Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking reddit  Social bookmarking google      

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14523 usuários registrados
O último usuário registrado atende pelo nome de Fabio Oliveira

Os nossos membros postaram um total de 35500 mensagens em 3607 assuntos
Últimos assuntos
» PC Gamer (Sugestão)
por graftt Ontem à(s) 08:31

Quem está conectado
Não há nenhum usuário online :: Nenhum usuário registrado, Nenhum Invisível e nenhuma Visita :: 2 Motores de busca

Nenhum

O recorde de usuários online foi de 163 em Seg 02 Set 2019, 16:28
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Abril 2020
SegTerQuaQuiSexSabDom
  12345
6789101112
13141516171819
20212223242526
27282930   

Calendário Calendário


Computador infectado por malwares

Ir em baixo

Computador infectado por malwares Empty Computador infectado por malwares

Mensagem por pamonha em Ter 13 Maio 2014, 23:08

Boa noite,

Por gentileza, necessito de ajuda urgente para me livrar dos caronistas indesejáveis  "istart.webssearches.com",  "22.find" e possivelmente muitos outros. A Internet Explorer não responde, navegação péssima e vídeos não abrem. Aproveito para postar o log gerado pelo ZHPDiag. Meu muito obrigado.


~ Relatório do ZHPDiag v2014.5.13.62 - Nicolas Coolman  (13/05/2014)
~ Iniciado por Haroldo (13/05/2014 22:40:51)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Blog de análise de software : [Você precisa estar registrado e conectado para ver este link.]
~ Fóruns de suporte gratuito para desinfecção : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17105
MFIE: Mozilla Firefox 29.0.1
GCIE: Google Chrome v34.0.1847.131 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.13

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3766.8 MB (66% free)
System Restore: Activé (Enable)
System drive C: has 80 GB (42%) free of 187 GB

---\\ Modo de conexão ao sistema
~ Computer Name: HAROLDO-PC
~ User Name: Haroldo
~ All Users Names: HomeGroupUser$, Haroldo, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Haroldo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Haroldo\AppData\Roaming\
~ %Desktop% : C:\Users\Haroldo\Desktop\
~ %Favorites% : C:\Users\Haroldo\Favorites\
~ %LocalAppData% : C:\Users\Haroldo\AppData\Local\
~ %StartMenu% : C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 80 Go of 187 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 94 Go of 98 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 03:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 10:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 08:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/348
~ Mes musiques (My Musics) : 1/44
~ Mes Videos (My Videos) : 1/910
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/386
~ Mon Bureau (My Desktop) : 1/51
~ Menu demarrer (Programs) : 1/41
~ Hidden Files:  Scanned in 00mn 05s



