Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 16 usuários online :: 0 registrados, 0 invisíveis e 16 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
Power Max | ||||
joram | ||||
Wings [In Memoriam] | ||||
caedurodrigues | ||||
Amigo Brasileiro | ||||
luizvilarinho | ||||
Danii | ||||
Admin | ||||
Danilo Marsaro | ||||
Andreata |
Verificar Log Combofix
2 participantes
Página 1 de 1
Verificar Log Combofix
Olá
Por favor alguém pode verificar o log feito pelo combofix segue abaixo e dar opinião se tenho que fazer alguma coisa para melhorar o meu note.
ComboFix 14-01-04.03 - Rogério 05/01/2014 21:25:28.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.3316.1991 [GMT -2:00]
Executando de: c:\users\Rogério\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - system32: deleted 6 bytes in 3 streams.
ADS - drivers: deleted 412 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
C:\Microsoft
c:\progra~1\BAIXAR~1\SOUNdf~1.dll
c:\programdata\DRV10.tmp
c:\programdata\E2010.tmp
c:\programdata\SearchNewTab
c:\programdata\Weekapp
c:\users\Rogério\AppData\Roaming\unins000.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_winsvc
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-12-05 to 2014-01-05 ))))))))))))))))))))))))))))
.
.
2014-01-04 15:54 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-02 16:58 . 2014-01-02 16:58 -------- d-----w- c:\program files\VS Revo Group
2014-01-02 16:55 . 2014-01-02 17:05 -------- d-----w- c:\users\Rogério\AppData\Local\Oxy
2014-01-02 16:55 . 2014-01-02 16:55 -------- d-----w- c:\users\Rogério\AppData\Local\Chromium
2013-12-31 00:39 . 2013-12-31 00:39 -------- d-----w- c:\program files\CCleaner
2013-12-31 00:34 . 2013-12-31 00:34 -------- d-----w- c:\program files\ToniArts
2013-12-31 00:02 . 2013-12-31 00:02 -------- d--h--w- c:\programdata\HBM2
2013-12-30 23:35 . 2013-12-30 23:44 264 ---h--w- c:\programdata\gwp2.sys
2013-12-30 23:35 . 2013-12-30 23:34 783504 ----a-w- c:\windows\system32\fbx1.dat
2013-12-22 15:28 . 2013-12-22 15:28 -------- d-----w- c:\users\Rogério\AppData\Local\AnyUtils
2013-12-22 15:21 . 2013-12-22 15:21 -------- d-----w- c:\users\Rogério\.android
2013-12-22 15:21 . 2013-12-27 19:19 -------- d-----w- c:\users\Rogério\AppData\Local\cache
2013-12-22 15:21 . 2014-01-05 23:41 -------- d-----w- c:\users\Rogério\AppData\Roaming\newnext.me
2013-12-22 15:21 . 2014-01-04 17:28 -------- d-----w- c:\users\Rogério\AppData\Local\genienext
2013-12-22 15:21 . 2014-01-05 00:46 -------- d-----w- c:\users\Rogério\AppData\Local\Mobogenie
2013-12-22 15:20 . 2013-12-27 19:34 -------- d-----w- c:\program files\Mobogenie
2013-12-22 14:52 . 2013-12-30 17:20 -------- d-----w- c:\programdata\McAfee
2013-12-22 14:52 . 2013-12-31 20:41 -------- d-----w- c:\programdata\Freemake
2013-12-22 14:51 . 2013-12-31 20:41 -------- d-----w- c:\program files\Freemake
2013-12-22 14:51 . 2013-12-22 14:51 -------- d-----w- c:\users\Rogério\AppData\Roaming\OpenCandy
2013-12-11 21:42 . 2013-11-26 08:52 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-12-11 21:42 . 2013-11-26 08:29 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-12-11 21:42 . 2013-11-26 07:49 1584640 ----a-w- c:\program files\Internet Explorer\F12.dll
2013-12-11 21:42 . 2013-11-26 06:33 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-12-11 21:42 . 2013-11-26 07:55 469504 ----a-w- c:\program files\Internet Explorer\ieinstal.exe
2013-12-11 21:42 . 2013-11-26 07:32 1928192 ----a-w- c:\windows\system32\inetcpl.cpl
2013-12-11 21:42 . 2013-11-26 08:16 4243968 ----a-w- c:\windows\system32\jscript9.dll
2013-12-11 21:36 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-11 21:36 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-11 10:35 . 2013-10-30 02:19 301568 ----a-w- c:\windows\system32\msieftp.dll
2013-12-11 10:33 . 2013-10-19 01:36 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-11 10:33 . 2013-10-12 02:04 121856 ----a-w- c:\windows\system32\wshom.ocx
2013-12-11 10:33 . 2013-10-12 02:03 163840 ----a-w- c:\windows\system32\scrrun.dll
2013-12-11 10:33 . 2013-10-12 01:15 141824 ----a-w- c:\windows\system32\wscript.exe
2013-12-11 10:33 . 2013-10-12 01:15 126976 ----a-w- c:\windows\system32\cscript.exe
2013-12-11 10:33 . 2013-11-23 18:26 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-11 10:33 . 2013-11-12 02:07 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-11 10:33 . 2013-10-30 01:27 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-12-11 10:33 . 2013-10-04 01:49 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-11 10:33 . 2013-10-04 01:17 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-07 09:12 . 2013-12-07 09:21 -------- d-----w- c:\users\Rogério\AppData\Local\Microsoft Games
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-05 23:39 . 2013-10-07 18:40 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys
2013-12-10 18:24 . 2013-03-01 14:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 18:24 . 2013-03-01 14:00 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-10 18:24 . 2013-10-08 17:18 8699272 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-12-02 19:07 . 2013-12-02 19:07 54280 ----a-w- c:\windows\system32\drivers\pcbldrv.sys
2013-11-20 05:03 . 2013-11-20 05:03 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-20 05:03 . 2013-11-20 05:03 194048 ----a-w- c:\windows\system32\elshyph.dll
2013-11-20 05:03 . 2013-11-20 05:03 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-20 05:03 . 2013-11-20 05:03 645120 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-20 05:03 . 2013-11-20 05:03 182272 ----a-w- c:\windows\system32\msls31.dll
2013-11-20 05:03 . 2013-11-20 05:03 62464 ----a-w- c:\windows\system32\tdc.ocx
2013-11-20 05:03 . 2013-11-20 05:03 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-20 05:03 . 2013-11-20 05:03 337408 ----a-w- c:\windows\system32\html.iec
2013-11-20 05:03 . 2013-11-20 05:03 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-20 05:03 . 2013-11-20 05:03 24576 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-20 05:03 . 2013-11-20 05:03 151552 ----a-w- c:\windows\system32\iexpress.exe
2013-11-20 05:03 . 2013-11-20 05:03 139264 ----a-w- c:\windows\system32\wextract.exe
2013-11-20 05:03 . 2013-11-20 05:03 454656 ----a-w- c:\windows\system32\vbscript.dll
2013-11-20 05:03 . 2013-11-20 05:03 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-20 05:03 . 2013-11-20 05:03 36352 ----a-w- c:\windows\system32\imgutil.dll
2013-11-20 05:03 . 2013-11-20 05:03 13312 ----a-w- c:\windows\system32\mshta.exe
2013-11-20 05:02 . 2013-11-20 05:02 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-20 05:02 . 2013-11-20 05:02 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-20 05:02 . 2013-11-20 05:02 86016 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-20 05:02 . 2013-11-20 05:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-19 10:21 . 2013-03-01 13:56 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-25 15:26 . 2013-10-25 15:27 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-18 11:18 . 2013-12-06 13:01 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A65ACAE1-6E20-4060-949D-C9245E363F2D}\gapaengine.dll
2013-10-18 11:18 . 2013-03-15 00:22 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-12 02:03 . 2013-11-14 11:33 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:01 . 2013-11-14 11:33 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01 . 2013-11-14 11:33 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"NextLive"="c:\users\Rogério\AppData\Roaming\newnext.me\nengine.dll" [2013-11-14 1283584]
"Tim"="c:\program files\TI Software\TiMONITOR\lsass.exe" [2011-03-30 5279744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2009-09-23 167008]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-12-17 2045224]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-11-01 11442792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-31 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-31 168960]
"GfxServiceInstall"="c:\windows\system32\GfxServiceInstall.bat" [2011-10-31 51]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"taskmgw"="c:\users\Public\appmsgr\services.exe" [2012-04-04 1428992]
"Tim"="c:\program files\TI Software\TiMONITOR\lsass.exe" [2011-03-30 5279744]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"pcbl-sys"="c:\program files\PCBlindado\pcbl-sys.exe" [2013-12-09 61440]
"mobilegeni daemon"="c:\program files\Mobogenie\DaemonProcess.exe" [2013-12-27 761536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-05-02 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399011}"= "c:\program files\GbPlugin\gbiehscd.dll" [2013-05-02 1356824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2013-10-07 14:32 1487912 ------w- c:\program files\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2013-10-16 18:01 1479528 ------w- c:\program files\GbPlugin\gbiehcef.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginScd]
2013-05-02 19:35 1356824 ------w- c:\program files\GbPlugin\gbiehscd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OSD.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk
backup=c:\windows\pss\OSD.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-04-19 18:19 18678376 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-26 108032]
R3 igddim32;igddim32;c:\windows\system32\DRIVERS\igddim32.sys [2011-10-31 1335808]
R3 imgkmd32;imgkmd32;c:\windows\system32\DRIVERS\imgkmd32.sys [2011-10-31 415744]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-11-29 143960]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\DRIVERS\JME.sys [2010-11-10 113680]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2010-03-05 17408]
R3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\DRIVERS\gbpndisrd.sys [2014-01-05 31088]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 104768]
R3 NisSrv;Inspeção de Rede da Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2013-10-23 280288]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-11 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2013-07-01 47688]
S1 pcbldrv;pcbldrv;c:\windows\system32\drivers\pcbldrv.sys [2013-12-02 54280]
S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2013-10-16 452968]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-04-07 99896]
S2 pcbl-svc;pcbl-svc;c:\program files\PCBlindado\pcbl-svc.exe [2013-12-09 171400]
S2 scpVista;scpVista;c:\program files\Scpad\scpVista.exe [2012-10-24 360624]
S2 SoilIO;SoilIO; [x]
S3 IntcDAud;Áudio do vídeo Intel(R);c:\windows\system32\DRIVERS\IntcDAud.sys [2011-06-09 278528]
S3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\gbpndisrd.sys [2014-01-05 31088]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-06-23 1036904]
S3 soilkbc;soilkbc; [x]
S3 SoilMC;SoilMC; [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 10:29 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-01 18:24]
.
2014-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-01 15:04]
.
2014-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-01 15:04]
.
.
------- Scan Suplementar -------
.
