Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 10 usuários online :: 0 registrados, 0 invisíveis e 10 visitantes :: 1 motor de buscaNenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
CE_UmbrellaCert, como remover!?
2 participantes
Página 1 de 4
Página 1 de 4 • 1, 2, 3, 4 
CE_UmbrellaCert, como remover!?
por Uzumakitiago Qua 16 Jul 2014, 15:03
Estou com o mesmo problema da Jessica,Espero que possam me ajudar...
Uzumakitiago- Membro
- Mensagens : 89
Reputação : 0
Data de inscrição : 16/07/2014
Re: CE_UmbrellaCert, como remover!?
por Power Max Qua 16 Jul 2014, 15:07
Olá.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
CE_UmbrellaCert, como remover!?
por Uzumakitiago Qua 16 Jul 2014, 15:45
Acabei de fazer a limpeza com adwcleaner,porem assim que abri a net o Ce_umbrella apareceu rsrs,ai esta o relatorio...Obs.Ainda uso o Windons Xp
# AdwCleaner v3.215 - Relatório criado 16/07/2014 às 15:32:41
# Atualizado 09/07/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : Tiago - CASA
# Executando de : E:\Documents and Settings\Tiago\Meus documentos\Meus programas\adwcleaner_3.215.exe
# Opção : Limpar
***** [ Serviços ] *****
[#] Serviço Deletada : IePluginServices
[#] Serviço Deletada : vToolbarUpdater18.1.0
[#] Serviço Deletada : xmkysecqun32
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\baidu
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\IePluginServices
Pasta Deletada : C:\Arquivos de programas\003
Pasta Deletada : C:\Arquivos de programas\baidu
Pasta Deletada : C:\Arquivos de programas\SupraSavings
Pasta Deletada : C:\DOCUME~1\Tiago\CONFIG~1\Temp\baidu
Pasta Deletada : C:\DOCUME~1\Tiago\CONFIG~1\Temp\Iminent
Pasta Deletada : C:\Documents and Settings\Tiago\Dados de aplicativos\baidu
Arquivo Deletada : C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Deletada : C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Valor Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Arquivos de programas\baidu\Spark\Spark.exe]
Valor Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Arquivos de programas\baidu\Spark\bdtray.exe]
Chave Deletedo : HKCU\Software\AppDataLow\Software\suprasavings
Chave Deletedo : HKLM\Software\coupon downloader
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\Software\SupDp
Chave Deletedo : HKLM\Software\suprasavings
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstaller
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IminentToolbar
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\sweet-page uninstaller
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe
***** [ Navegadores ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v30.0 (pt-BR)
[ Arquivo : C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\41yzylqc.default-1367877713609\prefs.js ]
[ Arquivo : C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\nlozsz8r.default\prefs.js ]
[ Arquivo : C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\twd8yiqi.default-1405372908781\prefs.js ]
-\\ Google Chrome v35.0.1916.153
[ Arquivo : C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*************************
AdwCleaner[R0].txt - [97526 octets] - [11/05/2014 19:17:28]
AdwCleaner[R1].txt - [4610 octets] - [16/07/2014 15:31:14]
AdwCleaner[S0].txt - [93101 octets] - [11/05/2014 19:20:49]
AdwCleaner[S1].txt - [4472 octets] - [16/07/2014 15:32:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4532 octets] ##########
# AdwCleaner v3.215 - Relatório criado 16/07/2014 às 15:32:41
# Atualizado 09/07/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : Tiago - CASA
# Executando de : E:\Documents and Settings\Tiago\Meus documentos\Meus programas\adwcleaner_3.215.exe
# Opção : Limpar
***** [ Serviços ] *****
[#] Serviço Deletada : IePluginServices
[#] Serviço Deletada : vToolbarUpdater18.1.0
[#] Serviço Deletada : xmkysecqun32
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\baidu
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\IePluginServices
Pasta Deletada : C:\Arquivos de programas\003
Pasta Deletada : C:\Arquivos de programas\baidu
Pasta Deletada : C:\Arquivos de programas\SupraSavings
Pasta Deletada : C:\DOCUME~1\Tiago\CONFIG~1\Temp\baidu
Pasta Deletada : C:\DOCUME~1\Tiago\CONFIG~1\Temp\Iminent
Pasta Deletada : C:\Documents and Settings\Tiago\Dados de aplicativos\baidu
Arquivo Deletada : C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Deletada : C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Valor Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Arquivos de programas\baidu\Spark\Spark.exe]
Valor Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Arquivos de programas\baidu\Spark\bdtray.exe]
Chave Deletedo : HKCU\Software\AppDataLow\Software\suprasavings
Chave Deletedo : HKLM\Software\coupon downloader
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\Software\SupDp
Chave Deletedo : HKLM\Software\suprasavings
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstaller
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IminentToolbar
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\sweet-page uninstaller
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe
***** [ Navegadores ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v30.0 (pt-BR)
[ Arquivo : C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\41yzylqc.default-1367877713609\prefs.js ]
[ Arquivo : C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\nlozsz8r.default\prefs.js ]
[ Arquivo : C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\twd8yiqi.default-1405372908781\prefs.js ]
-\\ Google Chrome v35.0.1916.153
[ Arquivo : C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*************************
AdwCleaner[R0].txt - [97526 octets] - [11/05/2014 19:17:28]
AdwCleaner[R1].txt - [4610 octets] - [16/07/2014 15:31:14]
AdwCleaner[S0].txt - [93101 octets] - [11/05/2014 19:20:49]
AdwCleaner[S1].txt - [4472 octets] - [16/07/2014 15:32:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4532 octets] ##########
Uzumakitiago- Membro
- Mensagens : 89
Reputação : 0
Data de inscrição : 16/07/2014
CE_UmbrellaCert, como remover!?
por Uzumakitiago Qua 16 Jul 2014, 16:14
Estou jogando um game chamado Grepolis,mais a partir do momento que começaram os problemas não consigo mais fazer login nesse jogo(não importa o navegador que use)...Espero que isso também tenha solução rsrs...Dez de agora ja os agradeço muito.
Uzumakitiago- Membro
- Mensagens : 89
Reputação : 0
Data de inscrição : 16/07/2014
Re: CE_UmbrellaCert, como remover!?
por Power Max Qua 16 Jul 2014, 16:14
Desative temporariamente seu antivírus para evitar conflitos.
* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executá-lo corretamente siga as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executá-lo corretamente siga as dicas deste tutorial:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
CE_UmbrellaCert, como remover!?
por Uzumakitiago Qua 16 Jul 2014, 16:51
Zoek.exe v5.0.0.0 Updated 15-07-2014
Tool run by Tiago on qua 16/07/2014 at 16:18:45,50.
Microsoft Windows XP 5.1.2600 Service Pack 3 x86 WMI=failure
Running in: Normal Mode Internet Access Detected
Launched: E:\Documents and Settings\Tiago\Meus documentos\Meus programas\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
16/7/2014 16:21:46 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1004336348-1202660629-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\{1B621151-041C-4994-A5D9-04D441B8409B} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} deleted successfully
HKEY_USERS\S-1-5-21-1004336348-1202660629-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\41yzylqc.default-1367877713609\prefs.js:
user_pref("browser.search.defaulturl", "");
user_pref("browser.search.defaultenginename,S", "");
user_pref("browser.search.selectedEngine,S", "");
user_pref("browser.search.order.1", "");
user_pref("browser.search.order.1,S", "");
user_pref("keyword.URL", "");
Added to C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\41yzylqc.default-1367877713609\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\nlozsz8r.default\prefs.js:
user_pref("browser.search.defaultenginename,S", "");
user_pref("browser.search.selectedEngine,S", "");
user_pref("browser.search.order.1,S", "");
user_pref("keyword.URL", "");
Added to C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\nlozsz8r.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\twd8yiqi.default-1405372908781\prefs.js:
user_pref("browser.startup.homepage", "[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Added to C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\twd8yiqi.default-1405372908781\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\41yzylqc.default-1367877713609
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_20141607_1634_.backup
ProfilePath: C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\nlozsz8r.default
user.js not found
---- Lines extensions.5155fe056b512 removed from prefs.js ----
user_pref("extensions.5155fe056b512.epoch", "1367878584");
user_pref("extensions.5155fe056b512.url", "http://jpiservice.info/sync/?ext=btos&pid=939&country=BR®d=130329204805&lsd=130505221312&ind=1943282800&
---- Lines extensions.51573406dc2aa removed from prefs.js ----
user_pref("extensions.51573406dc2aa.epoch", "1367878584");
user_pref("extensions.51573406dc2aa.url", "http://syncerjpi.info/sync/?ext=btos&pid=939&country=BR®d=130330185046&lsd=130505215506&ind=1943282800&s
---- FireFox user.js and prefs.js backups ----
prefs_20141607_1634_.backup
ProfilePath: C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\twd8yiqi.default-1405372908781
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_20141607_1634_.backup
==== Deleting Files \ Folders ======================
C:\Arquivos de programas\Mozilla Firefox\browser\searchplugins\nation-secure-search.xml deleted
C:\Arquivos de programas\ComPlus Applications deleted
C:\Documents and Settings\NetworkService\Dados de aplicativos\MySearchDial deleted
C:\Documents and Settings\Tiago\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk deleted
C:\Documents and Settings\Tiago\Dados de aplicativos\GetRightToGo deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\Avg_Update_0414b deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\boost_interprocess deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\InstallMate deleted
C:\WINDOWS\tasks\At1.job deleted
C:\WINDOWS\tasks\At2.job deleted
C:\WINDOWS\System32\InstallUtil.InstallLog deleted
C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\41yzylqc.default-1367877713609\searchplugins\nation-secure-search.xml deleted
C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\41yzylqc.default-1367877713609\extensions\staged deleted
C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\nlozsz8r.default\searchplugins\nation-secure-search.xml deleted
C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\nlozsz8r.default\extensions\staged deleted
C:\Documents and Settings\Tiago\Dados de aplicativos\unins000.exe deleted
C:\Documents and Settings\Tiago\Dados de aplicativos\unins001.exe deleted
"C:\WINDOWS\Installer\8e434.msi" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"quiknowledge@quiknowledge.com"="C:\Arquivos de programas\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com" [18/06/2014 13:00]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{f70696f3-fa43-4eb4-8530-9270d180303b}"="C:\Arquivos de programas\ViewPassword\135.xpi" []
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\nlozsz8r.default
- Modulo de Protecao - Banco do Brasil - %ProfilePath%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}
- Guardiao Itau 30 horas - %ProfilePath%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}
- Dilandau - %ProfilePath%\extensions\download_mp3@dilandau.eu.xpi
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\41yzylqc.default-1367877713609
3A9E1940B4459CC97FDCBB24FCB69004 - c:\arquivos de programas\real\realplayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
0FCEAA7D12B7B0BA825E5C770B1DCA48 - c:\arquivos de programas\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
1E5E8C84DE796A01D1D46E3A660690F1 - C:\Arquivos de programas\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
F055C91A961601B8D50EF2976145AEE6 - C:\Arquivos de programas\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
BE126CB7049E89ED6F3038016668B502 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
96B3689320E9B16EDF38B7A5001C35F0 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
025BBEF5A248B09BDC6684747F6EB5BC - C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U55
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
CF4ABE599858E10EEB911E16FBCFD87D - C:\Arquivos de programas\Windows Media Player\npdrmv2.dll - Microsoft® DRM
76E34EA1089E92709C5725407B565DA1 - C:\Arquivos de programas\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
02A4A41FAC9BF96155B3E8068D1DF4B6 - C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
F9174E52953C2EDB35E4E634F6228F66 - C:\WINDOWS\system32\npptools.dll - Sistema operacional Microsoft® Windows®
Profilepath: C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\nlozsz8r.default
025BBEF5A248B09BDC6684747F6EB5BC - C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U55
F055C91A961601B8D50EF2976145AEE6 - C:\Arquivos de programas\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
F055C91A961601B8D50EF2976145AEE6 - C:\Arquivos de programas\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat
1E5E8C84DE796A01D1D46E3A660690F1 - C:\Arquivos de programas\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
3A9E1940B4459CC97FDCBB24FCB69004 - c:\arquivos de programas\real\realplayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
3A9E1940B4459CC97FDCBB24FCB69004 - C:\Arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
0FCEAA7D12B7B0BA825E5C770B1DCA48 - c:\arquivos de programas\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
0FCEAA7D12B7B0BA825E5C770B1DCA48 - C:\Arquivos de programas\Mozilla Firefox\plugins\nprpplugin.dll - RealPlayer Download Plugin
BE126CB7049E89ED6F3038016668B502 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
96B3689320E9B16EDF38B7A5001C35F0 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
CF4ABE599858E10EEB911E16FBCFD87D - C:\Arquivos de programas\Windows Media Player\npdrmv2.dll - Microsoft® DRM
76E34EA1089E92709C5725407B565DA1 - C:\Arquivos de programas\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
02A4A41FAC9BF96155B3E8068D1DF4B6 - C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
9A6101F29E2E9D41B99CBCC8F106E8FE - C:\Arquivos de programas\Mozilla Firefox\plugins\NPOFF12.DLL - 2007 Microsoft Office system
F9174E52953C2EDB35E4E634F6228F66 - C:\WINDOWS\system32\npptools.dll - Sistema operacional Microsoft® Windows®
Profilepath: C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\twd8yiqi.default-1405372908781
4390CCD3790F8D9C427C0C29590C62D7 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
FB5621842FDABF9F8359775573498FBC - C:\Arquivos de programas\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update
1E5E8C84DE796A01D1D46E3A660690F1 - C:\Arquivos de programas\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
F055C91A961601B8D50EF2976145AEE6 - C:\Arquivos de programas\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
025BBEF5A248B09BDC6684747F6EB5BC - C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U55
290A0130C74ADCD4546BC6900D1665D9 - C:\Arquivos de programas\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.550.14
3A9E1940B4459CC97FDCBB24FCB69004 - c:\arquivos de programas\real\realplayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
0FCEAA7D12B7B0BA825E5C770B1DCA48 - c:\arquivos de programas\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
BE126CB7049E89ED6F3038016668B502 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
96B3689320E9B16EDF38B7A5001C35F0 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
CF4ABE599858E10EEB911E16FBCFD87D - C:\Arquivos de programas\Windows Media Player\npdrmv2.dll - Microsoft® DRM
76E34EA1089E92709C5725407B565DA1 - C:\Arquivos de programas\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
02A4A41FAC9BF96155B3E8068D1DF4B6 - C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
==== Chrome Look ======================
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
caimihdmbpgddfpkbochehpehdglpcim - C:\Documents and Settings\Tiago\Configura‡äes locais\Dados de aplicativos\GAS Tecnologia\GBBD\uni\sf.crx[25/07/2013 10:17]
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Documents and Settings\Tiago\Configura‡äes locais\Dados de aplicativos\GAS Tecnologia\GBBD\bb\sf.crx[08/11/2013 17:35]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal"