---\\ Processos lançados
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe   [532040] [PID.2232]
[MD5.07322C7B12AF81F00AC248190BBF69BE] - (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe   [100200] [PID.3712]
[MD5.EAA666E9DD8DCDA6E075087091CB85EE] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe   [275072] [PID.3852]
[MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe   [3873704] [PID.3944]
[MD5.EBE6AD4AE1CB00559C10B206225673F8] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\Dropbox.exe   [33604728] [PID.2464]
[MD5.AB47E7B4E19B3776681697EAB1937999] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [7874560] [PID.4532]
[MD5.ED5501CBCA525947FF6985B38253B872] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe   [520520] [PID.888]
[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe   [50344] [PID.1424]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe   [418376] [PID.2884]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe   [701512] [PID.3024]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe   [39056] [PID.2088]
~ Processes Running:  Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] [Você precisa estar registrado e conectado para ver este link.]  =>Hijacker.WebsSearches
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nnjbodopomfddehlalfilheomcahbpei] GBBD Caixa Economica Federal v.3.2.0 (Désactivé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 19 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\se6rb103.default\prefs.js
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\se6rb103.default\user.js
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\tvtiqzcf.default\prefs.js
M3 - MFPP: Plugins - [Haroldo] -- C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins\Web Search.xml  =>Parasite.Pugi
M3 - MFPP: Plugins - [Haroldo] -- C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins\yahoo_ff.xml
M3 - MFPP: Plugins - [Haroldo] -- C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\se6rb103.default\searchplugins\Web Search.xml  =>Parasite.Pugi
M3 - MFPP: Plugins - [Haroldo] -- C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\se6rb103.default\searchplugins\yahoo_ff.xml
M3 - MFPP: Plugins - [Haroldo] -- C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\tvtiqzcf.default\searchplugins\Web Search.xml  =>Parasite.Pugi
M3 - MFPP: Plugins - [Haroldo] -- C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\tvtiqzcf.default\searchplugins\yahoo_ff.xml
M2 - MFEP: prefs.js [Haroldo - extensions\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (..)
M2 - MFEP: prefs.js [Haroldo - se6rb103.default\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (..)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]  =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]  =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Você precisa estar registrado e conectado para ver este link.]  =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Você precisa estar registrado e conectado para ver este link.]  =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = [Você precisa estar registrado e conectado para ver este link.]  =>PUP.CertifiedToolbar
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]  =>Hijacker.WebsSearches
~ IE Browser: 20 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Bnb [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540014} . (.Banco do Nordeste do Brasil S.A. - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehbnb.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! EasyPass Toolbar - [HKLM]{724d43a0-0d85-11d4-9908-00400523e39a} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{724D43A0-0D85-11D4-9908-00400523E39A} Chave orfã
~ Toolbar:  Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Você precisa estar registrado e conectado para ver este link.]  =>Hijacker.WebsSearches
O4 - GS\QuickLaunch [Haroldo]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [Você precisa estar registrado e conectado para ver este link.]  =>Hijacker.WebsSearches
O4 - GS\SystemTools [Haroldo]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [Você precisa estar registrado e conectado para ver este link.]  =>Hijacker.WebsSearches
~ Global Startup: 3 Legitimates Filtered in 00mn 02s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKCU\..\Run: [RoboForm] . (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [hpqSRMon] . (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-21-1335456900-3083802626-1046228050-1000\..\Run: [RoboForm] . (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
~ Application:  Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Preencher [64Bits] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Salvar Formulários [64Bits] - {320AF880-6646-11D3-ABEE-C5DBF3571F49} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show avast! EasyPass Toolbar [64Bits] - {724d43aa-0d85-11d4-9908-00400523e39a} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bnb.gov.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
~ IE Zone Confiance:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{47BE1B23-3286-49C2-87A8-F2F3ECF40FEC}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1  =>.Google DNS Redirections
O17 - HKLM\System\CCS\Services\Tcpip\..\{5514D2E1-AE6A-4A5E-B596-549D02E4412F}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{B13A2361-A94E-49A9-9358-11CB6DFB0E28}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC75A982-D557-4909-BCDC-8BFEC9234D33}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{B22F580E-0A76-4D84-8996-8FCFD5F84A25}: DhcpNameServer = 192.168.1.1 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{47BE1B23-3286-49C2-87A8-F2F3ECF40FEC}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1  =>.Google DNS Redirections
O17 - HKLM\System\CS1\Services\Tcpip\..\{5514D2E1-AE6A-4A5E-B596-549D02E4412F}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{B13A2361-A94E-49A9-9358-11CB6DFB0E28}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{EC75A982-D557-4909-BCDC-8BFEC9234D33}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{B22F580E-0A76-4D84-8996-8FCFD5F84A25}: DhcpNameServer = 192.168.1.1 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{47BE1B23-3286-49C2-87A8-F2F3ECF40FEC}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1  =>.Google DNS Redirections
O17 - HKLM\System\CS2\Services\Tcpip\..\{5514D2E1-AE6A-4A5E-B596-549D02E4412F}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{B13A2361-A94E-49A9-9358-11CB6DFB0E28}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{EC75A982-D557-4909-BCDC-8BFEC9234D33}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{B22F580E-0A76-4D84-8996-8FCFD5F84A25}: DhcpNameServer = 192.168.1.1 8.8.8.8
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe  =>Hijacker.Office
~ Services: 10 Legitimates Filtered in 00mn 06s



