cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Relat�rio do ZHPDiag v2013.9.2.3 - Nicolas Coolman (03/09/2013)
~ Iniciado por f002902 (03/09/2013 08:51:39)
~ Endere�o do Website : http://nicolascoolman.webs.com
~ Tradu��o pelo utilizador
~ Estatuto da vers�o : Vers�o atualizada.
~ Lista Branca : Ativado pelo programa
~ Eleva��o dos Privil�gios : OK
~ Controle de Conta de Utilizador : Not Found


---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
MFIE: Mozilla Firefox v3.6.24 (pt-BR)
GCIE: Google Chrome v29.0.1547.62

---\\ Informa��es sobre os produtos Windows
~ Langage: Portugais
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ Softwares de prote�ao do sistema
avast! Free Antivirus v8.0.1489.0

---\\ Softwares d'optimiza��o do sistema
CCleaner v2.29 =>Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.0 - Portugu�s
Java 7 Update 25

---\\ Informa��es sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1983 MB (78% free)
System Restore: Activ� (Enable)
System drive C: has 121 GB (81%) free of 149 GB

---\\ Modo de conex�o ao sistema
~ Computer Name: FUN0004
~ User Name: f002902
~ All Users Names: SUPPORT_388945a0, mcpd, HelpAssistant, Convidado, ASPNET, Administrador,
~ Unselected Option: None
Logged in as Administrator

---\\ As vari�veis de ambiente
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\f002902\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\f002902\Desktop\
~ %Favorites% : C:\Documents and Settings\f002902\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\f002902\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumera��o das unidades dos discos
C:\ Hard drive, Flash drive, Thumb drive (Free 121 Go of 149 Go)
D:\ CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Seguran�a do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 32 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros gen�ricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/04/2008 - 19:21:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.6CE32F7778061CCC5814D5E0F282D369] - (.Microsoft Corporation - Internet Extensions for Win32.) (.08/03/2009 - 04:34:58.) -- C:\WINDOWS\system32\wininet.dll [914944]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/04/2008 - 19:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.322D0E36693D6E24A2398BEE62A268CD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/04/2008 - 12:19:24.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138112]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/04/2008 - 18:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.13/04/2008 - 18:55:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.68755F0FF16070178B54674FE5B847B0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/04/2008 - 12:17:02.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456576]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.13/04/2008 - 19:02:26.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/04/2008 - 18:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de c�pia de sombra de volume.) (.13/04/2008 - 18:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/13
~ Mes musiques (My Musics) : 1/85
~ Mes Favoris (My Favorites) : 1/44
~ Mes Documents (My Documents) : 2/473
~ Mon Bureau (My Desktop) : 11/1306
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 05s



---\\ Processos lan�ados au arranque du sistema
[MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [46808] [PID.1648]
[MD5.2440C4F52980D5B23C1581609E7AC955] - (.SafeNet, Inc. - SafeNet's Logging Service for NT.) -- C:\WINDOWS\system32\dklog.exe [106496] [PID.132]
[MD5.46CBD8C46E2DB0786CFF3934C20C57F4] - (.SafeNet, Inc. - SafeNet's Virtual Channel Monitor.) -- C:\WINDOWS\system32\dkvcm.exe [122880] [PID.172]
[MD5.BEE465E465D9BC18C7A8C51C845D7569] - (.HP - HP Smart-Install Service.) -- C:\WINDOWS\system32\HPSIsvc.exe [100232] [PID.344]
[MD5.9ECF00E19736054E019C532AED8228FC] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe [182184] [PID.360]
[MD5.6BA161E5F3DF6A09D51D727E71716F36] - (.SafeNet, Inc. - SafeNet's Token Service.) -- C:\WINDOWS\system32\dkcktkn.exe [741376] [PID.652]
[MD5.E1A7A7D0D03F2550DA4C258FE0D6B96F] - (...) -- C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe [450560] [PID.3404]
[MD5.9490CC1355CC26BE99375208775ACA83] - (.SafeNet, Inc. - SafeNet's Auto Register Cert Application.) -- C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe [253952] [PID.3412]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe [4858968] [PID.3420]
[MD5.20CE553CFBA1BB098868285AB3E88999] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [7865344] [PID.948]
[MD5.B122D463C76E0305C6F0C76932969F62] - (.Microsoft Corporation - Servidor de gerenciamento de recursos do ca.) -- C:\WINDOWS\System32\SCardSvr.exe [99328] [PID.1892]
[MD5.AB0A7CA90D9E3D6A193905DC1715DED0] - (.Microsoft Corporation - Windows User Mode Driver Manager.) -- C:\WINDOWS\system32\wdfmgr.exe [38912] [PID.572]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.452]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extens�es (P2,M0,M1,M2,M3)
M3 - MFPP: Plugins - [f002902] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\buscape.xml
M3 - MFPP: Plugins - [f002902] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\mercadolivre.xml
M3 - MFPP: Plugins - [f002902] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\wikipedia-br.xml
~ Firefox Browser: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.funpec.br
~ IE Browser: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gest�o do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ An�lise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Autom�tico de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redire��o do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Chave orf�
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Chave orf�
~ Toolbar: Scanned in 00mn 00s



