Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Relat�rio do ZHPDiag v2013.8.29.381 - Nicolas Coolman (29/08/2013)
~ Iniciado por administrador (05/09/2013 16:51:35)
~ Endere�o do Website : http://nicolascoolman.webs.com
~ Tradu��o pelo utilizador
~ Estatuto da vers�o : Nova Vers�o disponivel
~ Lista Branca : Ativado pelo programa
~ Eleva��o dos Privil�gios : OK
~ Controle de Conta de Utilizador : Not Found
---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 23.0.1 (Defaut)
GCIE: Google Chrome v29.0.1547.66
---\\ Informa��es sobre os produtos Windows
~ Langage: Portugais
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
---\\ Softwares de prote�ao do sistema
avast! Free Antivirus v7.0.1474.0
Malwarebytes Anti-Malware vers�o 1.60.1.1000
---\\ Softwares d'optimiza��o do sistema
CCleaner v3.08 =>Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader XI
---\\ Informa��es sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1791 MB (76% free)
System Restore: Activ� (Enable)
System drive C: has 190 GB (81%) free of 233 GB
---\\ Modo de conex�o ao sistema
~ Computer Name: FUN0080
~ User Name: administrador
~ All Users Names: SUPPORT_388945a0, HelpAssistant, f002143, Convidado, administrador,
~ Unselected Option: None
Logged in as Administrator
---\\ As vari�veis de ambiente
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\mcpd\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\mcpd\Desktop\
~ %Favorites% : C:\Documents and Settings\mcpd\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\mcpd\Configura��es locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\mcpd\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumera��o das unidades dos discos
C:\ Hard drive, Flash drive, Thumb drive (Free 190 Go of 233 Go)
D:\ CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Seguran�a do Windows
~ Security Center: 33 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros gen�ricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/04/2008 - 19:21:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.0CE085CD2FC5735CBC8D25F7EDDD393A] - (.Microsoft Corporation - Internet Extensions for Win32.) (.25/07/2013 - 23:48:57.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/04/2008 - 19:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 10:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/04/2008 - 18:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.13/04/2008 - 18:55:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 10:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.13/04/2008 - 19:02:26.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/04/2008 - 18:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de c�pia de sombra de volume.) (.13/04/2008 - 18:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/11
~ Mes Documents (My Documents) : 1/13
~ Mon Bureau (My Desktop) : 0/17
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lan�ados au arranque du sistema
[MD5.06752FAEA93BB8C9D4D72C56D360E415] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe [526888] [PID.1244]
[MD5.91061352084424820AC6268808CB8EE3] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe [153376] [PID.344]
[MD5.C81B8635DEE0D3EF5F64B3DD643023A5] - (.Microsoft Corporation - Windows User Mode Driver Manager.) -- C:\WINDOWS\system32\wdfmgr.exe [38912] [PID.860]
[MD5.16C4956ECCCE1100A4D5434EDFBBEBAF] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [17331200] [PID.688]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2460]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.2900]
[MD5.27502022B75551385957D223DD9CB72B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [7842304] [PID.2700]
~ Processes Running: Scanned in 00mn 00s
---\\ Internet Explorer, Gest�o do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s
---\\ An�lise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Autom�tico de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redire��o do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehCef.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (...) -- C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Chave orf�
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Chave orf�
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orf�
~ Toolbar: Scanned in 00mn 00s
---\\ Aplica��es iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [avast] C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe (.not file.)
O4 - HKLM\..\Run: [Java.exe] C:\Documents and Settings\All Users\Menu Iniciar\Programas\java.exeJava.exe (.not file.)