"Search Bar"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
"Start Page"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
"CustomizeSearch"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
"CustomizeSearch"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{80c554b9-c7f8-4a21-9471-06d606da78a2} Bing Url="http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE"
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully
HKEY_USERS\S-1-5-21-1004336348-1202660629-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully
HKEY_USERS\S-1-5-21-1004336348-1202660629-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-1004336348-1202660629-1417001333-1003\Software\Mozilla\Firefox\Extensions\{f70696f3-fa43-4eb4-8530-9270d180303b} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\wrc@avast.com deleted successfully
==== shortcuts on Users Desktops ======================
C:\Documents and Settings\Tiago\Desktop\Adobe Reader X.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1046-7B44-AA1000000001}\SC_Reader.ico
C:\Documents and Settings\Tiago\Desktop\Atalho para adwcleaner_3.215.lnk - E:\Documents and Settings\Tiago\Meus documentos\Meus programas\adwcleaner_3.215.exe
C:\Documents and Settings\Tiago\Desktop\Atalho para downloads.lnk - C:\Arquivos de programas\JDownloader\downloads
C:\Documents and Settings\Tiago\Desktop\Atalho para hjsplit.lnk - E:\Documents and Settings\Tiago\Meus documentos\Meus programas\hjsplit\hjsplit.exe
C:\Documents and Settings\Tiago\Desktop\Atalho para Meu computador.lnk -
C:\Documents and Settings\Tiago\Desktop\Atalho para Pzim.lnk - E:\Documents and Settings\Tiago\Meus documentos\Meus programas\Linguagem de Programação\pascalzim\Pzim.exe
C:\Documents and Settings\Tiago\Desktop\ConvertXtoDVD 4.lnk - C:\Arquivos de programas\VSO\ConvertX\4\ConvertXtoDvd.exe
C:\Documents and Settings\Tiago\Desktop\Fotos.lnk - E:\Documents and Settings\Tiago\Meus documentos\Fotos
C:\Documents and Settings\Tiago\Desktop\Internet Explorer.lnk - C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tiago\Desktop\Media Player Classic Homecinema.lnk - C:\Arquivos de programas\Combined Community Codec Pack\MPC\mpc-hc.exe
C:\Documents and Settings\Tiago\Desktop\Meus documentos.lnk - E:\Documents and Settings\Tiago\Meus documentos
C:\Documents and Settings\Tiago\Desktop\Microsoft Office Word 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Documents and Settings\Tiago\Desktop\Mozilla Firefox.lnk - C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tiago\Desktop\Revo Uninstaller.lnk - C:\Documents and Settings\Tiago\Desktop\FABIO\Revo Uninstaller\Revouninstaller.exe
C:\Documents and Settings\Tiago\Desktop\Windows Media Player.lnk - C:\Arquivos de programas\Windows Media Player\wmplayer.exe /prefetch:1
C:\Documents and Settings\Tiago\Desktop\DiaPortable\Atalho para downloads.lnk - C:\Arquivos de programas\JDownloader\downloads
C:\Documents and Settings\Tiago\Desktop\FABIO\Receitanet 1.04 .lnk - C:\Documents and Settings\Tiago\Desktop\FABIO\IMPOSTO DE RENDA\Windows\Receitanet.exe
C:\Documents and Settings\Tiago\Desktop\FABIO\IMPOSTO DE RENDA\IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Documents and Settings\Tiago\Desktop\FABIO\IMPOSTO DE RENDA\IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Documents and Settings\Tiago\Desktop\FABIO\IMPOSTO DE RENDA\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
==== shortcuts on All Users Desktop ======================
C:\Documents and Settings\All Users\Desktop\amcap.lnk - C:\Arquivos de programas\Vimicro\Vimicro USB PC Camera (ZS0211)\amcap.exe
C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk - C:\Arquivos de programas\AVG\AVG2014\avgui.exe
C:\Documents and Settings\All Users\Desktop\CCleaner.lnk - C:\Arquivos de programas\CCleaner\CCleaner.exe
C:\Documents and Settings\All Users\Desktop\Epson Easy Photo Print.lnk - C:\Arquivos de programas\Epson Software\Easy Photo Print\EPQuicker.exe
C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk - C:\WINDOWS\twain_32\escndv\escndv.exe
C:\Documents and Settings\All Users\Desktop\f.lnk -
C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Desktop\JDownloader.lnk - C:\Arquivos de programas\JDownloader\JDownloaderD3D.exe
C:\Documents and Settings\All Users\Desktop\Manual do usuário Epson TX105.lnk -
C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk - C:\Arquivos de programas\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk - C:\Arquivos de programas\real\realplayer\realplay.exe /launch:desktop
==== shortcuts in All Users Start Menu ======================
C:\Documents and Settings\All Users\Menu Iniciar\Programas\AVG\AVG 2014.lnk - C:\Arquivos de programas\AVG\AVG2014\avgui.exe
==== shortcuts in Quick Launch ======================
C:\Documents and Settings\Tiago\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiago\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o Navegador Internet Explorer.lnk - C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tiago\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk - C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE /recycle
C:\Documents and Settings\Tiago\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tiago\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk - C:\Arquivos de programas\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Documents and Settings\Tiago\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Arquivos de programas\Windows Media Player\wmplayer.exe /prefetch:1
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyServer"="http=127.0.0.1:1090;https=127.0.0.1:1090;"
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000001
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FF0DB3E-9B0B-5343-1E42-7F1C443CD1D7} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC1D7FFC-5DDF-F869-2E59-EDC9E3B41188} deleted successfully
HKEY_CURRENT_USER\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{66085e49-3f84-4cff-8716-48c510b54182} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\up.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\win.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\win32.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\win7.exe deleted successfully
==== Empty IE Cache ======================
C:\Documents and Settings\Default User\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Tiago\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=34 folders=12 7551603 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\Tiago\CONFIG~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== EOF on qua 16/07/2014 at 16:47:36,67 ======================
Tool run by Tiago on qua 16/07/2014 at 16:18:45,50.
Microsoft Windows XP 5.1.2600 Service Pack 3 x86 WMI=failure
Running in: Normal Mode Internet Access Detected
Launched: E:\Documents and Settings\Tiago\Meus documentos\Meus programas\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
16/7/2014 16:21:46 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1004336348-1202660629-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\{1B621151-041C-4994-A5D9-04D441B8409B} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} deleted successfully
HKEY_USERS\S-1-5-21-1004336348-1202660629-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\41yzylqc.default-1367877713609\prefs.js:
user_pref("browser.search.defaulturl", "");
user_pref("browser.search.defaultenginename,S", "");
user_pref("browser.search.selectedEngine,S", "");
user_pref("browser.search.order.1", "");
user_pref("browser.search.order.1,S", "");
user_pref("keyword.URL", "");
Added to C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\41yzylqc.default-1367877713609\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\nlozsz8r.default\prefs.js:
user_pref("browser.search.defaultenginename,S", "");
user_pref("browser.search.selectedEngine,S", "");
user_pref("browser.search.order.1,S", "");
user_pref("keyword.URL", "");
Added to C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\nlozsz8r.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\twd8yiqi.default-1405372908781\prefs.js:
user_pref("browser.startup.homepage", "[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Added to C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\twd8yiqi.default-1405372908781\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\41yzylqc.default-1367877713609
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_20141607_1634_.backup
ProfilePath: C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\nlozsz8r.default
user.js not found
---- Lines extensions.5155fe056b512 removed from prefs.js ----
user_pref("extensions.5155fe056b512.epoch", "1367878584");
user_pref("extensions.5155fe056b512.url", "http://jpiservice.info/sync/?ext=btos&pid=939&country=BR®d=130329204805&lsd=130505221312&ind=1943282800&
---- Lines extensions.51573406dc2aa removed from prefs.js ----
user_pref("extensions.51573406dc2aa.epoch", "1367878584");
user_pref("extensions.51573406dc2aa.url", "http://syncerjpi.info/sync/?ext=btos&pid=939&country=BR®d=130330185046&lsd=130505215506&ind=1943282800&s
---- FireFox user.js and prefs.js backups ----
prefs_20141607_1634_.backup
ProfilePath: C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\twd8yiqi.default-1405372908781
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_20141607_1634_.backup
==== Deleting Files \ Folders ======================
C:\Arquivos de programas\Mozilla Firefox\browser\searchplugins\nation-secure-search.xml deleted
C:\Arquivos de programas\ComPlus Applications deleted
C:\Documents and Settings\NetworkService\Dados de aplicativos\MySearchDial deleted
C:\Documents and Settings\Tiago\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk deleted
C:\Documents and Settings\Tiago\Dados de aplicativos\GetRightToGo deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\Avg_Update_0414b deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\boost_interprocess deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\InstallMate deleted
C:\WINDOWS\tasks\At1.job deleted
C:\WINDOWS\tasks\At2.job deleted
C:\WINDOWS\System32\InstallUtil.InstallLog deleted
C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\41yzylqc.default-1367877713609\searchplugins\nation-secure-search.xml deleted
C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\41yzylqc.default-1367877713609\extensions\staged deleted
C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\nlozsz8r.default\searchplugins\nation-secure-search.xml deleted
C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\nlozsz8r.default\extensions\staged deleted
C:\Documents and Settings\Tiago\Dados de aplicativos\unins000.exe deleted
C:\Documents and Settings\Tiago\Dados de aplicativos\unins001.exe deleted
"C:\WINDOWS\Installer\8e434.msi" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"quiknowledge@quiknowledge.com"="C:\Arquivos de programas\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com" [18/06/2014 13:00]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{f70696f3-fa43-4eb4-8530-9270d180303b}"="C:\Arquivos de programas\ViewPassword\135.xpi" []
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\nlozsz8r.default
- Modulo de Protecao - Banco do Brasil - %ProfilePath%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}
- Guardiao Itau 30 horas - %ProfilePath%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}
- Dilandau - %ProfilePath%\extensions\download_mp3@dilandau.eu.xpi
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\41yzylqc.default-1367877713609
3A9E1940B4459CC97FDCBB24FCB69004 - c:\arquivos de programas\real\realplayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
0FCEAA7D12B7B0BA825E5C770B1DCA48 - c:\arquivos de programas\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
1E5E8C84DE796A01D1D46E3A660690F1 - C:\Arquivos de programas\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
F055C91A961601B8D50EF2976145AEE6 - C:\Arquivos de programas\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
BE126CB7049E89ED6F3038016668B502 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
96B3689320E9B16EDF38B7A5001C35F0 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
025BBEF5A248B09BDC6684747F6EB5BC - C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U55
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
CF4ABE599858E10EEB911E16FBCFD87D - C:\Arquivos de programas\Windows Media Player\npdrmv2.dll - Microsoft® DRM
76E34EA1089E92709C5725407B565DA1 - C:\Arquivos de programas\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
02A4A41FAC9BF96155B3E8068D1DF4B6 - C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
F9174E52953C2EDB35E4E634F6228F66 - C:\WINDOWS\system32\npptools.dll - Sistema operacional Microsoft® Windows®
Profilepath: C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\nlozsz8r.default
025BBEF5A248B09BDC6684747F6EB5BC - C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U55
F055C91A961601B8D50EF2976145AEE6 - C:\Arquivos de programas\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
F055C91A961601B8D50EF2976145AEE6 - C:\Arquivos de programas\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat
1E5E8C84DE796A01D1D46E3A660690F1 - C:\Arquivos de programas\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
3A9E1940B4459CC97FDCBB24FCB69004 - c:\arquivos de programas\real\realplayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
3A9E1940B4459CC97FDCBB24FCB69004 - C:\Arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
0FCEAA7D12B7B0BA825E5C770B1DCA48 - c:\arquivos de programas\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
0FCEAA7D12B7B0BA825E5C770B1DCA48 - C:\Arquivos de programas\Mozilla Firefox\plugins\nprpplugin.dll - RealPlayer Download Plugin
BE126CB7049E89ED6F3038016668B502 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
96B3689320E9B16EDF38B7A5001C35F0 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
CF4ABE599858E10EEB911E16FBCFD87D - C:\Arquivos de programas\Windows Media Player\npdrmv2.dll - Microsoft® DRM
76E34EA1089E92709C5725407B565DA1 - C:\Arquivos de programas\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
02A4A41FAC9BF96155B3E8068D1DF4B6 - C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
9A6101F29E2E9D41B99CBCC8F106E8FE - C:\Arquivos de programas\Mozilla Firefox\plugins\NPOFF12.DLL - 2007 Microsoft Office system
F9174E52953C2EDB35E4E634F6228F66 - C:\WINDOWS\system32\npptools.dll - Sistema operacional Microsoft® Windows®
Profilepath: C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\twd8yiqi.default-1405372908781
4390CCD3790F8D9C427C0C29590C62D7 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
FB5621842FDABF9F8359775573498FBC - C:\Arquivos de programas\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update
1E5E8C84DE796A01D1D46E3A660690F1 - C:\Arquivos de programas\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
F055C91A961601B8D50EF2976145AEE6 - C:\Arquivos de programas\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
025BBEF5A248B09BDC6684747F6EB5BC - C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U55
290A0130C74ADCD4546BC6900D1665D9 - C:\Arquivos de programas\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.550.14
3A9E1940B4459CC97FDCBB24FCB69004 - c:\arquivos de programas\real\realplayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
0FCEAA7D12B7B0BA825E5C770B1DCA48 - c:\arquivos de programas\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
BE126CB7049E89ED6F3038016668B502 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
96B3689320E9B16EDF38B7A5001C35F0 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
CF4ABE599858E10EEB911E16FBCFD87D - C:\Arquivos de programas\Windows Media Player\npdrmv2.dll - Microsoft® DRM
76E34EA1089E92709C5725407B565DA1 - C:\Arquivos de programas\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
02A4A41FAC9BF96155B3E8068D1DF4B6 - C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
==== Chrome Look ======================
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
caimihdmbpgddfpkbochehpehdglpcim - C:\Documents and Settings\Tiago\Configura‡äes locais\Dados de aplicativos\GAS Tecnologia\GBBD\uni\sf.crx[25/07/2013 10:17]
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Documents and Settings\Tiago\Configura‡äes locais\Dados de aplicativos\GAS Tecnologia\GBBD\bb\sf.crx[08/11/2013 17:35]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal"
"Search Bar"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
"Start Page"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
"CustomizeSearch"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