---\\ Aplica��es iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [DkStartup] . (.SafeNet, Inc. - SafeNet Startup Utility.) -- C:\Arquivos de programas\SafeNet\BSecClient\dkstartup.exe
O4 - HKLM\..\Run: [AxMonitor] . (...) -- C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe
O4 - HKLM\..\Run: [DkAutoReg] . (.SafeNet, Inc. - SafeNet's Auto Register Cert Application.) -- C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-2586132527-314635491-3328972525-21252\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
~ Application: Scanned in 00mn 00s



---\\ Outras conex�es do utilizador (04)
O4 - GS\Desktop: Adobe Reader 8.lnk . (.Adobe Systems Incorporated - Adobe Reader 8.2.) -- C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe
O4 - GS\Desktop: Agenda.lnk . (...) -- C:\Arquivos de programas\EssentialPIM\EssentialPIM.exe
O4 - GS\Desktop: avast! Free Antivirus.lnk . (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe
O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O4 - GS\Desktop: Readiris Pro 12.lnk . (.I.R.I.S. (Image Recognition Integrated Syst - IOCR Application.) -- C:\Arquivos de programas\Readiris Pro 12\readiris.exe
O4 - GS\Desktop: Shop for HP Supplies.lnk . (...) -- C:\Arquivos de programas\HP\HPSSUPPLY\hpqSSupply.exe
O4 - GS\Desktop: sisDocumentos v40d.lnk . (...) -- C:\sisdocumentos\sisDocumentos v40d.exe
O4 - GS\Desktop: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Arquivos de programas\ZHPDiag\ZHPhep.exe
O4 - GS\Desktop: ZHPFix.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Arquivos de programas\ZHPDiag\ZHPFix\ZHPhep.exe
O4 - GS\Desktop: Atalho para Funpec.exe.lnk . (...) -- C:\sigap\Funpec.exe
~ Global Startup: Scanned in 00mn 00s



---\\ Bout�es da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} . (...) -- C:\Arquivos de programas\Hewlett-Packard\SmartPrint\smartprint.ico
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orf�
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -- C:\Arquivos de programas\Messenger\msmsgs.exe (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Piratagem da Op��o " Redefinir Configura��es da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Param�tres WEB: Scanned in 00mn 00s



---\\ Site na zona confiav�l do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: Microsoft XML Parser for Java - (Microsoft XML Parser for Java) - (.not file.) - C:\WINDOWS\Java\classes\xmldso.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Altera��o Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5956F44-2107-434E-A62F-CE99EAC2CC28}: DhcpNameServer = 10.4.65.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5956F44-2107-434E-A62F-CE99EAC2CC28}: DhcpDomain = funpec.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{A5956F44-2107-434E-A62F-CE99EAC2CC28}: DhcpNameServer = 10.4.65.16
O17 - HKLM\System\CS1\Services\Tcpip\..\{A5956F44-2107-434E-A62F-CE99EAC2CC28}: DhcpDomain = funpec.br
O17 - HKLM\System\CS3\Services\Tcpip\..\{A5956F44-2107-434E-A62F-CE99EAC2CC28}: DhcpNameServer = 10.4.65.16
O17 - HKLM\System\CS3\Services\Tcpip\..\{A5956F44-2107-434E-A62F-CE99EAC2CC28}: DhcpDomain = funpec.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.4.65.16
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notifica��o do servi�o de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pr�-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usu�rio do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pr�-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usu�rio do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Lista dos servi�os NT n�o Microsoft e n�o desativados (023)
O23 - Service: Gbp Service (GbpSv) . (...) - C:\ARQUIV~1\GbPlugin\GbpSv.exe (.not file.)
O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Oracle Corporation - Java Quick Starter Service.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
~ Services: 7 Legitimates Filtered in 00mn 04s



---\\ Enumera��o Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha p�gina inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: DANFE View - (...) [HKLM] -- DANFE View
~ Logic: 64 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\DANFE View]
[HKLM\Software\Kofax]
[HKLM\Software\Runapp]
~ Key Software: 127 Legitimates Filtered in 00mn 00s