---\\ Tarefas planificadas automaticamente (039)
[MD5.DD17B734F49DED3147D99918EDA0839B] [APT] [{53A6980A-BA36-4FD5-96D0-1F97A82B64DE}] (.Serpro - Serviço Federal de Processamento d.) -- C:\Users\Haroldo\Downloads\Receitanet-1.04.exe   [6182597]
[MD5.A33B6492086D1F03CCB029BCF39132C3] [APT] [{630983C1-05B8-4F20-86CD-8D4CBB21A9B6}] (...) -- C:\Arquivos de Programas RFB\IRPF2013\IRPF2013.exe   [31232]
[MD5.27902E96B1E4661AB91F98434E408357] [APT] [{98FB337E-089B-4AAB-9FA2-ECF4075B703E}] (...) -- C:\Users\Haroldo\Downloads\ReceitanetJava2010.02d_setup_win32.exe   [3798462]
[MD5.A92E34B28D6125E14DA74484E58EC410] [APT] [{C6BA3CFF-5A65-409E-ABD3-40CDCF2FE6C3}] (...) -- C:\Program Files (x86)\Java\j2re1.4.2_05\javaws\javaws.exe   [135168]
[MD5.75527EA7A3B425057B56A6ED32235A49] [APT] [{CC33EF03-81DA-46CE-A364-A88BF0933152}] (.CAIXA.) -- C:\Users\Haroldo\Downloads\iGBPCEFsf.exe   [2546504]
[MD5.A92E34B28D6125E14DA74484E58EC410] [APT] [{DB832CA8-2708-4467-8026-9429EC8018AA}] (...) -- C:\Program Files (x86)\Java\j2re1.4.2_05\javaws\javaws.exe   [135168]
[MD5.A92E34B28D6125E14DA74484E58EC410] [APT] [{F4AAB967-B985-4618-93A9-47D6C488AB70}] (...) -- C:\Program Files (x86)\Java\j2re1.4.2_05\javaws\javaws.exe   [135168]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [902]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore   [1066]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA   [1070]
~ Scheduled Task: 35 Legitimates Filtered in 00mn 06s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver:  (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver:  (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver:  (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver:  (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 90 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Codec Pack Packages - (...) [HKCU][64Bits] -- Codec Pack Packages
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva  - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva  - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: RegUtility version 4.1 - (...) [HKLM][64Bits] -- RegUtility_is1
O42 - Logiciel: webssearches uninstaller - (.webssearches.) [HKLM][64Bits] -- webssearches uninstaller  =>Hijacker.WebsSearches
~ Logic: 25 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\5Oftwares]
[HKCU\Software\Baidu Security]  =>Adware.BDSearch
[HKCU\Software\Baidu]  =>Adware.BDSearch
[HKCU\Software\Baixou Agora]
[HKCU\Software\GbAs]
[HKCU\Software\MiniGet]
[HKCU\Software\Pro-SoftNet]
[HKCU\Software\SERPRO]
[HKCU\Software\WeDlMngr]  =>PUP.weDownloadManager
[HKCU\Software\Zugara Investment]
[HKLM\Software\Baidu Security]  =>Adware.BDSearch
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security]  =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Deskmedia]
[HKLM\Software\Wow6432Node\IncrediMail]
[HKLM\Software\Wow6432Node\OnLineTV Toolbar]
[HKLM\Software\Wow6432Node\Programas RFB]
[HKLM\Software\Wow6432Node\Wpm]  =>PUP.WpManager
[HKLM\Software\Wow6432Node\baidu]  =>Adware.BDSearch
[HKLM\Software\Wow6432Node\supTab]  =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM]  =>PUP.WpManager
~ Key Software: 334 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/05/2014 - 16:22:29 - [] ----D C:\Program Files (x86)\Baidu Security  =>Adware.BDSearch
O43 - CFD: 04/05/2014 - 05:11:34 - [] ----D C:\Program Files (x86)\iSafe  =>Trojan.Staser
O43 - CFD: 30/04/2014 - 02:13:22 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 08/05/2014 - 15:06:39 - [0] ----D C:\Program Files (x86)\RBM
O43 - CFD: 21/04/2014 - 16:04:23 - [] ----D C:\Program Files (x86)\RegUtility
O43 - CFD: 04/05/2014 - 05:54:03 - [] ----D C:\Program Files (x86)\Common Files\Spigot  =>PUP.Dealio
O43 - CFD: 08/05/2014 - 16:22:46 - [] ----D C:\ProgramData\baidu  =>Adware.BDSearch
