:[MD5.E9490F7F826EDE73E53AD195FF0633B7] - 17/12/2014 - 09:29:09 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [673100]
~ Files: 11 Legitimates Filtered in 01mn 07s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{f4a65c29-779e-11e3-b957-0ceee6fb55d0}\AutoRun\command. (...) -- I:\LGAutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 1 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:16/12/2010 - 20:35:26 ---A- . (...) -- C:\Windows\System32\Drivers\AlcGener.sys [18048]
O58 - SDL:19/11/2014 - 10:18:52 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:19/11/2014 - 10:18:52 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:19/11/2014 - 10:18:53 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [206248] =>.ALWIL Software
O58 - SDL:31/07/2014 - 12:12:50 ---A- . (.Windows (R) Win 7 DDK provider - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\cashnbackdrv.sys [42464]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:02/10/2014 - 23:29:32 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\Windows\System32\Drivers\mosfilterdrv.sys [55608]
O58 - SDL:21/06/2011 - 11:24:06 ---A- . (...) -- C:\Windows\System32\Drivers\sp_rsdrv2.sys [32768]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 73 Legitimates Filtered in 00mn 09s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 19/11/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 31/07/2014 - C:\Windows\System32\drivers\cashnbackdrv.sys (cashnbackdrv) .(.Windows (R) Win 7 DDK provider - NetFilter SDK WFP Driver (WPP).) - LEGACY_CASHNBACKDRV
O64 - Services: CurCS - 02/10/2014 - C:\Windows\System32\drivers\mosfilterdrv.sys (mosfilterdrv) .(.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - LEGACY_MOSFILTERDRV
~ Legacy: 159 Legitimates Filtered in 00mn 01s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <BoBrowser.BMABS3HZY6MC45P2JYESXY3RPM> <BoBrowser>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Douglas\AppData\Local\BoBrowser\Application\bobrowser.exe (.not file.)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {80c554b9-c7f8-4a21-9471-06d606da78a2} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
[MD5.566D862E7338503CDF86086ECC7D35F7] [SPRF][14/01/2014] (...) -- C:\ProgramData\vault32.dll [176]
[MD5.754235865DBDA27621ADAFA05A4BD574] [SPRF][06/12/2013] (...) -- C:\Users\Douglas\AppData\Roaming\unins000.dat [13391]
[MD5.C0B59FF7EE933362B2D5D1941094C879] [SPRF][27/02/2014] (...) -- C:\Users\Douglas\Desktop\abp.exe [448783]
~ Files: 4 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 26/11/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/07/1658 0 | (BRApps) . (...) - C:\Program Files\BRApps\BRApps.exe
SS - | Auto 25/11/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 25/11/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 19/11/2014 114288 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 29/06/2007 800040 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 24/02/2014 2689224 | (PSafeSVC) . (.PSafe S/A.) - C:\Program Files\PSafe\psafesvc.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 12/09/2014 64704 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 19/11/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 24/09/2014 2214000 | (CashNBack Application) . (...) - C:\Program Files\RBM\CashNBack\CashNBack.exe
SR - | Auto 09/11/2011 74784 | (cmevtsrv) . (.charismathics GmbH.) - C:\Windows\system32\cmEvtSrv.exe
SR - | Auto 22/08/2014 22192 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 09/10/2014 443480 | (NJax) . (...) - C:\Program Files\NJax\NJax.exe
SR - | Demand 27/06/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 39s
---\\ Scâner Aditional (088)
Database Version : 13026 - (28/08/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
~ Additionnel Scan: 268876 Items scanned in 01mn 38s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 4 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CertifiedToolbar
~ MSI: 1 link(s) detected in 00mn 00s
~ 853 Legitimates filtered by white list
End of the scan (530 lines in 05mn 01s)(0)
Já fiz a pequisa com ZHPDiag segue abaixo...
~ Relatório do ZHPDiag v2014.8.28.125 - Nicolas Coolman (28/08/2014)
~ Iniciado por Douglas (17/12/2014 10:48:40)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 34.0 (Defaut)
GCIE: Google Chrome v39.0.2171.95
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Microsoft Security Client v4.6.0305.0
Windows Defender W7 (Deactivate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 15 Plugin
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 22 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2037 MB (43% free)
System Restore: Activé (Enable)
System drive C: has 37 GB (48%) free of 76 GB
---\\ Modo de conexão ao sistema
~ Computer Name: DOUGLAS-PC
~ User Name: Douglas
~ All Users Names: Douglas, Convidado, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Douglas\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Douglas\AppData\Roaming\
~ %Desktop% : C:\Users\Douglas\Desktop\
~ %Favorites% : C:\Users\Douglas\Favorites\
~ %LocalAppData% : C:\Users\Douglas\AppData\Local\
~ %StartMenu% : C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 37 Go of 76 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 100 Go of 406 Go)
F: Hard drive, Flash drive, Thumb drive (Free 60 Go of 60 Go)
G: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
H: Floppy drive, Flash card reader, USB Key (Free 2 Go of 2 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 43 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 09:17:09.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.927FA6456AD6D7630F6854828D2FD16B] - (.Microsoft Corporation - Internet Extensions para Win32.) (.26/11/2013 - 03:33:33.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 09:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/12/2013 - 18:03:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/36
~ Mes Favoris (My Favorites) : 1/24
~ Mes Documents (My Documents) : 1/34
~ Mon Bureau (My Desktop) : 1/1101
~ Menu demarrer (Programs) : 1/41
~ Hidden Files: Scanned in 00mn 01s
---\\ Processos lançados
[MD5.0F484CEBC0E6724B157E644787B66B68] - (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files\USB Disk Security\USBGuard.exe [623520] [PID.2444]
[MD5.312C7978F0A42DB0475CE31D884DCE88] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112] [PID.2452]
[MD5.68239842340DDFF8993DFD9127553EDA] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.2468]
[MD5.004763BDF8E48244DBB9FDFDE3065EBC] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.2576]
[MD5.CD1102E5D340216138C7F56FA8D26998] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.2652]
[MD5.18B6A913D2FBC0E5C02C14B24359E828] - (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\Windows\System32\aetcrss1.exe [18944] [PID.2724]
[MD5.D9C51528488EA0D98D3C4D02ABD16759] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.3292]
[MD5.86F0D0B3A07C142C81DAB47E8495A822] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872] [PID.3492]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] - (.Facebook Inc. - Facebook Installer.) -- C:\Users\Douglas\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096] [PID.3528]
[MD5.C10E5EF1B85DE5B79AC2815C9A677D1F] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe [1385808] [PID.3596] =>P2P.BitTorrent
[MD5.FFBD5650348D4F9E0AA8E72938DC6478] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1213736] [PID.3976]
[MD5.3CFB25DB09EB90FD2BD4C89D75611E6D] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [856904] [PID.1780]
[MD5.33BF80A2291C54DC7D7601CDEF63138E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8099328] [PID.192]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 03s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
M2 - MFEP: RegExtension {87F8774F-B485-47E2-A755-A40A8A5E8878} . (...) --
M2 - MFEP: RegExtension {87F8774F-B485-47E2-A755-A40A8A5E886D} . (...) -- C:\Users\Douglas\AppData\Local\GAS Tecnologia\GBBD\cef\xpi (.not file.)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bes] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Douglas\AppData\Local\GAS Tecnologia\GBBD\npsf_bes.dll
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean) (23)
~ Hosts File: Scanned in 00mn 00s
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: Adblock Pro - {F385C231-605B-4d8f-ACA9-DBFF765BBE17} . (.Adblock Pro Team - IE Anti-AD Add-ons.) -- C:\Program Files\Adblock Pro\AdblockPro.dll
~ BHO: 12 Legitimates Filtered in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Douglas]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 06s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [USB Security] . (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [CertificateRegistration] . (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\Windows\System32\aetcrss1.exe
O4 - HKLM\..\Run: [NetFxUpdate_v1.1.4322] . (.Microsoft - UpdateUtil Application.) -- C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [fst_br_210] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [HPUsageTracking] . (.Hewlett-Packard Company - HP UT Driver.) -- C:\Program Files\HP\HP UT\bin\hppusg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Douglas\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1013270533-3712062616-9224882-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-1013270533-3712062616-9224882-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Douglas\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1013270533-3712062616-9224882-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} . (.Adblock Pro Team - IE Anti-AD Add-ons.) -- C:\Program Files\Adblock Pro\AdblockPro.dll
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.caixa.gov.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A7F570F-47AB-4262-9D96-042DB0E7F28E}: NameServer = 4.4.4.4,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A7F570F-47AB-4262-9D96-042DB0E7F28E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A7F570F-47AB-4262-9D96-042DB0E7F28E}: DhcpDomain = domain.name
O17 - HKLM\System\CS1\Services\Tcpip\..\{6A7F570F-47AB-4262-9D96-042DB0E7F28E}: NameServer = 4.4.4.4,8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{6A7F570F-47AB-4262-9D96-042DB0E7F28E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6A7F570F-47AB-4262-9D96-042DB0E7F28E}: DhcpDomain = domain.name
O17 - HKLM\System\CS2\Services\Tcpip\..\{6A7F570F-47AB-4262-9D96-042DB0E7F28E}: NameServer = 4.4.4.4,8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{6A7F570F-47AB-4262-9D96-042DB0E7F28E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{6A7F570F-47AB-4262-9D96-042DB0E7F28E}: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: BRApps (BRApps) . (...) - C:\Program Files\BRApps\BRApps.exe (.not file.)
O23 - Service: Aplicação do Cash 'n Back (CashNBack Application) . (...) - C:\Program Files\RBM\CashNBack\CashNBack.exe
O23 - Service: Charismathics Smart Security Service (cmevtsrv) . (.charismathics GmbH - charismathics smart security service.) - C:\Windows\system32\cmEvtSrv.exe
O23 - Service: NJax (NJax) . (...) - C:\Program Files\NJax\NJax.exe
~ Services: 7 Legitimates Filtered in 00mn 12s
---\\ Tarefas planificadas automaticamente (039)
[MD5.4AD1C6066BDC00497BAFF665FA7FB264] [APT] [{0ADB78AB-E259-406C-B55E-8F273DEDD50B}] (.CAIXA ECONÔMICA FEDERAL.) -- C:\Program Files\CAIXA\CNS\cnsini.exe [620032]
[MD5.6D1E1FAB7950DFCEB4F4FE895D8EC778] [APT] [{C6C7A646-73A6-4AB9-BEC7-D6DEB5F5D5FB}] (.CAIXA.) -- C:\Users\Douglas\Downloads\iGBPCEFsf.exe [2514272]
[MD5.973567B98CDFC147DF4E60471D9DF072] [APT] [{EF8DDBEB-87F5-4363-9EA1-DAEECC6B63AF}] (...) -- C:\Program Files\GRRF\UNWISE.exe [153088]
[MD5.00000000000000000000000000000000] [APT] [SystemSockets] (...) -- C:\Program Files\HomeTab\WConnectorHandler.exe (.not file.) [0] =>PUP.CertifiedToolbar
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1058]
~ Scheduled Task: 18 Legitimates Filtered in 00mn 07s
---\\ Componentes instalados (ActiveSetup Installed Components) (040)
O40 - ASIC: Google Chrome - {8A69D345-D564-463c-AFF1-A69D9E530F96} . (...) -- C:\Program Files\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
~ Active Setup: 10 Legitimates Filtered in 00mn 00s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (brfilterdrv) . (. - .) - C:\Windows\System32\drivers\brfilterdrv.sys (.not file.)
O41 - Driver: (mosfilterdrv) . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - C:\Windows\System32\drivers\mosfilterdrv.sys
~ Drivers: 81 Legitimates Filtered in 00mn 01s
---\\ Software instalados (042)
O42 - Logiciel: ACI - (.Dataprev.) [HKCU] -- EBB7DDC5-F8A7-4C1A-8BDB-C64456D342A5
O42 - Logiciel: BRApps - (.BR SOFTWARE LLC.) [HKLM] -- BRApps
O42 - Logiciel: Giesecke & Devrient GmbH StarSign CUT - (...) [HKLM] -- SZCCID
O42 - Logiciel: Horizon v2.7.9.3 - (.Daring Development Inc..) [HKLM] -- d4cfeebc-b821-40b7-9f81-d366b1466f03_is1
O42 - Logiciel: Módulo de proteção BANESE - (.Banco do Estado de Sergipe.) [HKCU] -- {20644A06-6F30-4CCD-ADB0-1FA4EBE1DCC2}_is1
O42 - Logiciel: NJax - (.NINJASOFT LLC.) [HKLM] -- NJax
O42 - Logiciel: SEFIP 8.40 - (...) [HKLM] -- SEFIP 8.40
O42 - Logiciel: SafeSign - (.A.E.T. Europe B.V..) [HKLM] -- {66913111-2F8A-4950-AA93-51C26182FC35}
~ Logic: 11 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\A.E.T. Europe B.V.]
[HKCU\Software\ARL]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKCU\Software\Browser]
[HKCU\Software\GbAs]
[HKCU\Software\SERPRO]
[HKCU\Software\Tribo Gamer]
[HKCU\Software\WCA]
[HKCU\Software\charismathics]
[HKLM\Software\A.E.T. Europe B.V.]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Baidu Security]
[HKLM\Software\Baidu_Drp_pos]
[HKLM\Software\Caixa]
[HKLM\Software\Cash 'n Back]
[HKLM\Software\DesignSource]
[HKLM\Software\MaxPower]
[HKLM\Software\Programas RFB]
[HKLM\Software\baidu]
[HKLM\Software\charismathics]
~ Key Software: 192 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/01/2014 - 15:37:58 - [] ----D C:\Program Files\A.E.T. Europe B.V
O43 - CFD: 15/12/2014 - 10:32:57 - [] ----D C:\Program Files\Baidu Security
O43 - CFD: 22/10/2014 - 14:57:24 - [] ----D C:\Program Files\BRApp
O43 - CFD: 07/10/2014 - 08:31:32 - [] ----D C:\Program Files\CAGEDNet
O43 - CFD: 09/10/2014 - 09:10:26 - [] ----D C:\Program Files\CAIXA
O43 - CFD: 09/01/2014 - 11:54:10 - [] ----D C:\Program Files\Charismathics
O43 - CFD: 08/10/2014 - 14:50:11 - [] ----D C:\Program Files\Daring Development
O43 - CFD: 04/12/2013 - 09:01:14 - [] ----D C:\Program Files\G&D
O43 - CFD: 24/01/2014 - 14:04:57 - [] ----D C:\Program Files\GRRF
O43 - CFD: 11/10/2014 - 13:44:49 - [] ----D C:\Program Files\Jogando.net - Mu Online Season 6 - Extreme e War
O43 - CFD: 06/06/2014 - 08:33:44 - [] ----D C:\Program Files\My Logon Manager
O43 - CFD: 15/12/2014 - 11:18:29 - [] ----D C:\Program Files\NJax
O43 - CFD: 02/12/2013 - 14:51:05 - [] ----D C:\Program Files\Novo_Dicionario_Aurelio_5.0.40___Serial
O43 - CFD: 28/03/2014 - 14:46:39 - [] ----D C:\Program Files\Programas RFB
O43 - CFD: 03/10/2014 - 12:18:49 - [] ----D C:\Program Files\RBM
O43 - CFD: 08/01/2014 - 15:37:56 - [] ----D C:\ProgramData\A.E.T. Europe B.V
O43 - CFD: 11/12/2014 - 11:34:04 - [] ----D C:\ProgramData\Baidu
O43 - CFD: 15/12/2014 - 11:18:30 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 19/11/2014 - 17:11:00 - [] ----D C:\ProgramData\jgflmbfbjllenegldfiegbljahklebin
O43 - CFD: 11/03/2014 - 17:03:10 - [] ----D C:\ProgramData\SnowApp
O43 - CFD: 12/12/2014 - 11:05:25 - [] ----D C:\Users\Douglas\AppData\Roaming\Baidu
O43 - CFD: 23/09/2014 - 09:11:28 - [] ----D C:\Users\Douglas\AppData\Roaming\Baidu Security
O43 - CFD: 17/02/2014 - 11:52:16 - [] ----D C:\Users\Douglas\AppData\Roaming\rmi
O43 - CFD: 04/12/2013 - 09:08:21 - [] ----D C:\Users\Douglas\AppData\Local\A.E.T. Europe B.V
O43 - CFD: 17/07/2014 - 15:47:47 - [] ----D C:\Users\Douglas\AppData\Local\{7148F0A6-6813-11D6-A77B-00B0D0142190}
O43 - CFD: 11/12/2013 - 16:19:59 - [] ----D C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ACI
O43 - CFD: 11/12/2013 - 16:23:41 - [] ----D C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CAGEDNet
O43 - CFD: 02/12/2013 - 16:23:04 - [0] ----D C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CAIXA
O43 - CFD: 02/04/2014 - 10:09:45 - [0] ----D C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CapCAIXA
O43 - CFD: 24/01/2014 - 14:04:00 - [] ----D C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GdRaisJava
O43 - CFD: 04/02/2014 - 11:02:34 - [] ----D C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB
O43 - CFD: 28/03/2014 - 14:17:54 - [] ----D C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 210 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.74916E49E90F85FCE5996335B71DFF99] - 10/12/2014 - 09:37:44 ---A- . (...) -- C:\prox.log [15364160]
O44 - LFC:[MD5.65A8762527BF5CA098AD43298135EE79] - 17/12/2014 - 09:29:09 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [132936]
O44 - LFC:[MD5.E9490F7F826EDE73E53AD195FF0633B7] - 17/12/2014 - 09:29:09 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [673100]
~ Files: 11 Legitimates Filtered in 01mn 07s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{f4a65c29-779e-11e3-b957-0ceee6fb55d0}\AutoRun\command. (...) -- I:\LGAutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 1 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:16/12/2010 - 20:35:26 ---A- . (...) -- C:\Windows\System32\Drivers\AlcGener.sys [18048]
O58 - SDL:19/11/2014 - 10:18:52 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:19/11/2014 - 10:18:52 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:19/11/2014 - 10:18:53 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [206248] =>.ALWIL Software
O58 - SDL:31/07/2014 - 12:12:50 ---A- . (.Windows (R) Win 7 DDK provider - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\cashnbackdrv.sys [42464]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:02/10/2014 - 23:29:32 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\Windows\System32\Drivers\mosfilterdrv.sys [55608]
O58 - SDL:21/06/2011 - 11:24:06 ---A- . (...) -- C:\Windows\System32\Drivers\sp_rsdrv2.sys [32768]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 73 Legitimates Filtered in 00mn 09s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 19/11/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 31/07/2014 - C:\Windows\System32\drivers\cashnbackdrv.sys (cashnbackdrv) .(.Windows (R) Win 7 DDK provider - NetFilter SDK WFP Driver (WPP).) - LEGACY_CASHNBACKDRV
O64 - Services: CurCS - 02/10/2014 - C:\Windows\System32\drivers\mosfilterdrv.sys (mosfilterdrv) .(.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - LEGACY_MOSFILTERDRV
~ Legacy: 159 Legitimates Filtered in 00mn 01s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <BoBrowser.BMABS3HZY6MC45P2JYESXY3RPM> <BoBrowser>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Douglas\AppData\Local\BoBrowser\Application\bobrowser.exe (.not file.)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {80c554b9-c7f8-4a21-9471-06d606da78a2} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
[MD5.566D862E7338503CDF86086ECC7D35F7] [SPRF][14/01/2014] (...) -- C:\ProgramData\vault32.dll [176]
[MD5.754235865DBDA27621ADAFA05A4BD574] [SPRF][06/12/2013] (...) -- C:\Users\Douglas\AppData\Roaming\unins000.dat [13391]
[MD5.C0B59FF7EE933362B2D5D1941094C879] [SPRF][27/02/2014] (...) -- C:\Users\Douglas\Desktop\abp.exe [448783]
~ Files: 4 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 26/11/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/07/1658 0 | (BRApps) . (...) - C:\Program Files\BRApps\BRApps.exe
SS - | Auto 25/11/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 25/11/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 19/11/2014 114288 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 29/06/2007 800040 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 24/02/2014 2689224 | (PSafeSVC) . (.PSafe S/A.) - C:\Program Files\PSafe\psafesvc.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 12/09/2014 64704 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 19/11/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 24/09/2014 2214000 | (CashNBack Application) . (...) - C:\Program Files\RBM\CashNBack\CashNBack.exe