---\\ Conte�do das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 07/11/2011 - 18:29:22 - [46,014] ----D C:\Arquivos de programas\danfeview
O43 - CFD: 17/07/2008 - 11:02:12 - [2,500] ----D C:\Arquivos de programas\Kofax
O43 - CFD: 17/07/2008 - 09:20:36 - [0,001] ----D C:\Arquivos de programas\Servi�os on-line
O43 - CFD: 05/09/2008 - 08:12:21 - [0,161] ----D C:\Arquivos de programas\SRP
O43 - CFD: 17/07/2008 - 09:20:01 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Servi�os
O43 - CFD: 17/07/2008 - 11:04:10 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Kofax
O43 - CFD: 23/04/2010 - 17:08:08 - [0,015] R---D C:\Documents and Settings\f002902\Menu Iniciar\Programas\Acess�rios
O43 - CFD: 01/08/2011 - 09:03:31 - [0,003] ----D C:\Documents and Settings\f002902\Menu Iniciar\Programas\DANFE View
O43 - CFD: 14/08/2013 - 17:46:47 - [0,000] R---D C:\Documents and Settings\f002902\Menu Iniciar\Programas\Ferramentas administrativas
O43 - CFD: 17/07/2008 - 06:08:18 - [0,000] R---D C:\Documents and Settings\f002902\Menu Iniciar\Programas\Inicializar
~ Program Folder: 100 Legitimates Filtered in 00mn 13s



---\\ �ltimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.DD130539AAF1A8A73113BA0B8B5771B7] - 02/09/2013 - 18:13:31 ---A- . (...) -- C:\WINDOWS\wiaservc.log [48]
O44 - LFC:[MD5.4D7B99E58332159999F35C0A92944D82] - 02/09/2013 - 18:13:29 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
~ Files: 7 Legitimates Filtered in 00mn 26s