O43 - CFD: 08/05/2014 - 16:22:54 - [] ----D C:\ProgramData\Baidu Security  =>Adware.BDSearch
O43 - CFD: 11/02/2013 - 05:05:38 - [] ----D C:\ProgramData\IDriveSync
O43 - CFD: 04/05/2014 - 05:53:51 - [] ----D C:\ProgramData\ProductData
O43 - CFD: 01/05/2014 - 06:37:33 - [0] ----D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
O43 - CFD: 08/05/2014 - 16:23:09 - [] ----D C:\Users\Haroldo\AppData\Roaming\baidu  =>Adware.BDSearch
O43 - CFD: 12/02/2013 - 05:24:58 - [] ----D C:\Users\Haroldo\AppData\Roaming\IDriveSync
O43 - CFD: 04/05/2014 - 05:53:48 - [] ----D C:\Users\Haroldo\AppData\Roaming\iSafe  =>Trojan.Staser
O43 - CFD: 16/03/2013 - 02:22:48 - [] ----D C:\Users\Haroldo\AppData\Roaming\PCF
O43 - CFD: 09/05/2014 - 20:28:20 - [0] ----D C:\Users\Haroldo\AppData\Roaming\SupTab  =>PUP.SupTab
O43 - CFD: 22/06/2013 - 14:34:40 - [] ----D C:\Users\Haroldo\AppData\Local\{35A3A4F2-B792-11D6-A78A-00B0D0142050}
O43 - CFD: 12/04/2013 - 12:23:40 - [] ----D C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 08/04/2014 - 21:44:28 - [] ----D C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 237 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.E72C7B5A855EB4FFA704E23B8BFFD0BD] - 01/05/2014 - 07:14:32 ---A- . (...) -- C:\log.txt   [10058]
O44 - LFC:[MD5.6397F2BC53C0084EAF424AA8051847CB] - 05/05/2014 - 02:36:04 ---A- . (...) -- C:\Windows\hpoins46.dat   [209789]
O44 - LFC:[MD5.D46D074B8BF3F42AB0820C49AD760823] - 08/05/2014 - 01:50:34 ---A- . (...) -- C:\AVScanner.ini   [426]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 08/05/2014 - 15:06:35 ---A- . (...) -- C:\END   [0]
O44 - LFC:[MD5.063D42714689B92821BE4CED71143D85] - 09/05/2014 - 04:23:29 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [157112]
O44 - LFC:[MD5.09229392AC7565BDE1589AB7332E6811] - 09/05/2014 - 04:23:29 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [739280]
O44 - LFC:[MD5.3B7E13C2CFD23F120AE02568475BAA17] - 09/05/2014 - 20:45:22 ---A- . (...) -- C:\PureRa.txt   [15448]
O44 - LFC:[MD5.4B81FE3868B5FDB855DEC57EAAA3FD96] - 13/05/2014 - 04:43:15 ---A- . (...) -- C:\Windows\IE11_main.log   [1344]
O44 - LFC:[MD5.3A5689806424CE911443ACAA0C735E9D] - 29/04/2014 - 01:11:45 ---A- . (...) -- C:\zoek-results2014-04-29-041145.log   [35906]
O44 - LFC:[MD5.54F3CBBBA70F48526D3AEA0CEBA92D34] - 30/04/2014 - 02:13:24 ---A- . (...) -- C:\Windows\REC-NET.INI   [176]
O44 - LFC:[MD5.BB3A34E78DBDB0D2575D7BFF58497B7F] - 30/04/2014 - 03:02:50 ---A- . (...) -- C:\zoek-results.log   [34811]
~ Files: 30 Legitimates Filtered in 00mn 30s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\VDownloader  [Key] . (.Vitzo - VDownloader.) -- C:\Program Files\VDownloader\VDownloader.exe
~ SMSR Keys: 13 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys   [289952]
O58 - SDL:25/04/2014 - 02:45:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys   [29208]  =>.ALWIL Software
O58 - SDL:25/04/2014 - 02:45:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys   [65776]  =>.ALWIL Software
O58 - SDL:25/04/2014 - 02:45:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys   [208416]  =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [24656]
O58 - SDL:13/03/2014 - 23:34:01 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys   [31088]
~ Drivers: 64 Legitimates Filtered in 00mn 10s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 25/04/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 110 Legitimates Filtered in 00mn 01s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\Haroldo\AppData\Local\Beamrise\Application\beamrise.exe (.not file.)  =>Hijacker.Beamrise
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: prefs.js [Haroldo - extensions] user_pref("browser.search.defaultengine", "Web Search");
O69 - SBI: prefs.js [Haroldo - extensions] user_pref("browser.search.defaultenginename", "Web Search");