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-436374069-651377827-725345543-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-436374069-651377827-725345543-1003\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
~ Application: Scanned in 00mn 00s
---\\ Outras conex�es do utilizador (04)
O4 - GS\Desktop: Adobe Reader 9.lnk . (.Adobe Systems Incorporated - Adobe Reader 9.5.) -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AcroRd32.exe
O4 - GS\Desktop: Adobe Reader XI.lnk . (.Adobe Systems Incorporated - Adobe Reader.) -- C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AcroRd32.exe
O4 - GS\Desktop: avast! Free Antivirus.lnk . (.AVAST Software - avast! Antivirus.) -- C:\Avenger\AVAST Software\Avast\AvastUI.exe
O4 - GS\Desktop: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Arquivos de programas\CCleaner\CCleaner.exe =>Piriform Ltd
O4 - GS\Desktop: GPS.lnk . (.SRP / Dataprev - Impressor de GPS.) -- C:\Arquivos de programas\SRP\GPS.exe
O4 - GS\Desktop: Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
O4 - GS\Desktop: MBRCheck.lnk . (...) -- C:\Arquivos de programas\ZHPDiag\mbrcheck.exe
O4 - GS\Desktop: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O4 - GS\Desktop: MV RegClean 6.0.lnk . (...) -- C:\Arquivos de programas\Marcos Velasco Security\MV RegClean 6.0\MVREGCLEAN.exe
O4 - GS\Desktop: Nero StartSmart Essentials.lnk . (.Nero AG - Nero StartSmart.) -- C:\Arquivos de programas\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe
O4 - GS\Desktop: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Arquivos de programas\ZHPDiag\ZHPhep.exe
O4 - GS\Desktop: ZHPFix.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Arquivos de programas\ZHPDiag\ZHPFix\ZHPhep.exe
O4 - GS\Desktop: Atalho para Arquivos Robson.lnk . (...) -- C:\Backup Robson
O4 - GS\Desktop: ThunderbirdPortable.lnk . (.PortableApps.com - Mozilla Thunderbird, Portable Edition.) -- C:\ThunderBird Padr�o\ThunderbirdPortable.exe
~ Global Startup: Scanned in 00mn 00s
---\\ Bout�es da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orf�
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Piratagem da Op��o " Redefinir Configura��es da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Param�tres WEB: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} ((no name)) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Altera��o Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{694EB9DA-ABD4-4765-A512-3E453301F18C}: DhcpNameServer = 10.4.65.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{694EB9DA-ABD4-4765-A512-3E453301F18C}: DhcpDomain = funpec.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{694EB9DA-ABD4-4765-A512-3E453301F18C}: DhcpNameServer = 10.4.65.16
O17 - HKLM\System\CS1\Services\Tcpip\..\{694EB9DA-ABD4-4765-A512-3E453301F18C}: DhcpDomain = funpec.br
O17 - HKLM\System\CS3\Services\Tcpip\..\{694EB9DA-ABD4-4765-A512-3E453301F18C}: DhcpNameServer = 10.4.65.16
O17 - HKLM\System\CS3\Services\Tcpip\..\{694EB9DA-ABD4-4765-A512-3E453301F18C}: DhcpDomain = funpec.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.4.65.16
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notifica��o do servi�o de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pr�-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usu�rio do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pr�-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usu�rio do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Lista dos servi�os NT n�o Microsoft e n�o desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 163.7.) - C:\WINDOWS\system32\nvsvc32.exe
~ Services: 4 Legitimates Filtered in 00mn 02s
---\\ Enumera��o Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha p�gina inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\mcpd\Configura��es locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\mcpd\Configura��es locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1046" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:2 /dir:"C:\Arquivos de programas\AVAST Software\Avast") - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At1.job [416]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At2.job [416]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\OGALogon.job [236]
[MD5.00000000000000000000000000000000] [APT] [At1] (...) -- C:\DOCUME~1\administrador\DADOSD~1\Dealply\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.DealPly
[MD5.00000000000000000000000000000000] [APT] [At2] (...) -- C:\DOCUME~1\administrador\DADOSD~1\Dealply\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.DealPly
[MD5.EC9B420801D3D7F82388267D13D0F89B] [APT] [OGALogon] (...) -- C:\WINDOWS\system32\OGAexeC.exe [230768]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: GPS - (...) [HKLM] -- GPS
O42 - Logiciel: MV RegClean 6.0 - (...) [HKLM] -- MV RegClean 6.0_is1
O42 - Logiciel: M�dulo de Seguran�a - Banco do Brasil - (...) [HKLM] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
~ Logic: 299 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Elf_1.12]
~ Key Software: 117 Legitimates Filtered in 00mn 00s
---\\ Conte�do das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/10/2012 - 11:59:59 - [2,804] ----D C:\Arquivos de programas\InstallAffixationInfo
O43 - CFD: 30/08/2013 - 16:52:51 - [2,828] ----D C:\Arquivos de programas\InstallInfo
O43 - CFD: 14/07/2011 - 11:34:54 - [2,957] ----D C:\Arquivos de programas\Marcos Velasco Security
O43 - CFD: 26/08/2010 - 16:04:52 - [0,000] ----D C:\Arquivos de programas\Programas SPED
O43 - CFD: 30/04/2009 - 16:58:40 - [0,001] ----D C:\Arquivos de programas\Servi�os on-line
O43 - CFD: 29/09/2010 - 11:03:59 - [1,146] ----D C:\Arquivos de programas\SRP
O43 - CFD: 30/04/2009 - 16:58:02 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Servi�os
O43 - CFD: 15/07/2010 - 17:53:21 - [0,014] R---D C:\Documents and Settings\mcpd\Menu Iniciar\Programas\Acess�rios
O43 - CFD: 16/07/2010 - 16:44:25 - [0,000] R---D C:\Documents and Settings\mcpd\Menu Iniciar\Programas\Ferramentas administrativas
O43 - CFD: 30/04/2009 - 13:51:47 - [0,000] R---D C:\Documents and Settings\mcpd\Menu Iniciar\Programas\Inicializar
~ Program Folder: 108 Legitimates Filtered in 00mn 10s
---\\ �ltimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 05/09/2013 - 16:46:59 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31088]
O44 - LFC:[MD5.EF96B8D3157C9558843449F91DCC3F6F] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [552216]
O44 - LFC:[MD5.7E5AD44CBC97A133B83C36A347AC4E27] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [38818]
O44 - LFC:[MD5.12755DFF13EF425E543EA07A4D6E5D8E] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\comsetup.log [184236]
O44 - LFC:[MD5.E5E39B1F2E54B04ECAD00FFC1B186098] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\iis6.log [637974]
O44 - LFC:[MD5.F6CB57BE54311C4D255F3C52FC19486E] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\imsins.log [5802]