---\\ �ltimos ficheiros criados no Windows Prefetch (045)
O45 - LFCP:[MD5.E5EE5A4BF967305E0E73BB495043999D] - 02/09/2013 - 18:15:20 ---A- - C:\WINDOWS\Prefetch\THUNDERBIRDPORTABLE.EXE-2013993C.pf
O45 - LFCP:[MD5.7F3B0CE68DFEED2CBEA1CE0E46B7362C] - 02/09/2013 - 18:25:37 ---A- - C:\WINDOWS\Prefetch\FUNPEC.EXE-0C5E44B0.pf
O45 - LFCP:[MD5.3F4695982F5BE46564340759C3882C05] - 02/09/2013 - 18:25:48 ---A- - C:\WINDOWS\Prefetch\SWAP.EXE-3B3C2F3B.pf
O45 - LFCP:[MD5.EA4F13BC6E953772AE13D0AA788C9C64] - 03/09/2013 - 08:49:47 ---A- - C:\WINDOWS\Prefetch\FIND.EXE-0EC32F1E.pf
O45 - LFCP:[MD5.0F61CF04B7A2768CF4FE28D612F002AA] - 03/09/2013 - 08:50:59 ---A- - C:\WINDOWS\Prefetch\NIRCMD.DAT-2F897858.pf
O45 - LFCP:[MD5.17BCCF4E46821E7E325728E9CB044F6F] - 15/08/2013 - 10:07:55 ---A- - C:\WINDOWS\Prefetch\DKLOG.EXE-27CA4AD4.pf
O45 - LFCP:[MD5.EB04ADE8B163100862DF62605D103FE3] - 15/08/2013 - 10:07:55 ---A- - C:\WINDOWS\Prefetch\DKVCM.EXE-30952949.pf
O45 - LFCP:[MD5.800E5A450BF446D83B1B25B9E510BB4B] - 15/08/2013 - 10:07:55 ---A- - C:\WINDOWS\Prefetch\HPSISVC.EXE-0A4B3F1D.pf
O45 - LFCP:[MD5.F7C123FB2B0BBA0C823380E2044F7D13] - 15/08/2013 - 10:07:55 ---A- - C:\WINDOWS\Prefetch\SCARDSVR.EXE-12E160E4.pf
O45 - LFCP:[MD5.C98F15EA54D4BE9E43FDBF4E6EBBDFF5] - 15/08/2013 - 10:24:45 ---A- - C:\WINDOWS\Prefetch\PEVZ.EXE-082D52C7.pf
O45 - LFCP:[MD5.F2BD3B913B3B72C8EE89FC46B4803E07] - 15/08/2013 - 10:24:48 ---A- - C:\WINDOWS\Prefetch\ZOEK.EXE-21976C30.pf
O45 - LFCP:[MD5.BB64399E5C2481AC5CC708D8BAC16552] - 15/08/2013 - 10:24:51 ---A- - C:\WINDOWS\Prefetch\WGET.EXE-399CEC30.pf
O45 - LFCP:[MD5.386486502DEED2F8D0B9529F02805A13] - 15/08/2013 - 10:24:51 ---A- - C:\WINDOWS\Prefetch\ZOEK.COM-0B8B5522.pf
O45 - LFCP:[MD5.B60F505248C8AF90ECBAC9C55A623B62] - 15/08/2013 - 10:29:17 ---A- - C:\WINDOWS\Prefetch\SORT.EXE-194AE83C.pf
O45 - LFCP:[MD5.F61809FDFFD30C8F6FD5A2298E20D17E] - 15/08/2013 - 10:29:21 ---A- - C:\WINDOWS\Prefetch\SWXCACLS.EXE-2FDA40F9.pf
O45 - LFCP:[MD5.E4B9787B49B01FC49122FE4AD97A50D7] - 15/08/2013 - 10:29:27 ---A- - C:\WINDOWS\Prefetch\PEVZ.EXE-329AE032.pf
O45 - LFCP:[MD5.33C486606BBC01EFC00DE90D289FEC6A] - 15/08/2013 - 10:31:17 ---A- - C:\WINDOWS\Prefetch\REMOVE.EXE-23E3E757.pf
O45 - LFCP:[MD5.AAC0A76A509B254B0B38D5F6D2626A84] - 15/08/2013 - 10:34:19 ---A- - C:\WINDOWS\Prefetch\ZOEK-DELETE.EXE-00263D09.pf
O45 - LFCP:[MD5.4027B61EB5F160B41EE8DDD03E2F948F] - 15/08/2013 - 11:17:10 ---A- - C:\WINDOWS\Prefetch\DANFEMON.EXE-0695F483.pf
O45 - LFCP:[MD5.49E7693E14500FE328ACBC07F36AE4FD] - 15/08/2013 - 11:17:20 ---A- - C:\WINDOWS\Prefetch\DANFEMON.EXE-0DAD2C6D.pf
O45 - LFCP:[MD5.410BB78CB2926B6B59E5847AF6D66258] - 15/08/2013 - 11:17:47 ---A- - C:\WINDOWS\Prefetch\UNIDANFE.EXE-377DC2B9.pf
O45 - LFCP:[MD5.AB18DD306F8184757830D28F367A6E4B] - 15/08/2013 - 11:17:50 ---A- - C:\WINDOWS\Prefetch\DANFEV.EXE-0540CC3F.pf
O45 - LFCP:[MD5.FB1DAF78B73EC8D722A19101A79E4364] - 15/08/2013 - 11:18:00 ---A- - C:\WINDOWS\Prefetch\NFECOMM.EXE-1C2E844C.pf
O45 - LFCP:[MD5.9AD3CBD358FA8B790C8315F49F6A0CE6] - 21/08/2013 - 13:31:46 ---A- - C:\WINDOWS\Prefetch\29.0.1547.57_28.0.1500.95_CHR-1D60BA2A.pf
O45 - LFCP:[MD5.C520D35E1317BA37197EE9402E6AA590] - 29/08/2013 - 07:31:16 ---A- - C:\WINDOWS\Prefetch\29.0.1547.62_29.0.1547.57_CHR-2B2D0069.pf
O45 - LFCP:[MD5.549BE521F736EB801EF231D55748D4B0] - 29/08/2013 - 09:40:16 ---A- - C:\WINDOWS\Prefetch\FUNPEC.EXE-02D7DE21.pf
O45 - LFCP:[MD5.D9B9EA6678668E4AD1E2FB4DFA145448] - 30/08/2013 - 16:34:28 ---A- - C:\WINDOWS\Prefetch\HPPSCAN0.EXE-0D67BAEC.pf
O45 - LFCP:[MD5.9DB245B3C172117E4F92B38D87D9D06E] - 30/08/2013 - 18:01:52 ---A- - C:\WINDOWS\Prefetch\AXMONITOR.EXE-31F7ADF3.pf
O45 - LFCP:[MD5.37362454E8B8CC237713B722BD6A2646] - 30/08/2013 - 18:01:52 ---A- - C:\WINDOWS\Prefetch\DKAUTOREG.EXE-1948992B.pf
~ Prefetcher: 130 Legitimates Filtered in 00mn 01s



---\\ Opera��es e fun��es ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Controlo do Modo de Seguran�a (CSB) (49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\WINDOWS\system32\Drivers\hitmanpro37.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\WINDOWS\system32\Drivers\hitmanpro37.sys (.not file.)
~ CSB: 25 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Enumera��o das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\DANFEmon [Key] . (...) -- C:\Arquivos de programas\danfeview\danfemon.exe
~ SMSR Keys: 16 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.B680134BA1813B78B47FDD1DFF223CA5] - 09/05/2013 - 05:59:10 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49376]
O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 28/10/2001 - 12:06:08 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
~ Drivers: 8 Legitimates Filtered in 00mn 00s