"CustomizeSearch"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{80c554b9-c7f8-4a21-9471-06d606da78a2} Bing Url="http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE"
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully
HKEY_USERS\S-1-5-21-1004336348-1202660629-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully
HKEY_USERS\S-1-5-21-1004336348-1202660629-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-1004336348-1202660629-1417001333-1003\Software\Mozilla\Firefox\Extensions\{f70696f3-fa43-4eb4-8530-9270d180303b} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\wrc@avast.com deleted successfully
==== shortcuts on Users Desktops ======================
C:\Documents and Settings\Tiago\Desktop\Adobe Reader X.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1046-7B44-AA1000000001}\SC_Reader.ico
C:\Documents and Settings\Tiago\Desktop\Atalho para adwcleaner_3.215.lnk - E:\Documents and Settings\Tiago\Meus documentos\Meus programas\adwcleaner_3.215.exe
C:\Documents and Settings\Tiago\Desktop\Atalho para downloads.lnk - C:\Arquivos de programas\JDownloader\downloads
C:\Documents and Settings\Tiago\Desktop\Atalho para hjsplit.lnk - E:\Documents and Settings\Tiago\Meus documentos\Meus programas\hjsplit\hjsplit.exe
C:\Documents and Settings\Tiago\Desktop\Atalho para Meu computador.lnk -
C:\Documents and Settings\Tiago\Desktop\Atalho para Pzim.lnk - E:\Documents and Settings\Tiago\Meus documentos\Meus programas\Linguagem de Programação\pascalzim\Pzim.exe
C:\Documents and Settings\Tiago\Desktop\ConvertXtoDVD 4.lnk - C:\Arquivos de programas\VSO\ConvertX\4\ConvertXtoDvd.exe
C:\Documents and Settings\Tiago\Desktop\Fotos.lnk - E:\Documents and Settings\Tiago\Meus documentos\Fotos
C:\Documents and Settings\Tiago\Desktop\Internet Explorer.lnk - C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tiago\Desktop\Media Player Classic Homecinema.lnk - C:\Arquivos de programas\Combined Community Codec Pack\MPC\mpc-hc.exe
C:\Documents and Settings\Tiago\Desktop\Meus documentos.lnk - E:\Documents and Settings\Tiago\Meus documentos
C:\Documents and Settings\Tiago\Desktop\Microsoft Office Word 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Documents and Settings\Tiago\Desktop\Mozilla Firefox.lnk - C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tiago\Desktop\Revo Uninstaller.lnk - C:\Documents and Settings\Tiago\Desktop\FABIO\Revo Uninstaller\Revouninstaller.exe
C:\Documents and Settings\Tiago\Desktop\Windows Media Player.lnk - C:\Arquivos de programas\Windows Media Player\wmplayer.exe /prefetch:1
C:\Documents and Settings\Tiago\Desktop\DiaPortable\Atalho para downloads.lnk - C:\Arquivos de programas\JDownloader\downloads
C:\Documents and Settings\Tiago\Desktop\FABIO\Receitanet 1.04 .lnk - C:\Documents and Settings\Tiago\Desktop\FABIO\IMPOSTO DE RENDA\Windows\Receitanet.exe
C:\Documents and Settings\Tiago\Desktop\FABIO\IMPOSTO DE RENDA\IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Documents and Settings\Tiago\Desktop\FABIO\IMPOSTO DE RENDA\IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Documents and Settings\Tiago\Desktop\FABIO\IMPOSTO DE RENDA\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
==== shortcuts on All Users Desktop ======================
C:\Documents and Settings\All Users\Desktop\amcap.lnk - C:\Arquivos de programas\Vimicro\Vimicro USB PC Camera (ZS0211)\amcap.exe
C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk - C:\Arquivos de programas\AVG\AVG2014\avgui.exe
C:\Documents and Settings\All Users\Desktop\CCleaner.lnk - C:\Arquivos de programas\CCleaner\CCleaner.exe
C:\Documents and Settings\All Users\Desktop\Epson Easy Photo Print.lnk - C:\Arquivos de programas\Epson Software\Easy Photo Print\EPQuicker.exe
C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk - C:\WINDOWS\twain_32\escndv\escndv.exe
C:\Documents and Settings\All Users\Desktop\f.lnk -
C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Desktop\JDownloader.lnk - C:\Arquivos de programas\JDownloader\JDownloaderD3D.exe
C:\Documents and Settings\All Users\Desktop\Manual do usuário Epson TX105.lnk -
C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk - C:\Arquivos de programas\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk - C:\Arquivos de programas\real\realplayer\realplay.exe /launch:desktop
==== shortcuts in All Users Start Menu ======================
C:\Documents and Settings\All Users\Menu Iniciar\Programas\AVG\AVG 2014.lnk - C:\Arquivos de programas\AVG\AVG2014\avgui.exe
==== shortcuts in Quick Launch ======================
C:\Documents and Settings\Tiago\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiago\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o Navegador Internet Explorer.lnk - C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tiago\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk - C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE /recycle
C:\Documents and Settings\Tiago\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tiago\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk - C:\Arquivos de programas\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Documents and Settings\Tiago\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Arquivos de programas\Windows Media Player\wmplayer.exe /prefetch:1
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyServer"="http=127.0.0.1:1090;https=127.0.0.1:1090;"
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000001
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FF0DB3E-9B0B-5343-1E42-7F1C443CD1D7} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC1D7FFC-5DDF-F869-2E59-EDC9E3B41188} deleted successfully
HKEY_CURRENT_USER\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{66085e49-3f84-4cff-8716-48c510b54182} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\up.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\win.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\win32.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\win7.exe deleted successfully
==== Empty IE Cache ======================
C:\Documents and Settings\Default User\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Tiago\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=34 folders=12 7551603 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\Tiago\CONFIG~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== EOF on qua 16/07/2014 at 16:47:36,67 ======================
Uzumakitiago- Membro
- Mensagens : 89
Reputação : 0
Data de inscrição : 16/07/2014
Re: CE_UmbrellaCert, como remover!?
por Uzumakitiago Qua 16 Jul 2014, 17:09
Vou ter que me ausentar um pouco,amanha agente continua,Obrigado pelo auxilio até agora.
Uzumakitiago- Membro
- Mensagens : 89
Reputação : 0
Data de inscrição : 16/07/2014
Re: CE_UmbrellaCert, como remover!?
por Power Max Qua 16 Jul 2014, 21:47
Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_UmbrellaCert, como remover!?
por Uzumakitiago Sex 18 Jul 2014, 17:11
Aqui não esta abrindo o programa Junkware Removal Tool (Uso o Windows xp tem alguma coisa a ver?)
Uzumakitiago- Membro
- Mensagens : 89
Reputação : 0
Data de inscrição : 16/07/2014
Re: CE_UmbrellaCert, como remover!?
por Uzumakitiago Sex 18 Jul 2014, 17:34
Agora sim consegui,baixei o programa por outro site e ele abriu,aqui esta o relatório...
...~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Tiago on sex 18/07/2014 at 17:24:09,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] qksvc
Successfully deleted: [Service] qksvc
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411421186}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411421186}
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [Folder] "C:\Arquivos de programas\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com"
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\quiknowledge@quiknowledge.com
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on sex 18/07/2014 at 17:31:53,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
...~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Tiago on sex 18/07/2014 at 17:24:09,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] qksvc
Successfully deleted: [Service] qksvc
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411421186}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411421186}
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [Folder] "C:\Arquivos de programas\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com"
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\quiknowledge@quiknowledge.com
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on sex 18/07/2014 at 17:31:53,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Uzumakitiago- Membro
- Mensagens : 89
Reputação : 0
Data de inscrição : 16/07/2014
Re: CE_UmbrellaCert, como remover!?
por Power Max Sex 18 Jul 2014, 17:44
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_UmbrellaCert, como remover!?
por Uzumakitiago Sex 18 Jul 2014, 18:09
Aqui esta
~ Relatório do ZHPDiag v2014.7.16.105 - Nicolas Coolman (16/7/2014)
~ Iniciado por Tiago (18/7/2014 18:06:35)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found
---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 30.0 (Defaut)
GCIE: Google Chrome v35.0.1916.153
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
---\\ Softwares de proteçao do sistema
AVG 2014 v14.0.3986
---\\ Softwares d'optimização do sistema
CCleaner v4.07
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader X
Java 7 Update 55
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3062 MB (68% free)
System Restore: Activé (Enable)
System drive C: has 6 GB (23%) free of 24 GB
---\\ Modo de conexão ao sistema
~ Computer Name: CASA
~ User Name: Tiago
~ All Users Names: Tiago, SUPPORT_388945a0, HelpAssistant, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Tiago\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\Tiago\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\Tiago\Desktop\
~ %Favorites% : C:\Documents and Settings\Tiago\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\Tiago\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 6 Go of 24 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 133 Go of 274 Go)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 45 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.E2FFA50357056ADE4FCDB5FD09F9D2FF] - (.Microsoft Corporation - Internet Extensions for Win32.) (.6/3/2014 - 14:58:35.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.F6B7B1ECD7B41736BDB6FF4B092BCB79] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/8/2011 - 10:41:46.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 04:10:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.FB2FCCC70F7174C7BF64F48E96D3ADF4] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/7/2011 - 10:29:35.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [457856]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.21/3/2009 - 14:26:10.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 15:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/55
~ Mes musiques (My Musics) : 114/1296
~ Mes Videos (My Videos) : 1/9
~ Mes Favoris (My Favorites) : 1/2
~ Mes Documents (My Documents) : 2/14121
~ Mon Bureau (My Desktop) : 1/2764
~ Menu demarrer (Programs) : 1/47
~ Hidden Files: Scanned in 00mn 12s
---\\ Processos lançados
[MD5.591A7E5FC4A8121B2ABF4E768B64ABA7] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe [527928] [PID.1488]
[MD5.20B2C28E3914C6837B30D44D31D2A294] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Arquivos de programas\AVG\AVG2014\avgidsagent.exe [3241488] [PID.348]
[MD5.13BB5F8819F90CE30A967FD94823E21B] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Arquivos de programas\AVG\AVG2014\avgwdsvc.exe [289328] [PID.496]
[MD5.EC6A73CD8413F68655E5E0B99C415A21] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40ST7.exe [143872] [PID.1540]
[MD5.8FE6AB59CAB8F2C038FEA9522A5EEBA7] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.exe [113664] [PID.1732]
[MD5.067020BB8ABF1F6B80361051B2806C90] - (.Nero AG - incdsrv.) -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe [1554728] [PID.2140]
[MD5.8B0DE4B972DB725FB9D591E69CD236FB] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [159744] [PID.2156]
[MD5.CC632EB3A7D106464E933E7D53883550] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [131072] [PID.2164]
[MD5.0EE862458136E47213B2D17F035729A9] - (.Nero AG - NBH.) -- C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe [1629480] [PID.2180]
[MD5.6E0B205042FC3AF5DE84F90F875AFFDA] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [249856] [PID.2224]
[MD5.D8DB2DA1AD3C96D2A9898068F309EB57] - (.AVG Technologies CZ, s.r.o. - AVG Online Shield Service.) -- C:\Arquivos de programas\AVG\AVG2014\avgnsx.exe [838672] [PID.2248]
[MD5.FCBD73089E866436D7689D16F3F12655] - (.Nero AG - InCD.) -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe [1057064] [PID.2256]
[MD5.77430E8234A0050ECCC5E2F5B30A7BEF] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe [182696] [PID.2292]
[MD5.77505EFF423AFD7A2B41C0EFF919C935] - (.AVG Technologies CZ, s.r.o. - AVG E-mail Scanner.) -- C:\Arquivos de programas\AVG\AVG2014\avgemcx.exe [656912] [PID.2320]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [30040] [PID.2372]
[MD5.0560B36A9A58DCF6698545F9521EABF2] - (.ZSMCSNAP - ZSMCSNAP.) -- C:\WINDOWS\ZSSnp211.exe [57344] [PID.2428]
[MD5.5603C2C8940F5E43864D4000304AB175] - (...) -- C:\WINDOWS\Domino.exe [49152] [PID.2448]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.2700]
[MD5.255E405D801CF01247390F38F92D8042] - (...) -- C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe [17408] [PID.2900]
[MD5.F6158734F1E24C6C510155CF0D363911] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\arquivos de programas\real\realplayer\update\realsched.exe [295512] [PID.3336]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [254336] [PID.3492]
[MD5.A8B68D4A0B815294819E2647D54A7686] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Arquivos de programas\AVG\AVG2014\avgui.exe [5179408] [PID.3564]
[MD5.EFF5E5CCA31672BD00AF87D170590AFB] - (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe [1695232] [PID.3840]
[MD5.3571BC3EA24C5705FC6123CCED6BBA9A] - (.ContentExplorer - ContentExplorer.) -- C:\Documents and Settings\Tiago\Dados de aplicativos\ContentExplorer\ContentExplorer.exe [2429680] [PID.4060] =>PUP.ContentExplorer
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2116]
[MD5.B1E01D636350983E94171E229C759468] - (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe [275568] [PID.636]
[MD5.4F87179386948D61FBF74B0DDF265170] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe [18544] [PID.5000]
[MD5.BCD68F99E6751218BE8D513BF24896F3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8076800] [PID.4200]
~ Processes Running: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 20 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:1606;https=127.0.0.1:1606; =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehuni.dll
O2 - BHO: SupraSavings - {ca3eae2b-3b20-2e6f-a849-c126d93b6ad3} . (...) -- C:\Arquivos de programas\5B99CC8D-7BAF-430A-9C63-67C9980E3ED8\xkymsyyrfh.dll =>PUP.SupraSavings
~ BHO: 20 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL).) -- C:\Arquivos de programas\Epson Software\Easy Photo Print\EPTBL.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] . (.Nero AG - NBH.) -- C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] . (.Nero AG - InCD.) -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [SMSERIAL] . (.Motorola Inc. - Motorola SM56 Win32 Utility.) -- C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [ZSSnp211] . (.ZSMCSNAP - ZSMCSNAP.) -- C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] . (...) -- C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [UnlockerAssistant] . (...) -- C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] Chave orfã
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] C:\Arquivos de programas\AVG Secure Search\ROC_ROC_JULY_P1.exe (.not file.) =>Toolbar.AVGSearch
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] C:\Arquivos de programas\AVG Secure Search\ROC_roc_ssl_v12.exe (.not file.) =>Toolbar.AVGSearch
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\arquivos de programas\real\realplayer\update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [AvastUI.exe] C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe (.not file.)
O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Arquivos de programas\AVG\AVG2014\avgui.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [EPSON TX105 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDB.exe =>.Epson Seiko Corporation
O4 - HKCU\..\Run: [Skype] C:\Arquivos de programas\Skype\Phone\Skype.exe (.not file.)
