Verificar Log Combofix

por Dedeia10 Dom 05 Jan 2014, 21:53

Olá

Por favor alguém pode verificar o log feito pelo combofix segue abaixo e dar opinião se tenho que fazer alguma coisa para melhorar o meu note.

ComboFix 14-01-04.03 - Rogério 05/01/2014 21:25:28.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.3316.1991 [GMT -2:00]
Executando de: c:\users\Rogério\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - system32: deleted 6 bytes in 3 streams.
ADS - drivers: deleted 412 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
C:\Microsoft
c:\progra~1\BAIXAR~1\SOUNdf~1.dll
c:\programdata\DRV10.tmp
c:\programdata\E2010.tmp
c:\programdata\SearchNewTab
c:\programdata\Weekapp
c:\users\Rogério\AppData\Roaming\unins000.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_winsvc
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-12-05 to 2014-01-05 ))))))))))))))))))))))))))))
.
.
2014-01-04 15:54 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-02 16:58 . 2014-01-02 16:58 -------- d-----w- c:\program files\VS Revo Group
2014-01-02 16:55 . 2014-01-02 17:05 -------- d-----w- c:\users\Rogério\AppData\Local\Oxy
2014-01-02 16:55 . 2014-01-02 16:55 -------- d-----w- c:\users\Rogério\AppData\Local\Chromium
2013-12-31 00:39 . 2013-12-31 00:39 -------- d-----w- c:\program files\CCleaner
2013-12-31 00:34 . 2013-12-31 00:34 -------- d-----w- c:\program files\ToniArts
2013-12-31 00:02 . 2013-12-31 00:02 -------- d--h--w- c:\programdata\HBM2
2013-12-30 23:35 . 2013-12-30 23:44 264 ---h--w- c:\programdata\gwp2.sys
2013-12-30 23:35 . 2013-12-30 23:34 783504 ----a-w- c:\windows\system32\fbx1.dat
2013-12-22 15:28 . 2013-12-22 15:28 -------- d-----w- c:\users\Rogério\AppData\Local\AnyUtils
2013-12-22 15:21 . 2013-12-22 15:21 -------- d-----w- c:\users\Rogério\.android
2013-12-22 15:21 . 2013-12-27 19:19 -------- d-----w- c:\users\Rogério\AppData\Local\cache
2013-12-22 15:21 . 2014-01-05 23:41 -------- d-----w- c:\users\Rogério\AppData\Roaming\newnext.me
2013-12-22 15:21 . 2014-01-04 17:28 -------- d-----w- c:\users\Rogério\AppData\Local\genienext
2013-12-22 15:21 . 2014-01-05 00:46 -------- d-----w- c:\users\Rogério\AppData\Local\Mobogenie
2013-12-22 15:20 . 2013-12-27 19:34 -------- d-----w- c:\program files\Mobogenie
2013-12-22 14:52 . 2013-12-30 17:20 -------- d-----w- c:\programdata\McAfee
2013-12-22 14:52 . 2013-12-31 20:41 -------- d-----w- c:\programdata\Freemake
2013-12-22 14:51 . 2013-12-31 20:41 -------- d-----w- c:\program files\Freemake
2013-12-22 14:51 . 2013-12-22 14:51 -------- d-----w- c:\users\Rogério\AppData\Roaming\OpenCandy
2013-12-11 21:42 . 2013-11-26 08:52 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-12-11 21:42 . 2013-11-26 08:29 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-12-11 21:42 . 2013-11-26 07:49 1584640 ----a-w- c:\program files\Internet Explorer\F12.dll
2013-12-11 21:42 . 2013-11-26 06:33 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-12-11 21:42 . 2013-11-26 07:55 469504 ----a-w- c:\program files\Internet Explorer\ieinstal.exe
2013-12-11 21:42 . 2013-11-26 07:32 1928192 ----a-w- c:\windows\system32\inetcpl.cpl
2013-12-11 21:42 . 2013-11-26 08:16 4243968 ----a-w- c:\windows\system32\jscript9.dll
2013-12-11 21:36 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-11 21:36 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-11 10:35 . 2013-10-30 02:19 301568 ----a-w- c:\windows\system32\msieftp.dll
2013-12-11 10:33 . 2013-10-19 01:36 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-11 10:33 . 2013-10-12 02:04 121856 ----a-w- c:\windows\system32\wshom.ocx
2013-12-11 10:33 . 2013-10-12 02:03 163840 ----a-w- c:\windows\system32\scrrun.dll
2013-12-11 10:33 . 2013-10-12 01:15 141824 ----a-w- c:\windows\system32\wscript.exe
2013-12-11 10:33 . 2013-10-12 01:15 126976 ----a-w- c:\windows\system32\cscript.exe
2013-12-11 10:33 . 2013-11-23 18:26 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-11 10:33 . 2013-11-12 02:07 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-11 10:33 . 2013-10-30 01:27 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-12-11 10:33 . 2013-10-04 01:49 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-11 10:33 . 2013-10-04 01:17 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-07 09:12 . 2013-12-07 09:21 -------- d-----w- c:\users\Rogério\AppData\Local\Microsoft Games
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-05 23:39 . 2013-10-07 18:40 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys
2013-12-10 18:24 . 2013-03-01 14:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 18:24 . 2013-03-01 14:00 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-10 18:24 . 2013-10-08 17:18 8699272 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-12-02 19:07 . 2013-12-02 19:07 54280 ----a-w- c:\windows\system32\drivers\pcbldrv.sys
2013-11-20 05:03 . 2013-11-20 05:03 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-20 05:03 . 2013-11-20 05:03 194048 ----a-w- c:\windows\system32\elshyph.dll
2013-11-20 05:03 . 2013-11-20 05:03 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-20 05:03 . 2013-11-20 05:03 645120 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-20 05:03 . 2013-11-20 05:03 182272 ----a-w- c:\windows\system32\msls31.dll
2013-11-20 05:03 . 2013-11-20 05:03 62464 ----a-w- c:\windows\system32\tdc.ocx
2013-11-20 05:03 . 2013-11-20 05:03 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-20 05:03 . 2013-11-20 05:03 337408 ----a-w- c:\windows\system32\html.iec
2013-11-20 05:03 . 2013-11-20 05:03 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-20 05:03 . 2013-11-20 05:03 24576 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-20 05:03 . 2013-11-20 05:03 151552 ----a-w- c:\windows\system32\iexpress.exe
2013-11-20 05:03 . 2013-11-20 05:03 139264 ----a-w- c:\windows\system32\wextract.exe
2013-11-20 05:03 . 2013-11-20 05:03 454656 ----a-w- c:\windows\system32\vbscript.dll
2013-11-20 05:03 . 2013-11-20 05:03 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-20 05:03 . 2013-11-20 05:03 36352 ----a-w- c:\windows\system32\imgutil.dll
2013-11-20 05:03 . 2013-11-20 05:03 13312 ----a-w- c:\windows\system32\mshta.exe