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
mStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
Trusted Zone: caixa.gov.br\imagem
Trusted Zone: caixa.gov.br\internetbanking
Trusted Zone: caixa.gov.br\internetbankingpf
Trusted Zone: caixa.gov.br\www
Trusted Zone: sicredi.com.br\ibpj
Trusted Zone: sicredi.com.br\si-plg
Trusted Zone: sicredi.com.br\www
Trusted Zone: sicreditotal.com.br\internet
TCP: DhcpNameServer = 189.7.24.16 189.7.24.15 201.6.4.116
TCP: Interfaces\{A5649C5B-D4F7-4DB4-8C73-C59781615DF2}: NameServer = 208.67.222.123,208.67.220.123
TCP: Interfaces\{A5649C5B-D4F7-4DB4-8C73-C59781615DF2}\D61627C656E656F5C616E6: NameServer = 208.67.222.123,208.67.220.123
DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
SafeBoot-Syslogon
AddRemove-_{63218538-4A69-497F-8455-904261B0E9E4} - c:\program files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {63218538-4A69-497F-8455-904261B0E9E4}
AddRemove-{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1 - c:\users\Rogério\AppData\Roaming\unins000.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'lsass.exe'(3564)
c:\windows\System32\MSWINSCK.OCX
c:\windows\System32\GetloggedinUser.dll
c:\windows\system32\VBAJET32.DLL
c:\windows\system32\expsrv.dll
c:\windows\system32\MSCOMCT2.OCX
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
c:\programdata\rvlkl\rvlkl.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Mobogenie\mgusb.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Tempo para conclusão: 2014-01-05 21:47:58 - Máquina reiniciou
ComboFix-quarantined-files.txt 2014-01-05 23:47
.
Pré-execução: 443.947.802.624 bytes disponíveis
Pós execução: 443.653.369.856 bytes disponíveis
.
- - End Of File - - 59E9ECDC635B5DEA96B64184645CA8BD
A36C5E4F47E84449FF07ED3517B43A31
Por favor alguém pode verificar o log feito pelo combofix segue abaixo e dar opinião se tenho que fazer alguma coisa para melhorar o meu note.
ComboFix 14-01-04.03 - Rogério 05/01/2014 21:25:28.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.3316.1991 [GMT -2:00]
Executando de: c:\users\Rogério\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - system32: deleted 6 bytes in 3 streams.
ADS - drivers: deleted 412 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
C:\Microsoft
c:\progra~1\BAIXAR~1\SOUNdf~1.dll
c:\programdata\DRV10.tmp
c:\programdata\E2010.tmp
c:\programdata\SearchNewTab
c:\programdata\Weekapp
c:\users\Rogério\AppData\Roaming\unins000.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_winsvc
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-12-05 to 2014-01-05 ))))))))))))))))))))))))))))
.
.
2014-01-04 15:54 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-02 16:58 . 2014-01-02 16:58 -------- d-----w- c:\program files\VS Revo Group
2014-01-02 16:55 . 2014-01-02 17:05 -------- d-----w- c:\users\Rogério\AppData\Local\Oxy
2014-01-02 16:55 . 2014-01-02 16:55 -------- d-----w- c:\users\Rogério\AppData\Local\Chromium
2013-12-31 00:39 . 2013-12-31 00:39 -------- d-----w- c:\program files\CCleaner
2013-12-31 00:34 . 2013-12-31 00:34 -------- d-----w- c:\program files\ToniArts
2013-12-31 00:02 . 2013-12-31 00:02 -------- d--h--w- c:\programdata\HBM2
2013-12-30 23:35 . 2013-12-30 23:44 264 ---h--w- c:\programdata\gwp2.sys
2013-12-30 23:35 . 2013-12-30 23:34 783504 ----a-w- c:\windows\system32\fbx1.dat
2013-12-22 15:28 . 2013-12-22 15:28 -------- d-----w- c:\users\Rogério\AppData\Local\AnyUtils
2013-12-22 15:21 . 2013-12-22 15:21 -------- d-----w- c:\users\Rogério\.android
2013-12-22 15:21 . 2013-12-27 19:19 -------- d-----w- c:\users\Rogério\AppData\Local\cache
2013-12-22 15:21 . 2014-01-05 23:41 -------- d-----w- c:\users\Rogério\AppData\Roaming\newnext.me
2013-12-22 15:21 . 2014-01-04 17:28 -------- d-----w- c:\users\Rogério\AppData\Local\genienext
2013-12-22 15:21 . 2014-01-05 00:46 -------- d-----w- c:\users\Rogério\AppData\Local\Mobogenie
2013-12-22 15:20 . 2013-12-27 19:34 -------- d-----w- c:\program files\Mobogenie
2013-12-22 14:52 . 2013-12-30 17:20 -------- d-----w- c:\programdata\McAfee
2013-12-22 14:52 . 2013-12-31 20:41 -------- d-----w- c:\programdata\Freemake
2013-12-22 14:51 . 2013-12-31 20:41 -------- d-----w- c:\program files\Freemake
2013-12-22 14:51 . 2013-12-22 14:51 -------- d-----w- c:\users\Rogério\AppData\Roaming\OpenCandy
2013-12-11 21:42 . 2013-11-26 08:52 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-12-11 21:42 . 2013-11-26 08:29 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-12-11 21:42 . 2013-11-26 07:49 1584640 ----a-w- c:\program files\Internet Explorer\F12.dll
2013-12-11 21:42 . 2013-11-26 06:33 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-12-11 21:42 . 2013-11-26 07:55 469504 ----a-w- c:\program files\Internet Explorer\ieinstal.exe
2013-12-11 21:42 . 2013-11-26 07:32 1928192 ----a-w- c:\windows\system32\inetcpl.cpl
2013-12-11 21:42 . 2013-11-26 08:16 4243968 ----a-w- c:\windows\system32\jscript9.dll
2013-12-11 21:36 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-11 21:36 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-11 10:35 . 2013-10-30 02:19 301568 ----a-w- c:\windows\system32\msieftp.dll
2013-12-11 10:33 . 2013-10-19 01:36 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-11 10:33 . 2013-10-12 02:04 121856 ----a-w- c:\windows\system32\wshom.ocx
2013-12-11 10:33 . 2013-10-12 02:03 163840 ----a-w- c:\windows\system32\scrrun.dll
2013-12-11 10:33 . 2013-10-12 01:15 141824 ----a-w- c:\windows\system32\wscript.exe
2013-12-11 10:33 . 2013-10-12 01:15 126976 ----a-w- c:\windows\system32\cscript.exe
2013-12-11 10:33 . 2013-11-23 18:26 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-11 10:33 . 2013-11-12 02:07 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-11 10:33 . 2013-10-30 01:27 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-12-11 10:33 . 2013-10-04 01:49 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-11 10:33 . 2013-10-04 01:17 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-07 09:12 . 2013-12-07 09:21 -------- d-----w- c:\users\Rogério\AppData\Local\Microsoft Games
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-05 23:39 . 2013-10-07 18:40 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys
2013-12-10 18:24 . 2013-03-01 14:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 18:24 . 2013-03-01 14:00 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-10 18:24 . 2013-10-08 17:18 8699272 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-12-02 19:07 . 2013-12-02 19:07 54280 ----a-w- c:\windows\system32\drivers\pcbldrv.sys
2013-11-20 05:03 . 2013-11-20 05:03 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-20 05:03 . 2013-11-20 05:03 194048 ----a-w- c:\windows\system32\elshyph.dll
2013-11-20 05:03 . 2013-11-20 05:03 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-20 05:03 . 2013-11-20 05:03 645120 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-20 05:03 . 2013-11-20 05:03 182272 ----a-w- c:\windows\system32\msls31.dll
2013-11-20 05:03 . 2013-11-20 05:03 62464 ----a-w- c:\windows\system32\tdc.ocx
2013-11-20 05:03 . 2013-11-20 05:03 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-20 05:03 . 2013-11-20 05:03 337408 ----a-w- c:\windows\system32\html.iec
2013-11-20 05:03 . 2013-11-20 05:03 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-20 05:03 . 2013-11-20 05:03 24576 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-20 05:03 . 2013-11-20 05:03 151552 ----a-w- c:\windows\system32\iexpress.exe
2013-11-20 05:03 . 2013-11-20 05:03 139264 ----a-w- c:\windows\system32\wextract.exe
2013-11-20 05:03 . 2013-11-20 05:03 454656 ----a-w- c:\windows\system32\vbscript.dll
2013-11-20 05:03 . 2013-11-20 05:03 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-20 05:03 . 2013-11-20 05:03 36352 ----a-w- c:\windows\system32\imgutil.dll
2013-11-20 05:03 . 2013-11-20 05:03 13312 ----a-w- c:\windows\system32\mshta.exe
2013-11-20 05:02 . 2013-11-20 05:02 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-20 05:02 . 2013-11-20 05:02 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-20 05:02 . 2013-11-20 05:02 86016 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-20 05:02 . 2013-11-20 05:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-19 10:21 . 2013-03-01 13:56 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-25 15:26 . 2013-10-25 15:27 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-18 11:18 . 2013-12-06 13:01 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A65ACAE1-6E20-4060-949D-C9245E363F2D}\gapaengine.dll
2013-10-18 11:18 . 2013-03-15 00:22 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-12 02:03 . 2013-11-14 11:33 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:01 . 2013-11-14 11:33 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01 . 2013-11-14 11:33 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"NextLive"="c:\users\Rogério\AppData\Roaming\newnext.me\nengine.dll" [2013-11-14 1283584]
"Tim"="c:\program files\TI Software\TiMONITOR\lsass.exe" [2011-03-30 5279744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2009-09-23 167008]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-12-17 2045224]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-11-01 11442792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-31 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-31 168960]
"GfxServiceInstall"="c:\windows\system32\GfxServiceInstall.bat" [2011-10-31 51]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"taskmgw"="c:\users\Public\appmsgr\services.exe" [2012-04-04 1428992]
"Tim"="c:\program files\TI Software\TiMONITOR\lsass.exe" [2011-03-30 5279744]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"pcbl-sys"="c:\program files\PCBlindado\pcbl-sys.exe" [2013-12-09 61440]
"mobilegeni daemon"="c:\program files\Mobogenie\DaemonProcess.exe" [2013-12-27 761536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-05-02 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399011}"= "c:\program files\GbPlugin\gbiehscd.dll" [2013-05-02 1356824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2013-10-07 14:32 1487912 ------w- c:\program files\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2013-10-16 18:01 1479528 ------w- c:\program files\GbPlugin\gbiehcef.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginScd]
2013-05-02 19:35 1356824 ------w- c:\program files\GbPlugin\gbiehscd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OSD.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk
backup=c:\windows\pss\OSD.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-04-19 18:19 18678376 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-26 108032]
R3 igddim32;igddim32;c:\windows\system32\DRIVERS\igddim32.sys [2011-10-31 1335808]
R3 imgkmd32;imgkmd32;c:\windows\system32\DRIVERS\imgkmd32.sys [2011-10-31 415744]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-11-29 143960]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\DRIVERS\JME.sys [2010-11-10 113680]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2010-03-05 17408]
R3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\DRIVERS\gbpndisrd.sys [2014-01-05 31088]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 104768]
R3 NisSrv;Inspeção de Rede da Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2013-10-23 280288]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-11 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2013-07-01 47688]
S1 pcbldrv;pcbldrv;c:\windows\system32\drivers\pcbldrv.sys [2013-12-02 54280]
S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2013-10-16 452968]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-04-07 99896]
S2 pcbl-svc;pcbl-svc;c:\program files\PCBlindado\pcbl-svc.exe [2013-12-09 171400]
S2 scpVista;scpVista;c:\program files\Scpad\scpVista.exe [2012-10-24 360624]
S2 SoilIO;SoilIO; [x]
S3 IntcDAud;Áudio do vídeo Intel(R);c:\windows\system32\DRIVERS\IntcDAud.sys [2011-06-09 278528]
S3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\gbpndisrd.sys [2014-01-05 31088]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-06-23 1036904]
S3 soilkbc;soilkbc; [x]
S3 SoilMC;SoilMC; [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 10:29 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-01 18:24]
.