O69 - SBI: prefs.js [Haroldo - extensions] user_pref("browser.search.order.1", "Web Search");
O69 - SBI: prefs.js [Haroldo - se6rb103.default] user_pref("browser.search.defaultengine", "Web Search");
O69 - SBI: prefs.js [Haroldo - se6rb103.default] user_pref("browser.search.defaultenginename", "Web Search");
O69 - SBI: prefs.js [Haroldo - se6rb103.default] user_pref("browser.search.order.1", "Web Search");
O69 - SBI: SearchScopes [HKCU] {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} - (Microsoft (Bing)) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {9B59A51A-D2A2-4198-AB33-FB4AC652A274} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} [DefaultScope] - (Web Search) - [Você precisa estar registrado e conectado para ver este link.]  =>PUP.CertifiedToolbar
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.B6A2B5F3230000E417EF9277D96E0E11] [SPRF][21/04/2014] (...) -- C:\Users\Haroldo\Desktop\hppiw.exe   [2338824]
[MD5.AB112C0AEA9B839CD176595746344C39] [SPRF][22/04/2014] (...) -- C:\Users\Haroldo\Desktop\HPPSdr.exe   [6598344]
[MD5.54A09129F5DF69BBBA3095894DF6788C] [SPRF][02/08/2013] (.No owner - K-Lite Codec Pack Setup.) -- C:\Users\Haroldo\Desktop\K-Lite_Codec_Pack_975_Standard.exe   [14153812]
[MD5.16C317F08A0E24F8A059192F3AB7BC7B] [SPRF][11/04/2014] (...) -- C:\Users\Haroldo\Desktop\SUP_S922_V1.09.11830_20140411-maz.bin   [3169264]
[MD5.EB337CDFA1E9B69F951A75631D2B484E] [SPRF][09/06/2010] (.No owner - GbpDist Module.) -- C:\Windows\Downloaded Program Files\gbpdist.dll   [113192]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\deskSvc_RASAPI32  =>Hijacker.22Find
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\deskSvc_RASMANCS  =>Hijacker.22Find
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\hometab_RASAPI32  =>PUP.CertifiedToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\hometab_RASMANCS  =>PUP.CertifiedToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSpeedMaximizer_RASAPI32  =>Rogue.PCSpeedMaximizer
~ BTK: 489 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 21/12/2013 65432 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 08/05/2014 257712 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 13/07/2012 136176 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/07/2012 136176 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17/08/2012 194032 |  (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 10/07/1658 0 |  (HOSTS Anti-PUPs) . (...) - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe
SS - | Auto 17/12/2013 46904 |  (HPSupportSolutionsFrameworkService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
SS - | Demand 21/02/2014 641352 |  (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 10/07/1658 0 |  (KMService) . (...) - C:\Windows\system32\srvany.exe  =>Hijacker.Office
SS - | Demand 11/05/2014 119408 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Disabled 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SR - | Auto 25/04/2014 50344 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 21/09/2009 1420560 |  (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 26/02/2014 520520 |  (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Demand 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 04/04/2013 418376 |  (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 |  (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 14/08/2013 39056 |  (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 21/09/2009 831760 |  (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 14/05/2010 249136 |  (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Demand 10/07/1658 1255736 |  (WatAdminSvc) . (...) - C:\Windows\System32\Wat\WatAdminSvc.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 08s