2013-11-20 05:02 . 2013-11-20 05:02 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-20 05:02 . 2013-11-20 05:02 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-20 05:02 . 2013-11-20 05:02 86016 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-20 05:02 . 2013-11-20 05:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-19 10:21 . 2013-03-01 13:56 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-25 15:26 . 2013-10-25 15:27 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-18 11:18 . 2013-12-06 13:01 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A65ACAE1-6E20-4060-949D-C9245E363F2D}\gapaengine.dll
2013-10-18 11:18 . 2013-03-15 00:22 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-12 02:03 . 2013-11-14 11:33 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:01 . 2013-11-14 11:33 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01 . 2013-11-14 11:33 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"NextLive"="c:\users\Rogério\AppData\Roaming\newnext.me\nengine.dll" [2013-11-14 1283584]
"Tim"="c:\program files\TI Software\TiMONITOR\lsass.exe" [2011-03-30 5279744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2009-09-23 167008]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-12-17 2045224]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-11-01 11442792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-31 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-31 168960]
"GfxServiceInstall"="c:\windows\system32\GfxServiceInstall.bat" [2011-10-31 51]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"taskmgw"="c:\users\Public\appmsgr\services.exe" [2012-04-04 1428992]
"Tim"="c:\program files\TI Software\TiMONITOR\lsass.exe" [2011-03-30 5279744]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"pcbl-sys"="c:\program files\PCBlindado\pcbl-sys.exe" [2013-12-09 61440]
"mobilegeni daemon"="c:\program files\Mobogenie\DaemonProcess.exe" [2013-12-27 761536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-05-02 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399011}"= "c:\program files\GbPlugin\gbiehscd.dll" [2013-05-02 1356824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2013-10-07 14:32 1487912 ------w- c:\program files\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2013-10-16 18:01 1479528 ------w- c:\program files\GbPlugin\gbiehcef.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginScd]
2013-05-02 19:35 1356824 ------w- c:\program files\GbPlugin\gbiehscd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OSD.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk
backup=c:\windows\pss\OSD.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-04-19 18:19 18678376 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-26 108032]
R3 igddim32;igddim32;c:\windows\system32\DRIVERS\igddim32.sys [2011-10-31 1335808]
R3 imgkmd32;imgkmd32;c:\windows\system32\DRIVERS\imgkmd32.sys [2011-10-31 415744]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-11-29 143960]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\DRIVERS\JME.sys [2010-11-10 113680]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2010-03-05 17408]
R3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\DRIVERS\gbpndisrd.sys [2014-01-05 31088]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 104768]
R3 NisSrv;Inspeção de Rede da Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2013-10-23 280288]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-11 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2013-07-01 47688]
S1 pcbldrv;pcbldrv;c:\windows\system32\drivers\pcbldrv.sys [2013-12-02 54280]
S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2013-10-16 452968]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-04-07 99896]
S2 pcbl-svc;pcbl-svc;c:\program files\PCBlindado\pcbl-svc.exe [2013-12-09 171400]
S2 scpVista;scpVista;c:\program files\Scpad\scpVista.exe [2012-10-24 360624]
S2 SoilIO;SoilIO; [x]
S3 IntcDAud;Áudio do vídeo Intel(R);c:\windows\system32\DRIVERS\IntcDAud.sys [2011-06-09 278528]
S3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\gbpndisrd.sys [2014-01-05 31088]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-06-23 1036904]
S3 soilkbc;soilkbc; [x]
S3 SoilMC;SoilMC; [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 10:29 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-01 18:24]
.
2014-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-01 15:04]
.
2014-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-01 15:04]
.
.
------- Scan Suplementar -------
.
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
mStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
Trusted Zone: caixa.gov.br\imagem
Trusted Zone: caixa.gov.br\internetbanking
Trusted Zone: caixa.gov.br\internetbankingpf
Trusted Zone: caixa.gov.br\www
Trusted Zone: sicredi.com.br\ibpj
Trusted Zone: sicredi.com.br\si-plg
Trusted Zone: sicredi.com.br\www
Trusted Zone: sicreditotal.com.br\internet
TCP: DhcpNameServer = 189.7.24.16 189.7.24.15 201.6.4.116
TCP: Interfaces\{A5649C5B-D4F7-4DB4-8C73-C59781615DF2}: NameServer = 208.67.222.123,208.67.220.123
TCP: Interfaces\{A5649C5B-D4F7-4DB4-8C73-C59781615DF2}\D61627C656E656F5C616E6: NameServer = 208.67.222.123,208.67.220.123
DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
SafeBoot-Syslogon
AddRemove-_{63218538-4A69-497F-8455-904261B0E9E4} - c:\program files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {63218538-4A69-497F-8455-904261B0E9E4}
AddRemove-{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1 - c:\users\Rogério\AppData\Roaming\unins000.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'lsass.exe'(3564)
c:\windows\System32\MSWINSCK.OCX
c:\windows\System32\GetloggedinUser.dll
c:\windows\system32\VBAJET32.DLL
c:\windows\system32\expsrv.dll
c:\windows\system32\MSCOMCT2.OCX
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
c:\programdata\rvlkl\rvlkl.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Mobogenie\mgusb.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Tempo para conclusão: 2014-01-05 21:47:58 - Máquina reiniciou
ComboFix-quarantined-files.txt 2014-01-05 23:47
.
Pré-execução: 443.947.802.624 bytes disponíveis
Pós execução: 443.653.369.856 bytes disponíveis
.
- - End Of File - - 59E9ECDC635B5DEA96B64184645CA8BD
A36C5E4F47E84449FF07ED3517B43A31

por **Power Max** Ter 07 Jan 2014, 12:25

Oi Dedeia.