2014-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-01 15:04]
.
2014-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-01 15:04]
.
.
------- Scan Suplementar -------
.
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
mStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
Trusted Zone: caixa.gov.br\imagem
Trusted Zone: caixa.gov.br\internetbanking
Trusted Zone: caixa.gov.br\internetbankingpf
Trusted Zone: caixa.gov.br\www
Trusted Zone: sicredi.com.br\ibpj
Trusted Zone: sicredi.com.br\si-plg
Trusted Zone: sicredi.com.br\www
Trusted Zone: sicreditotal.com.br\internet
TCP: DhcpNameServer = 189.7.24.16 189.7.24.15 201.6.4.116
TCP: Interfaces\{A5649C5B-D4F7-4DB4-8C73-C59781615DF2}: NameServer = 208.67.222.123,208.67.220.123
TCP: Interfaces\{A5649C5B-D4F7-4DB4-8C73-C59781615DF2}\D61627C656E656F5C616E6: NameServer = 208.67.222.123,208.67.220.123
DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
SafeBoot-Syslogon
AddRemove-_{63218538-4A69-497F-8455-904261B0E9E4} - c:\program files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {63218538-4A69-497F-8455-904261B0E9E4}
AddRemove-{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1 - c:\users\Rogério\AppData\Roaming\unins000.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'lsass.exe'(3564)
c:\windows\System32\MSWINSCK.OCX
c:\windows\System32\GetloggedinUser.dll
c:\windows\system32\VBAJET32.DLL
c:\windows\system32\expsrv.dll
c:\windows\system32\MSCOMCT2.OCX
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
c:\programdata\rvlkl\rvlkl.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Mobogenie\mgusb.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Tempo para conclusão: 2014-01-05 21:47:58 - Máquina reiniciou
ComboFix-quarantined-files.txt 2014-01-05 23:47
.
Pré-execução: 443.947.802.624 bytes disponíveis
Pós execução: 443.653.369.856 bytes disponíveis
.
- - End Of File - - 59E9ECDC635B5DEA96B64184645CA8BD
A36C5E4F47E84449FF07ED3517B43A31
Dedeia10- Iniciante
- Mensagens : 20
Reputação : 0
Data de inscrição : 28/12/2013
Re: Verificar Log Combofix
Oi Dedeia.
Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve-o no Desktop (Área de Trabalho)
*Salve qualquer trabalho aberto e feche o seu navegador
*Execute-o, clique [Examinar] e aguarde o término
*Clique [Limpar] e aguarde o término
*Caso seja solicitada a reinicialização do PC, clique [OK] para reiniciar.
*Cole o relatório C:\AdwCleaner\AdwCleaner[S0].txt
Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve-o no Desktop (Área de Trabalho)
*Salve qualquer trabalho aberto e feche o seu navegador
*Execute-o, clique [Examinar] e aguarde o término
*Clique [Limpar] e aguarde o término
*Caso seja solicitada a reinicialização do PC, clique [OK] para reiniciar.
*Cole o relatório C:\AdwCleaner\AdwCleaner[S0].txt
Última edição por Power Max em Sáb 08 Mar 2014, 22:54, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Verificar Log Combofix
Segue abaixo o log depois de efetuado processo
# AdwCleaner v3.016 - Relatório criado 07/01/2014 às 12:28:26
# Atualizado 23/12/2013 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : Rogério - ROGÉRIO-PC
# Executando de : C:\Users\Rogério\Desktop\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\boost_interprocess
Pasta Deletada : C:\ProgramData\eSafe
Pasta Deletada : C:\ProgramData\QuickSet
Pasta Deletada : C:\ProgramData\rvlkl
Pasta Deletada : C:\ProgramData\Tarma Installer
Pasta Deletada : C:\ProgramData\YoutubeAdblocker
Pasta Deletada : C:\ProgramData\ssuurrf iand keep
Pasta Deletada : C:\Program Files\HDvidCodec.com
Pasta Deletada : C:\Program Files\Mobogenie
Pasta Deletada : C:\Program Files\MyPC Backup
Pasta Deletada : C:\Users\Rogério\AppData\Local\lollipop
Pasta Deletada : C:\Users\Rogério\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\Rogério\AppData\Local\Oxy
Pasta Deletada : C:\Users\Rogério\AppData\Roaming\Babylon
Pasta Deletada : C:\Users\Rogério\AppData\Roaming\eIntaller
Pasta Deletada : C:\Users\Rogério\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\Rogério\AppData\Roaming\PerformerSoft
Pasta Deletada : C:\Users\Rogério\AppData\Roaming\pluswinks
Pasta Deletada : C:\Users\Rogério\AppData\Roaming\SpecialSavings
Pasta Deletada : C:\Users\Rogério\AppData\Roaming\SpeedAnalysis2
Pasta Deletada : C:\Users\Rogério\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
Pasta Deletada : C:\Users\Rogério\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Pasta Deletada : C:\Users\Rogério\Documents\Mobogenie
Arquivo Deletada : C:\Windows\system32\roboot.exe
Arquivo Deletada : C:\Users\Rogério\AppData\Roaming\speedanalysis.ico
Arquivo Deletada : C:\Users\Rogério\Desktop\HDVidCodec.lnk
Arquivo Deletada : C:\Users\Rogério\Desktop\Mobogenie.lnk
Arquivo Deletada : C:\Users\Rogério\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
Arquivo Deletada : C:\Users\Rogério\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
Arquivo Deletada : C:\Windows\System32\Tasks\Dealply
Arquivo Deletada : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
***** [ Atalhos ] *****
Atalho Desinfectada : C:\Users\Rogério\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\Rogério\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Rogério\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
***** [ Registro ] *****
Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [pluswinks@PlusWinks]
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [pluswinks@PlusWinks]
Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [SpecialSavings@SpecialSavings.com]
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [SpecialSavings@SpecialSavings.com]
Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis02@SpeedAnalysis.com]
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis02@SpeedAnalysis.com]
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\dnllcmllkjofnojidnaknldfehfhehoo
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\mocblcnaofikinigmceddfghppkkjbog
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65630F4C-BCA3-47D1-AFAC-F3BF252F4573}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65630F4C-BCA3-47D1-AFAC-F3BF252F4573}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10839D8D-CC27-4F3E-AF03-C0116094770F}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10839D8D-CC27-4F3E-AF03-C0116094770F}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34F4E4C8-C6CC-45AF-8A03-F32825C5ACE1}
Chave Deletedo : HKCU\Software\Classes\Applications\lollipop.exe
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\plus-hd-2_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_kgb-free-key-logger_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Chave Deletedo : HKCU\Software\1ClickDownload
Chave Deletedo : HKCU\Software\Escolade
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\LiveSupport
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKCU\Software\AppDataLow\Software\lyrixeeker
Chave Deletedo : HKCU\Software\AppDataLow\Software\Lyrmix
Chave Deletedo : HKLM\Software\aartemisSoftware
Chave Deletedo : HKLM\Software\Desksvc
Chave Deletedo : HKLM\Software\hdcode
Chave Deletedo : HKLM\Software\qvo6Software
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.16428
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v
[ Arquivo : C:\Users\Rogério\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]
-\\ Google Chrome v31.0.1650.63
[ Arquivo : C:\Users\Rogério\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [9776 octets] - [07/01/2014 12:24:51]
AdwCleaner[S0].txt - [8975 octets] - [07/01/2014 12:28:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9035 octets] ##########
# AdwCleaner v3.016 - Relatório criado 07/01/2014 às 12:28:26
# Atualizado 23/12/2013 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : Rogério - ROGÉRIO-PC
# Executando de : C:\Users\Rogério\Desktop\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\boost_interprocess
Pasta Deletada : C:\ProgramData\eSafe
Pasta Deletada : C:\ProgramData\QuickSet
Pasta Deletada : C:\ProgramData\rvlkl
Pasta Deletada : C:\ProgramData\Tarma Installer
Pasta Deletada : C:\ProgramData\YoutubeAdblocker
Pasta Deletada : C:\ProgramData\ssuurrf iand keep
Pasta Deletada : C:\Program Files\HDvidCodec.com
Pasta Deletada : C:\Program Files\Mobogenie
Pasta Deletada : C:\Program Files\MyPC Backup
Pasta Deletada : C:\Users\Rogério\AppData\Local\lollipop
Pasta Deletada : C:\Users\Rogério\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\Rogério\AppData\Local\Oxy
Pasta Deletada : C:\Users\Rogério\AppData\Roaming\Babylon
Pasta Deletada : C:\Users\Rogério\AppData\Roaming\eIntaller
Pasta Deletada : C:\Users\Rogério\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\Rogério\AppData\Roaming\PerformerSoft
Pasta Deletada : C:\Users\Rogério\AppData\Roaming\pluswinks
Pasta Deletada : C:\Users\Rogério\AppData\Roaming\SpecialSavings
Pasta Deletada : C:\Users\Rogério\AppData\Roaming\SpeedAnalysis2
Pasta Deletada : C:\Users\Rogério\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
Pasta Deletada : C:\Users\Rogério\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Pasta Deletada : C:\Users\Rogério\Documents\Mobogenie
Arquivo Deletada : C:\Windows\system32\roboot.exe
Arquivo Deletada : C:\Users\Rogério\AppData\Roaming\speedanalysis.ico
Arquivo Deletada : C:\Users\Rogério\Desktop\HDVidCodec.lnk
Arquivo Deletada : C:\Users\Rogério\Desktop\Mobogenie.lnk
Arquivo Deletada : C:\Users\Rogério\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
Arquivo Deletada : C:\Users\Rogério\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
Arquivo Deletada : C:\Windows\System32\Tasks\Dealply
Arquivo Deletada : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
***** [ Atalhos ] *****
Atalho Desinfectada : C:\Users\Rogério\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\Rogério\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Rogério\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
***** [ Registro ] *****
Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [pluswinks@PlusWinks]
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [pluswinks@PlusWinks]
Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [SpecialSavings@SpecialSavings.com]
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [SpecialSavings@SpecialSavings.com]
Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis02@SpeedAnalysis.com]
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis02@SpeedAnalysis.com]
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\dnllcmllkjofnojidnaknldfehfhehoo
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\mocblcnaofikinigmceddfghppkkjbog
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65630F4C-BCA3-47D1-AFAC-F3BF252F4573}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65630F4C-BCA3-47D1-AFAC-F3BF252F4573}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10839D8D-CC27-4F3E-AF03-C0116094770F}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10839D8D-CC27-4F3E-AF03-C0116094770F}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34F4E4C8-C6CC-45AF-8A03-F32825C5ACE1}
Chave Deletedo : HKCU\Software\Classes\Applications\lollipop.exe
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\plus-hd-2_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_kgb-free-key-logger_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Chave Deletedo : HKCU\Software\1ClickDownload
Chave Deletedo : HKCU\Software\Escolade
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\LiveSupport
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKCU\Software\AppDataLow\Software\lyrixeeker
Chave Deletedo : HKCU\Software\AppDataLow\Software\Lyrmix
Chave Deletedo : HKLM\Software\aartemisSoftware
Chave Deletedo : HKLM\Software\Desksvc
Chave Deletedo : HKLM\Software\hdcode
Chave Deletedo : HKLM\Software\qvo6Software
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.16428
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v
[ Arquivo : C:\Users\Rogério\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]
-\\ Google Chrome v31.0.1650.63
[ Arquivo : C:\Users\Rogério\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [9776 octets] - [07/01/2014 12:24:51]
AdwCleaner[S0].txt - [8975 octets] - [07/01/2014 12:28:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9035 octets] ##########
Dedeia10- Iniciante
- Mensagens : 20
Reputação : 0
Data de inscrição : 28/12/2013
Re: Verificar Log Combofix
Vários problemas foram removidos pelo AdwCleaner.