O4 - HKCU\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Documents and Settings\Tiago\Dados de aplicativos\ContentExplorer\ContentExplorer.exe =>PUP.ContentExplorer
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DWTRIG20.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DWTRIG20.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe (.not file.)
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe (.not file.)
O4 - HKUS\S-1-5-21-1004336348-1202660629-1417001333-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1004336348-1202660629-1417001333-1003\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-1004336348-1202660629-1417001333-1003\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
O4 - HKUS\S-1-5-21-1004336348-1202660629-1417001333-1003\..\Run: [EPSON TX105 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDB.exe =>.Epson Seiko Corporation
O4 - HKUS\S-1-5-21-1004336348-1202660629-1417001333-1003\..\Run: [Skype] C:\Arquivos de programas\Skype\Phone\Skype.exe (.not file.)
O4 - HKUS\S-1-5-21-1004336348-1202660629-1417001333-1003\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Documents and Settings\Tiago\Dados de aplicativos\ContentExplorer\ContentExplorer.exe =>PUP.ContentExplorer
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2084BCC9-474C-46E5-97D4-2BE74C7333A3}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3C84D10-A8B2-4B94-9D86-1D6C1B7AFA6D}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3C84D10-A8B2-4B94-9D86-1D6C1B7AFA6D}: DhcpDomain = domain.name
O17 - HKLM\System\CS2\Services\Tcpip\..\{E3C84D10-A8B2-4B94-9D86-1D6C1B7AFA6D}: DhcpNameServer = 192.168.1.1 200.204.0.10 200.204.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{E3C84D10-A8B2-4B94-9D86-1D6C1B7AFA6D}: DhcpDomain = lan
O17 - HKLM\System\CS3\Services\Tcpip\..\{2084BCC9-474C-46E5-97D4-2BE74C7333A3}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CS3\Services\Tcpip\..\{E3C84D10-A8B2-4B94-9D86-1D6C1B7AFA6D}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{E3C84D10-A8B2-4B94-9D86-1D6C1B7AFA6D}: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: GbPluginUni . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehuni.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
~ Services: 9 Legitimates Filtered in 00mn 04s
---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\WINDOWS\Tasks\060184C3-9766-46a0-B258-F4518A0B2633.job [472]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Logon para Notificação de Término de Serviço do Microsoft Windows XP.job [222]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Notificação Mensal de Término de Serviço do Microsoft Windows XP.job [216]
~ Scheduled Task: 21 Legitimates Filtered in 00mn 00s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (netfilter) . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - C:\WINDOWS\system32\drivers\netfilter.sys
~ Drivers: 85 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: ContentExplorer - (.ContentExplorer.net.) [HKLM] -- ContentExplorer =>PUP.ContentExplorer
O42 - Logiciel: GBBD Banco Itau 3.4.0.2 - (...) [HKLM] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2011
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2012
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: Quiknowledge - (.Quiknowledge.) [HKLM] -- Quiknowledge
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
~ Logic: 32 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\1stBrowser]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security]
[HKCU\Software\ContentExplorer] =>PUP.ContentExplorer
[HKCU\Software\GbAs]
[HKCU\Software\NaoEntraBRT]
[HKCU\Software\SERPRO]
[HKCU\Software\Softonic_Brasil] =>Toolbar.Conduit
[HKLM\Software\5B99CC8D-7BAF-430A-9C63-67C9980E3ED8]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Baidu Security]
[HKLM\Software\Baidu_Drp_pos]
[HKLM\Software\PZIM!]
~ Key Software: 509 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 16/7/2014 - 14:31:35 - [] ----D C:\Arquivos de programas\5B99CC8D-7BAF-430A-9C63-67C9980E3ED8
O43 - CFD: 13/7/2014 - 21:46:50 - [] ----D C:\Arquivos de programas\Baidu Security
O43 - CFD: 4/3/2014 - 20:05:51 - [0] ----D C:\Arquivos de programas\Programas RFB
O43 - CFD: 11/2/2011 - 12:02:11 - [] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 11/2/2011 - 12:01:38 - [] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 16/11/2013 - 10:38:30 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security
O43 - CFD: 13/7/2014 - 21:46:49 - [] ----D C:\Documents and Settings\Tiago\Dados de aplicativos\Baidu Security
O43 - CFD: 16/7/2014 - 14:31:57 - [] ----D C:\Documents and Settings\Tiago\Dados de aplicativos\ContentExplorer =>PUP.ContentExplorer
O43 - CFD: 14/3/2011 - 06:05:05 - [0] ----D C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Softonic_Brasil =>Toolbar.Conduit
O43 - CFD: 11/2/2011 - 12:08:46 - [] R---D C:\Documents and Settings\Tiago\Menu Iniciar\Programas\Acessórios
O43 - CFD: 14/7/2014 - 12:32:27 - [] R---D C:\Documents and Settings\Tiago\Menu Iniciar\Programas\Inicializar
O43 - CFD: 1/3/2012 - 21:10:40 - [] ----D C:\Documents and Settings\Tiago\Menu Iniciar\Programas\Programas RFB2012
O43 - CFD: 2/3/2013 - 19:44:08 - [] ----D C:\Documents and Settings\Tiago\Menu Iniciar\Programas\Programas RFB2013
O43 - CFD: 4/3/2014 - 20:21:53 - [] ----D C:\Documents and Settings\Tiago\Menu Iniciar\Programas\Programas RFB2014
~ Program Folder: 166 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.A4ABB21D13528D1BA3ABF484B2DF24FE] - 11/7/2014 - 11:13:52 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\WINDOWS\system32\Drivers\netfilter.sys [47488]
O44 - LFC:[MD5.4CE91CEDF6EC0F5FDFF2B6E2DB4E520A] - 14/7/2014 - 12:33:32 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [69]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 16/7/2014 - 16:18:20 ---A- . (...) -- C:\WINDOWS\zoek-delete.exe [24064]
O44 - LFC:[MD5.F154014CA7E127C7865CD313EA3CDCF9] - 16/7/2014 - 16:47:36 ---A- . (...) -- C:\zoek-results.log [29681]
O44 - LFC:[MD5.971E54C7B578C2F3E3A3E04EDE5348DA] - 18/7/2014 - 17:05:37 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.05E9B6F711E3132A8CB8DFBD8D362F84] - 18/7/2014 - 17:05:41 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.8FCA7D8A9C8AE5CC7BD1C2D06995DC8D] - 18/7/2014 - 17:25:49 ---A- . (.GAS Tecnologia - GAS Tecnologia - IM Helper Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31448]
~ Files: 20 Legitimates Filtered in 00mn 08s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\ARQUIV~1\GBPLUGIN\gbiehuni.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{09a3d1df-c155-11e1-bfa8-002421897a4a}\AutoRun\command. (...) -- J:\iStudio.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
~ MWPS: 9 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "TaskbarNoThumbnail"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:19/11/2013 - 09:05:10 ----- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:19/11/2013 - 09:05:10 ----- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [178304] =>.ALWIL Software
O58 - SDL:11/3/2014 - 00:14:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\WINDOWS\system32\Drivers\Bhbase.sys [47456]
O58 - SDL:21/3/2009 - 14:25:14 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:5/5/2014 - 09:42:00 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\WINDOWS\system32\Drivers\GbpKm.sys [46392]
O58 - SDL:18/7/2014 - 17:25:49 ---A- . (.GAS Tecnologia - GAS Tecnologia - IM Helper Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31448]
O58 - SDL:4/1/2012 - 11:28:36 ---A- . (.Windows (R) Win 7 DDK provider - GridinSoft Trojan Killer Mini-Filter Driver.) -- C:\WINDOWS\system32\Drivers\gtkdrv.sys [16128]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:11/7/2014 - 11:13:52 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\WINDOWS\system32\Drivers\netfilter.sys [47488]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:21/6/2011 - 11:24:06 ---A- . (...) -- C:\WINDOWS\system32\Drivers\sp_rsdrv2.sys [32768]
O58 - SDL:21/3/2009 - 14:25:14 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 71 Legitimates Filtered in 00mn 01s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 11/3/2014 - C:\WINDOWS\system32\drivers\Bhbase.sys (Bhbase) .(.Baidu, Inc. - Baidu Antivirus Hook Base.) - LEGACY_BHBASE
O64 - Services: CurCS - 5/5/2014 - C:\WINDOWS\system32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 5/5/2014 - C:\Arquivos de programas\GbPlugin\gbpsv.exe (GbpSv) .(.GAS Tecnologia - G-Buster Browser Defense - Service.) - LEGACY_GBPSV
O64 - Services: CurCS - 11/7/2014 - C:\WINDOWS\system32\drivers\netfilter.sys (netfilter) .(.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - LEGACY_NETFILTER
~ Legacy: 169 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\google\chrome\application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (...) -- C:\Arquivos de programas\baidu\Spark\Spark.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {80c554b9-c7f8-4a21-9471-06d606da78a2} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (Pesquisa Crawler) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (Pesquisa Crawler) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.254FBCA565E049648B0CCE2CEADF05D2] [SPRF][11/2/2011] (...) -- C:\Documents and Settings\Tiago\Dados de aplicativos\inst.exe [87608]
[MD5.CB4A53DEE4A10DF87EB708C4970520B4] [SPRF][8/8/2013] (...) -- C:\Documents and Settings\Tiago\Dados de aplicativos\unins000.dat [13994]
[MD5.E1A27E82DE8F74A677F2D4172C7D4BEE] [SPRF][3/9/2013] (...) -- C:\Documents and Settings\Tiago\Dados de aplicativos\unins001.dat [18240]
[MD5.7157C4A5D821EF06AFF5A98E98DA1322] [SPRF][29/9/2011] (.No owner - GbpDist Module.) -- C:\WINDOWS\Downloaded Program Files\gbpdist.dll [212984]
~ Files: 6 Legitimates Filtered in 00mn 00s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{ca3eae2b-3b20-2e6f-a849-c126d93b6ad3}] (SupraSavings) =>PUP.SupraSavings
~ BCK: 5794 Legitimates Filtered in 00mn 07s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 9/7/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/7/1658 0 | (avast! Antivirus) . (...) - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
SS - | Demand 14/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 28/9/2012 136176 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 28/9/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 18/6/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 17/9/2007 800040 | (NBService) . (.Nero AG.) - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 27/6/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
SR - | Auto 27/6/2014 3241488 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Arquivos de programas\AVG\AVG2014\avgidsagent.exe
SR - | Auto 17/6/2014 289328 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Arquivos de programas\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 17/12/2007 143872 | (EPSON_EB_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40ST7.exe
SR - | Auto 11/1/2007 113664 | (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.exe
SR - | Auto 5/5/2014 527928 | (GbpSv) . (.GAS Tecnologia.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
SR - | Auto 26/11/2007 1554728 | (InCDsrv) . (.Nero AG.) - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
SR - | Auto 14/4/2014 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SR - | Auto 14/8/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe
~ Services: Scanned in 00mn 08s
---\\ Scâner Aditional (088)
Database Version : 13026 - (16/7/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 4
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA3EAE2B-3B20-2E6F-A849-C126D93B6AD3}] =>PUP.SupraSavings^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ContentExplorer] =>PUP.ContentExplorer^
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411421186}] =>PUP.CrossRider
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ROC_ROC_JULY_P1 =>Toolbar.AVGSearch^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ContentExplorer =>PUP.ContentExplorer^
C:\Documents and Settings\Tiago\Dados de aplicativos\ContentExplorer =>PUP.ContentExplorer^
C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Softonic_Brasil =>Toolbar.Conduit^
C:\Documents and Settings\Tiago\Dados de aplicativos\ContentExplorer\ContentExplorer.exe =>PUP.ContentExplorer^
[HKCU\Software\ContentExplorer] =>PUP.ContentExplorer^
[HKCU\Software\Softonic_Brasil] =>Toolbar.Conduit^
[HKCR\CLSID\{ca3eae2b-3b20-2e6f-a849-c126d93b6ad3}] (SupraSavings) =>PUP.SupraSavings^
~ Additionnel Scan: 203524 Items scanned in 00mn 29s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Image File Execution Options (IFEO) (O50)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 6 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.ContentExplorer
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Proxy
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupraSavings
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrossRider
~ MSI: 5 link(s) detected in 00mn 00s
~ 917 Legitimates filtered by white list
End of the scan (603 lines in 01mn 18s)(0)
~ Relatório do ZHPDiag v2014.7.16.105 - Nicolas Coolman (16/7/2014)
~ Iniciado por Tiago (18/7/2014 18:06:35)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found
---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 30.0 (Defaut)
GCIE: Google Chrome v35.0.1916.153
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
---\\ Softwares de proteçao do sistema
AVG 2014 v14.0.3986
---\\ Softwares d'optimização do sistema
CCleaner v4.07
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader X
Java 7 Update 55
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3062 MB (68% free)
System Restore: Activé (Enable)
System drive C: has 6 GB (23%) free of 24 GB
---\\ Modo de conexão ao sistema
~ Computer Name: CASA
~ User Name: Tiago
~ All Users Names: Tiago, SUPPORT_388945a0, HelpAssistant, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Tiago\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\Tiago\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\Tiago\Desktop\
~ %Favorites% : C:\Documents and Settings\Tiago\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\Tiago\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 6 Go of 24 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 133 Go of 274 Go)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 45 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.E2FFA50357056ADE4FCDB5FD09F9D2FF] - (.Microsoft Corporation - Internet Extensions for Win32.) (.6/3/2014 - 14:58:35.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.F6B7B1ECD7B41736BDB6FF4B092BCB79] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/8/2011 - 10:41:46.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 04:10:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.FB2FCCC70F7174C7BF64F48E96D3ADF4] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/7/2011 - 10:29:35.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [457856]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.21/3/2009 - 14:26:10.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 15:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/55
~ Mes musiques (My Musics) : 114/1296
~ Mes Videos (My Videos) : 1/9
~ Mes Favoris (My Favorites) : 1/2
~ Mes Documents (My Documents) : 2/14121
~ Mon Bureau (My Desktop) : 1/2764
~ Menu demarrer (Programs) : 1/47
~ Hidden Files: Scanned in 00mn 12s
---\\ Processos lançados
[MD5.591A7E5FC4A8121B2ABF4E768B64ABA7] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe [527928] [PID.1488]
[MD5.20B2C28E3914C6837B30D44D31D2A294] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Arquivos de programas\AVG\AVG2014\avgidsagent.exe [3241488] [PID.348]
[MD5.13BB5F8819F90CE30A967FD94823E21B] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Arquivos de programas\AVG\AVG2014\avgwdsvc.exe [289328] [PID.496]
[MD5.EC6A73CD8413F68655E5E0B99C415A21] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40ST7.exe [143872] [PID.1540]
[MD5.8FE6AB59CAB8F2C038FEA9522A5EEBA7] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.exe [113664] [PID.1732]
[MD5.067020BB8ABF1F6B80361051B2806C90] - (.Nero AG - incdsrv.) -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe [1554728] [PID.2140]
[MD5.8B0DE4B972DB725FB9D591E69CD236FB] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [159744] [PID.2156]
[MD5.CC632EB3A7D106464E933E7D53883550] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [131072] [PID.2164]
[MD5.0EE862458136E47213B2D17F035729A9] - (.Nero AG - NBH.) -- C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe [1629480] [PID.2180]
[MD5.6E0B205042FC3AF5DE84F90F875AFFDA] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [249856] [PID.2224]
[MD5.D8DB2DA1AD3C96D2A9898068F309EB57] - (.AVG Technologies CZ, s.r.o. - AVG Online Shield Service.) -- C:\Arquivos de programas\AVG\AVG2014\avgnsx.exe [838672] [PID.2248]
[MD5.FCBD73089E866436D7689D16F3F12655] - (.Nero AG - InCD.) -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe [1057064] [PID.2256]
[MD5.77430E8234A0050ECCC5E2F5B30A7BEF] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe [182696] [PID.2292]
[MD5.77505EFF423AFD7A2B41C0EFF919C935] - (.AVG Technologies CZ, s.r.o. - AVG E-mail Scanner.) -- C:\Arquivos de programas\AVG\AVG2014\avgemcx.exe [656912] [PID.2320]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [30040] [PID.2372]
[MD5.0560B36A9A58DCF6698545F9521EABF2] - (.ZSMCSNAP - ZSMCSNAP.) -- C:\WINDOWS\ZSSnp211.exe [57344] [PID.2428]
[MD5.5603C2C8940F5E43864D4000304AB175] - (...) -- C:\WINDOWS\Domino.exe [49152] [PID.2448]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.2700]
[MD5.255E405D801CF01247390F38F92D8042] - (...) -- C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe [17408] [PID.2900]
[MD5.F6158734F1E24C6C510155CF0D363911] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\arquivos de programas\real\realplayer\update\realsched.exe [295512] [PID.3336]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [254336] [PID.3492]
[MD5.A8B68D4A0B815294819E2647D54A7686] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Arquivos de programas\AVG\AVG2014\avgui.exe [5179408] [PID.3564]
[MD5.EFF5E5CCA31672BD00AF87D170590AFB] - (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe [1695232] [PID.3840]
[MD5.3571BC3EA24C5705FC6123CCED6BBA9A] - (.ContentExplorer - ContentExplorer.) -- C:\Documents and Settings\Tiago\Dados de aplicativos\ContentExplorer\ContentExplorer.exe [2429680] [PID.4060] =>PUP.ContentExplorer
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2116]
[MD5.B1E01D636350983E94171E229C759468] - (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe [275568] [PID.636]
[MD5.4F87179386948D61FBF74B0DDF265170] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe [18544] [PID.5000]
[MD5.BCD68F99E6751218BE8D513BF24896F3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8076800] [PID.4200]
~ Processes Running: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 20 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:1606;https=127.0.0.1:1606; =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehuni.dll
O2 - BHO: SupraSavings - {ca3eae2b-3b20-2e6f-a849-c126d93b6ad3} . (...) -- C:\Arquivos de programas\5B99CC8D-7BAF-430A-9C63-67C9980E3ED8\xkymsyyrfh.dll =>PUP.SupraSavings
~ BHO: 20 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL).) -- C:\Arquivos de programas\Epson Software\Easy Photo Print\EPTBL.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] . (.Nero AG - NBH.) -- C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] . (.Nero AG - InCD.) -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [SMSERIAL] . (.Motorola Inc. - Motorola SM56 Win32 Utility.) -- C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [ZSSnp211] . (.ZSMCSNAP - ZSMCSNAP.) -- C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] . (...) -- C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [UnlockerAssistant] . (...) -- C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] Chave orfã
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] C:\Arquivos de programas\AVG Secure Search\ROC_ROC_JULY_P1.exe (.not file.) =>Toolbar.AVGSearch
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] C:\Arquivos de programas\AVG Secure Search\ROC_roc_ssl_v12.exe (.not file.) =>Toolbar.AVGSearch
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\arquivos de programas\real\realplayer\update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [AvastUI.exe] C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe (.not file.)