Verificar Log Combofix 772309

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve-o no Desktop (Área de Trabalho)

*Salve qualquer trabalho aberto e feche o seu navegador

*Execute-o, clique [Examinar] e aguarde o término

*Clique [Limpar] e aguarde o término

*Caso seja solicitada a reinicialização do PC, clique [OK] para reiniciar.

*Cole o relatório C:\AdwCleaner\AdwCleaner[S0].txt

por Dedeia10 Ter 07 Jan 2014, 12:35

Segue abaixo o log depois de efetuado processo

# AdwCleaner v3.016 - Relatório criado 07/01/2014 às 12:28:26
# Atualizado 23/12/2013 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : Rogério - ROGÉRIO-PC
# Executando de : C:\Users\Rogério\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\boost_interprocess
Pasta Deletada : C:\ProgramData\eSafe
Pasta Deletada : C:\ProgramData\QuickSet
Pasta Deletada : C:\ProgramData\rvlkl
Pasta Deletada : C:\ProgramData\Tarma Installer
Pasta Deletada : C:\ProgramData\YoutubeAdblocker
Pasta Deletada : C:\ProgramData\ssuurrf iand keep
Pasta Deletada : C:\Program Files\HDvidCodec.com
Pasta Deletada : C:\Program Files\Mobogenie
Pasta Deletada : C:\Program Files\MyPC Backup
Pasta Deletada : C:\Users\Rogério\AppData\Local\lollipop
Pasta Deletada : C:\Users\Rogério\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\Rogério\AppData\Local\Oxy
Pasta Deletada : C:\Users\Rogério\AppData\Roaming\Babylon
Pasta Deletada : C:\Users\Rogério\AppData\Roaming\eIntaller
Pasta Deletada : C:\Users\Rogério\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\Rogério\AppData\Roaming\PerformerSoft
Pasta Deletada : C:\Users\Rogério\AppData\Roaming\pluswinks
Pasta Deletada : C:\Users\Rogério\AppData\Roaming\SpecialSavings
Pasta Deletada : C:\Users\Rogério\AppData\Roaming\SpeedAnalysis2
Pasta Deletada : C:\Users\Rogério\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
Pasta Deletada : C:\Users\Rogério\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Pasta Deletada : C:\Users\Rogério\Documents\Mobogenie
Arquivo Deletada : C:\Windows\system32\roboot.exe
Arquivo Deletada : C:\Users\Rogério\AppData\Roaming\speedanalysis.ico
Arquivo Deletada : C:\Users\Rogério\Desktop\HDVidCodec.lnk
Arquivo Deletada : C:\Users\Rogério\Desktop\Mobogenie.lnk
Arquivo Deletada : C:\Users\Rogério\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
Arquivo Deletada : C:\Users\Rogério\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
Arquivo Deletada : C:\Windows\System32\Tasks\Dealply
Arquivo Deletada : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser

***** [ Atalhos ] *****

Atalho Desinfectada : C:\Users\Rogério\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\Rogério\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Rogério\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registro ] *****

Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [pluswinks@PlusWinks]
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [pluswinks@PlusWinks]
Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [SpecialSavings@SpecialSavings.com]
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [SpecialSavings@SpecialSavings.com]
Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis02@SpeedAnalysis.com]
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis02@SpeedAnalysis.com]
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\dnllcmllkjofnojidnaknldfehfhehoo
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\mocblcnaofikinigmceddfghppkkjbog
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65630F4C-BCA3-47D1-AFAC-F3BF252F4573}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65630F4C-BCA3-47D1-AFAC-F3BF252F4573}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10839D8D-CC27-4F3E-AF03-C0116094770F}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10839D8D-CC27-4F3E-AF03-C0116094770F}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34F4E4C8-C6CC-45AF-8A03-F32825C5ACE1}
Chave Deletedo : HKCU\Software\Classes\Applications\lollipop.exe
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\plus-hd-2_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_kgb-free-key-logger_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Chave Deletedo : HKCU\Software\1ClickDownload
Chave Deletedo : HKCU\Software\Escolade
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\LiveSupport
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKCU\Software\AppDataLow\Software\lyrixeeker
Chave Deletedo : HKCU\Software\AppDataLow\Software\Lyrmix
Chave Deletedo : HKLM\Software\aartemisSoftware
Chave Deletedo : HKLM\Software\Desksvc
Chave Deletedo : HKLM\Software\hdcode
Chave Deletedo : HKLM\Software\qvo6Software
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16428

Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

[ Arquivo : C:\Users\Rogério\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]

-\\ Google Chrome v31.0.1650.63

[ Arquivo : C:\Users\Rogério\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [9776 octets] - [07/01/2014 12:24:51]
AdwCleaner[S0].txt - [8975 octets] - [07/01/2014 12:28:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9035 octets] ##########

por **Power Max** Ter 07 Jan 2014, 12:43

Vários problemas foram removidos pelo AdwCleaner.
__________________________

Verificar Log Combofix 772309

Siga, por gentileza, as dicas do tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste, por gentileza, o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt.