---\\ Scâner Aditional (088)
Database Version : 13045 - (13/05/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 3
Dossiers trouvés  (Folders found) : 11
Fichiers trouvés  (Files found) : 9

[HKLM\SYSTEM\CurrentControlSet\Services\KMService]   =>Hijacker.Office^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstaller]   =>Hijacker.WebsSearches^
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]   =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}]   =>Toolbar.Conduit
C:\Program Files (x86)\Baidu Security   =>Adware.BDSearch^
C:\Program Files (x86)\iSafe   =>Trojan.Staser^
C:\Program Files (x86)\Common Files\Spigot   =>PUP.Dealio^
C:\ProgramData\baidu   =>Adware.BDSearch^
C:\ProgramData\Baidu Security   =>Adware.BDSearch^
C:\Users\Haroldo\AppData\Roaming\baidu   =>Adware.BDSearch^
C:\Users\Haroldo\AppData\Roaming\iSafe   =>Trojan.Staser^
C:\Users\Haroldo\AppData\Roaming\SupTab   =>PUP.SupTab^
C:\Program Files (x86)\Application Updater   =>PUP.Dealio
C:\Program Files (x86)\IObit Apps Toolbar   =>PUP.Dealio
C:\Users\Haroldo\AppData\LocalLow\Search Settings   =>PUP.Dealio
[HKCU\Software\Baidu Security]   =>Adware.BDSearch^
[HKCU\Software\Baidu]   =>Adware.BDSearch^
[HKCU\Software\WeDlMngr]   =>PUP.weDownloadManager^
[HKLM\Software\Baidu Security]   =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security]   =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Wpm]   =>PUP.WpManager^
[HKLM\Software\Wow6432Node\baidu]   =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\supTab]   =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM]   =>PUP.WpManager^
~ Additionnel Scan: 343873 Items scanned in 00mn 55s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.]  =>Hijacker.WebsSearches
[Você precisa estar registrado e conectado para ver este link.]  =>Parasite.Pugi
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.CertifiedToolbar
[Você precisa estar registrado e conectado para ver este link.]  =>Hijacker.Office
[Você precisa estar registrado e conectado para ver este link.]  =>Adware.BDSearch
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.weDownloadManager
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.WpManager
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.SupTab
[Você precisa estar registrado e conectado para ver este link.]  =>Trojan.Staser
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.Dealio
[Você precisa estar registrado e conectado para ver este link.]  =>Hijacker.Beamrise
[Você precisa estar registrado e conectado para ver este link.]  =>Hijacker.22Find
[Você precisa estar registrado e conectado para ver este link.]  =>Rogue.PCSpeedMaximizer
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.V9Software
[Você precisa estar registrado e conectado para ver este link.]  =>Toolbar.Conduit
~ MSI: 15 link(s) detected in 00mn 00s



~ 1008 Legitimates filtered by white list
End of the scan (575 lines in 02mn 33s)(0)
pamonha
pamonha
Membro
Membro

Mensagens : 163
Reputação : 2
Data de inscrição : 14/02/2014

Voltar ao Topo Ir em baixo

Computador infectado por malwares Empty Re: Computador infectado por malwares

Mensagem por Power Max em Ter 13 Maio 2014, 23:18

Olá.

Antes de darmos início a este novo tópico, acesse por gentileza seu tópico antigo e diga lá o que houve para podermos concluir o seu tópico:
[Você precisa estar registrado e conectado para ver este link.]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Computador infectado por malwares Empty Re: Computador infectado por malwares

Mensagem por Danii em Qua 28 Maio 2014, 21:41

TÓPICO ARQUIVADO

O acompanhamento deste caso encontra-se no seguinte endereço:

[Você precisa estar registrado e conectado para ver este link.]
Danii
Danii
Membro Pleno
Membro Pleno

Mensagens : 562
Reputação : 78
Data de inscrição : 04/04/2014
Localização : Brasil

Voltar ao Topo Ir em baixo

Computador infectado por malwares Empty Re: Computador infectado por malwares

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum