Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 18 usuários online :: 0 registrados, 0 invisíveis e 18 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
PC NÃO DESLIGA
2 participantes
Página 1 de 1
PC NÃO DESLIGA
por Janete de Cássia Carvalho Qua 19 Mar 2014, 17:17
Boa tarde,
O computador liga e funciona normal, mas quando dou a função desligar
não desliga de forma alguma. tenho que desligar brutalmente, mas vai prejudicar o hd.
O que fazer?
~ Relatório do ZHPDiag v2014.3.19.15 - Nicolas Coolman (19/3/2014)
~ Iniciado por Administrador (19/3/2014 18:43:53)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found
---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 27.0.1 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
---\\ Softwares de proteçao do sistema
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 10 Plugin
Adobe Reader XI
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: x86 Family 15 Model 6 Stepping 4, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 959 MB (50% free)
System Restore: Activé (Enable)
System drive C: has 576 GB (97%) free of 588 GB
---\\ Modo de conexão ao sistema
~ Computer Name: HOME-PC
~ User Name: Administrador
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Administrador\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\Administrador\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\Administrador\Desktop\
~ %Favorites% : C:\Documents and Settings\Administrador\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\Administrador\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 576 Go of 588 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 343 Go of 344 Go)
F: Floppy drive, Flash card reader, USB Key (Free 6 Go of 7 Go)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.F4F91D2FD893463A59AABF7289989F96] - (.Microsoft Corporation - Internet Extensions for Win32.) (.24/2/2014 - 17:05:28.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.F6B7B1ECD7B41736BDB6FF4B092BCB79] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/8/2011 - 10:41:46.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.FB2FCCC70F7174C7BF64F48E96D3ADF4] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/7/2011 - 10:29:35.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [457856]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.5/9/2013 - 12:11:53.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 14:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 18:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/25
~ Mon Bureau (My Desktop) : 0/5
~ Menu demarrer (Programs) : 1/21
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.B99C37364701D19F2B5C0A0E1ECCDB80] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Arquivos de programas\GbPlugin\GbpSv.exe [519720] [PID.1112]
[MD5.B122D463C76E0305C6F0C76932969F62] - (.Microsoft Corporation - Servidor de gerenciamento de recursos do ca.) -- C:\WINDOWS\System32\SCardSvr.exe [99328] [PID.2016]
[MD5.0696D4A016718301D6374F90EA435A9B] - (...) -- C:\Documents and Settings\Administrador\8d5X4v2i1Q8u5J\7P0E6z5h4G.exe [3506688] [PID.536]
[MD5.F14219FC767F1383526AB423F278A8E3] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [210520] [PID.556]
[MD5.B9436A665A8621073A12338B16D7BFD4] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe [182696] [PID.780]
[MD5.DF4A7E1E2BA788E28747F1EF49692ED6] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Arquivos de programas\TeamViewer\Version9\TeamViewer_Service.exe [5341536] [PID.1612]
[MD5.358A9CCA612C68EB2F07DDAD4CE1D8D7] - (.Microsoft Corporation - Microsoft Office Software Protection Platfo.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.exe [4640000] [PID.2608]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.3048]
[MD5.FEDDD3579FEE51A9873D856DF3933C68] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe [151552] [PID.4080]
[MD5.15A1A88D97D440C735058CCF3F74A6EE] - (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe [94208] [PID.824]
[MD5.D9184C5FF3FD526761D518A95ABA74A3] - (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe [275568] [PID.3652]
[MD5.FF409C974A9AD58B82374DEEF6B44CBB] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe [18544] [PID.3176]
[MD5.AF9F5747805B0D152D6DB8D6CEF6DC95] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8360448] [PID.800]
~ Processes Running: Scanned in 00mn 01s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: (no name) - {D8278076-BC68-4484-9233-6E7F1628B56C} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 14 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll
~ BHO: 12 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [AllUsers]: BB Token Admin Tool.lnk . (.Beijing WatchData System C0.Ltd. - BB Token Admin Tool.) -- C:\Arquivos de programas\Brazil\Brazil USB token Tool\BBAdmintool.exe
O4 - GS\Desktop [AllUsers]: Comprar suprimentos HP.lnk . (...) -- C:\Arquivos de programas\HP\hpqSSupply.exe
O4 - GS\Desktop [AllUsers]: Ferramenta de Diagnóstico do BB Token.lnk . (.Watchdata Technologies Pte., Ltd. - BB Token Diagnostic Tool.) -- C:\Arquivos de programas\Brazil\Brazil USB token Tool\BB Token Diagnostic Tool.exe
O4 - GS\Desktop [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
~ Global Startup: 16 Legitimates Filtered in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard Co. - Hewlett-Packard Product Assistant.) -- C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [IminentMessenger] C:\Arquivos de programas\Iminent\Iminent.Messengers.exe (.not file.) =>Adware.IMBooster
O4 - HKLM\..\Run: [wdbraz_certm] . (. Beijing WatchData System Co., Ltd. - WatchSAFE Background v3.4.) -- C:\WINDOWS\System32\WatchData\Watchdata Brazil CSP v1.0\BBCertM32.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Arquivos de programas\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [8d5X4v] C:\Documents and Settings\Administrador\8d5X4v2i1Q8u5J\8d5X4v.exe (.not file.)