Ficamos na espera.

por Dedeia10 Qua 08 Jan 2014, 12:08

Olá fiz o processo e segue o log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Ultimate x86
Ran by Rog‚rio on 08/01/2014 at 12:01:19,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\hdvid codec v1-codedownloader_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49ED9900-38CD-453C-BBA7-3F2613317F5A}

~~~ Files

~~~ Folders

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/01/2014 at 12:06:56,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

por **Power Max** Qua 08 Jan 2014, 12:20

Mais problemas foram removidos.
__________________________________

Verificar Log Combofix 772309

Como está seu PC depois destes procedimentos?

por Dedeia10 Sex 10 Jan 2014, 10:45

Melhorou...

Em questão a esses programas que estão salvos na área de trabalho posso excluir ?

por **Power Max** Sex 10 Jan 2014, 10:51

Dedeia10 escreveu:Em questão a esses programas que estão salvos na área de trabalho posso excluir ?

Quando completarmos as limpezas, a gente exclui esses programas utilizados.
______________________________

Verificar Log Combofix 772309

Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log do Malwarebytes para que possamos analisá-lo.

Ficamos no aguardo.

por Dedeia10 Ter 21 Jan 2014, 12:04

Utilizado o Malwarebytes Anti-Malware e abaixo o log

Malwarebytes Anti-Malware 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Versão da Base de Dados: v2014.01.19.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Rogério :: ROGÉRIO-PC [administrador]

19/01/2014 22:59:05
mbam-log-2014-01-19 (22-59-05).txt

Tipo de Verificação: Verificação Completa (C:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 346503
Tempo decorrido: 1 hora(s), 43 minuto(s), 32 segundo(s)

Processos de Memória Detectados: 1
C:\Program Files\TI Software\TiMONITOR\lsass.exe (Trojan.Agent) -> 1572 -> Nenhuma ação foi feita.

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Tim (Trojan.Agent) -> Data: C:\Program Files\TI Software\TiMONITOR\lsass.exe -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Tim (Trojan.Agent) -> Data: C:\Program Files\TI Software\TiMONITOR\lsass.exe -> Enviado para a Quarentena e deletado com sucesso.

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 2
C:\Users\Rogério\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.

Arquivos Detectados: 13
C:\AdwCleaner\Quarantine\C\Users\Rogério\AppData\Roaming\eIntaller\56B4378A8633485a86552E45C71CDC73\Desk365.exe.vir (PUP.Optional.E7) -> Nenhuma ação foi feita.
C:\PROGRAMAS\programa corel\Corel\Corel x3\keygen.exe (RiskWare.Tool.CK) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\Lamborghini-Diablo-Vermelha_1920x1080.exe (PUP.Optional.UltraDownloads) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\presilo-label-043-32-bits.exe (PUP.Optional.InstallCore) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\aTubeCatcher (1).exe (PUP.Optional.Spigot.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\aTubeCatcher.exe (PUP.Optional.Spigot.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\Setup.exe (PUP.Optional.BundleInstaller.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\SoftonicDownloader_para_combofix.exe (PUP.Optional.Softonic.A) -> Nenhuma ação foi feita.
C:\Program Files\TI Software\TiMONITOR\lsass.exe (Trojan.Agent) -> Nenhuma ação foi feita.
C:\Users\Rogério\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\AdwCleaner\Quarantine\C\ProgramData\rvlkl\rvlkl.exe.vir (Keylogger.Logixoft) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

por **Power Max** Ter 21 Jan 2014, 12:19

No seu log do Malwarebytes está constando que alguns problemas não foram removidos (veja que consta a informação: Nenhuma ação foi feita).

Sugiro que selecione estes outros problemas e os remova. Depois disto poste o novo log que o Malwarebytes irá criar, por gentileza.

por Dedeia10 Qui 23 Jan 2014, 13:35

Caso eu marco essas opções esses programas TI monitor; para de funcionar ? Pois fui q instalei na maquina

por **Power Max** Qui 23 Jan 2014, 13:40

Neste caso você pode remover estes abaixo:

C:\Users\Rogério\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\AdwCleaner\Quarantine\C\Users\Rogério\AppData\Roaming\eIntaller\56B4378A8633485a86552E45C71CDC73\Desk365.exe.vir (PUP.Optional.E7) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\Lamborghini-Diablo-Vermelha_1920x1080.exe (PUP.Optional.UltraDownloads) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\presilo-label-043-32-bits.exe (PUP.Optional.InstallCore) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\aTubeCatcher (1).exe (PUP.Optional.Spigot.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\aTubeCatcher.exe (PUP.Optional.Spigot.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\Setup.exe (PUP.Optional.BundleInstaller.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\Downloads\SoftonicDownloader_para_combofix.exe (PUP.Optional.Softonic.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.

E o bom do Malwarebytes é que ao excluir estes itens acima eles vão ficar na quarentena do Malwarebytes, então se depois você precisar restaurar algum deles é só ir na quarentena do Malwarebytes e restaurar o item.

por Dedeia10 Sáb 08 Fev 2014, 14:08

Olá

segui com as dicas e deu o seguinte log

Malwarebytes Anti-Malware 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Versão da Base de Dados: v2014.02.08.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Rogério :: ROGÉRIO-PC [administrador]

08/02/2014 09:39:30
mbam-log-2014-02-08 (09-39-30).txt

Tipo de Verificação: Verificação Completa (C:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 349686
Tempo decorrido: 2 hora(s), 1 minuto(s), 8 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 2
C:\Users\Rogério\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\Users\Rogério\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.