O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Arquivos de programas\AVG\AVG2014\avgui.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [EPSON TX105 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDB.exe =>.Epson Seiko Corporation
O4 - HKCU\..\Run: [Skype] C:\Arquivos de programas\Skype\Phone\Skype.exe (.not file.)
O4 - HKCU\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Documents and Settings\Tiago\Dados de aplicativos\ContentExplorer\ContentExplorer.exe =>PUP.ContentExplorer
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DWTRIG20.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DWTRIG20.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe (.not file.)
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe (.not file.)
O4 - HKUS\S-1-5-21-1004336348-1202660629-1417001333-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1004336348-1202660629-1417001333-1003\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-1004336348-1202660629-1417001333-1003\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
O4 - HKUS\S-1-5-21-1004336348-1202660629-1417001333-1003\..\Run: [EPSON TX105 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDB.exe =>.Epson Seiko Corporation
O4 - HKUS\S-1-5-21-1004336348-1202660629-1417001333-1003\..\Run: [Skype] C:\Arquivos de programas\Skype\Phone\Skype.exe (.not file.)
O4 - HKUS\S-1-5-21-1004336348-1202660629-1417001333-1003\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Documents and Settings\Tiago\Dados de aplicativos\ContentExplorer\ContentExplorer.exe =>PUP.ContentExplorer
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2084BCC9-474C-46E5-97D4-2BE74C7333A3}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3C84D10-A8B2-4B94-9D86-1D6C1B7AFA6D}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3C84D10-A8B2-4B94-9D86-1D6C1B7AFA6D}: DhcpDomain = domain.name
O17 - HKLM\System\CS2\Services\Tcpip\..\{E3C84D10-A8B2-4B94-9D86-1D6C1B7AFA6D}: DhcpNameServer = 192.168.1.1 200.204.0.10 200.204.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{E3C84D10-A8B2-4B94-9D86-1D6C1B7AFA6D}: DhcpDomain = lan
O17 - HKLM\System\CS3\Services\Tcpip\..\{2084BCC9-474C-46E5-97D4-2BE74C7333A3}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CS3\Services\Tcpip\..\{E3C84D10-A8B2-4B94-9D86-1D6C1B7AFA6D}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{E3C84D10-A8B2-4B94-9D86-1D6C1B7AFA6D}: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: GbPluginUni . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehuni.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
~ Services: 9 Legitimates Filtered in 00mn 04s
---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\WINDOWS\Tasks\060184C3-9766-46a0-B258-F4518A0B2633.job [472]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Logon para Notificação de Término de Serviço do Microsoft Windows XP.job [222]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Notificação Mensal de Término de Serviço do Microsoft Windows XP.job [216]
~ Scheduled Task: 21 Legitimates Filtered in 00mn 00s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (netfilter) . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - C:\WINDOWS\system32\drivers\netfilter.sys
~ Drivers: 85 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: ContentExplorer - (.ContentExplorer.net.) [HKLM] -- ContentExplorer =>PUP.ContentExplorer
O42 - Logiciel: GBBD Banco Itau 3.4.0.2 - (...) [HKLM] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2011
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2012
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: Quiknowledge - (.Quiknowledge.) [HKLM] -- Quiknowledge
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
~ Logic: 32 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\1stBrowser]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security]
[HKCU\Software\ContentExplorer] =>PUP.ContentExplorer
[HKCU\Software\GbAs]
[HKCU\Software\NaoEntraBRT]
[HKCU\Software\SERPRO]
[HKCU\Software\Softonic_Brasil] =>Toolbar.Conduit
[HKLM\Software\5B99CC8D-7BAF-430A-9C63-67C9980E3ED8]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Baidu Security]
[HKLM\Software\Baidu_Drp_pos]
[HKLM\Software\PZIM!]
~ Key Software: 509 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 16/7/2014 - 14:31:35 - [] ----D C:\Arquivos de programas\5B99CC8D-7BAF-430A-9C63-67C9980E3ED8
O43 - CFD: 13/7/2014 - 21:46:50 - [] ----D C:\Arquivos de programas\Baidu Security
O43 - CFD: 4/3/2014 - 20:05:51 - [0] ----D C:\Arquivos de programas\Programas RFB
O43 - CFD: 11/2/2011 - 12:02:11 - [] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 11/2/2011 - 12:01:38 - [] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 16/11/2013 - 10:38:30 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security
O43 - CFD: 13/7/2014 - 21:46:49 - [] ----D C:\Documents and Settings\Tiago\Dados de aplicativos\Baidu Security
O43 - CFD: 16/7/2014 - 14:31:57 - [] ----D C:\Documents and Settings\Tiago\Dados de aplicativos\ContentExplorer =>PUP.ContentExplorer
O43 - CFD: 14/3/2011 - 06:05:05 - [0] ----D C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Softonic_Brasil =>Toolbar.Conduit
O43 - CFD: 11/2/2011 - 12:08:46 - [] R---D C:\Documents and Settings\Tiago\Menu Iniciar\Programas\Acessórios
O43 - CFD: 14/7/2014 - 12:32:27 - [] R---D C:\Documents and Settings\Tiago\Menu Iniciar\Programas\Inicializar
O43 - CFD: 1/3/2012 - 21:10:40 - [] ----D C:\Documents and Settings\Tiago\Menu Iniciar\Programas\Programas RFB2012
O43 - CFD: 2/3/2013 - 19:44:08 - [] ----D C:\Documents and Settings\Tiago\Menu Iniciar\Programas\Programas RFB2013
O43 - CFD: 4/3/2014 - 20:21:53 - [] ----D C:\Documents and Settings\Tiago\Menu Iniciar\Programas\Programas RFB2014
~ Program Folder: 166 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.A4ABB21D13528D1BA3ABF484B2DF24FE] - 11/7/2014 - 11:13:52 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\WINDOWS\system32\Drivers\netfilter.sys [47488]
O44 - LFC:[MD5.4CE91CEDF6EC0F5FDFF2B6E2DB4E520A] - 14/7/2014 - 12:33:32 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [69]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 16/7/2014 - 16:18:20 ---A- . (...) -- C:\WINDOWS\zoek-delete.exe [24064]
O44 - LFC:[MD5.F154014CA7E127C7865CD313EA3CDCF9] - 16/7/2014 - 16:47:36 ---A- . (...) -- C:\zoek-results.log [29681]
O44 - LFC:[MD5.971E54C7B578C2F3E3A3E04EDE5348DA] - 18/7/2014 - 17:05:37 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.05E9B6F711E3132A8CB8DFBD8D362F84] - 18/7/2014 - 17:05:41 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.8FCA7D8A9C8AE5CC7BD1C2D06995DC8D] - 18/7/2014 - 17:25:49 ---A- . (.GAS Tecnologia - GAS Tecnologia - IM Helper Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31448]
~ Files: 20 Legitimates Filtered in 00mn 08s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\ARQUIV~1\GBPLUGIN\gbiehuni.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{09a3d1df-c155-11e1-bfa8-002421897a4a}\AutoRun\command. (...) -- J:\iStudio.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
~ MWPS: 9 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "TaskbarNoThumbnail"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:19/11/2013 - 09:05:10 ----- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:19/11/2013 - 09:05:10 ----- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [178304] =>.ALWIL Software
O58 - SDL:11/3/2014 - 00:14:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\WINDOWS\system32\Drivers\Bhbase.sys [47456]
O58 - SDL:21/3/2009 - 14:25:14 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:5/5/2014 - 09:42:00 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\WINDOWS\system32\Drivers\GbpKm.sys [46392]
O58 - SDL:18/7/2014 - 17:25:49 ---A- . (.GAS Tecnologia - GAS Tecnologia - IM Helper Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31448]
O58 - SDL:4/1/2012 - 11:28:36 ---A- . (.Windows (R) Win 7 DDK provider - GridinSoft Trojan Killer Mini-Filter Driver.) -- C:\WINDOWS\system32\Drivers\gtkdrv.sys [16128]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:11/7/2014 - 11:13:52 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\WINDOWS\system32\Drivers\netfilter.sys [47488]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:21/6/2011 - 11:24:06 ---A- . (...) -- C:\WINDOWS\system32\Drivers\sp_rsdrv2.sys [32768]
O58 - SDL:21/3/2009 - 14:25:14 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 71 Legitimates Filtered in 00mn 01s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 11/3/2014 - C:\WINDOWS\system32\drivers\Bhbase.sys (Bhbase) .(.Baidu, Inc. - Baidu Antivirus Hook Base.) - LEGACY_BHBASE
O64 - Services: CurCS - 5/5/2014 - C:\WINDOWS\system32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 5/5/2014 - C:\Arquivos de programas\GbPlugin\gbpsv.exe (GbpSv) .(.GAS Tecnologia - G-Buster Browser Defense - Service.) - LEGACY_GBPSV
O64 - Services: CurCS - 11/7/2014 - C:\WINDOWS\system32\drivers\netfilter.sys (netfilter) .(.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - LEGACY_NETFILTER
~ Legacy: 169 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {80c554b9-c7f8-4a21-9471-06d606da78a2} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (Pesquisa Crawler) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (Pesquisa Crawler) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.254FBCA565E049648B0CCE2CEADF05D2] [SPRF][11/2/2011] (...) -- C:\Documents and Settings\Tiago\Dados de aplicativos\inst.exe [87608]
[MD5.CB4A53DEE4A10DF87EB708C4970520B4] [SPRF][8/8/2013] (...) -- C:\Documents and Settings\Tiago\Dados de aplicativos\unins000.dat [13994]
[MD5.E1A27E82DE8F74A677F2D4172C7D4BEE] [SPRF][3/9/2013] (...) -- C:\Documents and Settings\Tiago\Dados de aplicativos\unins001.dat [18240]
[MD5.7157C4A5D821EF06AFF5A98E98DA1322] [SPRF][29/9/2011] (.No owner - GbpDist Module.) -- C:\WINDOWS\Downloaded Program Files\gbpdist.dll [212984]
~ Files: 6 Legitimates Filtered in 00mn 00s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{ca3eae2b-3b20-2e6f-a849-c126d93b6ad3}] (SupraSavings) =>PUP.SupraSavings
~ BCK: 5794 Legitimates Filtered in 00mn 07s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 9/7/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/7/1658 0 | (avast! Antivirus) . (...) - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
SS - | Demand 14/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 28/9/2012 136176 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 28/9/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 18/6/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 17/9/2007 800040 | (NBService) . (.Nero AG.) - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 27/6/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
SR - | Auto 27/6/2014 3241488 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Arquivos de programas\AVG\AVG2014\avgidsagent.exe
SR - | Auto 17/6/2014 289328 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Arquivos de programas\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 17/12/2007 143872 | (EPSON_EB_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40ST7.exe
SR - | Auto 11/1/2007 113664 | (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.exe
SR - | Auto 5/5/2014 527928 | (GbpSv) . (.GAS Tecnologia.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
SR - | Auto 26/11/2007 1554728 | (InCDsrv) . (.Nero AG.) - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
SR - | Auto 14/4/2014 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SR - | Auto 14/8/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe
~ Services: Scanned in 00mn 08s
---\\ Scâner Aditional (088)
Database Version : 13026 - (16/7/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 4
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA3EAE2B-3B20-2E6F-A849-C126D93B6AD3}] =>PUP.SupraSavings^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ContentExplorer] =>PUP.ContentExplorer^
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411421186}] =>PUP.CrossRider
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ROC_ROC_JULY_P1 =>Toolbar.AVGSearch^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ContentExplorer =>PUP.ContentExplorer^
C:\Documents and Settings\Tiago\Dados de aplicativos\ContentExplorer =>PUP.ContentExplorer^
C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Softonic_Brasil =>Toolbar.Conduit^
C:\Documents and Settings\Tiago\Dados de aplicativos\ContentExplorer\ContentExplorer.exe =>PUP.ContentExplorer^
[HKCU\Software\ContentExplorer] =>PUP.ContentExplorer^
[HKCU\Software\Softonic_Brasil] =>Toolbar.Conduit^
[HKCR\CLSID\{ca3eae2b-3b20-2e6f-a849-c126d93b6ad3}] (SupraSavings) =>PUP.SupraSavings^
~ Additionnel Scan: 203524 Items scanned in 00mn 29s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Image File Execution Options (IFEO) (O50)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 6 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.ContentExplorer
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Proxy
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupraSavings
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrossRider
~ MSI: 5 link(s) detected in 00mn 00s
~ 917 Legitimates filtered by white list
End of the scan (603 lines in 01mn 18s)(0)
Uzumakitiago- Membro
- Mensagens : 89
Reputação : 0
Data de inscrição : 16/07/2014
Re: CE_UmbrellaCert, como remover!?