O4 - HKCU\..\Run: [ResWin2] . (...) -- C:\Documents and Settings\Administrador\8d5X4v2i1Q8u5J\3i4y4Y.exe
O4 - HKCU\..\Run: [SoftBrue] . (...) -- C:\Documents and Settings\Administrador\5b4v6W1w0B6U2q\6V2U6f.exe
O4 - HKCU\..\Run: [7P0E6z5h4G] . (...) -- C:\Documents and Settings\Administrador\8d5X4v2i1Q8u5J\7P0E6z5h4G.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] Chave orfã
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] Chave orfã
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] Chave orfã
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] Chave orfã
O4 - HKUS\S-1-5-21-839522115-706699826-1417001333-500\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-839522115-706699826-1417001333-500\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Arquivos de programas\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-839522115-706699826-1417001333-500\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-839522115-706699826-1417001333-500\..\Run: [8d5X4v] C:\Documents and Settings\Administrador\8d5X4v2i1Q8u5J\8d5X4v.exe (.not file.)
O4 - HKUS\S-1-5-21-839522115-706699826-1417001333-500\..\Run: [ResWin2] . (...) -- C:\Documents and Settings\Administrador\8d5X4v2i1Q8u5J\3i4y4Y.exe
O4 - HKUS\S-1-5-21-839522115-706699826-1417001333-500\..\Run: [SoftBrue] . (...) -- C:\Documents and Settings\Administrador\5b4v6W1w0B6U2q\6V2U6f.exe
O4 - HKUS\S-1-5-21-839522115-706699826-1417001333-500\..\Run: [7P0E6z5h4G] . (...) -- C:\Documents and Settings\Administrador\8d5X4v2i1Q8u5J\7P0E6z5h4G.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\ARQUIV~1\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\ARQUIV~1\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE336498-F551-472F-B473-08C6B527912E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CE336498-F551-472F-B473-08C6B527912E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{CE336498-F551-472F-B473-08C6B527912E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Arquivos de programas\GbPlugin\GbpSv.exe
~ Services: 4 Legitimates Filtered in 00mn 04s
---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\Web\Wallpaper\Alegria.bmp
O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\Web\Wallpaper\Alegria.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AutoKMS.job [266]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Logon para Notificação de Término de Serviço do Microsoft Windows XP.job [238]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Notificação Mensal de Término de Serviço do Microsoft Windows XP.job [232]
[MD5.07605ABEB10FC533881C91F19DECF69A] [APT] [AutoKMS] (...) -- C:\WINDOWS\AutoKMS\AutoKMS.exe [1923584] =>Trojan.Trojan.Keygen
~ Scheduled Task: 9 Legitimates Filtered in 00mn 00s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (InCDPass) . (. - .) - C:\WINDOWS\system32\drivers\InCDPass.sys (.not file.)
O41 - Driver: (InCDRm) . (. - .) - C:\WINDOWS\system32\drivers\InCDRm.sys (.not file.)
~ Drivers: 66 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: BB Token Admin Tool - (.Watchdata Technologies Pte., Ltd..) [HKLM] -- {95A34656-CD4A-45A0-BAB8-AB950EFCBEBF}
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
~ Logic: 23 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\GbAs]
[HKCU\Software\IminentToolbar] =>Adware.IMBooster
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\IminentToolbar] =>Adware.IMBooster
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\PIP]
[HKLM\Software\ZbshaLab]
~ Key Software: 240 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 18/3/2014 - 17:43:49 - [2,079] ----D C:\Arquivos de programas\Brazil
O43 - CFD: 13/3/2014 - 06:18:45 - [0] ----D C:\Arquivos de programas\IminentToolbar =>Adware.IMBooster
O43 - CFD: 22/2/2014 - 12:15:03 - [0,001] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 22/2/2014 - 12:14:28 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 17/3/2014 - 09:58:23 - [0,055] ----D C:\Arquivos de programas\Arquivos comuns\unpkcs11buf
O43 - CFD: 22/2/2014 - 15:47:31 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\APN
O43 - CFD: 27/2/2014 - 20:30:23 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess
O43 - CFD: 10/3/2014 - 06:11:14 - [0] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\IminentToolbar =>Adware.IMBooster
O43 - CFD: 12/3/2014 - 19:08:10 - [0,004] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\jollywallet
O43 - CFD: 22/2/2014 - 12:24:31 - [0,015] R---D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Acessórios
O43 - CFD: 12/3/2014 - 19:10:14 - [0] R---D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar
~ Program Folder: 95 Legitimates Filtered in 00mn 04s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.1B2C123211B73CC1FE41579A52858FE1] - 13/3/2014 - 21:46:49 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374]
O44 - LFC:[MD5.0670B43461BAD1B7F3E9DA977FF62862] - 13/3/2014 - 21:50:28 ---A- . (...) -- C:\WINDOWS\updspapi.log [47232]
O44 - LFC:[MD5.B95240D7D1FAAC5E8605047130E7DCA5] - 13/3/2014 - 21:50:35 ---A- . (...) -- C:\WINDOWS\msmqinst.log [209372]
O44 - LFC:[MD5.BA6CDA0959C400ECECAD268A5D1EC6B4] - 13/3/2014 - 21:50:37 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [645750]
O44 - LFC:[MD5.2FDE5988EC7EE627D41F85DC1A55536F] - 13/3/2014 - 21:50:37 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [45028]
O44 - LFC:[MD5.9697BCFAC5C58835AE2C53AF2DBE08C5] - 13/3/2014 - 21:50:37 ---A- . (...) -- C:\WINDOWS\msgsocm.log [32664]
O44 - LFC:[MD5.6E643FC331DFCA0DC606E7344A9F62D1] - 13/3/2014 - 21:50:37 ---A- . (...) -- C:\WINDOWS\netfxocm.log [114010]
O44 - LFC:[MD5.4D73919C681BD602D29200EDFDF1C73D] - 13/3/2014 - 21:50:37 ---A- . (...) -- C:\WINDOWS\ocgen.log [338302]
O44 - LFC:[MD5.53DFBDA66C0646D819C37DA01006FFF5] - 13/3/2014 - 21:50:38 ---A- . (...) -- C:\WINDOWS\comsetup.log [226814]
O44 - LFC:[MD5.FB48A6712704963FA8A5CD86436E2D57] - 13/3/2014 - 21:50:38 ---A- . (...) -- C:\WINDOWS\iis6.log [724487]
O44 - LFC:[MD5.C66808064E127611D857E88CB758CA48] - 13/3/2014 - 21:50:38 ---A- . (...) -- C:\WINDOWS\imsins.log [1374]
O44 - LFC:[MD5.01ECE6C002620E22EB26887BFC0F3823] - 13/3/2014 - 21:50:38 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [135089]
O44 - LFC:[MD5.8B45BFE9104A8F04ECB65A1E5A0A409B] - 13/3/2014 - 21:50:38 ---A- . (...) -- C:\WINDOWS\ocmsn.log [40048]
O44 - LFC:[MD5.609BC0FE9803091BC86F25FA5D3EF527] - 13/3/2014 - 21:50:38 ---A- . (...) -- C:\WINDOWS\tabletoc.log [33508]
O44 - LFC:[MD5.86E5490A295834EA35BB8906DBE0BB4B] - 13/3/2014 - 21:50:38 ---A- . (...) -- C:\WINDOWS\tsoc.log [300427]
O44 - LFC:[MD5.5839C1EC5E3DE2BF0FCE976BF2E0108F] - 19/3/2014 - 18:25:08 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.1113085A06EBEEB98EDF58157FB11BEC] - 19/3/2014 - 18:25:13 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.9D22D69BAB6D26310C5CE2EBE4057AB6] - 19/3/2014 - 18:25:15 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [664]
O44 - LFC:[MD5.053761268ACB7308DA218A17F9670345] - 5/3/2014 - 14:16:48 ---A- . (...) -- C:\WINDOWS\system32\TZLog.log [6716]
O44 - LFC:[MD5.BCA55EE786DA3191F004C42E0237D0C7] - 5/3/2014 - 14:21:31 ---A- . (...) -- C:\WINDOWS\wmsetup.log [4646]
O44 - LFC:[MD5.10B16B3CFD27E71A7A5A3A9B282C1A4E] - 5/3/2014 - 21:31:44 ---A- . (...) -- C:\WINDOWS\spupdsvc.log [8724]
O44 - LFC:[MD5.A91C16A58B990CF9EDA9750DA4C47270] - 5/3/2014 - 21:31:44 ---A- . (...) -- C:\WINDOWS\spupdsvc.log.1.log [227]
O44 - LFC:[MD5.ABFEAB7D839C72E22614B31C2AAF753C] - 9/3/2014 - 17:00:23 ---A- . (.No owner - Setup/Uninstall.) -- C:\WINDOWS\unins000.exe [1227465]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 9/3/2014 - 17:04:27 ---A- . (...) -- C:\LIL58.tmp [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 9/3/2014 - 17:04:27 ---A- . (...) -- C:\LIL59.tmp [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 9/3/2014 - 17:04:27 ---A- . (...) -- C:\LIL5A.tmp [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 9/3/2014 - 17:04:27 ---A- . (...) -- C:\LIL5B.tmp [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 9/3/2014 - 17:04:28 ---A- . (...) -- C:\LIL5C.tmp [0]
O44 - LFC:[MD5.E6E564544FDEEFB0C162B0A4D716F5B8] - 9/3/2014 - 17:11:28 ---A- . (...) -- C:\WINDOWS\unins000.dat [179607]
~ Files: 111 Legitimates Filtered in 00mn 13s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\ARQUIV~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMHelp"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.DA6675E1400D58412C93180F8651A9FB] - 5/9/2013 - 12:09:52 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.8F866DF9A974BFFDCB2001D303BC0695] - 8/5/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\WINDOWS\system32\Drivers\gbpkm.sys [49536]