Arquivos Detectados: 15
C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\nengine.dll.vir (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\AdwCleaner\Quarantine\C\Users\Rogério\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.36.zip.vir (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\AdwCleaner\Quarantine\C\Users\Rogério\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita.
C:\AdwCleaner\Quarantine\C\Users\Rogério\AppData\Roaming\eIntaller\56B4378A8633485a86552E45C71CDC73\Desk365.exe.vir (PUP.Optional.E7) -> Enviado para a Quarentena e deletado com sucesso.
C:\PROGRAMAS\programa corel\Corel\Corel x3\keygen.exe (RiskWare.Tool.CK) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\AppData\Local\genienext\nengine.dll (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\Downloads\Lamborghini-Diablo-Vermelha_1920x1080.exe (PUP.Optional.UltraDownloads) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\Downloads\presilo-label-043-32-bits.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\Downloads\aTubeCatcher (1).exe (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\Downloads\aTubeCatcher.exe (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\Downloads\Setup.exe (PUP.Optional.BundleInstaller.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\Downloads\SoftonicDownloader_para_combofix.exe (PUP.Optional.Softonic.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Rogério\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

por **Power Max** Sáb 08 Fev 2014, 14:11

|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.

|- Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

por Dedeia10 Dom 16 Fev 2014, 21:13

Segue abaixo o log

~ Relatório do ZHPDiag v2014.2.14.14 - Nicolas Coolman (14/02/2014)
~ Iniciado por Rogério (16/02/2014 21:08:48)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16518 (Defaut)
GCIE: Google Chrome v32.0.1700.107

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 1.75.0.1300
Microsoft Security Client v4.4.0304.0
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.09 =>Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 12 ActiveX
Adobe Reader X
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 54 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3315 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 412 GB (88%) free of 466 GB

---\\ Modo de conexão ao sistema
~ Computer Name: ROGÉRIO-PC
~ User Name: Rogério
~ All Users Names: Rogério, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Rogério\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Rogério\AppData\Roaming\
~ %Desktop% : C:\Users\Rogério\Desktop\
~ %Favorites% : C:\Users\Rogério\Favorites\
~ %LocalAppData% : C:\Users\Rogério\AppData\Local\
~ %StartMenu% : C:\Users\Rogério\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 412 Go of 466 Go)
D: CD-ROM drive (Free 0 Go of 4 Go)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.9C89246184979A070B0C6CCF61C68136] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/02/2014 - 05:41:35.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 09:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/188
~ Mes musiques (My Musics) : 24/885
~ Mes Videos (My Videos) : 2/19
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 1/1795
~ Mon Bureau (My Desktop) : 1/409
~ Menu demarrer (Programs) : 1/33
~ Hidden Files: Scanned in 00mn 01s

---\\ Processos lançados
[MD5.DAAA237C34A506EF56D44A56EA039CC0] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe [452968] [PID.724]
[MD5.B0F49DA36F30922F5DDC3B623B778FCE] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208] [PID.908]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1864]
[MD5.94D23D4F096F12CA42C2FE4196631F46] - (.HP - HP Smart-Install Service.) -- C:\Windows\system32\HPSIsvc.exe [99896] [PID.1912]
[MD5.5E5F111A8D57E1169E6D3BB7B621D9D9] - (.pcbl-svc - pcbl-svc.) -- C:\Program Files\PCBlindado\pcbl-svc.exe [171912] [PID.2012]
[MD5.048EA4B978851788E9F5E8E4F081DF7A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904] [PID.620]
[MD5.D2AEADFD998706B4216315B2BD3FA79E] - (.InstallShield Software Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920] [PID.752]
[MD5.9FD56482AD770985D6E07AA588DCB0D2] - (...) -- C:\Users\Public\appmsgr\services.exe [1428992] [PID.540]
[MD5.465680BDE344CE4FF6646626AA3A9125] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe [223112] [PID.1648]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.1404]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040] [PID.616]
[MD5.DE8462BC747BB89E87F5D870ABE7E311] - (.No owner - pcbl-sys.) -- C:\Program Files\PCBlindado\pcbl-sys.exe [61440] [PID.2060]
[MD5.440E9291477D723564BF7BD6E96B6EA8] - (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11442792] [PID.2128]
[MD5.ECE648CDC3A09421E996DFFDA76F5C53] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136] [PID.2140]
[MD5.64E413BA0C529AA40C3924BBCC4153DB] - (.No owner - nTitles PSIService.) -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe [174656] [PID.2304]
[MD5.318706813FB613072A688F2653B0689F] - (.Banco Bradesco S.A. - scpVista.) -- C:\Program Files\Scpad\scpVista.exe [360624] [PID.2340]
[MD5.060DAF68493AD7ADF104413E5A62AFA8] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [271920] [PID.3184]
[MD5.E56F39F6B7FDA0AC77A79B0FD3DE1A2F] - (.Microsoft Corporation - PresentationFontCache.exe.) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [42856] [PID.3268]
[MD5.B920AAF7ABEA489AC415DD38AD7B76CD] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1209904] [PID.3308]
[MD5.A379B75A6FFE4DFD3184F35F0141CE91] - (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- c:\program files\common files\installshield\updateservice\isuspm.exe [221184] [PID.3476]
[MD5.B738C9EB50A94D22A0259B340A97B8A4] - (.InstallShield Software Corporation - InstallShield Update Service Agent.) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe [581632] [PID.2084]
[MD5.5640B4C10682FBC39C86C8C7A8392B5E] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [866632] [PID.6136]
[MD5.B5C774CFA944AF3E9A42B592B476F570] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8337920] [PID.4820]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.3616]
~ Processes Running: Scanned in 00mn 01s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Rogério\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [ifohbjbgfchkkfhphahclmkpgejiplfo] Lightning Newtab v.1.1.6.6, (Désactivé) =>PUP.Elex
G2 - GCE: Preference [User Data\Default] [nhogbcndagiknbfomjgdeghehkljalhi] GreyGray v.1.0.0 (Désactivé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nnjbodopomfddehlalfilheomcahbpei] GBBD Caixa Economica Federal v.3.5.0 (Désactivé)
~ Google Browser: 12 Legitimates Filtered in 00mn 27s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Rogério\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Rogério\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 12 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 14