---\\ �ltimos ficheiros alterados ou criados (Utilizador) (061)
O61 - LFC: 01/09/2013 - 16:18:55 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\Quarantine.exe [344507]
O61 - LFC: 01/09/2013 - 20:52:31 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\get.bat [16063]
O61 - LFC: 01/09/2013 - 20:52:49 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\JRT.bat [10261]
O61 - LFC: 01/09/2013 - 20:52:58 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\currentmd5.txt [13]
O61 - LFC: 01/09/2013 - 20:53:12 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\WOW6432NODE.dat [415]
O61 - LFC: 01/09/2013 - 21:15:43 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\ask.bat [29648]
O61 - LFC: 01/09/2013 - 21:16:15 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\runvalues.bat [8398]
O61 - LFC: 01/09/2013 - 21:16:36 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\badvalues.cfg [4327]
O61 - LFC: 01/09/2013 - 21:16:54 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\services.dat [2578]
O61 - LFC: 01/09/2013 - 21:17:09 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\REGhkcu_and_hklm_software.cfg [2771]
O61 - LFC: 01/09/2013 - 21:17:48 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\UNINSTALL.dat [13731]
O61 - LFC: 01/09/2013 - 21:18:05 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\BHO_name.dat [949]
O61 - LFC: 01/09/2013 - 21:18:22 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\CHR_extensions.cfg [5778]
O61 - LFC: 01/09/2013 - 21:18:40 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\TYPELIB_clsid.dat [2798]
O61 - LFC: 01/09/2013 - 21:18:54 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\INTERFACE_clsid.dat [4998]
O61 - LFC: 01/09/2013 - 21:19:13 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\CLSID_clsid.dat [10358]
O61 - LFC: 01/09/2013 - 21:19:29 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\badFOLDERS.cfg [16242]
O61 - LFC: 01/09/2013 - 21:20:59 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\appinit64_null.reg [144]
O61 - LFC: 01/09/2013 - 21:52:01 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\serviceseventlog.cfg [28]
O61 - LFC: 01/09/2013 - 21:55:44 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\REGISTRYUSERSID.cfg [59]
O61 - LFC: 01/09/2013 - 21:58:06 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\misc.bat [144096]
O61 - LFC: 02/09/2013 - 10:31:09 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\Data\profile\addons.sqlite [524288]
O61 - LFC: 02/09/2013 - 10:33:12 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\Data\profile\blocklist.xml [44714]
O61 - LFC: 02/09/2013 - 14:21:35 -SHA- . (...) -- C:\Documents and Settings\f002902\PrivacIE\index.dat [16187392]
O61 - LFC: 02/09/2013 - 14:24:00 -SHA- . (...) -- C:\Documents and Settings\f002902\IECompatCache\index.dat [16384]
O61 - LFC: 02/09/2013 - 14:26:19 ---A- . (...) -- C:\Documents and Settings\f002902\Recent\Area de Trabalho.lnk [421]
O61 - LFC: 02/09/2013 - 14:26:19 ---A- . (...) -- C:\Documents and Settings\f002902\Recent\Portaria no 448- de 13 de setembro de 2002[1].pdf (3).lnk [839]
O61 - LFC: 02/09/2013 - 14:33:25 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\E-mails\Sent [1098644282]
O61 - LFC: 02/09/2013 - 14:41:02 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\E-mails\Drafts [1164532]
O61 - LFC: 02/09/2013 - 14:41:55 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\E-mails\Junk [1203414]
O61 - LFC: 02/09/2013 - 14:47:02 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\E-mails\Drafts.msf [9426]
O61 - LFC: 02/09/2013 - 15:24:46 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage [74752]
O61 - LFC: 02/09/2013 - 15:24:46 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal [3608]
O61 - LFC: 02/09/2013 - 16:00:42 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\E-mails\Sent.msf [5048006]
O61 - LFC: 02/09/2013 - 17:39:46 ---A- . (...) -- C:\Documents and Settings\f002902\Recent\TERMO DE DISPENSA 161402013 - IBP.doc.lnk [888]
O61 - LFC: 02/09/2013 - 17:55:14 ---A- . (...) -- C:\Documents and Settings\f002902\Recent\TERMO DE DISPENSA 168112013 - FAURGS.doc.lnk [897]
O61 - LFC: 02/09/2013 - 18:05:30 ---A- . (...) -- C:\Documents and Settings\f002902\Recent\TERMO DE DISPENSA 166712013 - 7� pdpetro.doc.lnk [909]
O61 - LFC: 02/09/2013 - 18:05:30 ---A- . (...) -- C:\Documents and Settings\f002902\Recent\Termo de dispensa.lnk [618]
O61 - LFC: 02/09/2013 - 18:05:34 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\Data\profile\downloads.sqlite [33792]
O61 - LFC: 02/09/2013 - 18:05:34 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\Data\profile\permissions.sqlite [2048]
O61 - LFC: 02/09/2013 - 18:05:35 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\Data\profile\abook.mab [707418]
O61 - LFC: 02/09/2013 - 18:05:35 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\Data\profile\history.mab [129543]
O61 - LFC: 02/09/2013 - 18:15:23 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\Data\profile\parent.lock [0]
O61 - LFC: 02/09/2013 - 18:15:34 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\Data\profile\WebmailData\imapdata.db3 [14336]
O61 - LFC: 02/09/2013 - 18:15:45 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\Data\profile\WebmailData\domains.db3 [8192]
O61 - LFC: 02/09/2013 - 18:16:04 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\Data\profile\localstore.rdf [45559]