por Power Max Sex 18 Jul 2014, 18:20
No momento estou no celular, mas amanhã te passo o Script para remover os problemas encontrados pelo programa.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_UmbrellaCert, como remover!?
por Uzumakitiago Sex 18 Jul 2014, 18:28
Cem Problema,Obrigado por estar me ajudando,como te falei antes,depois que começaram os problemas não estou conseguindo fazer login no game Grepolis ( Não importa o Navegador que use) sera que isso também pode ser resolvido???...Mais uma vez Obrigado por tudo e até amanha...Abraço.
Uzumakitiago- Membro
- Mensagens : 89
Reputação : 0
Data de inscrição : 16/07/2014
CE_UmbrellaCert, como remover!?
por Power Max Sáb 19 Jul 2014, 12:54
Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.
Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
____________________________________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Dom 03 Ago 2014, 10:53, editado 2 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_UmbrellaCert, como remover!?
por Uzumakitiago Seg 21 Jul 2014, 10:32
Nossa irmão,tomei um susto daqueles agora,depois que fiz esse ultimo processo,os navegadores não estavam acessando a net,tive que mexer na configuração de proxy do servidor,mais agora voltou ao normal...
...Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014
Fichier d'export Registre :
Run by Tiago at 21/7/2014 10:16:35
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)
Reciclagem vazia (00mn 06s)
Reparação de atalhos do navegador
========== Softwares ==========
AUSENTE Uninstall Process: c:\documents and settings\tiago\dados de aplicativos\contentexplorer\uninstall.exe
AUSENTE Uninstall Process: c:\arquivos de programas\quiknowledge\uninstall.exe
========== Processo memória ==========
ELIMINÉ: Memory Process: C:\Documents and Settings\Tiago\Dados de aplicativos\ContentExplorer\ContentExplorer.exe
========== Estado dos serviços ==========
BHBASE Parado
========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentExplorer]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quiknowledge]
ELIMINÉ: CLSID BHO: {ca3eae2b-3b20-2e6f-a849-c126d93b6ad3}
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{ca3eae2b-3b20-2e6f-a849-c126d93b6ad3}]
ELIMINÉ: HKCU\Software\1stBrowser
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\ContentExplorer
ELIMINÉ: HKCU\Software\Softonic_Brasil
ELIMINÉ: HKLM\Software\5B99CC8D-7BAF-430A-9C63-67C9980E3ED8
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu_Drp_pos
ELIMINÉ:* SearchScopes :{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411421186}
========== Valores do Registo ==========
ELIMINÉ RunValue: BluetoothAuthenticationAgent
ELIMINÉ RunValue: ROC_ROC_JULY_P1
ELIMINÉ RunValue: ROC_roc_ssl_v12
ELIMINÉ RunValue: AvastUI.exe
ELIMINÉ RunValue: Skype
ELIMINÉ RunValue: ContentExplorer
ELIMINÉ RunValue: FlashPlayerUpdate
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page = <-loopback>
ELIMINÉ: R1 Search Page = http=127.0.0.1:1133;https=127.0.0.1:1133;
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\arquivos de programas\5b99cc8d-7baf-430a-9c63-67c9980e3ed8\xkymsyyrfh.dll
ELIMINA REINICIAR: c:\documents and settings\tiago\dados de aplicativos\contentexplorer\contentexplorer.exe
ELIMINÉ: c:\windows\system32\drivers\bhbase.sys
ELIMINÉ:* c:\documents and settings\tiago\dados de aplicativos\contentexplorer\contentexplorer.exe
ELIMINÉ Temporários windows (122) (2.157.370 octets)
ELIMINÉ Flash Cookies (2) (464 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Processo memória
13 : Chaves do Registo
13 : Valores do Registo
2 : Elementos dos dados do Registo
1 : Pastas
6 : Ficheiros
2 : Softwares
1 : Estado dos serviços
1 : Restauração Sistema
End of clean in 00mn 33s
========== Caminho do ficheiro do relatório ==========
C:\Documents and Settings\Tiago\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 21/7/2014 10:16:41 [3205]
...Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014
Fichier d'export Registre :
Run by Tiago at 21/7/2014 10:16:35
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)
Reciclagem vazia (00mn 06s)
Reparação de atalhos do navegador
========== Softwares ==========
AUSENTE Uninstall Process: c:\documents and settings\tiago\dados de aplicativos\contentexplorer\uninstall.exe
AUSENTE Uninstall Process: c:\arquivos de programas\quiknowledge\uninstall.exe
========== Processo memória ==========
ELIMINÉ: Memory Process: C:\Documents and Settings\Tiago\Dados de aplicativos\ContentExplorer\ContentExplorer.exe
========== Estado dos serviços ==========
BHBASE Parado
========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentExplorer]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quiknowledge]
ELIMINÉ: CLSID BHO: {ca3eae2b-3b20-2e6f-a849-c126d93b6ad3}
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{ca3eae2b-3b20-2e6f-a849-c126d93b6ad3}]
ELIMINÉ: HKCU\Software\1stBrowser
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\ContentExplorer
ELIMINÉ: HKCU\Software\Softonic_Brasil
ELIMINÉ: HKLM\Software\5B99CC8D-7BAF-430A-9C63-67C9980E3ED8
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu_Drp_pos
ELIMINÉ:* SearchScopes :{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411421186}
========== Valores do Registo ==========
ELIMINÉ RunValue: BluetoothAuthenticationAgent
ELIMINÉ RunValue: ROC_ROC_JULY_P1
ELIMINÉ RunValue: ROC_roc_ssl_v12
ELIMINÉ RunValue: AvastUI.exe
ELIMINÉ RunValue: Skype
ELIMINÉ RunValue: ContentExplorer
ELIMINÉ RunValue: FlashPlayerUpdate
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page = <-loopback>
ELIMINÉ: R1 Search Page = http=127.0.0.1:1133;https=127.0.0.1:1133;
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\arquivos de programas\5b99cc8d-7baf-430a-9c63-67c9980e3ed8\xkymsyyrfh.dll
ELIMINA REINICIAR: c:\documents and settings\tiago\dados de aplicativos\contentexplorer\contentexplorer.exe
ELIMINÉ: c:\windows\system32\drivers\bhbase.sys
ELIMINÉ:* c:\documents and settings\tiago\dados de aplicativos\contentexplorer\contentexplorer.exe
ELIMINÉ Temporários windows (122) (2.157.370 octets)
ELIMINÉ Flash Cookies (2) (464 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Processo memória
13 : Chaves do Registo
13 : Valores do Registo
2 : Elementos dos dados do Registo
1 : Pastas
6 : Ficheiros
2 : Softwares
1 : Estado dos serviços
1 : Restauração Sistema
End of clean in 00mn 33s
========== Caminho do ficheiro do relatório ==========
C:\Documents and Settings\Tiago\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 21/7/2014 10:16:41 [3205]
Uzumakitiago- Membro
- Mensagens : 89
Reputação : 0
Data de inscrição : 16/07/2014
Re: CE_UmbrellaCert, como remover!?
por Power Max Seg 21 Jul 2014, 10:35
é porque havia uma contaminação no proxy, que foi removida pelo ZHP.
Abra novamente o ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Abra novamente o ( ZHPDiag )[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_UmbrellaCert, como remover!?
por Uzumakitiago Seg 21 Jul 2014, 10:45
Mais então só me diz se fiz certo,no firefox,fui nas configurações da internet,fui em acesso a internet,e tinha as opções,1°SEM PROXY 2°auto detectar as configurações de proxy para esta rede 3°usar as configurações de proxy do sistema 4°configuração manual de proxy...Se não me engano a opção que estava selecionada era a 3°ai mudei para a 1° e voltou a entrar,pelo menos no firefox,pode me dizer se esta correto deixar sem proxy,e como faço no Explorer e google crome...Abraço
Uzumakitiago- Membro
- Mensagens : 89
Reputação : 0
Data de inscrição : 16/07/2014
Re: CE_UmbrellaCert, como remover!?
por Uzumakitiago Seg 21 Jul 2014, 10:49
Aqui esta o relatório...
...~ Relatório do ZHPDiag v2014.7.16.105 - Nicolas Coolman (16/7/2014)
~ Iniciado por Tiago (21/7/2014 10:47:04)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found
---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 30.0 (Defaut)
GCIE: Google Chrome v36.0.1985.125
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
---\\ Softwares de proteçao do sistema
AVG 2014 v14.0.3986
---\\ Softwares d'optimização do sistema
CCleaner v4.07
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader X
Java 7 Update 55
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3062 MB (73% free)
System Restore: Activé (Enable)
System drive C: has 6 GB (23%) free of 24 GB
---\\ Modo de conexão ao sistema
~ Computer Name: CASA
~ User Name: Tiago
~ All Users Names: Tiago, SUPPORT_388945a0, HelpAssistant, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Tiago\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\Tiago\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\Tiago\Desktop\
~ %Favorites% : C:\Documents and Settings\Tiago\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\Tiago\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 6 Go of 24 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 133 Go of 274 Go)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 45 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.E2FFA50357056ADE4FCDB5FD09F9D2FF] - (.Microsoft Corporation - Internet Extensions for Win32.) (.6/3/2014 - 14:58:35.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.F6B7B1ECD7B41736BDB6FF4B092BCB79] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/8/2011 - 10:41:46.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 04:10:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.FB2FCCC70F7174C7BF64F48E96D3ADF4] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/7/2011 - 10:29:35.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [457856]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.21/3/2009 - 14:26:10.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 15:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/55
~ Mes musiques (My Musics) : 114/1296
~ Mes Videos (My Videos) : 1/9
~ Mes Favoris (My Favorites) : 1/2
~ Mes Documents (My Documents) : 2/14127
~ Mon Bureau (My Desktop) : 1/2759
~ Menu demarrer (Programs) : 1/47
~ Hidden Files: Scanned in 00mn 12s
---\\ Processos lançados
[MD5.591A7E5FC4A8121B2ABF4E768B64ABA7] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe [527928] [PID.1464]
[MD5.20B2C28E3914C6837B30D44D31D2A294] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Arquivos de programas\AVG\AVG2014\avgidsagent.exe [3241488] [PID.144]
[MD5.13BB5F8819F90CE30A967FD94823E21B] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Arquivos de programas\AVG\AVG2014\avgwdsvc.exe [289328] [PID.1280]
[MD5.067020BB8ABF1F6B80361051B2806C90] - (.Nero AG - incdsrv.) -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe [1554728] [PID.504]
[MD5.8B0DE4B972DB725FB9D591E69CD236FB] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [159744] [PID.628]
[MD5.CC632EB3A7D106464E933E7D53883550] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [131072] [PID.632]
[MD5.0EE862458136E47213B2D17F035729A9] - (.Nero AG - NBH.) -- C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe [1629480] [PID.660]
[MD5.6E0B205042FC3AF5DE84F90F875AFFDA] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [249856] [PID.240]
[MD5.FCBD73089E866436D7689D16F3F12655] - (.Nero AG - InCD.) -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe [1057064] [PID.700]
[MD5.77430E8234A0050ECCC5E2F5B30A7BEF] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe [182696] [PID.1524]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [30040] [PID.740]
[MD5.0560B36A9A58DCF6698545F9521EABF2] - (.ZSMCSNAP - ZSMCSNAP.) -- C:\WINDOWS\ZSSnp211.exe [57344] [PID.856]
[MD5.5603C2C8940F5E43864D4000304AB175] - (...) -- C:\WINDOWS\Domino.exe [49152] [PID.896]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.1788]
[MD5.255E405D801CF01247390F38F92D8042] - (...) -- C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe [17408] [PID.2116]
[MD5.F6158734F1E24C6C510155CF0D363911] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\arquivos de programas\real\realplayer\update\realsched.exe [295512] [PID.2288]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [254336] [PID.2304]
[MD5.A8B68D4A0B815294819E2647D54A7686] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Arquivos de programas\AVG\AVG2014\avgui.exe [5179408] [PID.2380]
[MD5.EFF5E5CCA31672BD00AF87D170590AFB] - (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe [1695232] [PID.2948]
[MD5.D8DB2DA1AD3C96D2A9898068F309EB57] - (.AVG Technologies CZ, s.r.o. - AVG Online Shield Service.) -- C:\Arquivos de programas\AVG\AVG2014\avgnsx.exe [838672] [PID.3088]
[MD5.77505EFF423AFD7A2B41C0EFF919C935] - (.AVG Technologies CZ, s.r.o. - AVG E-mail Scanner.) -- C:\Arquivos de programas\AVG\AVG2014\avgemcx.exe [656912] [PID.3168]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.1988]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe [638816] [PID.3884]
[MD5.DDBE89226D55D694F1B7B3DD0C324640] - (.RealNetworks, Inc. - RealDownloader.) -- C:\Arquivos de programas\RealNetworks\RealDownloader\recordingmanager.exe [233048] [PID.3980]
[MD5.B1E01D636350983E94171E229C759468] - (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe [275568] [PID.4084]
[MD5.4F87179386948D61FBF74B0DDF265170] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe [18544] [PID.1340]
[MD5.BCD68F99E6751218BE8D513BF24896F3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8076800] [PID.2140]
~ Processes Running: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 20 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:1133;https=127.0.0.1:1133; =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehuni.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL).) -- C:\Arquivos de programas\Epson Software\Easy Photo Print\EPTBL.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] . (.Nero AG - NBH.) -- C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] . (.Nero AG - InCD.) -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [SMSERIAL] . (.Motorola Inc. - Motorola SM56 Win32 Utility.) -- C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [ZSSnp211] . (.ZSMCSNAP - ZSMCSNAP.) -- C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] . (...) -- C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [UnlockerAssistant] . (...) -- C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\arquivos de programas\real\realplayer\update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Arquivos de programas\AVG\AVG2014\avgui.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [EPSON TX105 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDB.exe =>.Epson Seiko Corporation
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DWTRIG20.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DWTRIG20.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1004336348-1202660629-1417001333-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1004336348-1202660629-1417001333-1003\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-1004336348-1202660629-1417001333-1003\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
O4 - HKUS\S-1-5-21-1004336348-1202660629-1417001333-1003\..\Run: [EPSON TX105 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDB.exe =>.Epson Seiko Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2084BCC9-474C-46E5-97D4-2BE74C7333A3}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3C84D10-A8B2-4B94-9D86-1D6C1B7AFA6D}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3C84D10-A8B2-4B94-9D86-1D6C1B7AFA6D}: DhcpDomain = domain.name
O17 - HKLM\System\CS2\Services\Tcpip\..\{E3C84D10-A8B2-4B94-9D86-1D6C1B7AFA6D}: DhcpNameServer = 192.168.1.1 200.204.0.10 200.204.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{E3C84D10-A8B2-4B94-9D86-1D6C1B7AFA6D}: DhcpDomain = lan
O17 - HKLM\System\CS3\Services\Tcpip\..\{2084BCC9-474C-46E5-97D4-2BE74C7333A3}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CS3\Services\Tcpip\..\{E3C84D10-A8B2-4B94-9D86-1D6C1B7AFA6D}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{E3C84D10-A8B2-4B94-9D86-1D6C1B7AFA6D}: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: GbPluginUni . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehuni.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
~ Services: 9 Legitimates Filtered in 00mn 04s
---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Logon para Notificação de Término de Serviço do Microsoft Windows XP.job [222]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Notificação Mensal de Término de Serviço do Microsoft Windows XP.job [216]
~ Scheduled Task: 20 Legitimates Filtered in 00mn 00s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (netfilter) . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - C:\WINDOWS\system32\drivers\netfilter.sys
~ Drivers: 85 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: GBBD Banco Itau 3.4.0.2 - (...) [HKLM] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2011
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2012
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
~ Logic: 30 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\NaoEntraBRT]
[HKCU\Software\SERPRO]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\PZIM!]
[HKLM\Software\Quiknowledge]
~ Key Software: 498 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 4/3/2014 - 20:05:51 - [0] ----D C:\Arquivos de programas\Programas RFB
O43 - CFD: 11/2/2011 - 12:02:11 - [] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 11/2/2011 - 12:01:38 - [] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 21/7/2014 - 10:16:34 - [0] ----D C:\Documents and Settings\Tiago\Dados de aplicativos\ContentExplorer =>PUP.ContentExplorer
O43 - CFD: 11/2/2011 - 12:08:46 - [] R---D C:\Documents and Settings\Tiago\Menu Iniciar\Programas\Acessórios
O43 - CFD: 14/7/2014 - 12:32:27 - [] R---D C:\Documents and Settings\Tiago\Menu Iniciar\Programas\Inicializar
O43 - CFD: 1/3/2012 - 21:10:40 - [] ----D C:\Documents and Settings\Tiago\Menu Iniciar\Programas\Programas RFB2012
O43 - CFD: 2/3/2013 - 19:44:08 - [] ----D C:\Documents and Settings\Tiago\Menu Iniciar\Programas\Programas RFB2013
O43 - CFD: 4/3/2014 - 20:21:53 - [] ----D C:\Documents and Settings\Tiago\Menu Iniciar\Programas\Programas RFB2014
~ Program Folder: 161 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.A4ABB21D13528D1BA3ABF484B2DF24FE] - 11/7/2014 - 11:13:52 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\WINDOWS\system32\Drivers\netfilter.sys [47488]
O44 - LFC:[MD5.4CE91CEDF6EC0F5FDFF2B6E2DB4E520A] - 14/7/2014 - 12:33:32 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [69]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 16/7/2014 - 16:18:20 ---A- . (...) -- C:\WINDOWS\zoek-delete.exe [24064]
O44 - LFC:[MD5.F154014CA7E127C7865CD313EA3CDCF9] - 16/7/2014 - 16:47:36 ---A- . (...) -- C:\zoek-results.log [29681]
O44 - LFC:[MD5.8FCA7D8A9C8AE5CC7BD1C2D06995DC8D] - 21/7/2014 - 10:20:24 ---A- . (.GAS Tecnologia - GAS Tecnologia - IM Helper Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31448]
O44 - LFC:[MD5.C4BF33BC8F9C8FC7DC72055A241DFD44] - 21/7/2014 - 10:20:35 ---A- . (...) -- C:\WINDOWS\wiaservc.log [0]
O44 - LFC:[MD5.3322E4A33FCD64C606A52BE7425D414B] - 21/7/2014 - 10:20:40 ---A- . (...) -- C:\WINDOWS\wiadebug.log [157]
~ Files: 20 Legitimates Filtered in 00mn 02s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\ARQUIV~1\GBPLUGIN\gbiehuni.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{09a3d1df-c155-11e1-bfa8-002421897a4a}\AutoRun\command. (...) -- J:\iStudio.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
~ MWPS: 9 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "TaskbarNoThumbnail"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:19/11/2013 - 09:05:10 ----- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:19/11/2013 - 09:05:10 ----- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [178304] =>.ALWIL Software
O58 - SDL:21/3/2009 - 14:25:14 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:5/5/2014 - 09:42:00 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\WINDOWS\system32\Drivers\GbpKm.sys [46392]
O58 - SDL:21/7/2014 - 10:20:24 ---A- . (.GAS Tecnologia - GAS Tecnologia - IM Helper Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31448]
O58 - SDL:4/1/2012 - 11:28:36 ---A- . (.Windows (R) Win 7 DDK provider - GridinSoft Trojan Killer Mini-Filter Driver.) -- C:\WINDOWS\system32\Drivers\gtkdrv.sys [16128]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:11/7/2014 - 11:13:52 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\WINDOWS\system32\Drivers\netfilter.sys [47488]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:21/6/2011 - 11:24:06 ---A- . (...) -- C:\WINDOWS\system32\Drivers\sp_rsdrv2.sys [32768]
O58 - SDL:21/3/2009 - 14:25:14 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 70 Legitimates Filtered in 00mn 01s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 5/5/2014 - C:\WINDOWS\system32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 5/5/2014 - C:\Arquivos de programas\GbPlugin\gbpsv.exe (GbpSv) .(.GAS Tecnologia - G-Buster Browser Defense - Service.) - LEGACY_GBPSV
O64 - Services: CurCS - 11/7/2014 - C:\WINDOWS\system32\drivers\netfilter.sys (netfilter) .(.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - LEGACY_NETFILTER
~ Legacy: 169 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\google\chrome\application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (...) -- C:\Arquivos de programas\baidu\Spark\Spark.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {80c554b9-c7f8-4a21-9471-06d606da78a2} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.254FBCA565E049648B0CCE2CEADF05D2] [SPRF][11/2/2011] (...) -- C:\Documents and Settings\Tiago\Dados de aplicativos\inst.exe [87608]
[MD5.CB4A53DEE4A10DF87EB708C4970520B4] [SPRF][8/8/2013] (...) -- C:\Documents and Settings\Tiago\Dados de aplicativos\unins000.dat [13994]
[MD5.E1A27E82DE8F74A677F2D4172C7D4BEE] [SPRF][3/9/2013] (...) -- C:\Documents and Settings\Tiago\Dados de aplicativos\unins001.dat [18240]
[MD5.7157C4A5D821EF06AFF5A98E98DA1322] [SPRF][29/9/2011] (.No owner - GbpDist Module.) -- C:\WINDOWS\Downloaded Program Files\gbpdist.dll [212984]
~ Files: 5 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 9/7/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/7/1658 0 | (avast! Antivirus) . (...) - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
SS - | Demand 14/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 17/12/2007 143872 | (EPSON_EB_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40ST7.exe
SS - | Auto 11/1/2007 113664 | (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.exe
SS - | Auto 28/9/2012 136176 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 28/9/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 18/6/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 17/9/2007 800040 | (NBService) . (.Nero AG.) - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 27/6/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
SR - | Auto 27/6/2014 3241488 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Arquivos de programas\AVG\AVG2014\avgidsagent.exe
SR - | Auto 17/6/2014 289328 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Arquivos de programas\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 5/5/2014 527928 | (GbpSv) . (.GAS Tecnologia.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
SR - | Auto 26/11/2007 1554728 | (InCDsrv) . (.Nero AG.) - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
SR - | Auto 14/4/2014 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SR - | Auto 14/8/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe
~ Services: Scanned in 00mn 08s
---\\ Scâner Aditional (088)
Database Version : 13026 - (16/7/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0
C:\Documents and Settings\Tiago\Dados de aplicativos\ContentExplorer =>PUP.ContentExplorer^
~ Additionnel Scan: 203399 Items scanned in 00mn 28s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Image File Execution Options (IFEO) (O50)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 6 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Proxy
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.ContentExplorer
~ MSI: 2 link(s) detected in 00mn 00s
~ 901 Legitimates filtered by white list
End of the scan (554 lines in 01mn 13s)(0)
...~ Relatório do ZHPDiag v2014.7.16.105 - Nicolas Coolman (16/7/2014)
~ Iniciado por Tiago (21/7/2014 10:47:04)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found
---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 30.0 (Defaut)
GCIE: Google Chrome v36.0.1985.125
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
---\\ Softwares de proteçao do sistema
AVG 2014 v14.0.3986
---\\ Softwares d'optimização do sistema
CCleaner v4.07
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader X
Java 7 Update 55
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3062 MB (73% free)
System Restore: Activé (Enable)
System drive C: has 6 GB (23%) free of 24 GB
---\\ Modo de conexão ao sistema
~ Computer Name: CASA
~ User Name: Tiago
~ All Users Names: Tiago, SUPPORT_388945a0, HelpAssistant, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Tiago\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\Tiago\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\Tiago\Desktop\
~ %Favorites% : C:\Documents and Settings\Tiago\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\Tiago\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 6 Go of 24 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 133 Go of 274 Go)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 45 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.E2FFA50357056ADE4FCDB5FD09F9D2FF] - (.Microsoft Corporation - Internet Extensions for Win32.) (.6/3/2014 - 14:58:35.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.F6B7B1ECD7B41736BDB6FF4B092BCB79] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/8/2011 - 10:41:46.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 04:10:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.FB2FCCC70F7174C7BF64F48E96D3ADF4] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/7/2011 - 10:29:35.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [457856]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.21/3/2009 - 14:26:10.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 15:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.14/4/2008 - 07:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/55
~ Mes musiques (My Musics) : 114/1296
~ Mes Videos (My Videos) : 1/9
~ Mes Favoris (My Favorites) : 1/2
~ Mes Documents (My Documents) : 2/14127
~ Mon Bureau (My Desktop) : 1/2759
~ Menu demarrer (Programs) : 1/47
~ Hidden Files: Scanned in 00mn 12s
---\\ Processos lançados
[MD5.591A7E5FC4A8121B2ABF4E768B64ABA7] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe [527928] [PID.1464]
[MD5.20B2C28E3914C6837B30D44D31D2A294] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Arquivos de programas\AVG\AVG2014\avgidsagent.exe [3241488] [PID.144]
[MD5.13BB5F8819F90CE30A967FD94823E21B] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Arquivos de programas\AVG\AVG2014\avgwdsvc.exe [289328] [PID.1280]
[MD5.067020BB8ABF1F6B80361051B2806C90] - (.Nero AG - incdsrv.) -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe [1554728] [PID.504]
[MD5.8B0DE4B972DB725FB9D591E69CD236FB] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [159744] [PID.628]
[MD5.CC632EB3A7D106464E933E7D53883550] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [131072] [PID.632]
[MD5.0EE862458136E47213B2D17F035729A9] - (.Nero AG - NBH.) -- C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe [1629480] [PID.660]
[MD5.6E0B205042FC3AF5DE84F90F875AFFDA] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [249856] [PID.240]
[MD5.FCBD73089E866436D7689D16F3F12655] - (.Nero AG - InCD.) -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe [1057064] [PID.700]
[MD5.77430E8234A0050ECCC5E2F5B30A7BEF] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe [182696] [PID.1524]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [30040] [PID.740]
[MD5.0560B36A9A58DCF6698545F9521EABF2] - (.ZSMCSNAP - ZSMCSNAP.) -- C:\WINDOWS\ZSSnp211.exe [57344] [PID.856]
[MD5.5603C2C8940F5E43864D4000304AB175] - (...) -- C:\WINDOWS\Domino.exe [49152] [PID.896]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.1788]
[MD5.255E405D801CF01247390F38F92D8042] - (...) -- C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe [17408] [PID.2116]
[MD5.F6158734F1E24C6C510155CF0D363911] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\arquivos de programas\real\realplayer\update\realsched.exe [295512] [PID.2288]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [254336] [PID.2304]
[MD5.A8B68D4A0B815294819E2647D54A7686] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Arquivos de programas\AVG\AVG2014\avgui.exe [5179408] [PID.2380]
[MD5.EFF5E5CCA31672BD00AF87D170590AFB] - (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe [1695232] [PID.2948]
[MD5.D8DB2DA1AD3C96D2A9898068F309EB57] - (.AVG Technologies CZ, s.r.o. - AVG Online Shield Service.) -- C:\Arquivos de programas\AVG\AVG2014\avgnsx.exe [838672] [PID.3088]
[MD5.77505EFF423AFD7A2B41C0EFF919C935] - (.AVG Technologies CZ, s.r.o. - AVG E-mail Scanner.) -- C:\Arquivos de programas\AVG\AVG2014\avgemcx.exe [656912] [PID.3168]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.1988]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe [638816] [PID.3884]
[MD5.DDBE89226D55D694F1B7B3DD0C324640] - (.RealNetworks, Inc. - RealDownloader.) -- C:\Arquivos de programas\RealNetworks\RealDownloader\recordingmanager.exe [233048] [PID.3980]
[MD5.B1E01D636350983E94171E229C759468] - (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe [275568] [PID.4084]
[MD5.4F87179386948D61FBF74B0DDF265170] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe [18544] [PID.1340]
[MD5.BCD68F99E6751218BE8D513BF24896F3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8076800] [PID.2140]
~ Processes Running: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 20 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:1133;https=127.0.0.1:1133; =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehuni.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL).) -- C:\Arquivos de programas\Epson Software\Easy Photo Print\EPTBL.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] . (.Nero AG - NBH.) -- C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] . (.Nero AG - InCD.) -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [SMSERIAL] . (.Motorola Inc. - Motorola SM56 Win32 Utility.) -- C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [ZSSnp211] . (.ZSMCSNAP - ZSMCSNAP.) -- C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] . (...) -- C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [UnlockerAssistant] . (...) -- C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\arquivos de programas\real\realplayer\update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Arquivos de programas\AVG\AVG2014\avgui.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [EPSON TX105 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDB.exe =>.Epson Seiko Corporation
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DWTRIG20.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DWTRIG20.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1004336348-1202660629-1417001333-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1004336348-1202660629-1417001333-1003\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-1004336348-1202660629-1417001333-1003\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
O4 - HKUS\S-1-5-21-1004336348-1202660629-1417001333-1003\..\Run: [EPSON TX105 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDB.exe =>.Epson Seiko Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2084BCC9-474C-46E5-97D4-2BE74C7333A3}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3C84D10-A8B2-4B94-9D86-1D6C1B7AFA6D}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3C84D10-A8B2-4B94-9D86-1D6C1B7AFA6D}: DhcpDomain = domain.name
O17 - HKLM\System\CS2\Services\Tcpip\..\{E3C84D10-A8B2-4B94-9D86-1D6C1B7AFA6D}: DhcpNameServer = 192.168.1.1 200.204.0.10 200.204.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{E3C84D10-A8B2-4B94-9D86-1D6C1B7AFA6D}: DhcpDomain = lan
O17 - HKLM\System\CS3\Services\Tcpip\..\{2084BCC9-474C-46E5-97D4-2BE74C7333A3}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CS3\Services\Tcpip\..\{E3C84D10-A8B2-4B94-9D86-1D6C1B7AFA6D}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{E3C84D10-A8B2-4B94-9D86-1D6C1B7AFA6D}: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: GbPluginUni . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehuni.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
~ Services: 9 Legitimates Filtered in 00mn 04s
---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Tiago\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Logon para Notificação de Término de Serviço do Microsoft Windows XP.job [222]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Notificação Mensal de Término de Serviço do Microsoft Windows XP.job [216]
~ Scheduled Task: 20 Legitimates Filtered in 00mn 00s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (netfilter) . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - C:\WINDOWS\system32\drivers\netfilter.sys
~ Drivers: 85 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: GBBD Banco Itau 3.4.0.2 - (...) [HKLM] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2011
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2012
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
~ Logic: 30 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\NaoEntraBRT]
[HKCU\Software\SERPRO]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\PZIM!]