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Banco Bradesco S.A. - scpsssh2 Module.) -- C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Sicredi - {C41A1C0E-EA6C-11D4-B1B8-444553540011} . (.Sicredi - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehscd.dll
~ BHO: 16 Legitimates Filtered in 00mn 00s

---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: HP Print and Scan Doctor.lnk . (...) -- C:\Program Files\HP\Diagnostics\PSDR\HPPSDr.exe
O4 - GS\Desktop [Public]: Video Search.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Webcam.lnk . (...) -- C:\Windows\Installer\{39B78651-6FD2-4752-BE68-C3BDB6F2D9EE}\_F4711BF7C212A03CB0C5A8.exe
O4 - GS\QuickLaunch [Rogério]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Rogério]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Rogério]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Rogério]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Rogério]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Rogério]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Rogério]: Purble Place.lnk - Chave orfã
~ Global Startup: 67 Legitimates Filtered in 00mn 01s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] . (.CyberLink Corp. - CyberLink YouCam Tray.) -- C:\Program Files\CyberLink\YouCam\YouCamTray.exe
O4 - HKLM\..\Run: [UCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [GfxServiceInstall] . (...) -- C:\Windows\system32\GfxServiceInstall.bat
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [ISUSScheduler] . (.InstallShield Software Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
O4 - HKLM\..\Run: [taskmgw] . (...) -- C:\Users\Public\appmsgr\services.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [pcbl-sys] . (.No owner - pcbl-sys.) -- C:\Program Files\PCBlindado\pcbl-sys.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [ISUSPM Startup] . (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4266717114-1144214197-3223401292-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-4266717114-1144214197-3223401292-1000\..\Run: [ISUSPM Startup] . (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.sicredi.com.br
~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5649C5B-D4F7-4DB4-8C73-C59781615DF2}: DhcpNameServer = 189.7.24.15 189.7.24.16 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{A5649C5B-D4F7-4DB4-8C73-C59781615DF2}: DhcpNameServer = 189.7.24.15 189.7.24.16
O17 - HKLM\System\CS2\Services\Tcpip\..\{A5649C5B-D4F7-4DB4-8C73-C59781615DF2}: DhcpNameServer = 189.7.24.15 189.7.24.16 201.6.4.116
O17 - HKLM\System\CS3\Services\Tcpip\..\{A5649C5B-D4F7-4DB4-8C73-C59781615DF2}: DhcpNameServer = 189.7.24.15 189.7.24.16 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.7.24.15 189.7.24.16 201.6.4.116
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: GbPluginScd . (.Sicredi - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehScd.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} . (.Banco Bradesco S.A. - scpIBLoad Module.) -- C:\Program Files\Scpad\scpLIB.dll
~ SSODL: 2 Legitimates Filtered in 00mn 00s

---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {A3717295-941D-416F-9384-ED1736729F1C} . (.Banco Bradesco S.A. - scpIBLoad Module.) -- C:\Program Files\Scpad\scpLIB.dll
~ STS/SSO: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
O23 - Service: pcbl-svc (pcbl-svc) . (.pcbl-svc - pcbl-svc.) - C:\Program Files\PCBlindado\pcbl-svc.exe
O23 - Service: scpVista (scpVista) . (.Banco Bradesco S.A. - scpVista.) - C:\Program Files\Scpad\scpVista.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 8 Legitimates Filtered in 00mn 14s

---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [Oxy] (...) -- C:\Users\Rogério\AppData\Roaming\Oxy\Updater.exe (.not file.) [0]
[MD5.2D31159D38D65FBC6F454A7A061DE91A] [APT] [{74294C4F-BFB6-45C7-8C0F-0FC5A73280C7}] (.CAIXA.) -- C:\Users\Rogério\Downloads\iGBPCEFsf.exe [2351432]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 05s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (pcbldrv) . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - C:\Windows\System32\drivers\pcbldrv.sys
~ Drivers: 91 Legitimates Filtered in 00mn 00s

---\\ Software instalados (042)
O42 - Logiciel: Driver 1.2.1 - (.OEM.) [HKLM] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: OSD 1.13 - (.OEM.) [HKLM] -- {5A9C96FE-1376-45E1-8556-C81255F0B5A7}
~ Logic: 14 Legitimates Filtered in 00mn 01s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\38524InstEnd]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\Scopus]
[HKCU\Software\SunFlowerOSD]
[HKCU\Software\TiMonitor]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\PCBlindado]
[HKLM\Software\SoilIO]
~ Key Software: 192 Legitimates Filtered in 00mn 01s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/08/2013 - 21:57:25 - [4,353] -SH-D C:\Program Files\KGB
O43 - CFD: 16/02/2014 - 07:19:06 - [52,023] --H-D C:\Program Files\PCBlindado
O43 - CFD: 25/10/2013 - 12:42:03 - [1,519] ----D C:\Program Files\Scpad
O43 - CFD: 07/11/2013 - 23:40:35 - [0,046] ----D C:\Program Files\Uninstaller
O43 - CFD: 24/11/2013 - 15:09:08 - [0,085] ----D C:\ProgramData\12918b71031ae341
O43 - CFD: 30/12/2013 - 21:02:24 - [0] --H-D C:\ProgramData\HBM2
O43 - CFD: 24/11/2013 - 14:33:06 - [3,261] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 25/10/2013 - 12:54:50 - [0,042] ----D C:\Users\Rogério\AppData\Roaming\Scpad
O43 - CFD: 22/12/2013 - 12:28:46 - [0,008] ----D C:\Users\Rogério\AppData\Local\AnyUtils
O43 - CFD: 08/02/2014 - 13:07:31 - [0] ----D C:\Users\Rogério\AppData\Local\genienext
O43 - CFD: 24/11/2013 - 12:57:08 - [0,007] ----D C:\Users\Rogério\AppData\Local\Ramunas_Geciauskas
~ Program Folder: 158 Legitimates Filtered in 00mn 05s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.84D801D0C4DADD9267340690F368B8B7] - 06/02/2014 - 21:04:51 -SHA- . (...) -- C:\Windows\System32\KGyGaAvL.sys [2516]
O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 16/02/2014 - 07:10:07 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\GbpNdisrd.sys [31088]
O44 - LFC:[MD5.438DC6F348ECE6E30CED143E80497677] - 16/02/2014 - 07:17:04 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147248]
O44 - LFC:[MD5.9386F788AEB2A8F941A01E91051B19C3] - 16/02/2014 - 07:17:04 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706522]
~ Files: 50 Legitimates Filtered in 00mn 05s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399011} - C:\Program Files\GbPlugin\gbiehscd.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.DCF228C60E1036597FD5C4A647790527] - 01/07/2013 - 15:40:10 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\GbpKm.sys [47688]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 16/02/2014 - 07:10:07 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\GbpNdisrd.sys [31088]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.C3963B327A2C383294D5FBB1C0648DF3] - 13/01/2014 - 09:39:58 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\Windows\System32\Drivers\pcbldrv.sys [54280]
O58 - SDL:[MD5.36C46561FDC566FD4943216ABA090343] - 05/01/2014 - 20:48:05 ---A- . (.Sysinternals - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - Process Explorer.) -- C:\Windows\System32\Drivers\PROCEXP113.SYS [12568]
O58 - SDL:[MD5.6A06E33B9C2502D315C23731401358BF] - 04/12/2009 - 16:43:46 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [16248]
O58 - SDL:[MD5.4125AE13E301EDD3E0FFD57A7AC00258] - 04/12/2009 - 16:44:18 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\soilkbc.sys [10744]
O58 - SDL:[MD5.F0E973C24C9DFECE8853588918E62055] - 04/12/2009 - 16:44:36 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [10616]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.02CB3180D4C1F39D342E7177EF4ED94D] - 03/06/2013 - 20:49:22 RSH-- . (...) -- C:\Windows\System32\6E8F0C2223.sys [88]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.84D801D0C4DADD9267340690F368B8B7] - 06/02/2014 - 21:04:51 -SHA- . (...) -- C:\Windows\System32\KGyGaAvL.sys [2516]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 20 Legitimates Filtered in 00mn 04s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 01/07/2013 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 13/01/2014 - C:\Windows\System32\drivers\pcbldrv.sys (pcbldrv) .(.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - LEGACY_PCBLDRV
~ Legacy: 96 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\Rogério\AppData\Local\Oxy\Application\oxy.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {BB4DF510-E9EA-4ABD-A6C8-678B70A35ED4} [DefaultScope] - (Pesquisa Segura) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.C7706534974F13E3FFF5E2BA797D368C] [SPRF][30/12/2013] (...) -- C:\ProgramData\gwp2.sys [264]
[MD5.E245AB9186C70F17CE293A1F6746771D] [SPRF][21/11/2013] (...) -- C:\Users\Rogério\AppData\Roaming\unins000.dat [16207]
[MD5.AF5C84446657B48C9B9B870C46438261] [SPRF][07/01/2014] (...) -- C:\Users\Rogério\Desktop\AdwCleaner.exe [1233962]
~ Files: 8 Legitimates Filtered in 00mn 00s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{F48F75A1-922A-48C4-B279-663E6C5311CB}E:\ativador_office2013+windows8e7\qemu\qemu.exe" |In - Private - P6 - TRUE | .(...) -- E:\ativador_office2013+windows8e7\qemu\qemu.exe (.not file.)
O87 - FAEL: "UDP Query User{9CFC59CF-2FF6-472C-9A4F-944B89F83842}E:\ativador_office2013+windows8e7\qemu\qemu.exe" |In - Private - P17 - TRUE | .(...) -- E:\ativador_office2013+windows8e7\qemu\qemu.exe (.not file.)
O87 - FAEL: "TCP Query User{20CA948A-5A03-4633-8DB2-819B355ADB64}E:\ativador_office2013+windows8e7\qemu\qemu.exe" |In - Public - P6 - TRUE | .(...) -- E:\ativador_office2013+windows8e7\qemu\qemu.exe (.not file.)
O87 - FAEL: "UDP Query User{AF7A2930-EDA8-461C-B684-5BB8942EFEE8}E:\ativador_office2013+windows8e7\qemu\qemu.exe" |In - Public - P17 - TRUE | .(...) -- E:\ativador_office2013+windows8e7\qemu\qemu.exe (.not file.)
O87 - FAEL: "{9DB86533-30B4-41CD-AA2A-1DB877FF9251}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Rogério\AppData\Local\Temp\7zS69B4\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{F6FE5DC2-3EA4-4CA0-831D-B349B39F83B7}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Rogério\AppData\Local\Temp\7zS69B4\HPDiagnosticCoreUI.exe (.not file.)
~ Firewall: 215 Legitimates Filtered in 00mn 01s

---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "15687B932DF62574EB863CDB6B2F9DEE" . (.Webcam 1.5.) -- C:\Windows\Installer\{39B78651-6FD2-4752-BE68-C3BDB6F2D9EE}\_6FEFF9B68218417F98F549.exe
O90 - PUC: "663DC75CEB6C5B545B6C40425E601F0D" . (.BR.) -- C:\Windows\Installer\{C57CD366-C6BE-45B5-B5C6-0424E506F1D0}\ARPPRODUCTICON.exe
~ Update Products: 70 Legitimates Filtered in 00mn 00s