O61 - LFC: 02/09/2013 - 18:19:28 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\http_www.globo.com_0.localstorage [5120]
O61 - LFC: 02/09/2013 - 18:19:28 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\http_www.globo.com_0.localstorage-journal [5672]
O61 - LFC: 02/09/2013 - 18:20:53 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\Data\profile\session.json [365]
O61 - LFC: 02/09/2013 - 18:24:24 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Certificate Revocation Lists [258469]
O61 - LFC: 02/09/2013 - 18:24:24 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\CRX_75DAF8CB7768\crl-set [1773]
O61 - LFC: 02/09/2013 - 18:24:24 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\CRX_75DAF8CB7768\manifest.fingerprint [12]
O61 - LFC: 02/09/2013 - 18:24:24 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\CRX_75DAF8CB7768\manifest.json [34]
O61 - LFC: 02/09/2013 - 18:24:32 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\http_ego.globo.com_0.localstorage [3072]
O61 - LFC: 02/09/2013 - 18:24:32 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\http_ego.globo.com_0.localstorage-journal [3608]
O61 - LFC: 02/09/2013 - 18:24:34 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\http_vitrines.globo.com_0.localstorage [3072]
O61 - LFC: 02/09/2013 - 18:24:34 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\http_vitrines.globo.com_0.localstorage-journal [3608]
O61 - LFC: 02/09/2013 - 18:24:51 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\http_etc.globo.com_0.localstorage [3072]
O61 - LFC: 02/09/2013 - 18:24:51 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\http_etc.globo.com_0.localstorage-journal [3608]
O61 - LFC: 02/09/2013 - 18:25:19 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\http_revistaquem.globo.com_0.localstorage [3072]
O61 - LFC: 02/09/2013 - 18:25:19 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\http_revistaquem.globo.com_0.localstorage-journal [3608]
O61 - LFC: 02/09/2013 - 18:30:29 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\History Index 2013-08 [2502656]
O61 - LFC: 03/09/2013 - 08:31:35 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extension Rules\LOG.old [151]
O61 - LFC: 03/09/2013 - 08:31:36 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extension State\LOG.old [151]
O61 - LFC: 03/09/2013 - 08:31:36 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Session Storage\LOG.old [277]
O61 - LFC: 03/09/2013 - 08:32:15 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\Data\profile\Mail\icaro.funpec-2.br\popstate.dat [64]
O61 - LFC: 03/09/2013 - 08:32:15 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\E-mails\Junk.msf [10144]
O61 - LFC: 03/09/2013 - 08:33:11 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\E-mails\Inbox [3431137829]
O61 - LFC: 03/09/2013 - 08:35:45 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Last Session [1337]
O61 - LFC: 03/09/2013 - 08:35:45 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Last Tabs [1102]
O61 - LFC: 03/09/2013 - 08:36:07 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\Data\profile\_CACHE_CLEAN_ [1]
O61 - LFC: 03/09/2013 - 08:36:07 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\Data\profile\folderTree.json [251]
O61 - LFC: 03/09/2013 - 08:36:07 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\Data\profile\global-messages-db.sqlite [65568768]
O61 - LFC: 03/09/2013 - 08:36:07 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\Data\profile\panacea.dat [91740]
O61 - LFC: 03/09/2013 - 08:36:07 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\Data\profile\prefs.js [44117]
O61 - LFC: 03/09/2013 - 08:36:07 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\Data\profile\virtualFolders.dat [10]
O61 - LFC: 03/09/2013 - 08:36:07 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\E-mails\Inbox.msf [9879524]
O61 - LFC: 03/09/2013 - 08:36:07 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\E-mails\Trash [0]
O61 - LFC: 03/09/2013 - 08:36:07 ---A- . (...) -- C:\Documents and Settings\f002902\ThunderBird Padr�o\E-mails\Trash.msf [1797]
O61 - LFC: 03/09/2013 - 08:36:11 ---A- . (...) -- C:\Documents and Settings\f002902\Recent\2013.lnk [349]
O61 - LFC: 03/09/2013 - 08:36:11 ---A- . (...) -- C:\Documents and Settings\f002902\Recent\C�pia de Controle requisi��es 2013.xlsx.lnk [531]
O61 - LFC: 03/09/2013 - 08:37:51 ---A- . (...) -- C:\Documents and Settings\f002902\Dados de aplicativos\Microsoft\Windows\Themes\Custom.theme [8291]
O61 - LFC: 03/09/2013 - 08:38:17 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extension Rules\CURRENT [16]
O61 - LFC: 03/09/2013 - 08:38:18 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Session Storage\CURRENT [16]
O61 - LFC: 03/09/2013 - 08:38:18 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Session Storage\MANIFEST-002282 [256]
O61 - LFC: 03/09/2013 - 08:38:20 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extension State\CURRENT [16]
O61 - LFC: 03/09/2013 - 08:38:20 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extension State\MANIFEST-001406 [520]
O61 - LFC: 03/09/2013 - 08:38:22 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extension Rules\LOG [151]
O61 - LFC: 03/09/2013 - 08:38:22 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extension State\LOG [151]
O61 - LFC: 03/09/2013 - 08:38:22 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Session Storage\LOG [276]