O44 - LFC:[MD5.C625D58814564E439775B2CF40958664] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\msgsocm.log [28096]
O44 - LFC:[MD5.92FCB79BE47E7E9328AA832C37362A02] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [113125]
O44 - LFC:[MD5.8D2BFE20D804D41E16051B9FBD5514AB] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\ocgen.log [280402]
O44 - LFC:[MD5.DDF6B797569BCD9184E077DA2DA5E7BD] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\ocmsn.log [34826]
O44 - LFC:[MD5.A4FCE92965A94CE802E3741E3ACBF335] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\tabletoc.log [27368]
O44 - LFC:[MD5.57900B8EE8CE2D054746B7CEB79440DD] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\tsoc.log [257900]
O44 - LFC:[MD5.79DAE71084BF47744DD7B9FA7F54C635] - 05/09/2013 - 16:35:38 ---A- . (...) -- C:\WINDOWS\msmqinst.log [182748]
O44 - LFC:[MD5.6A9C2D3FB2615A08C5F9F266AFB8940E] - 05/09/2013 - 16:35:38 ---A- . (...) -- C:\WINDOWS\netfxocm.log [97167]
O44 - LFC:[MD5.9E770479F329B3D0B04476866DCB41EB] - 05/09/2013 - 16:35:09 ---A- . (...) -- C:\WINDOWS\imsins.BAK [4507]
O44 - LFC:[MD5.3ACACA31BC0735E7A7D44C4F728454A2] - 05/09/2013 - 16:22:15 ---A- . (...) -- C:\WINDOWS\spupdsvc.log [29594]
O44 - LFC:[MD5.AEAE2295A409ED52DE64BAE137436574] - 05/09/2013 - 16:20:33 ---A- . (...) -- C:\WINDOWS\ie8_main.log [359398]
O44 - LFC:[MD5.48B3DA07B8121789D6763CF1DE4983EC] - 05/09/2013 - 16:20:22 ---A- . (...) -- C:\WINDOWS\updspapi.log [167661]
O44 - LFC:[MD5.2E036C4576E95FF397D38A18ACE24DC9] - 05/09/2013 - 16:17:33 ---A- . (...) -- C:\WINDOWS\ie8.log [135279]
O44 - LFC:[MD5.4912AB269038A1A1D4CE112C512730B6] - 05/09/2013 - 16:05:35 ---A- . (...) -- C:\WINDOWS\system32\secsetup.sdb [3153920]
O44 - LFC:[MD5.23B77ADBE7142F5F40E317B8BC2BB915] - 05/09/2013 - 16:02:00 ---A- . (...) -- C:\WINDOWS\ie8Uninst.log [98965]
O44 - LFC:[MD5.597CC98AC7386803A70585F7F6003334] - 30/08/2013 - 16:51:46 ---A- . (...) -- C:\WINDOWS\ZTEInstallInfo.log [25336]
O44 - LFC:[MD5.DCC78B14C94A442C60981A7095B4A730] - 30/08/2013 - 08:24:04 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [69]
O44 - LFC:[MD5.08B2343A2C110AD62BA0BB84DCA25E3B] - 23/08/2013 - 09:28:49 ---A- . (...) -- C:\WINDOWS\wmsetup.log [4245]
~ Files: 44 Legitimates Filtered in 00mn 07s
---\\ �ltimos ficheiros criados no Windows Prefetch (045)
O45 - LFCP:[MD5.0110878EC7EA8801A94F3E99F8877E6F] - 03/09/2013 - 10:02:44 ---A- - C:\WINDOWS\Prefetch\SWAP.EXE-3B3C2F3B.pf
O45 - LFCP:[MD5.C3304B9FEF7B770A2B4C4E35855913D2] - 04/09/2013 - 10:24:38 ---A- - C:\WINDOWS\Prefetch\EXCELCNV.EXE-20A20F75.pf
O45 - LFCP:[MD5.41DF044C0CD0958B2892338262D51356] - 05/09/2013 - 06:21:52 ---A- - C:\WINDOWS\Prefetch\NDP30SP2-KB2756918-X86.EXE-2A686088.pf
O45 - LFCP:[MD5.5B405AF144701D16F907686C18FCBF68] - 05/09/2013 - 06:55:20 ---A- - C:\WINDOWS\Prefetch\29.0.1547.66_28.0.1500.95_CHR-2B32ECE8.pf
O45 - LFCP:[MD5.E4F40548DEEE7C8B197F00CEFA869CC9] - 05/09/2013 - 08:05:39 ---A- - C:\WINDOWS\Prefetch\OGAEXEC.EXE-25B59E50.pf
O45 - LFCP:[MD5.DDB9328D9BF71DB21087C9FAE71576A5] - 05/09/2013 - 08:06:01 ---A- - C:\WINDOWS\Prefetch\DWTRIG20.EXE-21C9A857.pf
O45 - LFCP:[MD5.F23DF204DDF90B86082CD53BAF5E2C2A] - 05/09/2013 - 14:33:03 ---A- - C:\WINDOWS\Prefetch\PDFSPO~1.EXE-1368E664.pf
O45 - LFCP:[MD5.18D1057240E06684B6382D8A6C66B0AD] - 05/09/2013 - 14:34:57 ---A- - C:\WINDOWS\Prefetch\THUNDERBIRDPORTABLE.EXE-2471696B.pf
O45 - LFCP:[MD5.8FD1BEEB6229BC4985CAD0A315222ED2] - 05/09/2013 - 15:37:09 ---A- - C:\WINDOWS\Prefetch\FUNPEC.EXE-0C5E44B0.pf
O45 - LFCP:[MD5.A50070263A807B6A29B5DBE58428EF3E] - 05/09/2013 - 16:01:08 ---A- - C:\WINDOWS\Prefetch\SPUNINST.EXE-051BCCFC.pf
O45 - LFCP:[MD5.94DB0FB1F93E8762731BF5FB0B18C1CF] - 05/09/2013 - 16:05:31 ---A- - C:\WINDOWS\Prefetch\SECEDIT.EXE-160D449D.pf
O45 - LFCP:[MD5.70438FAFFDAEF53DA9CA38C96434BA9B] - 05/09/2013 - 16:10:35 ---A- - C:\WINDOWS\Prefetch\IE8-WINDOWSXP-X86-PTB.EXE-35E64B93.pf
O45 - LFCP:[MD5.1261FAA4661118612A1C56C6F4B99838] - 05/09/2013 - 16:27:00 ---A- - C:\WINDOWS\Prefetch\UPDATE~1.EXE-2383CF9B.pf
O45 - LFCP:[MD5.A0E8F2732F246BA551261C24DBB31A66] - 05/09/2013 - 16:37:07 ---A- - C:\WINDOWS\Prefetch\CINTREP.EXE-24EB8BCA.pf
O45 - LFCP:[MD5.FAFACE2D19412128064C7E808D3103DA] - 23/08/2013 - 15:26:43 ---A- - C:\WINDOWS\Prefetch\DESCUBRA-COMO-SE-TORNAR-E-PER-041DC3F2.pf
O45 - LFCP:[MD5.981196DBFA9F71D3593B590CDD717A7E] - 28/08/2013 - 15:11:44 ---A- - C:\WINDOWS\Prefetch\WORDCONV.EXE-21F3A16E.pf
O45 - LFCP:[MD5.6EA119649390E6C8CA9BE9541A02D632] - 30/08/2013 - 08:23:58 ---A- - C:\WINDOWS\Prefetch\SHOWTIME.EXE-315FC159.pf
O45 - LFCP:[MD5.9B86736D3549A8EC1128489992AE86C1] - 30/08/2013 - 08:25:11 ---A- - C:\WINDOWS\Prefetch\180313_D1.EXE-179FA0F4.pf
O45 - LFCP:[MD5.7D794A7A824A0B9407DA7BB711D56ED1] - 30/08/2013 - 08:25:24 ---A- - C:\WINDOWS\Prefetch\100413_D.EXE-11BADEFD.pf
O45 - LFCP:[MD5.DD2813A0FD8F732FF4CFB4ABB10BA8BA] - 30/08/2013 - 08:25:38 ---A- - C:\WINDOWS\Prefetch\180713_D.EXE-10797C16.pf
O45 - LFCP:[MD5.B488758432C6AC819C4CD9BACAEB71FE] - 30/08/2013 - 08:27:10 ---A- - C:\WINDOWS\Prefetch\FUNMOODSSRV.EXE-3745A67B.pf =>PUP.Funmoods
O45 - LFCP:[MD5.3C3055704BA37A05597D8AF9AA8E6E79] - 30/08/2013 - 08:27:16 ---A- - C:\WINDOWS\Prefetch\180713_Y.EXE-3379743C.pf
O45 - LFCP:[MD5.C770D86ABDC1850663983DADEC0B61E9] - 30/08/2013 - 08:27:17 ---A- - C:\WINDOWS\Prefetch\UNINST.EXE-0CE4E799.pf
O45 - LFCP:[MD5.48FB7B7E2C74268149201A5BE4334826] - 30/08/2013 - 08:27:20 ---A- - C:\WINDOWS\Prefetch\AT.EXE-2770DD18.pf
O45 - LFCP:[MD5.CF6EAA9A867428944BED7C762362ACAD] - 30/08/2013 - 08:27:20 ---A- - C:\WINDOWS\Prefetch\DEALPLYUPDATEVER.EXE-0A702203.pf =>PUP.DealPly
O45 - LFCP:[MD5.FF83EE51176DBF93A0AE5DA0439E063E] - 30/08/2013 - 08:27:23 ---A- - C:\WINDOWS\Prefetch\180713_F.EXE-25ACCB88.pf
O45 - LFCP:[MD5.B13B0A3F00AB42F14845E3C82F981C2E] - 30/08/2013 - 16:51:36 ---A- - C:\WINDOWS\Prefetch\USBDRIVERINSTALLER_X86.EXE-1F05CC1C.pf
O45 - LFCP:[MD5.2B1EF33542056AB1292084D1C1129FFD] - 30/08/2013 - 16:51:46 ---A- - C:\WINDOWS\Prefetch\KILLPROCESS.EXE-1286E78D.pf
O45 - LFCP:[MD5.6A428A398589EA39BA73E838E003E396] - 30/08/2013 - 16:51:51 ---A- - C:\WINDOWS\Prefetch\DATA.EXE-191159E9.pf
~ Prefetcher: 129 Legitimates Filtered in 00mn 01s
---\\ Opera��es e fun��es ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Exportar a chave da aplica��o autorizada (047)
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" [Disabled] .(.Software 2000 Limited.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.exe
~ Keys Export: 1 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Enumera��o das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
~ MWPS: 11 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.C2A6683C9FF46AA70E2C2092B008EDC7] - 11/10/2006 - 00:33:58 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ASUSHWIO.SYS [10288]
O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 28/10/2001 - 12:06:08 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
~ Drivers: 11 Legitimates Filtered in 00mn 00s