__________________________
Siga, por gentileza, as dicas do tutorial abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste, por gentileza, o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt.
Ficamos na espera.
Última edição por Power Max em Sáb 08 Mar 2014, 22:55, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Verificar Log Combofix
Olá fiz o processo e segue o log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Ultimate x86
Ran by Rog‚rio on 08/01/2014 at 12:01:19,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\hdvid codec v1-codedownloader_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49ED9900-38CD-453C-BBA7-3F2613317F5A}
~~~ Files
~~~ Folders
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/01/2014 at 12:06:56,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Ultimate x86
Ran by Rog‚rio on 08/01/2014 at 12:01:19,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\hdvid codec v1-codedownloader_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49ED9900-38CD-453C-BBA7-3F2613317F5A}
~~~ Files
~~~ Folders
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/01/2014 at 12:06:56,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dedeia10- Iniciante
- Mensagens : 20
Reputação : 0
Data de inscrição : 28/12/2013
Re: Verificar Log Combofix
Mais problemas foram removidos.
__________________________________
Como está seu PC depois destes procedimentos?
__________________________________
Como está seu PC depois destes procedimentos?
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Verificar Log Combofix
Melhorou...
Em questão a esses programas que estão salvos na área de trabalho posso excluir ?
Em questão a esses programas que estão salvos na área de trabalho posso excluir ?
Dedeia10- Iniciante
- Mensagens : 20
Reputação : 0
Data de inscrição : 28/12/2013
Re: Verificar Log Combofix
Quando completarmos as limpezas, a gente exclui esses programas utilizados.Dedeia10 escreveu:Em questão a esses programas que estão salvos na área de trabalho posso excluir ?
______________________________
Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Na sua próxima resposta poste este log do Malwarebytes para que possamos analisá-lo.
Ficamos no aguardo.
Última edição por Power Max em Sáb 08 Mar 2014, 22:55, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Verificar Log Combofix
Utilizado o Malwarebytes Anti-Malware e abaixo o log
Malwarebytes Anti-Malware 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Versão da Base de Dados: v2014.01.19.07
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Rogério :: ROGÉRIO-PC [administrador]
19/01/2014 22:59:05
mbam-log-2014-01-19 (22-59-05).txt
Tipo de Verificação: Verificação Completa (C:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 346503
Tempo decorrido: 1 hora(s), 43 minuto(s), 32 segundo(s)
Processos de Memória Detectados: 1
C:\Program Files\TI Software\TiMONITOR\lsass.exe (Trojan.Agent) -> 1572 -> Nenhuma ação foi feita.
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Valores de Registro Detectadas: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Tim (Trojan.Agent) -> Data: C:\Program Files\TI Software\TiMONITOR\lsass.exe -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Tim (Trojan.Agent) -> Data: C:\Program Files\TI Software\TiMONITOR\lsass.exe -> Enviado para a Quarentena e deletado com sucesso.
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 2
C:\Users\Rogério\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
Arquivos Detectados: 13
C:\AdwCleaner\Quarantine\C\Users\Rogério\AppData\Roaming\eIntaller\56B4378A8633485a86552E45C71CDC73\Desk365.exe.vir (PUP.Optional.E7) -> Nenhuma ação foi feita.
C:\PROGRAMAS\programa corel\Corel\Corel x3\keygen.exe (RiskWare.Tool.CK) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\Lamborghini-Diablo-Vermelha_1920x1080.exe (PUP.Optional.UltraDownloads) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\presilo-label-043-32-bits.exe (PUP.Optional.InstallCore) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\aTubeCatcher (1).exe (PUP.Optional.Spigot.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\aTubeCatcher.exe (PUP.Optional.Spigot.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\Setup.exe (PUP.Optional.BundleInstaller.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\SoftonicDownloader_para_combofix.exe (PUP.Optional.Softonic.A) -> Nenhuma ação foi feita.
C:\Program Files\TI Software\TiMONITOR\lsass.exe (Trojan.Agent) -> Nenhuma ação foi feita.
C:\Users\Rogério\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\AdwCleaner\Quarantine\C\ProgramData\rvlkl\rvlkl.exe.vir (Keylogger.Logixoft) -> Enviado para a Quarentena e deletado com sucesso.
(fim)
Malwarebytes Anti-Malware 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Versão da Base de Dados: v2014.01.19.07
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Rogério :: ROGÉRIO-PC [administrador]
19/01/2014 22:59:05
mbam-log-2014-01-19 (22-59-05).txt
Tipo de Verificação: Verificação Completa (C:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 346503
Tempo decorrido: 1 hora(s), 43 minuto(s), 32 segundo(s)
Processos de Memória Detectados: 1
C:\Program Files\TI Software\TiMONITOR\lsass.exe (Trojan.Agent) -> 1572 -> Nenhuma ação foi feita.
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Valores de Registro Detectadas: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Tim (Trojan.Agent) -> Data: C:\Program Files\TI Software\TiMONITOR\lsass.exe -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Tim (Trojan.Agent) -> Data: C:\Program Files\TI Software\TiMONITOR\lsass.exe -> Enviado para a Quarentena e deletado com sucesso.
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 2
C:\Users\Rogério\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
Arquivos Detectados: 13
C:\AdwCleaner\Quarantine\C\Users\Rogério\AppData\Roaming\eIntaller\56B4378A8633485a86552E45C71CDC73\Desk365.exe.vir (PUP.Optional.E7) -> Nenhuma ação foi feita.
C:\PROGRAMAS\programa corel\Corel\Corel x3\keygen.exe (RiskWare.Tool.CK) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\Lamborghini-Diablo-Vermelha_1920x1080.exe (PUP.Optional.UltraDownloads) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\presilo-label-043-32-bits.exe (PUP.Optional.InstallCore) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\aTubeCatcher (1).exe (PUP.Optional.Spigot.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\aTubeCatcher.exe (PUP.Optional.Spigot.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\Setup.exe (PUP.Optional.BundleInstaller.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\SoftonicDownloader_para_combofix.exe (PUP.Optional.Softonic.A) -> Nenhuma ação foi feita.
C:\Program Files\TI Software\TiMONITOR\lsass.exe (Trojan.Agent) -> Nenhuma ação foi feita.
C:\Users\Rogério\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\AdwCleaner\Quarantine\C\ProgramData\rvlkl\rvlkl.exe.vir (Keylogger.Logixoft) -> Enviado para a Quarentena e deletado com sucesso.
(fim)
Dedeia10- Iniciante
- Mensagens : 20
Reputação : 0
Data de inscrição : 28/12/2013
Re: Verificar Log Combofix
No seu log do Malwarebytes está constando que alguns problemas não foram removidos (veja que consta a informação: Nenhuma ação foi feita).
Sugiro que selecione estes outros problemas e os remova. Depois disto poste o novo log que o Malwarebytes irá criar, por gentileza.
Sugiro que selecione estes outros problemas e os remova. Depois disto poste o novo log que o Malwarebytes irá criar, por gentileza.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Verificar Log Combofix
Caso eu marco essas opções esses programas TI monitor; para de funcionar ? Pois fui q instalei na maquina
Dedeia10- Iniciante
- Mensagens : 20
Reputação : 0
Data de inscrição : 28/12/2013
Re: Verificar Log Combofix
Neste caso você pode remover estes abaixo:
C:\Users\Rogério\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\AdwCleaner\Quarantine\C\Users\Rogério\AppData\Roaming\eIntaller\56B4378A8633485a86552E45C71CDC73\Desk365.exe.vir (PUP.Optional.E7) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\Lamborghini-Diablo-Vermelha_1920x1080.exe (PUP.Optional.UltraDownloads) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\presilo-label-043-32-bits.exe (PUP.Optional.InstallCore) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\aTubeCatcher (1).exe (PUP.Optional.Spigot.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\aTubeCatcher.exe (PUP.Optional.Spigot.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\Setup.exe (PUP.Optional.BundleInstaller.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\SoftonicDownloader_para_combofix.exe (PUP.Optional.Softonic.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
E o bom do Malwarebytes é que ao excluir estes itens acima eles vão ficar na quarentena do Malwarebytes, então se depois você precisar restaurar algum deles é só ir na quarentena do Malwarebytes e restaurar o item.
C:\Users\Rogério\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\AdwCleaner\Quarantine\C\Users\Rogério\AppData\Roaming\eIntaller\56B4378A8633485a86552E45C71CDC73\Desk365.exe.vir (PUP.Optional.E7) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\Lamborghini-Diablo-Vermelha_1920x1080.exe (PUP.Optional.UltraDownloads) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\presilo-label-043-32-bits.exe (PUP.Optional.InstallCore) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\aTubeCatcher (1).exe (PUP.Optional.Spigot.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\aTubeCatcher.exe (PUP.Optional.Spigot.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\Setup.exe (PUP.Optional.BundleInstaller.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\SoftonicDownloader_para_combofix.exe (PUP.Optional.Softonic.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
E o bom do Malwarebytes é que ao excluir estes itens acima eles vão ficar na quarentena do Malwarebytes, então se depois você precisar restaurar algum deles é só ir na quarentena do Malwarebytes e restaurar o item.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Verificar Log Combofix
Olá
segui com as dicas e deu o seguinte log
Malwarebytes Anti-Malware 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Versão da Base de Dados: v2014.02.08.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Rogério :: ROGÉRIO-PC [administrador]
08/02/2014 09:39:30
mbam-log-2014-02-08 (09-39-30).txt
Tipo de Verificação: Verificação Completa (C:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 349686
Tempo decorrido: 2 hora(s), 1 minuto(s), 8 segundo(s)
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 2
C:\Users\Rogério\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
Arquivos Detectados: 15
C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\nengine.dll.vir (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\AdwCleaner\Quarantine\C\Users\Rogério\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.36.zip.vir (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\AdwCleaner\Quarantine\C\Users\Rogério\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\AdwCleaner\Quarantine\C\Users\Rogério\AppData\Roaming\eIntaller\56B4378A8633485a86552E45C71CDC73\Desk365.exe.vir (PUP.Optional.E7) -> Enviado para a Quarentena e deletado com sucesso.