[HKLM\Software\Quiknowledge]
~ Key Software: 498 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 4/3/2014 - 20:05:51 - [0] ----D C:\Arquivos de programas\Programas RFB
O43 - CFD: 11/2/2011 - 12:02:11 - [] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 11/2/2011 - 12:01:38 - [] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 21/7/2014 - 10:16:34 - [0] ----D C:\Documents and Settings\Tiago\Dados de aplicativos\ContentExplorer =>PUP.ContentExplorer
O43 - CFD: 11/2/2011 - 12:08:46 - [] R---D C:\Documents and Settings\Tiago\Menu Iniciar\Programas\Acessórios
O43 - CFD: 14/7/2014 - 12:32:27 - [] R---D C:\Documents and Settings\Tiago\Menu Iniciar\Programas\Inicializar
O43 - CFD: 1/3/2012 - 21:10:40 - [] ----D C:\Documents and Settings\Tiago\Menu Iniciar\Programas\Programas RFB2012
O43 - CFD: 2/3/2013 - 19:44:08 - [] ----D C:\Documents and Settings\Tiago\Menu Iniciar\Programas\Programas RFB2013
O43 - CFD: 4/3/2014 - 20:21:53 - [] ----D C:\Documents and Settings\Tiago\Menu Iniciar\Programas\Programas RFB2014
~ Program Folder: 161 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.A4ABB21D13528D1BA3ABF484B2DF24FE] - 11/7/2014 - 11:13:52 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\WINDOWS\system32\Drivers\netfilter.sys [47488]
O44 - LFC:[MD5.4CE91CEDF6EC0F5FDFF2B6E2DB4E520A] - 14/7/2014 - 12:33:32 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [69]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 16/7/2014 - 16:18:20 ---A- . (...) -- C:\WINDOWS\zoek-delete.exe [24064]
O44 - LFC:[MD5.F154014CA7E127C7865CD313EA3CDCF9] - 16/7/2014 - 16:47:36 ---A- . (...) -- C:\zoek-results.log [29681]
O44 - LFC:[MD5.8FCA7D8A9C8AE5CC7BD1C2D06995DC8D] - 21/7/2014 - 10:20:24 ---A- . (.GAS Tecnologia - GAS Tecnologia - IM Helper Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31448]
O44 - LFC:[MD5.C4BF33BC8F9C8FC7DC72055A241DFD44] - 21/7/2014 - 10:20:35 ---A- . (...) -- C:\WINDOWS\wiaservc.log [0]
O44 - LFC:[MD5.3322E4A33FCD64C606A52BE7425D414B] - 21/7/2014 - 10:20:40 ---A- . (...) -- C:\WINDOWS\wiadebug.log [157]
~ Files: 20 Legitimates Filtered in 00mn 02s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\ARQUIV~1\GBPLUGIN\gbiehuni.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{09a3d1df-c155-11e1-bfa8-002421897a4a}\AutoRun\command. (...) -- J:\iStudio.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
~ MWPS: 9 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "TaskbarNoThumbnail"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:19/11/2013 - 09:05:10 ----- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:19/11/2013 - 09:05:10 ----- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [178304] =>.ALWIL Software
O58 - SDL:21/3/2009 - 14:25:14 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:5/5/2014 - 09:42:00 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\WINDOWS\system32\Drivers\GbpKm.sys [46392]
O58 - SDL:21/7/2014 - 10:20:24 ---A- . (.GAS Tecnologia - GAS Tecnologia - IM Helper Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31448]
O58 - SDL:4/1/2012 - 11:28:36 ---A- . (.Windows (R) Win 7 DDK provider - GridinSoft Trojan Killer Mini-Filter Driver.) -- C:\WINDOWS\system32\Drivers\gtkdrv.sys [16128]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:11/7/2014 - 11:13:52 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\WINDOWS\system32\Drivers\netfilter.sys [47488]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:21/6/2011 - 11:24:06 ---A- . (...) -- C:\WINDOWS\system32\Drivers\sp_rsdrv2.sys [32768]
O58 - SDL:21/3/2009 - 14:25:14 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 70 Legitimates Filtered in 00mn 01s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 5/5/2014 - C:\WINDOWS\system32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 5/5/2014 - C:\Arquivos de programas\GbPlugin\gbpsv.exe (GbpSv) .(.GAS Tecnologia - G-Buster Browser Defense - Service.) - LEGACY_GBPSV
O64 - Services: CurCS - 11/7/2014 - C:\WINDOWS\system32\drivers\netfilter.sys (netfilter) .(.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - LEGACY_NETFILTER
~ Legacy: 169 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {80c554b9-c7f8-4a21-9471-06d606da78a2} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.254FBCA565E049648B0CCE2CEADF05D2] [SPRF][11/2/2011] (...) -- C:\Documents and Settings\Tiago\Dados de aplicativos\inst.exe [87608]
[MD5.CB4A53DEE4A10DF87EB708C4970520B4] [SPRF][8/8/2013] (...) -- C:\Documents and Settings\Tiago\Dados de aplicativos\unins000.dat [13994]
[MD5.E1A27E82DE8F74A677F2D4172C7D4BEE] [SPRF][3/9/2013] (...) -- C:\Documents and Settings\Tiago\Dados de aplicativos\unins001.dat [18240]
[MD5.7157C4A5D821EF06AFF5A98E98DA1322] [SPRF][29/9/2011] (.No owner - GbpDist Module.) -- C:\WINDOWS\Downloaded Program Files\gbpdist.dll [212984]
~ Files: 5 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 9/7/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/7/1658 0 | (avast! Antivirus) . (...) - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
SS - | Demand 14/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 17/12/2007 143872 | (EPSON_EB_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40ST7.exe
SS - | Auto 11/1/2007 113664 | (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.exe
SS - | Auto 28/9/2012 136176 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 28/9/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 18/6/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 17/9/2007 800040 | (NBService) . (.Nero AG.) - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 27/6/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
SR - | Auto 27/6/2014 3241488 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Arquivos de programas\AVG\AVG2014\avgidsagent.exe
SR - | Auto 17/6/2014 289328 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Arquivos de programas\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 5/5/2014 527928 | (GbpSv) . (.GAS Tecnologia.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
SR - | Auto 26/11/2007 1554728 | (InCDsrv) . (.Nero AG.) - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
SR - | Auto 14/4/2014 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SR - | Auto 14/8/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe
~ Services: Scanned in 00mn 08s
---\\ Scâner Aditional (088)
Database Version : 13026 - (16/7/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0
C:\Documents and Settings\Tiago\Dados de aplicativos\ContentExplorer =>PUP.ContentExplorer^
~ Additionnel Scan: 203399 Items scanned in 00mn 28s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Image File Execution Options (IFEO) (O50)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 6 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Proxy
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.ContentExplorer
~ MSI: 2 link(s) detected in 00mn 00s
~ 901 Legitimates filtered by white list
End of the scan (554 lines in 01mn 13s)(0)
Uzumakitiago- Membro
- Mensagens : 89
Reputação : 0
Data de inscrição : 16/07/2014
CE_UmbrellaCert, como remover!?
por Power Max Seg 21 Jul 2014, 11:24
Você fez o certo, o ideal é ficar sem proxy.Uzumakitiago escreveu:Mais então só me diz se fiz certo,no firefox,fui nas configurações da internet,fui em acesso a internet,e tinha as opções,1°SEM PROXY 2°auto detectar as configurações de proxy para esta rede 3°usar as configurações de proxy do sistema 4°configuração manual de proxy...Se não me engano a opção que estava selecionada era a 3°ai mudei para a 1° e voltou a entrar,pelo menos no firefox,pode me dizer se esta correto deixar sem proxy,e como faço no Explorer e google crome...Abraço
Abra o Internet Explorer > Clique em Ferramentas > Opções da Internet > Conexões > Configurações da LAN > Desmarque esta caixinha:
Usar script de configuração automática
E marque esta outra caixinha:
Detectar automaticamente as configurações
E desmarque esta outra caixinha:
Usar um servidor proxy para a rede local
E depois disto clique em OK.
________________________________________________________________________________________________________
Continuam vários programas iniciando sem necessidade junto com o Windows. Seria importante seguir este tutorial abaixo para corrigir isto:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_________________________________________________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Dom 03 Ago 2014, 10:53, editado 2 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_UmbrellaCert, como remover!?
por Uzumakitiago Seg 21 Jul 2014, 11:35
Foi mal irmão,fiz oque vc pedio no Explorer,mais não adiantou,continua não entrando,estou com o mesmo problema no google crome.
Uzumakitiago- Membro
- Mensagens : 89
Reputação : 0
Data de inscrição : 16/07/2014
Re: CE_UmbrellaCert, como remover!?
por Power Max Seg 21 Jul 2014, 11:41
siga o restante das dicas que te passei na resposta acima e depois disto poste o relatório do ZHPFix.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_UmbrellaCert, como remover!?
por Uzumakitiago Seg 21 Jul 2014, 11:54
Aqui esta Irmão...
...Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014
Fichier d'export Registre :
Run by Tiago at 21/7/2014 11:53:29
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)
Reciclagem vazia (00mn 02s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ: HKLM\Software\Quiknowledge
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page = <-loopback>
ELIMINÉ: R1 Search Page = http=127.0.0.1:1133;https=127.0.0.1:1133;
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (4) (18.107 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Chaves do Registo
6 : Valores do Registo
2 : Elementos dos dados do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 08s
========== Caminho do ficheiro do relatório ==========
C:\Documents and Settings\Tiago\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 21/7/2014 10:16:41 [3306]
C:\Documents and Settings\Tiago\Dados de aplicativos\ZHP\ZHPFix[R2].txt - 21/7/2014 11:53:31 [1426]
...Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014
Fichier d'export Registre :
Run by Tiago at 21/7/2014 11:53:29
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)
Reciclagem vazia (00mn 02s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ: HKLM\Software\Quiknowledge
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page = <-loopback>
ELIMINÉ: R1 Search Page = http=127.0.0.1:1133;https=127.0.0.1:1133;
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (4) (18.107 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Chaves do Registo
6 : Valores do Registo
2 : Elementos dos dados do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 08s
========== Caminho do ficheiro do relatório ==========
C:\Documents and Settings\Tiago\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 21/7/2014 10:16:41 [3306]
C:\Documents and Settings\Tiago\Dados de aplicativos\ZHP\ZHPFix[R2].txt - 21/7/2014 11:53:31 [1426]
Uzumakitiago- Membro
- Mensagens : 89
Reputação : 0
Data de inscrição : 16/07/2014
Re: CE_UmbrellaCert, como remover!?
por Uzumakitiago Seg 21 Jul 2014, 11:55
Continuam vários programas iniciando sem necessidade junto com o Windows. Seria importante seguir este tutorial abaixo para corrigir isto:
R:Ja fiz o que o tutorial pede irmão...Aguardando resposta.
R:Ja fiz o que o tutorial pede irmão...Aguardando resposta.
Uzumakitiago- Membro
- Mensagens : 89
Reputação : 0
Data de inscrição : 16/07/2014
Re: CE_UmbrellaCert, como remover!?
por Power Max Seg 21 Jul 2014, 12:02
Faça o download do Malwarebytes em um destes links abaixo:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Na sua próxima resposta poste este log (relatório) do Malwarebytes.
Ficamos no aguardo.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Página 1 de 4 • 1, 2, 3, 4
Tópicos semelhantesPágina 1 de 4
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|