SR - | Auto 09/11/2011 74784 | (cmevtsrv) . (.charismathics GmbH.) - C:\Windows\system32\cmEvtSrv.exe
SR - | Auto 22/08/2014 22192 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 09/10/2014 443480 | (NJax) . (...) - C:\Program Files\NJax\NJax.exe
SR - | Demand 27/06/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 39s
---\\ Scâner Aditional (088)
Database Version : 13026 - (28/08/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
~ Additionnel Scan: 268876 Items scanned in 01mn 38s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 4 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CertifiedToolbar
~ MSI: 1 link(s) detected in 00mn 00s
~ 853 Legitimates filtered by white list
End of the scan (530 lines in 05mn 01s)(0)
Douglas Lima- Membro
- Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 41
Re: malware Websearches
Boa tarde Douglas Lima,
Um grande abraço.
- Baixe: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> (...par Xplode)
- Ou aqui >>[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]<<
- Salve-a na sua Desktop (área de trabalho).
- Feche todos os programas e navegadores de internet abertos.
- Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo AdwCleaner.exe,depois clique em:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] - Clique em Examinar, para iniciar o escaneamento!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] - Ao término, clique em limpar
- Copie o log ou clique "Relatório".
- Poste: >>C:\AdwCleaner\AdwCleaner [S0].txt<<
- Baixe:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> <(...by Oleg N. Scherbakov)>
- Salve-o no desktop!
- Desabilite seu antivírus!
- Para Windows 7, clique direito em JRT.exe e execute-o como [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - Aguarde a conclusão e poste o relatório. ( JRT.txt )
Um grande abraço.
caedurodrigues- Analista
- Mensagens : 947
Reputação : 161
Data de inscrição : 21/10/2013
Idade : 54
Localização : Apiacá
Re: malware Websearches
Olá bom dia,
Segue em anexo os arquivos analisados.....
1º processo AdwCleaner....
2º processo JRT....
Segue em anexos...
Segue em anexo os arquivos analisados.....
1º processo AdwCleaner....
2º processo JRT....
Segue em anexos...
Douglas Lima- Membro
- Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 41
Re: malware Websearches
Boa tarde Douglas Lima,
Um grande abraço.
- Baixe:<[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem][Tens de ter uma conta e sessão iniciada para poderes visualizar este link]><(...by Smeenk)>
- Salve na sua área de trabalho!
- Execute o arquivo Zoek.exe.
- Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo Zoek.exe, depois clique em
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] - Selecione as linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar!
autoclean;
emptyalltemp;
emptyfolderscheck;delete - Clique com o direito em qualquer parte branca do Zoek e escolha a opção colar.
- Clique Run Script!
- Aguarde o scan. Ao final abrirá o bloco de notas com o relatório.
- Uma cópia também será salva no seu disco local com o nome zoek-results.txt.
- Anexe o zoek-results.txt na sua próxima resposta.
Um grande abraço.
caedurodrigues- Analista
- Mensagens : 947
Reputação : 161
Data de inscrição : 21/10/2013
Idade : 54
Localização : Apiacá
Re: malware Websearches
Olá boa tarde caedurodrigues,
segue em anexo o arquivo analisado em Zoek...
segue em anexo o arquivo analisado em Zoek...
Douglas Lima- Membro
- Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 41
Re: malware Websearches
Boa noite Douglas Lima,
Um grande abraço.
- Abra a ferramenta AdwCleaner e clique em "Desinstalar".
- Confirme a solicitação!
- Baixe:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> <(...by Farbar)>
- Ou aqui:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
- Salve-a na Área de trabalho !
- Execute a ferramenta ! Clique "Yes" >> "Scan".
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] - Verifique se as caixinhas em "Whitelist" estão assinaladas.
- Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
- Será gerado o relatório! (FRST.txt)
- Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
- Acesse: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
- Ou acesse:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
- Ou anexe-o <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> << Link
- Maiores informações:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> << Hospedagem !
Um grande abraço.
caedurodrigues- Analista
- Mensagens : 947
Reputação : 161
Data de inscrição : 21/10/2013
Idade : 54
Localização : Apiacá
Re: malware Websearches
Olá bom dia caedurodrigues
Segue em anexo os arquivos analisado por FRST....
Segue em anexo os arquivos analisado por FRST....
Douglas Lima- Membro
- Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 41
Re: malware Websearches
Boa tarde Douglas Lima,
Um grande abraço.
- Copie estas informações que estão em vermelho,para o Bloco de Notas.
- Salve-a com o nome fixlist.txt
- Salve-a no mesmo local em que se encontra a FRST
start
CloseProcesses:
HKLM\...\Run: [fst_br_210] => [X]
HKLM\...\Run: [] => [X]
hellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files\Baidu Security\Baidu Antivirus\BavShx.dll No File
URLSearchHook: [S-1-5-21-1013270533-3712062616-9224882-1000] ATTENTION ==> Default URLSearchHook is missing.SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml
CHR HomePage: Default -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1418304193&from=pcm&uid=MaxtorX6V080E0_V2272G5G"
CHR HKLM\...\Chrome\Extension: [jlceijfdfeghdhmmbhbcffanmcggoojf] - No Path
S2 BRApps; C:\Program Files\BRApps\BRApps.exe [X]
S2 NJax; C:\Program Files\NJax\NJax.exe [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S1 brfilterdrv; system32\drivers\brfilterdrv.sys [X]
S3 PCFApiUtil; \??\C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2014-12-19 17:53 - 2014-12-19 17:53 - 00029324 _____ () C:\Users\Douglas\Desktop\zoek-results.txt
2014-12-19 17:21 - 2014-12-19 16:05 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-12-19 16:09 - 2014-12-19 17:52 - 00029324 _____ () C:\zoek-results.log
2014-12-19 16:07 - 2014-12-19 15:56 - 01295360 _____ () C:\Users\Douglas\Desktop\zoek.exe
2014-12-19 16:06 - 2014-12-19 17:12 - 00000000 ____D () C:\zoek_backup
2014-12-19 11:25 - 2014-12-19 11:25 - 00001297 _____ () C:\Users\Douglas\Desktop\JRT.txt
2014-12-19 11:15 - 2014-12-19 11:15 - 00000582 _____ () C:\Users\Douglas\Desktop\JRT - Atalho.lnk
2014-12-19 11:14 - 2014-12-19 11:14 - 00003671 _____ () C:\Users\Douglas\Desktop\AdwCleaner[S20].txt
2014-12-17 11:36 - 2014-12-17 11:36 - 00002381 _____ () C:\Users\Douglas\Desktop\ZHPFixReport.txt
2014-12-17 10:53 - 2014-12-17 10:53 - 00035223 _____ () C:\Users\Douglas\Desktop\ZHPDiag.txt
2014-11-26 09:56 - 2014-11-26 09:56 - 00002452 _____ () C:\Users\Douglas\Desktop\ZHPFix[R1].txt
2014-11-25 11:07 - 2014-11-25 11:07 - 00001889 _____ () C:\Users\Douglas\Desktop\ZHPFix.lnk
2014-11-25 11:06 - 2014-11-25 11:07 - 00001762 _____ () C:\Users\Douglas\Desktop\ZHPDiag.lnk
2014-12-22 09:19 - 2014-11-20 09:12 - 00003948 _____ () C:\Windows\setupact.log
2014-12-19 17:47 - 2014-11-20 09:12 - 00030708 _____ () C:\Windows\PFRO.log
2014-12-17 11:36 - 2014-11-19 16:21 - 00000000 ____D () C:\Users\Douglas\AppData\Roaming\ZHP
2014-12-17 11:34 - 2014-02-27 10:01 - 00000000 ____D () C:\Program Files\PSafe
2014-11-25 11:07 - 2014-11-19 16:21 - 00000000 ____D () C:\Program Files\ZHPDiag
C:\Users\Douglas\AppData\Local\Temp\Quarantine.exe
C:\Users\Douglas\AppData\Local\Temp\sqlite3.dll
lv Player Packages (HKU\S-1-5-21-1013270533-3712062616-9224882-1000\...\Flv Player Packages) (Version: - ) <==== ATTENTION
Task: {387213E3-D012-49E4-9381-452525E3EE0D} - \{7A598C51-91AB-473E-8DB7-ABE04F852F35} No Task File <==== ATTENTION
Task: {5BB6E4E9-1AA6-43AA-B16A-4729F3AAB5AB} - \{48602D57-DD6A-4E63-94F8-BCD975DF98B7} No Task File <==== ATTENTION
Task: {CEB0E810-CA25-4191-B38A-366E018C1784} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
Task: {DD3C7CD0-4050-4AF4-8E53-F21F47037705} - \{8BCA47D4-18F6-4D83-A3F2-2C96AA925401} No Task File <==== ATTENTION
Task: {E38B6316-7346-4D4A-BAA0-59F1FF65E831} - \SystemSockets\SystemSockets No Task File <==== ATTENTION
HOSTS:
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
emptytemp:
end - Execute FRST/FRST64 >> Clique "Fix". << Aguarde!
- Poste o relatório! (Fixlog.txt)
Um grande abraço.
caedurodrigues- Analista
- Mensagens : 947
Reputação : 161
Data de inscrição : 21/10/2013
Idade : 54
Localização : Apiacá
Re: malware Websearches
Olá bom dia caedurodrigues....
Segue em anexo o arquivo.....
Segue em anexo o arquivo.....
Douglas Lima- Membro
- Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 41
Re: malware Websearches
Boa tarde Douglas, como está o seu equipamento ? Ainda com os problemas iniciais ?
caedurodrigues- Analista
- Mensagens : 947
Reputação : 161
Data de inscrição : 21/10/2013
Idade : 54
Localização : Apiacá
Re: malware Websearches
Não, já foi resolvido valeu mesmo vcs são demais....
Só um probleminha é o hotmail q uso...ele não abre fica demorando para abrir e dá erro conforme esta em anexo.
Só um probleminha é o hotmail q uso...ele não abre fica demorando para abrir e dá erro conforme esta em anexo.
Douglas Lima- Membro
- Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 41
Re: malware Websearches
Boa noite Douglas Lima, desculpe-me a demora, aparentemente isso não está relacionado à malware. Ainda há algum problema com o PC? Caso não, siga os passos abaixo para encerrar o tópico.
Agora vamos remover as ferramentas utilizadas na desinfecção.
Agora vamos remover as ferramentas utilizadas na desinfecção.
- Baixe: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> (...par Xplode)
- Salve-a na sua área de trabalho.
- Dê dois cliques no delfix.exe para executá-lo.
- Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo delfix.exe,depois clique em: [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
- Marque as caixinhas, de acordo com a imagem.
- Clique no botão Executar.
- Reinicie o computador!
- Tudo OK ?
caedurodrigues- Analista
- Mensagens : 947
Reputação : 161
Data de inscrição : 21/10/2013
Idade : 54
Localização : Apiacá
Re: malware Websearches
Caso Resolvido
Necessitando nova verificação para este computador,basta abrir "Novo Tópico" e relatar o problema.
Necessitando nova verificação para este computador,basta abrir "Novo Tópico" e relatar o problema.
_________________
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >> O que há de melhor,para desinfectar seu computador!
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >> Não deixem de conhecer!
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >> Tradição em informática!
joram- Administrador
- Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Tópicos semelhantes
» Remover Istart.Websearches, Search Protect e Fast Start
» remoção de websearches hao123
» Websearches.com e Baidu Antivirus
» APRESENTAÇÃO
» malware oculto
» remoção de websearches hao123
» Websearches.com e Baidu Antivirus
» APRESENTAÇÃO
» malware oculto
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos
|
|