C:\PROGRAMAS\programa corel\Corel\Corel x3\keygen.exe (RiskWare.Tool.CK) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\AppData\Local\genienext\nengine.dll (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\Downloads\Lamborghini-Diablo-Vermelha_1920x1080.exe (PUP.Optional.UltraDownloads) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\Downloads\presilo-label-043-32-bits.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\Downloads\aTubeCatcher (1).exe (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\Downloads\aTubeCatcher.exe (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\Downloads\Setup.exe (PUP.Optional.BundleInstaller.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\Downloads\SoftonicDownloader_para_combofix.exe (PUP.Optional.Softonic.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.
(fim)
segui com as dicas e deu o seguinte log
Malwarebytes Anti-Malware 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Versão da Base de Dados: v2014.02.08.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Rogério :: ROGÉRIO-PC [administrador]
08/02/2014 09:39:30
mbam-log-2014-02-08 (09-39-30).txt
Tipo de Verificação: Verificação Completa (C:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 349686
Tempo decorrido: 2 hora(s), 1 minuto(s), 8 segundo(s)
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 2
C:\Users\Rogério\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
Arquivos Detectados: 15
C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\nengine.dll.vir (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\AdwCleaner\Quarantine\C\Users\Rogério\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.36.zip.vir (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\AdwCleaner\Quarantine\C\Users\Rogério\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\AdwCleaner\Quarantine\C\Users\Rogério\AppData\Roaming\eIntaller\56B4378A8633485a86552E45C71CDC73\Desk365.exe.vir (PUP.Optional.E7) -> Enviado para a Quarentena e deletado com sucesso.
C:\PROGRAMAS\programa corel\Corel\Corel x3\keygen.exe (RiskWare.Tool.CK) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\AppData\Local\genienext\nengine.dll (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\Downloads\Lamborghini-Diablo-Vermelha_1920x1080.exe (PUP.Optional.UltraDownloads) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\Downloads\presilo-label-043-32-bits.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\Downloads\aTubeCatcher (1).exe (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\Downloads\aTubeCatcher.exe (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\Downloads\Setup.exe (PUP.Optional.BundleInstaller.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\Downloads\SoftonicDownloader_para_combofix.exe (PUP.Optional.Softonic.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.
(fim)
Dedeia10- Iniciante
- Mensagens : 20
Reputação : 0
Data de inscrição : 28/12/2013
Re: Verificar Log Combofix
|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )
|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
|- Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Última edição por Power Max em Sáb 08 Mar 2014, 22:55, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Verificar Log Combofix
Segue abaixo o log
~ Relatório do ZHPDiag v2014.2.14.14 - Nicolas Coolman (14/02/2014)
~ Iniciado por Rogério (16/02/2014 21:08:48)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16518 (Defaut)
GCIE: Google Chrome v32.0.1700.107
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 1.75.0.1300
Microsoft Security Client v4.4.0304.0
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.09 =>Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 ActiveX
Adobe Reader X
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 54 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3315 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 412 GB (88%) free of 466 GB
---\\ Modo de conexão ao sistema
~ Computer Name: ROGÉRIO-PC
~ User Name: Rogério
~ All Users Names: Rogério, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Rogério\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Rogério\AppData\Roaming\
~ %Desktop% : C:\Users\Rogério\Desktop\
~ %Favorites% : C:\Users\Rogério\Favorites\
~ %LocalAppData% : C:\Users\Rogério\AppData\Local\
~ %StartMenu% : C:\Users\Rogério\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 412 Go of 466 Go)
D: CD-ROM drive (Free 0 Go of 4 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.9C89246184979A070B0C6CCF61C68136] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/02/2014 - 05:41:35.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 09:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/188
~ Mes musiques (My Musics) : 24/885
~ Mes Videos (My Videos) : 2/19
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 1/1795
~ Mon Bureau (My Desktop) : 1/409
~ Menu demarrer (Programs) : 1/33
~ Hidden Files: Scanned in 00mn 01s
---\\ Processos lançados
[MD5.DAAA237C34A506EF56D44A56EA039CC0] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe [452968] [PID.724]
[MD5.B0F49DA36F30922F5DDC3B623B778FCE] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208] [PID.908]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1864]
[MD5.94D23D4F096F12CA42C2FE4196631F46] - (.HP - HP Smart-Install Service.) -- C:\Windows\system32\HPSIsvc.exe [99896] [PID.1912]
[MD5.5E5F111A8D57E1169E6D3BB7B621D9D9] - (.pcbl-svc - pcbl-svc.) -- C:\Program Files\PCBlindado\pcbl-svc.exe [171912] [PID.2012]
[MD5.048EA4B978851788E9F5E8E4F081DF7A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904] [PID.620]
[MD5.D2AEADFD998706B4216315B2BD3FA79E] - (.InstallShield Software Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920] [PID.752]
[MD5.9FD56482AD770985D6E07AA588DCB0D2] - (...) -- C:\Users\Public\appmsgr\services.exe [1428992] [PID.540]
[MD5.465680BDE344CE4FF6646626AA3A9125] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe [223112] [PID.1648]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.1404]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040] [PID.616]
[MD5.DE8462BC747BB89E87F5D870ABE7E311] - (.No owner - pcbl-sys.) -- C:\Program Files\PCBlindado\pcbl-sys.exe [61440] [PID.2060]
[MD5.440E9291477D723564BF7BD6E96B6EA8] - (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11442792] [PID.2128]
[MD5.ECE648CDC3A09421E996DFFDA76F5C53] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136] [PID.2140]
[MD5.64E413BA0C529AA40C3924BBCC4153DB] - (.No owner - nTitles PSIService.) -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe [174656] [PID.2304]
[MD5.318706813FB613072A688F2653B0689F] - (.Banco Bradesco S.A. - scpVista.) -- C:\Program Files\Scpad\scpVista.exe [360624] [PID.2340]
[MD5.060DAF68493AD7ADF104413E5A62AFA8] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [271920] [PID.3184]
[MD5.E56F39F6B7FDA0AC77A79B0FD3DE1A2F] - (.Microsoft Corporation - PresentationFontCache.exe.) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [42856] [PID.3268]
[MD5.B920AAF7ABEA489AC415DD38AD7B76CD] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1209904] [PID.3308]
[MD5.A379B75A6FFE4DFD3184F35F0141CE91] - (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- c:\program files\common files\installshield\updateservice\isuspm.exe [221184] [PID.3476]
[MD5.B738C9EB50A94D22A0259B340A97B8A4] - (.InstallShield Software Corporation - InstallShield Update Service Agent.) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe [581632] [PID.2084]
[MD5.5640B4C10682FBC39C86C8C7A8392B5E] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [866632] [PID.6136]
[MD5.B5C774CFA944AF3E9A42B592B476F570] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8337920] [PID.4820]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.3616]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Rogério\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [ifohbjbgfchkkfhphahclmkpgejiplfo] Lightning Newtab v.1.1.6.6, (Désactivé) =>PUP.Elex
G2 - GCE: Preference [User Data\Default] [nhogbcndagiknbfomjgdeghehkljalhi] GreyGray v.1.0.0 (Désactivé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nnjbodopomfddehlalfilheomcahbpei] GBBD Caixa Economica Federal v.3.5.0 (Désactivé)
~ Google Browser: 12 Legitimates Filtered in 00mn 27s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Rogério\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Rogério\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 14
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Banco Bradesco S.A. - scpsssh2 Module.) -- C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Sicredi - {C41A1C0E-EA6C-11D4-B1B8-444553540011} . (.Sicredi - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehscd.dll
~ BHO: 16 Legitimates Filtered in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: HP Print and Scan Doctor.lnk . (...) -- C:\Program Files\HP\Diagnostics\PSDR\HPPSDr.exe
O4 - GS\Desktop [Public]: Video Search.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Webcam.lnk . (...) -- C:\Windows\Installer\{39B78651-6FD2-4752-BE68-C3BDB6F2D9EE}\_F4711BF7C212A03CB0C5A8.exe
O4 - GS\QuickLaunch [Rogério]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Rogério]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Rogério]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Rogério]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Rogério]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Rogério]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Rogério]: Purble Place.lnk - Chave orfã
~ Global Startup: 67 Legitimates Filtered in 00mn 01s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] . (.CyberLink Corp. - CyberLink YouCam Tray.) -- C:\Program Files\CyberLink\YouCam\YouCamTray.exe
O4 - HKLM\..\Run: [UCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [GfxServiceInstall] . (...) -- C:\Windows\system32\GfxServiceInstall.bat
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [ISUSScheduler] . (.InstallShield Software Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
O4 - HKLM\..\Run: [taskmgw] . (...) -- C:\Users\Public\appmsgr\services.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [pcbl-sys] . (.No owner - pcbl-sys.) -- C:\Program Files\PCBlindado\pcbl-sys.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [ISUSPM Startup] . (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4266717114-1144214197-3223401292-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-4266717114-1144214197-3223401292-1000\..\Run: [ISUSPM Startup] . (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.sicredi.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5649C5B-D4F7-4DB4-8C73-C59781615DF2}: DhcpNameServer = 189.7.24.15 189.7.24.16 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{A5649C5B-D4F7-4DB4-8C73-C59781615DF2}: DhcpNameServer = 189.7.24.15 189.7.24.16
O17 - HKLM\System\CS2\Services\Tcpip\..\{A5649C5B-D4F7-4DB4-8C73-C59781615DF2}: DhcpNameServer = 189.7.24.15 189.7.24.16 201.6.4.116
O17 - HKLM\System\CS3\Services\Tcpip\..\{A5649C5B-D4F7-4DB4-8C73-C59781615DF2}: DhcpNameServer = 189.7.24.15 189.7.24.16 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.7.24.15 189.7.24.16 201.6.4.116
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: GbPluginScd . (.Sicredi - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehScd.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} . (.Banco Bradesco S.A. - scpIBLoad Module.) -- C:\Program Files\Scpad\scpLIB.dll
~ SSODL: 2 Legitimates Filtered in 00mn 00s
---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {A3717295-941D-416F-9384-ED1736729F1C} . (.Banco Bradesco S.A. - scpIBLoad Module.) -- C:\Program Files\Scpad\scpLIB.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
O23 - Service: pcbl-svc (pcbl-svc) . (.pcbl-svc - pcbl-svc.) - C:\Program Files\PCBlindado\pcbl-svc.exe
O23 - Service: scpVista (scpVista) . (.Banco Bradesco S.A. - scpVista.) - C:\Program Files\Scpad\scpVista.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 8 Legitimates Filtered in 00mn 14s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [Oxy] (...) -- C:\Users\Rogério\AppData\Roaming\Oxy\Updater.exe (.not file.) [0]
[MD5.2D31159D38D65FBC6F454A7A061DE91A] [APT] [{74294C4F-BFB6-45C7-8C0F-0FC5A73280C7}] (.CAIXA.) -- C:\Users\Rogério\Downloads\iGBPCEFsf.exe [2351432]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 05s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (pcbldrv) . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - C:\Windows\System32\drivers\pcbldrv.sys
~ Drivers: 91 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Driver 1.2.1 - (.OEM.) [HKLM] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: OSD 1.13 - (.OEM.) [HKLM] -- {5A9C96FE-1376-45E1-8556-C81255F0B5A7}
~ Logic: 14 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\38524InstEnd]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\Scopus]
[HKCU\Software\SunFlowerOSD]
[HKCU\Software\TiMonitor]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\PCBlindado]
[HKLM\Software\SoilIO]
~ Key Software: 192 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/08/2013 - 21:57:25 - [4,353] -SH-D C:\Program Files\KGB
O43 - CFD: 16/02/2014 - 07:19:06 - [52,023] --H-D C:\Program Files\PCBlindado
O43 - CFD: 25/10/2013 - 12:42:03 - [1,519] ----D C:\Program Files\Scpad
O43 - CFD: 07/11/2013 - 23:40:35 - [0,046] ----D C:\Program Files\Uninstaller
O43 - CFD: 24/11/2013 - 15:09:08 - [0,085] ----D C:\ProgramData\12918b71031ae341
O43 - CFD: 30/12/2013 - 21:02:24 - [0] --H-D C:\ProgramData\HBM2
O43 - CFD: 24/11/2013 - 14:33:06 - [3,261] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 25/10/2013 - 12:54:50 - [0,042] ----D C:\Users\Rogério\AppData\Roaming\Scpad
O43 - CFD: 22/12/2013 - 12:28:46 - [0,008] ----D C:\Users\Rogério\AppData\Local\AnyUtils
O43 - CFD: 08/02/2014 - 13:07:31 - [0] ----D C:\Users\Rogério\AppData\Local\genienext
O43 - CFD: 24/11/2013 - 12:57:08 - [0,007] ----D C:\Users\Rogério\AppData\Local\Ramunas_Geciauskas
~ Program Folder: 158 Legitimates Filtered in 00mn 05s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.84D801D0C4DADD9267340690F368B8B7] - 06/02/2014 - 21:04:51 -SHA- . (...) -- C:\Windows\System32\KGyGaAvL.sys [2516]
O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 16/02/2014 - 07:10:07 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\GbpNdisrd.sys [31088]
O44 - LFC:[MD5.438DC6F348ECE6E30CED143E80497677] - 16/02/2014 - 07:17:04 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147248]
O44 - LFC:[MD5.9386F788AEB2A8F941A01E91051B19C3] - 16/02/2014 - 07:17:04 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706522]
~ Files: 50 Legitimates Filtered in 00mn 05s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399011} - C:\Program Files\GbPlugin\gbiehscd.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.DCF228C60E1036597FD5C4A647790527] - 01/07/2013 - 15:40:10 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\GbpKm.sys [47688]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 16/02/2014 - 07:10:07 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\GbpNdisrd.sys [31088]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.C3963B327A2C383294D5FBB1C0648DF3] - 13/01/2014 - 09:39:58 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\Windows\System32\Drivers\pcbldrv.sys [54280]
O58 - SDL:[MD5.36C46561FDC566FD4943216ABA090343] - 05/01/2014 - 20:48:05 ---A- . (.Sysinternals - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - Process Explorer.) -- C:\Windows\System32\Drivers\PROCEXP113.SYS [12568]
O58 - SDL:[MD5.6A06E33B9C2502D315C23731401358BF] - 04/12/2009 - 16:43:46 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [16248]
O58 - SDL:[MD5.4125AE13E301EDD3E0FFD57A7AC00258] - 04/12/2009 - 16:44:18 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\soilkbc.sys [10744]
O58 - SDL:[MD5.F0E973C24C9DFECE8853588918E62055] - 04/12/2009 - 16:44:36 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [10616]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.02CB3180D4C1F39D342E7177EF4ED94D] - 03/06/2013 - 20:49:22 RSH-- . (...) -- C:\Windows\System32\6E8F0C2223.sys [88]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.84D801D0C4DADD9267340690F368B8B7] - 06/02/2014 - 21:04:51 -SHA- . (...) -- C:\Windows\System32\KGyGaAvL.sys [2516]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 20 Legitimates Filtered in 00mn 04s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 01/07/2013 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 13/01/2014 - C:\Windows\System32\drivers\pcbldrv.sys (pcbldrv) .(.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - LEGACY_PCBLDRV
~ Legacy: 96 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\Rogério\AppData\Local\Oxy\Application\oxy.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {BB4DF510-E9EA-4ABD-A6C8-678B70A35ED4} [DefaultScope] - (Pesquisa Segura) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.C7706534974F13E3FFF5E2BA797D368C] [SPRF][30/12/2013] (...) -- C:\ProgramData\gwp2.sys [264]
[MD5.E245AB9186C70F17CE293A1F6746771D] [SPRF][21/11/2013] (...) -- C:\Users\Rogério\AppData\Roaming\unins000.dat [16207]
[MD5.AF5C84446657B48C9B9B870C46438261] [SPRF][07/01/2014] (...) -- C:\Users\Rogério\Desktop\AdwCleaner.exe [1233962]
~ Files: 8 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{F48F75A1-922A-48C4-B279-663E6C5311CB}E:\ativador_office2013+windows8e7\qemu\qemu.exe" |In - Private - P6 - TRUE | .(...) -- E:\ativador_office2013+windows8e7\qemu\qemu.exe (.not file.)
O87 - FAEL: "UDP Query User{9CFC59CF-2FF6-472C-9A4F-944B89F83842}E:\ativador_office2013+windows8e7\qemu\qemu.exe" |In - Private - P17 - TRUE | .(...) -- E:\ativador_office2013+windows8e7\qemu\qemu.exe (.not file.)
O87 - FAEL: "TCP Query User{20CA948A-5A03-4633-8DB2-819B355ADB64}E:\ativador_office2013+windows8e7\qemu\qemu.exe" |In - Public - P6 - TRUE | .(...) -- E:\ativador_office2013+windows8e7\qemu\qemu.exe (.not file.)
O87 - FAEL: "UDP Query User{AF7A2930-EDA8-461C-B684-5BB8942EFEE8}E:\ativador_office2013+windows8e7\qemu\qemu.exe" |In - Public - P17 - TRUE | .(...) -- E:\ativador_office2013+windows8e7\qemu\qemu.exe (.not file.)
O87 - FAEL: "{9DB86533-30B4-41CD-AA2A-1DB877FF9251}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Rogério\AppData\Local\Temp\7zS69B4\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{F6FE5DC2-3EA4-4CA0-831D-B349B39F83B7}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Rogério\AppData\Local\Temp\7zS69B4\HPDiagnosticCoreUI.exe (.not file.)
~ Firewall: 215 Legitimates Filtered in 00mn 01s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "15687B932DF62574EB863CDB6B2F9DEE" . (.Webcam 1.5.) -- C:\Windows\Installer\{39B78651-6FD2-4752-BE68-C3BDB6F2D9EE}\_6FEFF9B68218417F98F549.exe
O90 - PUC: "663DC75CEB6C5B545B6C40425E601F0D" . (.BR.) -- C:\Windows\Installer\{C57CD366-C6BE-45B5-B5C6-0424E506F1D0}\ARPPRODUCTICON.exe
~ Update Products: 70 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.479129994E101BC5D990F12C8E21889C] [WIS][17/01/2007] (.Corel Corporation - CorelDRAW Graphics Suite 13.) -- C:\Windows\Installer\244ef.msi [14240768]
[MD5.E6D5580A258B7029CDBF139578E510C8] [WIS][05/08/2013] (.TI Software - TiMONITOR.) -- C:\Windows\Installer\83fd1.msi [172032]
[MD5.376857EEFBE16E3ACFCA4FC2B3FB585A] [WIS][31/12/2013] (.Ti Software - WebBLOCKER.) -- C:\Windows\Installer\ab637.msi [168960]
[MD5.E6D5580A258B7029CDBF139578E510C8] [WIS][05/08/2013] (.TI Software - TiMONITOR.) -- C:\Windows\Installer\ac9d436.msi [172032]
~ WIS: 74 Legitimates Filtered in 00mn 10s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 04/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 01/03/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 01/03/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 13/04/2007 792112 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 16/10/2013 452968 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 07/04/2010 99896 | (HPSIService) . (.HP.) - C:\Windows\system32\HPSIsvc.exe
SR - | Auto 23/10/2013 22208 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Demand 01/06/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 13/01/2014 171912 | (pcbl-svc) . (.pcbl-svc.) - C:\Program Files\PCBlindado\pcbl-svc.exe
SR - | Auto 02/11/2006 174656 | (ProtexisLicensing) . (...) - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
SR - | Auto 24/10/2012 360624 | (scpVista) . (.Banco Bradesco S.A..) - C:\Program Files\Scpad\scpVista.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 11s
---\\ Scâner Aditional (088)
Database Version : 13031 - (14/02/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 0
[HKLM\Software\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo] =>PUP.Elex^
C:\Users\Rogério\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo =>PUP.Elex^
C:\ProgramData\InstallMate =>PUP.Tarma^
~ Additionnel Scan: 277561 Items scanned in 00mn 49s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Elex
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Tarma
~ MSI: 2 link(s) detected in 00mn 49s
~ 1052 Legitimates filtered by white list
End of the scan (535 lines in 02mn 43s)(0)
~ Relatório do ZHPDiag v2014.2.14.14 - Nicolas Coolman (14/02/2014)
~ Iniciado por Rogério (16/02/2014 21:08:48)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16518 (Defaut)
GCIE: Google Chrome v32.0.1700.107
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 1.75.0.1300
Microsoft Security Client v4.4.0304.0
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.09 =>Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 ActiveX
Adobe Reader X
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 54 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3315 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 412 GB (88%) free of 466 GB
---\\ Modo de conexão ao sistema
~ Computer Name: ROGÉRIO-PC
~ User Name: Rogério
~ All Users Names: Rogério, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Rogério\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Rogério\AppData\Roaming\
~ %Desktop% : C:\Users\Rogério\Desktop\
~ %Favorites% : C:\Users\Rogério\Favorites\
~ %LocalAppData% : C:\Users\Rogério\AppData\Local\
~ %StartMenu% : C:\Users\Rogério\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 412 Go of 466 Go)
D: CD-ROM drive (Free 0 Go of 4 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.9C89246184979A070B0C6CCF61C68136] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/02/2014 - 05:41:35.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 09:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/188
~ Mes musiques (My Musics) : 24/885
~ Mes Videos (My Videos) : 2/19
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 1/1795
~ Mon Bureau (My Desktop) : 1/409
~ Menu demarrer (Programs) : 1/33
~ Hidden Files: Scanned in 00mn 01s
---\\ Processos lançados
[MD5.DAAA237C34A506EF56D44A56EA039CC0] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe [452968] [PID.724]
[MD5.B0F49DA36F30922F5DDC3B623B778FCE] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208] [PID.908]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1864]
[MD5.94D23D4F096F12CA42C2FE4196631F46] - (.HP - HP Smart-Install Service.) -- C:\Windows\system32\HPSIsvc.exe [99896] [PID.1912]
[MD5.5E5F111A8D57E1169E6D3BB7B621D9D9] - (.pcbl-svc - pcbl-svc.) -- C:\Program Files\PCBlindado\pcbl-svc.exe [171912] [PID.2012]
[MD5.048EA4B978851788E9F5E8E4F081DF7A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904] [PID.620]
[MD5.D2AEADFD998706B4216315B2BD3FA79E] - (.InstallShield Software Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920] [PID.752]
[MD5.9FD56482AD770985D6E07AA588DCB0D2] - (...) -- C:\Users\Public\appmsgr\services.exe [1428992] [PID.540]
[MD5.465680BDE344CE4FF6646626AA3A9125] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe [223112] [PID.1648]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.1404]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040] [PID.616]
[MD5.DE8462BC747BB89E87F5D870ABE7E311] - (.No owner - pcbl-sys.) -- C:\Program Files\PCBlindado\pcbl-sys.exe [61440] [PID.2060]
[MD5.440E9291477D723564BF7BD6E96B6EA8] - (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11442792] [PID.2128]
[MD5.ECE648CDC3A09421E996DFFDA76F5C53] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136] [PID.2140]
[MD5.64E413BA0C529AA40C3924BBCC4153DB] - (.No owner - nTitles PSIService.) -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe [174656] [PID.2304]
[MD5.318706813FB613072A688F2653B0689F] - (.Banco Bradesco S.A. - scpVista.) -- C:\Program Files\Scpad\scpVista.exe [360624] [PID.2340]
[MD5.060DAF68493AD7ADF104413E5A62AFA8] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [271920] [PID.3184]
[MD5.E56F39F6B7FDA0AC77A79B0FD3DE1A2F] - (.Microsoft Corporation - PresentationFontCache.exe.) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [42856] [PID.3268]
[MD5.B920AAF7ABEA489AC415DD38AD7B76CD] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1209904] [PID.3308]
[MD5.A379B75A6FFE4DFD3184F35F0141CE91] - (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- c:\program files\common files\installshield\updateservice\isuspm.exe [221184] [PID.3476]
[MD5.B738C9EB50A94D22A0259B340A97B8A4] - (.InstallShield Software Corporation - InstallShield Update Service Agent.) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe [581632] [PID.2084]
[MD5.5640B4C10682FBC39C86C8C7A8392B5E] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [866632] [PID.6136]
[MD5.B5C774CFA944AF3E9A42B592B476F570] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8337920] [PID.4820]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.3616]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Rogério\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [ifohbjbgfchkkfhphahclmkpgejiplfo] Lightning Newtab v.1.1.6.6, (Désactivé) =>PUP.Elex
G2 - GCE: Preference [User Data\Default] [nhogbcndagiknbfomjgdeghehkljalhi] GreyGray v.1.0.0 (Désactivé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nnjbodopomfddehlalfilheomcahbpei] GBBD Caixa Economica Federal v.3.5.0 (Désactivé)
~ Google Browser: 12 Legitimates Filtered in 00mn 27s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Rogério\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Rogério\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 14
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Banco Bradesco S.A. - scpsssh2 Module.) -- C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Sicredi - {C41A1C0E-EA6C-11D4-B1B8-444553540011} . (.Sicredi - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehscd.dll
~ BHO: 16 Legitimates Filtered in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: HP Print and Scan Doctor.lnk . (...) -- C:\Program Files\HP\Diagnostics\PSDR\HPPSDr.exe
O4 - GS\Desktop [Public]: Video Search.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Webcam.lnk . (...) -- C:\Windows\Installer\{39B78651-6FD2-4752-BE68-C3BDB6F2D9EE}\_F4711BF7C212A03CB0C5A8.exe
O4 - GS\QuickLaunch [Rogério]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Rogério]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Rogério]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Rogério]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Rogério]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Rogério]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Rogério]: Purble Place.lnk - Chave orfã
~ Global Startup: 67 Legitimates Filtered in 00mn 01s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] . (.CyberLink Corp. - CyberLink YouCam Tray.) -- C:\Program Files\CyberLink\YouCam\YouCamTray.exe
O4 - HKLM\..\Run: [UCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [GfxServiceInstall] . (...) -- C:\Windows\system32\GfxServiceInstall.bat
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [ISUSScheduler] . (.InstallShield Software Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
O4 - HKLM\..\Run: [taskmgw] . (...) -- C:\Users\Public\appmsgr\services.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [pcbl-sys] . (.No owner - pcbl-sys.) -- C:\Program Files\PCBlindado\pcbl-sys.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [ISUSPM Startup] . (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4266717114-1144214197-3223401292-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-4266717114-1144214197-3223401292-1000\..\Run: [ISUSPM Startup] . (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.sicredi.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5649C5B-D4F7-4DB4-8C73-C59781615DF2}: DhcpNameServer = 189.7.24.15 189.7.24.16 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{A5649C5B-D4F7-4DB4-8C73-C59781615DF2}: DhcpNameServer = 189.7.24.15 189.7.24.16
O17 - HKLM\System\CS2\Services\Tcpip\..\{A5649C5B-D4F7-4DB4-8C73-C59781615DF2}: DhcpNameServer = 189.7.24.15 189.7.24.16 201.6.4.116
O17 - HKLM\System\CS3\Services\Tcpip\..\{A5649C5B-D4F7-4DB4-8C73-C59781615DF2}: DhcpNameServer = 189.7.24.15 189.7.24.16 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.7.24.15 189.7.24.16 201.6.4.116
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: GbPluginScd . (.Sicredi - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehScd.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} . (.Banco Bradesco S.A. - scpIBLoad Module.) -- C:\Program Files\Scpad\scpLIB.dll
~ SSODL: 2 Legitimates Filtered in 00mn 00s
---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {A3717295-941D-416F-9384-ED1736729F1C} . (.Banco Bradesco S.A. - scpIBLoad Module.) -- C:\Program Files\Scpad\scpLIB.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
O23 - Service: pcbl-svc (pcbl-svc) . (.pcbl-svc - pcbl-svc.) - C:\Program Files\PCBlindado\pcbl-svc.exe
O23 - Service: scpVista (scpVista) . (.Banco Bradesco S.A. - scpVista.) - C:\Program Files\Scpad\scpVista.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 8 Legitimates Filtered in 00mn 14s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [Oxy] (...) -- C:\Users\Rogério\AppData\Roaming\Oxy\Updater.exe (.not file.) [0]
[MD5.2D31159D38D65FBC6F454A7A061DE91A] [APT] [{74294C4F-BFB6-45C7-8C0F-0FC5A73280C7}] (.CAIXA.) -- C:\Users\Rogério\Downloads\iGBPCEFsf.exe [2351432]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 05s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (pcbldrv) . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - C:\Windows\System32\drivers\pcbldrv.sys
~ Drivers: 91 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Driver 1.2.1 - (.OEM.) [HKLM] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: OSD 1.13 - (.OEM.) [HKLM] -- {5A9C96FE-1376-45E1-8556-C81255F0B5A7}
~ Logic: 14 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\38524InstEnd]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\Scopus]
[HKCU\Software\SunFlowerOSD]
[HKCU\Software\TiMonitor]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\PCBlindado]
[HKLM\Software\SoilIO]
~ Key Software: 192 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/08/2013 - 21:57:25 - [4,353] -SH-D C:\Program Files\KGB
O43 - CFD: 16/02/2014 - 07:19:06 - [52,023] --H-D C:\Program Files\PCBlindado
O43 - CFD: 25/10/2013 - 12:42:03 - [1,519] ----D C:\Program Files\Scpad
O43 - CFD: 07/11/2013 - 23:40:35 - [0,046] ----D C:\Program Files\Uninstaller
O43 - CFD: 24/11/2013 - 15:09:08 - [0,085] ----D C:\ProgramData\12918b71031ae341
O43 - CFD: 30/12/2013 - 21:02:24 - [0] --H-D C:\ProgramData\HBM2
O43 - CFD: 24/11/2013 - 14:33:06 - [3,261] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 25/10/2013 - 12:54:50 - [0,042] ----D C:\Users\Rogério\AppData\Roaming\Scpad
O43 - CFD: 22/12/2013 - 12:28:46 - [0,008] ----D C:\Users\Rogério\AppData\Local\AnyUtils
O43 - CFD: 08/02/2014 - 13:07:31 - [0] ----D C:\Users\Rogério\AppData\Local\genienext
O43 - CFD: 24/11/2013 - 12:57:08 - [0,007] ----D C:\Users\Rogério\AppData\Local\Ramunas_Geciauskas
~ Program Folder: 158 Legitimates Filtered in 00mn 05s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.84D801D0C4DADD9267340690F368B8B7] - 06/02/2014 - 21:04:51 -SHA- . (...) -- C:\Windows\System32\KGyGaAvL.sys [2516]
O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 16/02/2014 - 07:10:07 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\GbpNdisrd.sys [31088]
O44 - LFC:[MD5.438DC6F348ECE6E30CED143E80497677] - 16/02/2014 - 07:17:04 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147248]
O44 - LFC:[MD5.9386F788AEB2A8F941A01E91051B19C3] - 16/02/2014 - 07:17:04 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706522]
~ Files: 50 Legitimates Filtered in 00mn 05s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399011} - C:\Program Files\GbPlugin\gbiehscd.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.DCF228C60E1036597FD5C4A647790527] - 01/07/2013 - 15:40:10 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\GbpKm.sys [47688]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 16/02/2014 - 07:10:07 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\GbpNdisrd.sys [31088]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.C3963B327A2C383294D5FBB1C0648DF3] - 13/01/2014 - 09:39:58 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\Windows\System32\Drivers\pcbldrv.sys [54280]
O58 - SDL:[MD5.36C46561FDC566FD4943216ABA090343] - 05/01/2014 - 20:48:05 ---A- . (.Sysinternals - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - Process Explorer.) -- C:\Windows\System32\Drivers\PROCEXP113.SYS [12568]
O58 - SDL:[MD5.6A06E33B9C2502D315C23731401358BF] - 04/12/2009 - 16:43:46 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [16248]
O58 - SDL:[MD5.4125AE13E301EDD3E0FFD57A7AC00258] - 04/12/2009 - 16:44:18 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\soilkbc.sys [10744]
O58 - SDL:[MD5.F0E973C24C9DFECE8853588918E62055] - 04/12/2009 - 16:44:36 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [10616]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.02CB3180D4C1F39D342E7177EF4ED94D] - 03/06/2013 - 20:49:22 RSH-- . (...) -- C:\Windows\System32\6E8F0C2223.sys [88]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.84D801D0C4DADD9267340690F368B8B7] - 06/02/2014 - 21:04:51 -SHA- . (...) -- C:\Windows\System32\KGyGaAvL.sys [2516]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 20 Legitimates Filtered in 00mn 04s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 01/07/2013 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 13/01/2014 - C:\Windows\System32\drivers\pcbldrv.sys (pcbldrv) .(.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - LEGACY_PCBLDRV
~ Legacy: 96 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {BB4DF510-E9EA-4ABD-A6C8-678B70A35ED4} [DefaultScope] - (Pesquisa Segura) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.C7706534974F13E3FFF5E2BA797D368C] [SPRF][30/12/2013] (...) -- C:\ProgramData\gwp2.sys [264]
[MD5.E245AB9186C70F17CE293A1F6746771D] [SPRF][21/11/2013] (...) -- C:\Users\Rogério\AppData\Roaming\unins000.dat [16207]
[MD5.AF5C84446657B48C9B9B870C46438261] [SPRF][07/01/2014] (...) -- C:\Users\Rogério\Desktop\AdwCleaner.exe [1233962]
~ Files: 8 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{F48F75A1-922A-48C4-B279-663E6C5311CB}E:\ativador_office2013+windows8e7\qemu\qemu.exe" |In - Private - P6 - TRUE | .(...) -- E:\ativador_office2013+windows8e7\qemu\qemu.exe (.not file.)