O61 - LFC: 03/09/2013 - 08:38:27 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Managed Mode Settings [8]
O61 - LFC: 03/09/2013 - 08:38:28 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Network Action Predictor [75776]
O61 - LFC: 03/09/2013 - 08:38:28 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Network Action Predictor-journal [16384]
O61 - LFC: 03/09/2013 - 08:38:28 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Shortcuts [12288]
O61 - LFC: 03/09/2013 - 08:38:28 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Shortcuts-journal [16384]
O61 - LFC: 03/09/2013 - 08:38:32 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Top Sites [208896]
O61 - LFC: 03/09/2013 - 08:38:32 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Top Sites-journal [16384]
O61 - LFC: 03/09/2013 - 08:38:36 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data [118784]
O61 - LFC: 03/09/2013 - 08:38:36 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data-journal [16384]
O61 - LFC: 03/09/2013 - 08:39:26 ---A- . (...) -- C:\Documents and Settings\f002902\Meus documentos\Downloads\delfix.exe [706916]
O61 - LFC: 03/09/2013 - 08:42:04 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Safe Browsing Download [687836]
O61 - LFC: 03/09/2013 - 08:42:08 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Safe Browsing Bloom [15124176]
O61 - LFC: 03/09/2013 - 08:42:08 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Safe Browsing Bloom Prefix Set [1991380]
O61 - LFC: 03/09/2013 - 08:42:08 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Safe Browsing Csd Whitelist [135184]
O61 - LFC: 03/09/2013 - 08:42:08 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Safe Browsing Download Whitelist [19604]
O61 - LFC: 03/09/2013 - 08:42:08 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Safe Browsing Extension Blacklist [6220]
O61 - LFC: 03/09/2013 - 08:42:39 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Favicons [182272]
O61 - LFC: 03/09/2013 - 08:42:39 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Favicons-journal [16384]
O61 - LFC: 03/09/2013 - 08:42:39 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\History Index 2013-09 [1122304]
O61 - LFC: 03/09/2013 - 08:42:39 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\History Index 2013-09-journal [16384]
O61 - LFC: 03/09/2013 - 08:42:41 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\TransportSecurity [961]
O61 - LFC: 03/09/2013 - 08:44:08 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Safe Browsing Cookies [6144]
O61 - LFC: 03/09/2013 - 08:44:08 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Safe Browsing Cookies-journal [4640]
O61 - LFC: 03/09/2013 - 08:44:31 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cookies [500736]
O61 - LFC: 03/09/2013 - 08:44:31 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cookies-journal [16384]
O61 - LFC: 03/09/2013 - 08:44:31 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Current Session [1216331]
O61 - LFC: 03/09/2013 - 08:44:31 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Current Tabs [231607]
O61 - LFC: 03/09/2013 - 08:44:31 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\History [360448]
O61 - LFC: 03/09/2013 - 08:44:31 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\History Provider Cache [133914]
O61 - LFC: 03/09/2013 - 08:44:31 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\History-journal [16384]
O61 - LFC: 03/09/2013 - 08:44:31 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences [123824]
O61 - LFC: 03/09/2013 - 08:44:31 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Visited Links [131072]
O61 - LFC: 03/09/2013 - 08:44:31 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\Local State [41647]
O61 - LFC: 03/09/2013 - 08:44:31 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Dados de aplicativos\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
O61 - LFC: 03/09/2013 - 08:45:59 -SHA- . (...) -- C:\Documents and Settings\f002902\Dados de aplicativos\Microsoft\Internet Explorer\Desktop.htt [2732]
O61 - LFC: 03/09/2013 - 08:50:59 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\JRT.txt [845]
O61 - LFC: 03/09/2013 - 08:50:59 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\temp\null.txt [0]
O61 - LFC: 03/09/2013 - 08:51:26 -SHA- . (...) -- C:\Documents and Settings\f002902\IETldCache\index.dat [245760]
O61 - LFC: 31/08/2013 - 00:34:07 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\badFOLDERSstart.cfg [848]
O61 - LFC: 31/08/2013 - 00:36:00 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\REGhkcu_software_appdatalow.cfg [2195]
O61 - LFC: 31/08/2013 - 00:36:39 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\APPID_clsid.dat [1518]
O61 - LFC: 31/08/2013 - 00:37:38 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\APPPATHS.dat [67]
O61 - LFC: 31/08/2013 - 00:49:07 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\FFXPI.dat [818]
O61 - LFC: 31/08/2013 - 00:49:23 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\FFXML.dat [1470]
O61 - LFC: 31/08/2013 - 01:19:27 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\BHO_clsid.dat [28598]
O61 - LFC: 31/08/2013 - 01:19:56 ---A- . (...) -- C:\Documents and Settings\f002902\Configura��es locais\Temp\jrt\FFextensions.dat [9501]
~ 3 Fichiers cookies (Cookies files)
~ Files: 199 Legitimates Filtered in 02mn 32s