---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.479129994E101BC5D990F12C8E21889C] [WIS][17/01/2007] (.Corel Corporation - CorelDRAW Graphics Suite 13.) -- C:\Windows\Installer\244ef.msi [14240768]
[MD5.E6D5580A258B7029CDBF139578E510C8] [WIS][05/08/2013] (.TI Software - TiMONITOR.) -- C:\Windows\Installer\83fd1.msi [172032]
[MD5.376857EEFBE16E3ACFCA4FC2B3FB585A] [WIS][31/12/2013] (.Ti Software - WebBLOCKER.) -- C:\Windows\Installer\ab637.msi [168960]
[MD5.E6D5580A258B7029CDBF139578E510C8] [WIS][05/08/2013] (.TI Software - TiMONITOR.) -- C:\Windows\Installer\ac9d436.msi [172032]
~ WIS: 74 Legitimates Filtered in 00mn 10s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 04/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 01/03/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 01/03/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 13/04/2007 792112 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 16/10/2013 452968 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 07/04/2010 99896 | (HPSIService) . (.HP.) - C:\Windows\system32\HPSIsvc.exe
SR - | Auto 23/10/2013 22208 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Demand 01/06/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 13/01/2014 171912 | (pcbl-svc) . (.pcbl-svc.) - C:\Program Files\PCBlindado\pcbl-svc.exe
SR - | Auto 02/11/2006 174656 | (ProtexisLicensing) . (...) - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
SR - | Auto 24/10/2012 360624 | (scpVista) . (.Banco Bradesco S.A..) - C:\Program Files\Scpad\scpVista.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 11s

---\\ Scâner Aditional (088)
Database Version : 13031 - (14/02/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 0

[HKLM\Software\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo] =>PUP.Elex^
C:\Users\Rogério\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo =>PUP.Elex^
C:\ProgramData\InstallMate =>PUP.Tarma^
~ Additionnel Scan: 277561 Items scanned in 00mn 49s

---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Elex
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Tarma
~ MSI: 2 link(s) detected in 00mn 49s

~ 1052 Legitimates filtered by white list
End of the scan (535 lines in 02mn 43s)(0)

por **Power Max** Dom 16 Fev 2014, 22:40

Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e envie estes arquivos destacados em azul abaixo para serem analisados (um de cada vez) e à medida em que cada um deles for analisado, copie o link que aparecerá na barra de endereços de seu navegador e poste estes links em sua próxima resposta:

C:\Program Files\PCBlindado\pcbl-svc.exe
C:\Users\Public\appmsgr\services.exe
C:\Program Files\PCBlindado\pcbl-sys.exe
__________________________________________________________________________________________________

Verificar Log Combofix 772309

Copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até SysRestore)
_____________________________________________________________________________________________________________

Verificar Log Combofix 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Abra o Zhpfix > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com os links com os resultados da análise dos arquivos no site Virus Total.

por Dedeia10 Dom 16 Fev 2014, 23:08

This file was last analysed by VirusTotal on 2013-08-21 21:40:17 UTC, it was first analysed by VirusTotal on 2012-07-08 21:04:41 UTC.

Taxa de detecção: 13/46

Você pode visualizar a última análise ou analisá-lo novamente.

Rapport de ZHPFix 2014.2.12.2 par Nicolas Coolman, Update du 12/02/2014
Fichier d'export Registre :
Run by Rogério at 16/02/2014 22:59:07
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 06s)
Reparação de atalhos do navegador

========== Valores do Registo ==========
ELIMINÉ: URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
ELIMINÉ: TCP Query User{F48F75A1-922A-48C4-B279-663E6C5311CB}E:\ativador_office2013+windows8e7\qemu\qemu.exe
ELIMINÉ: UDP Query User{9CFC59CF-2FF6-472C-9A4F-944B89F83842}E:\ativador_office2013+windows8e7\qemu\qemu.exe
ELIMINÉ: TCP Query User{20CA948A-5A03-4633-8DB2-819B355ADB64}E:\ativador_office2013+windows8e7\qemu\qemu.exe
ELIMINÉ: UDP Query User{AF7A2930-EDA8-461C-B684-5BB8942EFEE8}E:\ativador_office2013+windows8e7\qemu\qemu.exe
ELIMINÉ: {9DB86533-30B4-41CD-AA2A-1DB877FF9251}
ELIMINÉ: {F6FE5DC2-3EA4-4CA0-831D-B349B39F83B7}
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (None) : {E9ACB54C-9BA5-45BE-B3B6-DDE390B26F0A}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\users\rogério\appdata\local\google\chrome\user data\default\preferences
ELIMINÉ Temporários windows (15) (242.464 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: Oxy

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
16 : Valores do Registo
1 : Pastas
3 : Ficheiros
1 : Tarefa planificada
1 : Restauração Sistema

End of clean in 00mn 42s

========== Caminho do ficheiro do relatório ==========
C:\Users\Rogério\AppData\Roaming\ZHP\ZHPFix[R1].txt - 16/02/2014 22:59:14 [1969]

só não analisei os dois arquivados que aparecem pc poisblindado fui eu q instalei

por **Power Max** Seg 17 Fev 2014, 08:27

Neste caso deste arquivo que você enviou para análise no Vírus Total, qual arquivo foi enviado?

E neste caso seria bom enviá-lo novamente e quando o Virus total fizer esta pergunta Você pode visualizar a última análise ou analisá-lo novamente. é só você clicar na opção de analisá-lo novamente.

E aí é só aguardar o fim da análise e depois você copia só o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta.

por **Power Max** Sáb 08 Mar 2014, 22:54

TÓPICO ARQUIVADO

Como a autora não respondeu por mais de 15 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.

por Conteúdo patrocinado

Verificar Log Combofix

Verificar Log Combofix

Re: Verificar Log Combofix

Re: Verificar Log Combofix

Re: Verificar Log Combofix

Re: Verificar Log Combofix

Re: Verificar Log Combofix

Re: Verificar Log Combofix

Re: Verificar Log Combofix

Re: Verificar Log Combofix

Re: Verificar Log Combofix

Re: Verificar Log Combofix

Re: Verificar Log Combofix

Re: Verificar Log Combofix

Re: Verificar Log Combofix

Re: Verificar Log Combofix

Re: Verificar Log Combofix

Re: Verificar Log Combofix

Re: Verificar Log Combofix

Re: Verificar Log Combofix

Re: Verificar Log Combofix

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31