O87 - FAEL: "UDP Query User{9CFC59CF-2FF6-472C-9A4F-944B89F83842}E:\ativador_office2013+windows8e7\qemu\qemu.exe" |In - Private - P17 - TRUE | .(...) -- E:\ativador_office2013+windows8e7\qemu\qemu.exe (.not file.)
O87 - FAEL: "TCP Query User{20CA948A-5A03-4633-8DB2-819B355ADB64}E:\ativador_office2013+windows8e7\qemu\qemu.exe" |In - Public - P6 - TRUE | .(...) -- E:\ativador_office2013+windows8e7\qemu\qemu.exe (.not file.)
O87 - FAEL: "UDP Query User{AF7A2930-EDA8-461C-B684-5BB8942EFEE8}E:\ativador_office2013+windows8e7\qemu\qemu.exe" |In - Public - P17 - TRUE | .(...) -- E:\ativador_office2013+windows8e7\qemu\qemu.exe (.not file.)
O87 - FAEL: "{9DB86533-30B4-41CD-AA2A-1DB877FF9251}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Rogério\AppData\Local\Temp\7zS69B4\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{F6FE5DC2-3EA4-4CA0-831D-B349B39F83B7}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Rogério\AppData\Local\Temp\7zS69B4\HPDiagnosticCoreUI.exe (.not file.)
~ Firewall: 215 Legitimates Filtered in 00mn 01s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "15687B932DF62574EB863CDB6B2F9DEE" . (.Webcam 1.5.) -- C:\Windows\Installer\{39B78651-6FD2-4752-BE68-C3BDB6F2D9EE}\_6FEFF9B68218417F98F549.exe
O90 - PUC: "663DC75CEB6C5B545B6C40425E601F0D" . (.BR.) -- C:\Windows\Installer\{C57CD366-C6BE-45B5-B5C6-0424E506F1D0}\ARPPRODUCTICON.exe
~ Update Products: 70 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.479129994E101BC5D990F12C8E21889C] [WIS][17/01/2007] (.Corel Corporation - CorelDRAW Graphics Suite 13.) -- C:\Windows\Installer\244ef.msi [14240768]
[MD5.E6D5580A258B7029CDBF139578E510C8] [WIS][05/08/2013] (.TI Software - TiMONITOR.) -- C:\Windows\Installer\83fd1.msi [172032]
[MD5.376857EEFBE16E3ACFCA4FC2B3FB585A] [WIS][31/12/2013] (.Ti Software - WebBLOCKER.) -- C:\Windows\Installer\ab637.msi [168960]
[MD5.E6D5580A258B7029CDBF139578E510C8] [WIS][05/08/2013] (.TI Software - TiMONITOR.) -- C:\Windows\Installer\ac9d436.msi [172032]
~ WIS: 74 Legitimates Filtered in 00mn 10s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 04/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 01/03/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 01/03/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 13/04/2007 792112 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 16/10/2013 452968 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 07/04/2010 99896 | (HPSIService) . (.HP.) - C:\Windows\system32\HPSIsvc.exe
SR - | Auto 23/10/2013 22208 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Demand 01/06/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 13/01/2014 171912 | (pcbl-svc) . (.pcbl-svc.) - C:\Program Files\PCBlindado\pcbl-svc.exe
SR - | Auto 02/11/2006 174656 | (ProtexisLicensing) . (...) - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
SR - | Auto 24/10/2012 360624 | (scpVista) . (.Banco Bradesco S.A..) - C:\Program Files\Scpad\scpVista.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 11s
---\\ Scâner Aditional (088)
Database Version : 13031 - (14/02/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 0
[HKLM\Software\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo] =>PUP.Elex^
C:\Users\Rogério\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo =>PUP.Elex^
C:\ProgramData\InstallMate =>PUP.Tarma^
~ Additionnel Scan: 277561 Items scanned in 00mn 49s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Elex
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Tarma
~ MSI: 2 link(s) detected in 00mn 49s
~ 1052 Legitimates filtered by white list
End of the scan (535 lines in 02mn 43s)(0)
Dedeia10- Iniciante
- Mensagens : 20
Reputação : 0
Data de inscrição : 28/12/2013
Re: Verificar Log Combofix
Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e envie estes arquivos destacados em azul abaixo para serem analisados (um de cada vez) e à medida em que cada um deles for analisado, copie o link que aparecerá na barra de endereços de seu navegador e poste estes links em sua próxima resposta:
C:\Program Files\PCBlindado\pcbl-svc.exe
C:\Users\Public\appmsgr\services.exe
C:\Program Files\PCBlindado\pcbl-sys.exe
__________________________________________________________________________________________________
Copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até SysRestore)
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Abra o Zhpfix > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta juntamente com os links com os resultados da análise dos arquivos no site Virus Total.
C:\Program Files\PCBlindado\pcbl-svc.exe
C:\Users\Public\appmsgr\services.exe
C:\Program Files\PCBlindado\pcbl-sys.exe
__________________________________________________________________________________________________
Copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até SysRestore)
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Abra o Zhpfix > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta juntamente com os links com os resultados da análise dos arquivos no site Virus Total.
Última edição por Power Max em Sáb 08 Mar 2014, 22:56, editado 2 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Verificar Log Combofix
This file was last analysed by VirusTotal on 2013-08-21 21:40:17 UTC, it was first analysed by VirusTotal on 2012-07-08 21:04:41 UTC.
Taxa de detecção: 13/46
Você pode visualizar a última análise ou analisá-lo novamente.
Rapport de ZHPFix 2014.2.12.2 par Nicolas Coolman, Update du 12/02/2014
Fichier d'export Registre :
Run by Rogério at 16/02/2014 22:59:07
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 06s)
Reparação de atalhos do navegador
========== Valores do Registo ==========
ELIMINÉ: URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
ELIMINÉ: TCP Query User{F48F75A1-922A-48C4-B279-663E6C5311CB}E:\ativador_office2013+windows8e7\qemu\qemu.exe
ELIMINÉ: UDP Query User{9CFC59CF-2FF6-472C-9A4F-944B89F83842}E:\ativador_office2013+windows8e7\qemu\qemu.exe
ELIMINÉ: TCP Query User{20CA948A-5A03-4633-8DB2-819B355ADB64}E:\ativador_office2013+windows8e7\qemu\qemu.exe
ELIMINÉ: UDP Query User{AF7A2930-EDA8-461C-B684-5BB8942EFEE8}E:\ativador_office2013+windows8e7\qemu\qemu.exe
ELIMINÉ: {9DB86533-30B4-41CD-AA2A-1DB877FF9251}
ELIMINÉ: {F6FE5DC2-3EA4-4CA0-831D-B349B39F83B7}
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (None) : {E9ACB54C-9BA5-45BE-B3B6-DDE390B26F0A}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\users\rogério\appdata\local\google\chrome\user data\default\preferences
ELIMINÉ Temporários windows (15) (242.464 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: Oxy
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
16 : Valores do Registo
1 : Pastas
3 : Ficheiros
1 : Tarefa planificada
1 : Restauração Sistema
End of clean in 00mn 42s
========== Caminho do ficheiro do relatório ==========
C:\Users\Rogério\AppData\Roaming\ZHP\ZHPFix[R1].txt - 16/02/2014 22:59:14 [1969]
só não analisei os dois arquivados que aparecem pc poisblindado fui eu q instalei
Taxa de detecção: 13/46
Você pode visualizar a última análise ou analisá-lo novamente.
Rapport de ZHPFix 2014.2.12.2 par Nicolas Coolman, Update du 12/02/2014
Fichier d'export Registre :
Run by Rogério at 16/02/2014 22:59:07
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 06s)
Reparação de atalhos do navegador
========== Valores do Registo ==========
ELIMINÉ: URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
ELIMINÉ: TCP Query User{F48F75A1-922A-48C4-B279-663E6C5311CB}E:\ativador_office2013+windows8e7\qemu\qemu.exe
ELIMINÉ: UDP Query User{9CFC59CF-2FF6-472C-9A4F-944B89F83842}E:\ativador_office2013+windows8e7\qemu\qemu.exe
ELIMINÉ: TCP Query User{20CA948A-5A03-4633-8DB2-819B355ADB64}E:\ativador_office2013+windows8e7\qemu\qemu.exe
ELIMINÉ: UDP Query User{AF7A2930-EDA8-461C-B684-5BB8942EFEE8}E:\ativador_office2013+windows8e7\qemu\qemu.exe
ELIMINÉ: {9DB86533-30B4-41CD-AA2A-1DB877FF9251}
ELIMINÉ: {F6FE5DC2-3EA4-4CA0-831D-B349B39F83B7}
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (None) : {E9ACB54C-9BA5-45BE-B3B6-DDE390B26F0A}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\users\rogério\appdata\local\google\chrome\user data\default\preferences
ELIMINÉ Temporários windows (15) (242.464 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: Oxy
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
16 : Valores do Registo
1 : Pastas
3 : Ficheiros
1 : Tarefa planificada
1 : Restauração Sistema
End of clean in 00mn 42s
========== Caminho do ficheiro do relatório ==========
C:\Users\Rogério\AppData\Roaming\ZHP\ZHPFix[R1].txt - 16/02/2014 22:59:14 [1969]
só não analisei os dois arquivados que aparecem pc poisblindado fui eu q instalei
Dedeia10- Iniciante
- Mensagens : 20
Reputação : 0
Data de inscrição : 28/12/2013
Re: Verificar Log Combofix
Neste caso deste arquivo que você enviou para análise no Vírus Total, qual arquivo foi enviado?
E neste caso seria bom enviá-lo novamente e quando o Virus total fizer esta pergunta Você pode visualizar a última análise ou analisá-lo novamente. é só você clicar na opção de analisá-lo novamente.
E aí é só aguardar o fim da análise e depois você copia só o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta.
E neste caso seria bom enviá-lo novamente e quando o Virus total fizer esta pergunta Você pode visualizar a última análise ou analisá-lo novamente. é só você clicar na opção de analisá-lo novamente.
E aí é só aguardar o fim da análise e depois você copia só o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Verificar Log Combofix
TÓPICO ARQUIVADO
Como a autora não respondeu por mais de 15 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Como a autora não respondeu por mais de 15 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Tópicos semelhantes
» Verificar Log
» Log do combofix como saber se tenho virus ?
» Verificar logs
» Verificar log hijackthis
» remoção do apocalypse32
» Log do combofix como saber se tenho virus ?
» Verificar logs
» Verificar log hijackthis
» remoção do apocalypse32
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos
|
|