O58 - SDL:[MD5.8FCA7D8A9C8AE5CC7BD1C2D06995DC8D] - 27/2/2014 - 20:25:48 ---A- . (.GAS Tecnologia - GAS Tecnologia - IM Helper Driver.) -- C:\WINDOWS\system32\Drivers\gbpndisrdn.sys [31448]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 14/4/2008 - 08:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 14/4/2008 - 08:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 27/8/2012 - 15:50:24 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\Drivers\ssmdrv.sys [28520]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 5/9/2013 - 12:09:52 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.912150FE88E79AFEE0BB72216FAB2617] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.19D4F0DAD3F393C13DE7F849ADE72EFE] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.86BB7AF2533B342B8E274590AD2190FA] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 5 Legitimates Filtered in 00mn 00s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 8/5/2013 - C:\WINDOWS\system32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 21/2/2014 - C:\Arquivos de programas\GbPlugin\GbpSv.exe (GbpSv) .(.GAS Tecnologia - G-Buster Browser Defense - Service.) - LEGACY_GBPSV
~ Legacy: 120 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - () - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {4C52E4A1-A2A2-4CCD-BB55-632595F57202} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.AC22A59FD4FE1922383C07B4C8BD5EDC] [SPRF][27/2/2014] (...) -- C:\Documents and Settings\Administrador\Dados de aplicativos\unins000.dat [20092]
[MD5.AD6E810B9CE3D8C0C1FF0203C68C6FA6] [SPRF][27/2/2014] (.No owner - Setup/Uninstall.) -- C:\Documents and Settings\Administrador\Dados de aplicativos\unins000.exe [720082]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS: Meus locais de rede - {208D2C60-3AEA-1069-A2D7-08002B30309D}
O92 - MNS: Opções de pasta - {6DFD7C5C-2451-11D3-A299-00C04F8EF6AF}
~ MNS: 4 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.10D0039F3574FF152C5D95BBF849BDC9] [WIS][25/2/2014] (.DeviceManagementQFolder - DeviceManagementQFolder.) -- C:\Windows\Installer\8c12b.msi [121344]
[MD5.9BBBDF7F92D453CB984BC20B979FBA7E] [WIS][25/2/2014] (.CustomerResearchQFolder - CustomerResearchQFolder.) -- C:\Windows\Installer\8c177.msi [121344]
~ WIS: 48 Legitimates Filtered in 00mn 04s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 14/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 22/2/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 28/2/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Arquivos de programas\Skype\Updater\Updater.exe
SR - | Auto 21/2/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Arquivos de programas\GbPlugin\GbpSv.exe
SR - | Demand 14/4/2008 14336 | C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\WINDOWS\system32\svchost.exe
SR - | Auto 14/4/2008 14336 | C:\Arquivos de programas\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\WINDOWS\system32\svchost.exe
SR - | Auto 27/2/2014 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SR - | Auto 17/12/2013 5341536 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Arquivos de programas\TeamViewer\Version9\TeamViewer_Service.exe
~ Services: Scanned in 00mn 04s
---\\ Scâner Aditional (088)
Database Version : 13031 - (19/3/2014)
Clés trouvées (Keys found) : 12
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 4
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\PIP] =>Toolbar.Ask
[HKCU\Software\Crossrider] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKLM\Software\Classes\Iminent] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\iminent] =>Adware.IMBooster
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:IminentMessenger =>Adware.IMBooster^
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{84FF7BD6-B47F-46F8-9130-01B2696B36CB} =>Adware.IMBooster
C:\Arquivos de programas\IminentToolbar =>Adware.IMBooster^
C:\Documents and Settings\Administrador\Dados de aplicativos\IminentToolbar =>Adware.IMBooster^
C:\WINDOWS\AutoKMS\AutoKMS.exe =>Trojan.Trojan.Keygen^
[HKCU\Software\IminentToolbar] =>Adware.IMBooster^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\IminentToolbar] =>Adware.IMBooster^
~ Additionnel Scan: 177195 Items scanned in 00mn 25s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrossRider
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BrowseFox
~ MSI: 5 link(s) detected in 00mn 25s
~ 792 Legitimates filtered by white list
End of the scan (539 lines in 01mn 17s)(0)
O computador liga e funciona normal, mas quando dou a função desligar
não desliga de forma alguma. tenho que desligar brutalmente, mas vai prejudicar o hd.
O que fazer?
~ Relatório do ZHPDiag v2014.3.19.15 - Nicolas Coolman (19/3/2014)
~ Iniciado por Administrador (19/3/2014 18:43:53)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found
---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 27.0.1 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
---\\ Softwares de proteçao do sistema
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 10 Plugin
Adobe Reader XI
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: x86 Family 15 Model 6 Stepping 4, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 959 MB (50% free)
System Restore: Activé (Enable)
System drive C: has 576 GB (97%) free of 588 GB
---\\ Modo de conexão ao sistema
~ Computer Name: HOME-PC
~ User Name: Administrador
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Administrador\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\Administrador\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\Administrador\Desktop\
~ %Favorites% : C:\Documents and Settings\Administrador\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\Administrador\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 576 Go of 588 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 343 Go of 344 Go)
F: Floppy drive, Flash card reader, USB Key (Free 6 Go of 7 Go)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.F4F91D2FD893463A59AABF7289989F96] - (.Microsoft Corporation - Internet Extensions for Win32.) (.24/2/2014 - 17:05:28.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.F6B7B1ECD7B41736BDB6FF4B092BCB79] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/8/2011 - 10:41:46.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.FB2FCCC70F7174C7BF64F48E96D3ADF4] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/7/2011 - 10:29:35.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [457856]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.5/9/2013 - 12:11:53.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 14:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 18:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/25
~ Mon Bureau (My Desktop) : 0/5
~ Menu demarrer (Programs) : 1/21
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.B99C37364701D19F2B5C0A0E1ECCDB80] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Arquivos de programas\GbPlugin\GbpSv.exe [519720] [PID.1112]
[MD5.B122D463C76E0305C6F0C76932969F62] - (.Microsoft Corporation - Servidor de gerenciamento de recursos do ca.) -- C:\WINDOWS\System32\SCardSvr.exe [99328] [PID.2016]
[MD5.0696D4A016718301D6374F90EA435A9B] - (...) -- C:\Documents and Settings\Administrador\8d5X4v2i1Q8u5J\7P0E6z5h4G.exe [3506688] [PID.536]
[MD5.F14219FC767F1383526AB423F278A8E3] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [210520] [PID.556]
[MD5.B9436A665A8621073A12338B16D7BFD4] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe [182696] [PID.780]
[MD5.DF4A7E1E2BA788E28747F1EF49692ED6] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Arquivos de programas\TeamViewer\Version9\TeamViewer_Service.exe [5341536] [PID.1612]
[MD5.358A9CCA612C68EB2F07DDAD4CE1D8D7] - (.Microsoft Corporation - Microsoft Office Software Protection Platfo.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.exe [4640000] [PID.2608]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.3048]
[MD5.FEDDD3579FEE51A9873D856DF3933C68] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe [151552] [PID.4080]
[MD5.15A1A88D97D440C735058CCF3F74A6EE] - (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe [94208] [PID.824]
[MD5.D9184C5FF3FD526761D518A95ABA74A3] - (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe [275568] [PID.3652]
[MD5.FF409C974A9AD58B82374DEEF6B44CBB] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe [18544] [PID.3176]
[MD5.AF9F5747805B0D152D6DB8D6CEF6DC95] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8360448] [PID.800]
~ Processes Running: Scanned in 00mn 01s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: (no name) - {D8278076-BC68-4484-9233-6E7F1628B56C} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 14 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll
~ BHO: 12 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [AllUsers]: BB Token Admin Tool.lnk . (.Beijing WatchData System C0.Ltd. - BB Token Admin Tool.) -- C:\Arquivos de programas\Brazil\Brazil USB token Tool\BBAdmintool.exe
O4 - GS\Desktop [AllUsers]: Comprar suprimentos HP.lnk . (...) -- C:\Arquivos de programas\HP\hpqSSupply.exe
O4 - GS\Desktop [AllUsers]: Ferramenta de Diagnóstico do BB Token.lnk . (.Watchdata Technologies Pte., Ltd. - BB Token Diagnostic Tool.) -- C:\Arquivos de programas\Brazil\Brazil USB token Tool\BB Token Diagnostic Tool.exe
O4 - GS\Desktop [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
~ Global Startup: 16 Legitimates Filtered in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard Co. - Hewlett-Packard Product Assistant.) -- C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [IminentMessenger] C:\Arquivos de programas\Iminent\Iminent.Messengers.exe (.not file.) =>Adware.IMBooster
O4 - HKLM\..\Run: [wdbraz_certm] . (. Beijing WatchData System Co., Ltd. - WatchSAFE Background v3.4.) -- C:\WINDOWS\System32\WatchData\Watchdata Brazil CSP v1.0\BBCertM32.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Arquivos de programas\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [8d5X4v] C:\Documents and Settings\Administrador\8d5X4v2i1Q8u5J\8d5X4v.exe (.not file.)
O4 - HKCU\..\Run: [ResWin2] . (...) -- C:\Documents and Settings\Administrador\8d5X4v2i1Q8u5J\3i4y4Y.exe
O4 - HKCU\..\Run: [SoftBrue] . (...) -- C:\Documents and Settings\Administrador\5b4v6W1w0B6U2q\6V2U6f.exe
O4 - HKCU\..\Run: [7P0E6z5h4G] . (...) -- C:\Documents and Settings\Administrador\8d5X4v2i1Q8u5J\7P0E6z5h4G.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] Chave orfã
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] Chave orfã
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] Chave orfã
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] Chave orfã
O4 - HKUS\S-1-5-21-839522115-706699826-1417001333-500\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-839522115-706699826-1417001333-500\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Arquivos de programas\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-839522115-706699826-1417001333-500\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-839522115-706699826-1417001333-500\..\Run: [8d5X4v] C:\Documents and Settings\Administrador\8d5X4v2i1Q8u5J\8d5X4v.exe (.not file.)
O4 - HKUS\S-1-5-21-839522115-706699826-1417001333-500\..\Run: [ResWin2] . (...) -- C:\Documents and Settings\Administrador\8d5X4v2i1Q8u5J\3i4y4Y.exe
O4 - HKUS\S-1-5-21-839522115-706699826-1417001333-500\..\Run: [SoftBrue] . (...) -- C:\Documents and Settings\Administrador\5b4v6W1w0B6U2q\6V2U6f.exe
O4 - HKUS\S-1-5-21-839522115-706699826-1417001333-500\..\Run: [7P0E6z5h4G] . (...) -- C:\Documents and Settings\Administrador\8d5X4v2i1Q8u5J\7P0E6z5h4G.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\ARQUIV~1\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\ARQUIV~1\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE336498-F551-472F-B473-08C6B527912E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CE336498-F551-472F-B473-08C6B527912E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{CE336498-F551-472F-B473-08C6B527912E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Arquivos de programas\GbPlugin\GbpSv.exe
~ Services: 4 Legitimates Filtered in 00mn 04s
---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\Web\Wallpaper\Alegria.bmp
O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\Web\Wallpaper\Alegria.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AutoKMS.job [266]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Logon para Notificação de Término de Serviço do Microsoft Windows XP.job [238]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Notificação Mensal de Término de Serviço do Microsoft Windows XP.job [232]
[MD5.07605ABEB10FC533881C91F19DECF69A] [APT] [AutoKMS] (...) -- C:\WINDOWS\AutoKMS\AutoKMS.exe [1923584] =>Trojan.Trojan.Keygen
~ Scheduled Task: 9 Legitimates Filtered in 00mn 00s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (InCDPass) . (. - .) - C:\WINDOWS\system32\drivers\InCDPass.sys (.not file.)
O41 - Driver: (InCDRm) . (. - .) - C:\WINDOWS\system32\drivers\InCDRm.sys (.not file.)
~ Drivers: 66 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: BB Token Admin Tool - (.Watchdata Technologies Pte., Ltd..) [HKLM] -- {95A34656-CD4A-45A0-BAB8-AB950EFCBEBF}
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
~ Logic: 23 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\GbAs]
[HKCU\Software\IminentToolbar] =>Adware.IMBooster
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\IminentToolbar] =>Adware.IMBooster
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\PIP]
[HKLM\Software\ZbshaLab]
~ Key Software: 240 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 18/3/2014 - 17:43:49 - [2,079] ----D C:\Arquivos de programas\Brazil
O43 - CFD: 13/3/2014 - 06:18:45 - [0] ----D C:\Arquivos de programas\IminentToolbar =>Adware.IMBooster
O43 - CFD: 22/2/2014 - 12:15:03 - [0,001] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 22/2/2014 - 12:14:28 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 17/3/2014 - 09:58:23 - [0,055] ----D C:\Arquivos de programas\Arquivos comuns\unpkcs11buf
O43 - CFD: 22/2/2014 - 15:47:31 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\APN
O43 - CFD: 27/2/2014 - 20:30:23 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess
O43 - CFD: 10/3/2014 - 06:11:14 - [0] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\IminentToolbar =>Adware.IMBooster
O43 - CFD: 12/3/2014 - 19:08:10 - [0,004] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\jollywallet
O43 - CFD: 22/2/2014 - 12:24:31 - [0,015] R---D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Acessórios
O43 - CFD: 12/3/2014 - 19:10:14 - [0] R---D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar
~ Program Folder: 95 Legitimates Filtered in 00mn 04s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.1B2C123211B73CC1FE41579A52858FE1] - 13/3/2014 - 21:46:49 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374]
O44 - LFC:[MD5.0670B43461BAD1B7F3E9DA977FF62862] - 13/3/2014 - 21:50:28 ---A- . (...) -- C:\WINDOWS\updspapi.log [47232]
O44 - LFC:[MD5.B95240D7D1FAAC5E8605047130E7DCA5] - 13/3/2014 - 21:50:35 ---A- . (...) -- C:\WINDOWS\msmqinst.log [209372]
O44 - LFC:[MD5.BA6CDA0959C400ECECAD268A5D1EC6B4] - 13/3/2014 - 21:50:37 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [645750]
O44 - LFC:[MD5.2FDE5988EC7EE627D41F85DC1A55536F] - 13/3/2014 - 21:50:37 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [45028]
O44 - LFC:[MD5.9697BCFAC5C58835AE2C53AF2DBE08C5] - 13/3/2014 - 21:50:37 ---A- . (...) -- C:\WINDOWS\msgsocm.log [32664]
O44 - LFC:[MD5.6E643FC331DFCA0DC606E7344A9F62D1] - 13/3/2014 - 21:50:37 ---A- . (...) -- C:\WINDOWS\netfxocm.log [114010]
O44 - LFC:[MD5.4D73919C681BD602D29200EDFDF1C73D] - 13/3/2014 - 21:50:37 ---A- . (...) -- C:\WINDOWS\ocgen.log [338302]
O44 - LFC:[MD5.53DFBDA66C0646D819C37DA01006FFF5] - 13/3/2014 - 21:50:38 ---A- . (...) -- C:\WINDOWS\comsetup.log [226814]
O44 - LFC:[MD5.FB48A6712704963FA8A5CD86436E2D57] - 13/3/2014 - 21:50:38 ---A- . (...) -- C:\WINDOWS\iis6.log [724487]
O44 - LFC:[MD5.C66808064E127611D857E88CB758CA48] - 13/3/2014 - 21:50:38 ---A- . (...) -- C:\WINDOWS\imsins.log [1374]
O44 - LFC:[MD5.01ECE6C002620E22EB26887BFC0F3823] - 13/3/2014 - 21:50:38 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [135089]
O44 - LFC:[MD5.8B45BFE9104A8F04ECB65A1E5A0A409B] - 13/3/2014 - 21:50:38 ---A- . (...) -- C:\WINDOWS\ocmsn.log [40048]
O44 - LFC:[MD5.609BC0FE9803091BC86F25FA5D3EF527] - 13/3/2014 - 21:50:38 ---A- . (...) -- C:\WINDOWS\tabletoc.log [33508]
O44 - LFC:[MD5.86E5490A295834EA35BB8906DBE0BB4B] - 13/3/2014 - 21:50:38 ---A- . (...) -- C:\WINDOWS\tsoc.log [300427]
O44 - LFC:[MD5.5839C1EC5E3DE2BF0FCE976BF2E0108F] - 19/3/2014 - 18:25:08 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.1113085A06EBEEB98EDF58157FB11BEC] - 19/3/2014 - 18:25:13 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.9D22D69BAB6D26310C5CE2EBE4057AB6] - 19/3/2014 - 18:25:15 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [664]
O44 - LFC:[MD5.053761268ACB7308DA218A17F9670345] - 5/3/2014 - 14:16:48 ---A- . (...) -- C:\WINDOWS\system32\TZLog.log [6716]
O44 - LFC:[MD5.BCA55EE786DA3191F004C42E0237D0C7] - 5/3/2014 - 14:21:31 ---A- . (...) -- C:\WINDOWS\wmsetup.log [4646]
O44 - LFC:[MD5.10B16B3CFD27E71A7A5A3A9B282C1A4E] - 5/3/2014 - 21:31:44 ---A- . (...) -- C:\WINDOWS\spupdsvc.log [8724]
O44 - LFC:[MD5.A91C16A58B990CF9EDA9750DA4C47270] - 5/3/2014 - 21:31:44 ---A- . (...) -- C:\WINDOWS\spupdsvc.log.1.log [227]
O44 - LFC:[MD5.ABFEAB7D839C72E22614B31C2AAF753C] - 9/3/2014 - 17:00:23 ---A- . (.No owner - Setup/Uninstall.) -- C:\WINDOWS\unins000.exe [1227465]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 9/3/2014 - 17:04:27 ---A- . (...) -- C:\LIL58.tmp [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 9/3/2014 - 17:04:27 ---A- . (...) -- C:\LIL59.tmp [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 9/3/2014 - 17:04:27 ---A- . (...) -- C:\LIL5A.tmp [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 9/3/2014 - 17:04:27 ---A- . (...) -- C:\LIL5B.tmp [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 9/3/2014 - 17:04:28 ---A- . (...) -- C:\LIL5C.tmp [0]
O44 - LFC:[MD5.E6E564544FDEEFB0C162B0A4D716F5B8] - 9/3/2014 - 17:11:28 ---A- . (...) -- C:\WINDOWS\unins000.dat [179607]
~ Files: 111 Legitimates Filtered in 00mn 13s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\ARQUIV~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMHelp"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.DA6675E1400D58412C93180F8651A9FB] - 5/9/2013 - 12:09:52 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.8F866DF9A974BFFDCB2001D303BC0695] - 8/5/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\WINDOWS\system32\Drivers\gbpkm.sys [49536]
O58 - SDL:[MD5.8FCA7D8A9C8AE5CC7BD1C2D06995DC8D] - 27/2/2014 - 20:25:48 ---A- . (.GAS Tecnologia - GAS Tecnologia - IM Helper Driver.) -- C:\WINDOWS\system32\Drivers\gbpndisrdn.sys [31448]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 14/4/2008 - 08:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 14/4/2008 - 08:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 27/8/2012 - 15:50:24 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\Drivers\ssmdrv.sys [28520]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 5/9/2013 - 12:09:52 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.912150FE88E79AFEE0BB72216FAB2617] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.19D4F0DAD3F393C13DE7F849ADE72EFE] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.86BB7AF2533B342B8E274590AD2190FA] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 5 Legitimates Filtered in 00mn 00s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 8/5/2013 - C:\WINDOWS\system32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 21/2/2014 - C:\Arquivos de programas\GbPlugin\GbpSv.exe (GbpSv) .(.GAS Tecnologia - G-Buster Browser Defense - Service.) - LEGACY_GBPSV