---\\ Ficheiros Alternate Data Stream (ADS) (O62)
O62 - ADS:Alternate Data Stream File - C:\WINDOWS\system32\drivers\:IncompleteBoot.cnt
O62 - ADS:Alternate Data Stream File - C:\WINDOWS\system32\Drivers\:IncompleteBoot.cnt
~ ADS: Scanned in 00mn 01s



---\\ Lista das ferramentas de remo��o de v�rus (LAT) (063)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Lista dos servi�os Legacy du registo (064)
O64 - Services: CurCS - 22/01/2013 - C:\WINDOWS\system32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - ??\??\???? - No owner (GbpSv) .(...) - LEGACY_GBPSV
O64 - Services: CurCS - ??\??\???? - No owner (vision) .(...) - LEGACY_VISION
~ Legacy: 135 Legitimates Filtered in 00mn 00s



---\\ Menu de inicializa��o Internet (068)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infe��o nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.4EBAF565B580D6B86974374BA5580842] [WIS][13/01/2009] (.VIA Technologies, Inc. - VIA Universal Setup Program.) -- C:\Windows\Installer\43154.msi [2719232]
~ WIS: 42 Legitimates Filtered in 00mn 08s



---\\ Estado general dos servi�os n�o Microsoft (EGS) (SR=Executados, SS=Parados)
SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 29/07/2008 106496 | (DkLogger) . (.SafeNet, Inc..) - C:\WINDOWS\system32\dklog.exe
SR - | Auto 29/07/2008 741376 | (DkTknSrv) . (.SafeNet, Inc..) - C:\WINDOWS\system32\dkcktkn.exe
SR - | Auto 29/07/2008 122880 | (DkVcm) . (.SafeNet, Inc..) - C:\WINDOWS\system32\dkvcm.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SR - | Auto 00\00\0000 0 | (GbpSv) . (...) - C:\ARQUIV~1\GbPlugin\GbpSv.exe
SS - | Auto 27/02/2012 136176 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 27/02/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SR - | Auto 08/11/2012 100232 | (HPSIService) . (.HP.) - C:\WINDOWS\system32\HPSIsvc.exe
SS - | Demand 14/11/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SR - | Auto 28/06/2013 182184 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SS - | Demand 13/04/2007 792112 | (NBService) . (.Nero AG.) - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 01/06/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
SS - | Disabled 00\00\0000 0 | (vision) . (...) - C:\Program Files\8u6N4r\3M7K3s.exe
~ Services: Scanned in 00mn 09s



---\\ Pesquisa de infe��o no Registo Mestre de Inicializa��o (MBR) (080)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by f002902 at 03/09/2013 08:55:43

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll ViPrt.sys ViBus.sys
C:\WINDOWS\system32\drivers\ViPrt.sys VIA Technologies, Inc. VIA SATA IDE Driver
C:\WINDOWS\system32\drivers\ViBus.sys VIA Technologies, Inc. VIA SATA IDE Driver
1 ntkrnlpa!IofCallDriver[0x804EF196] >> \Device\Harddisk0\DR0[0x89D85AB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 15 Legitimates Filtered in 00mn 02s



---\\ Pesquisa de infe��o no Registo Mestre de Inicializa��o (MBRCheck) (080)
Written by ad13, http://ad13.geekstog
Run by f002902 at 03/09/2013 08:55:45

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Sc�ner Aditional (088)
Database Version : v2.12874 - (03/09/2013)
Cl�s trouv�es (Keys found) : 0
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 0

~ Additionnel Scan: 178264 Items scanned in 00mn 21s



~ 1070 Legitimates filtered by white list
End of the scan (635 lines in 04mn 27s)(0)

Publicité


Signaler le contenu de ce document

Publicité