~ Legacy: 120 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - () - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {4C52E4A1-A2A2-4CCD-BB55-632595F57202} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.AC22A59FD4FE1922383C07B4C8BD5EDC] [SPRF][27/2/2014] (...) -- C:\Documents and Settings\Administrador\Dados de aplicativos\unins000.dat [20092]
[MD5.AD6E810B9CE3D8C0C1FF0203C68C6FA6] [SPRF][27/2/2014] (.No owner - Setup/Uninstall.) -- C:\Documents and Settings\Administrador\Dados de aplicativos\unins000.exe [720082]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS: Meus locais de rede - {208D2C60-3AEA-1069-A2D7-08002B30309D}
O92 - MNS: Opções de pasta - {6DFD7C5C-2451-11D3-A299-00C04F8EF6AF}
~ MNS: 4 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.10D0039F3574FF152C5D95BBF849BDC9] [WIS][25/2/2014] (.DeviceManagementQFolder - DeviceManagementQFolder.) -- C:\Windows\Installer\8c12b.msi [121344]
[MD5.9BBBDF7F92D453CB984BC20B979FBA7E] [WIS][25/2/2014] (.CustomerResearchQFolder - CustomerResearchQFolder.) -- C:\Windows\Installer\8c177.msi [121344]
~ WIS: 48 Legitimates Filtered in 00mn 04s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 14/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 22/2/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 28/2/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Arquivos de programas\Skype\Updater\Updater.exe
SR - | Auto 21/2/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Arquivos de programas\GbPlugin\GbpSv.exe
SR - | Demand 14/4/2008 14336 | C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\WINDOWS\system32\svchost.exe
SR - | Auto 14/4/2008 14336 | C:\Arquivos de programas\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\WINDOWS\system32\svchost.exe
SR - | Auto 27/2/2014 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SR - | Auto 17/12/2013 5341536 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Arquivos de programas\TeamViewer\Version9\TeamViewer_Service.exe
~ Services: Scanned in 00mn 04s
---\\ Scâner Aditional (088)
Database Version : 13031 - (19/3/2014)
Clés trouvées (Keys found) : 12
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 4
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\PIP] =>Toolbar.Ask
[HKCU\Software\Crossrider] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKLM\Software\Classes\Iminent] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\iminent] =>Adware.IMBooster
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:IminentMessenger =>Adware.IMBooster^
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{84FF7BD6-B47F-46F8-9130-01B2696B36CB} =>Adware.IMBooster
C:\Arquivos de programas\IminentToolbar =>Adware.IMBooster^
C:\Documents and Settings\Administrador\Dados de aplicativos\IminentToolbar =>Adware.IMBooster^
C:\WINDOWS\AutoKMS\AutoKMS.exe =>Trojan.Trojan.Keygen^
[HKCU\Software\IminentToolbar] =>Adware.IMBooster^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\IminentToolbar] =>Adware.IMBooster^
~ Additionnel Scan: 177195 Items scanned in 00mn 25s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrossRider
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BrowseFox
~ MSI: 5 link(s) detected in 00mn 25s
~ 792 Legitimates filtered by white list
End of the scan (539 lines in 01mn 17s)(0)
Última edição por Janete de Cássia Carvalho em Qua 19 Mar 2014, 18:50, editado 1 vez(es)
Janete de Cássia Carvalho- Membro
- Mensagens : 54
Reputação : 2
Data de inscrição : 16/10/2013
Idade : 44
Localização : Gameleira de Goiás
Re: PC NÃO DESLIGA
por Power Max Qua 19 Mar 2014, 17:45
Olá Janete. Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: PC NÃO DESLIGA
por Power Max Sáb 05 Abr 2014, 16:58
TÓPICO ARQUIVADO
Como a autora não respondeu por mais de 15 dias, o tópico foi arquivado. Caso a autora do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Como a autora não respondeu por mais de 15 dias, o tópico foi arquivado. Caso a autora do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Tópicos semelhantes» Avg....desliga sozinho o pc
» Pc desliga toda hora
» Wxteste.exe meu pc ñ desliga
» NAVEGADOR DESLIGA
» Meu pc desliga sozino
» Pc desliga toda hora
» Wxteste.exe meu pc ñ desliga
» NAVEGADOR DESLIGA
» Meu pc desliga sozino
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|