---\\ �ltimos ficheiros alterados ou criados (Utilizador) (061)
O61 - LFC: 05/09/2013 - 16:03:37 -S-A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Microsoft\Crypto\RSA\S-1-5-21-436374069-651377827-725345543-1003\fb6eb5987243a9026d8b07d5c089f9be_be31be9a-13d4-4930-8fad-23f48d3b30a2 [54]
O61 - LFC: 05/09/2013 - 16:22:19 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o Navegador Internet Explorer.lnk [855]
O61 - LFC: 05/09/2013 - 16:22:19 ---A- . (...) -- C:\Documents and Settings\mcpd\Menu Iniciar\Programas\Acess�rios\Ferramentas do Sistema\Internet Explorer (Sem Complementos).lnk [873]
O61 - LFC: 05/09/2013 - 16:22:19 ---A- . (...) -- C:\Documents and Settings\mcpd\Menu Iniciar\Programas\Internet Explorer.lnk [843]
O61 - LFC: 05/09/2013 - 16:22:21 ---A- . (...) -- C:\Documents and Settings\mcpd\Configura��es locais\Dados de aplicativos\Microsoft\Internet Explorer\brndlog.bak [7542]
O61 - LFC: 05/09/2013 - 16:22:21 ---A- . (...) -- C:\Documents and Settings\mcpd\Favoritos\Links\Galeria do Web Slice.url [226]
O61 - LFC: 05/09/2013 - 16:22:21 ---A- . (...) -- C:\Documents and Settings\mcpd\Favoritos\Sites da Microsoft na Web\Marketplace.url [133]
O61 - LFC: 05/09/2013 - 16:22:21 ---A- . (...) -- C:\Documents and Settings\mcpd\Favoritos\Sites da Microsoft na Web\Microsoft Brasil.url [133]
O61 - LFC: 05/09/2013 - 16:22:21 ---A- . (...) -- C:\Documents and Settings\mcpd\Favoritos\Sites da Microsoft na Web\Ofertas da Microsoft.url [133]
O61 - LFC: 05/09/2013 - 16:22:21 ---A- . (...) -- C:\Documents and Settings\mcpd\Favoritos\Sites da Microsoft na Web\Site do IE na Microsoft.com.url [133]
O61 - LFC: 05/09/2013 - 16:24:53 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Crash Reports\InstallTime20130814063812 [10]
O61 - LFC: 05/09/2013 - 16:24:59 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\pluginreg.dat [5450]
O61 - LFC: 05/09/2013 - 16:25:04 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\search.json [12144]
O61 - LFC: 05/09/2013 - 16:27:54 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\formhistory.sqlite [196608]
O61 - LFC: 05/09/2013 - 16:27:55 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\signons.sqlite [327680]
O61 - LFC: 05/09/2013 - 16:28:38 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\mimeTypes.rdf [4437]
O61 - LFC: 05/09/2013 - 16:28:39 ---A- . (...) -- C:\Documents and Settings\mcpd\Recent\Downloads.lnk [443]
O61 - LFC: 05/09/2013 - 16:28:39 ---A- . (...) -- C:\Documents and Settings\mcpd\Recent\cintrep.zip.lnk [551]
O61 - LFC: 05/09/2013 - 16:29:02 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\addons.sqlite [524288]
O61 - LFC: 05/09/2013 - 16:29:49 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\bookmarkbackups\bookmarks-2013-09-05.json [3131]
O61 - LFC: 05/09/2013 - 16:29:49 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\healthreport.sqlite [1146880]
O61 - LFC: 05/09/2013 - 16:29:50 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\permissions.sqlite [65536]
O61 - LFC: 05/09/2013 - 16:29:50 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\webappsstore.sqlite [98304]
O61 - LFC: 05/09/2013 - 16:30:13 ---A- . (...) -- C:\Documents and Settings\mcpd\Configura��es locais\Dados de aplicativos\Microsoft\Internet Explorer\brndlog.txt [113]
O61 - LFC: 05/09/2013 - 16:31:07 ---A- . (...) -- C:\Documents and Settings\mcpd\Menu Iniciar\Programas\Acess�rios\Sincronizar.lnk [603]
O61 - LFC: 05/09/2013 - 16:31:12 ---A- . (...) -- C:\Documents and Settings\mcpd\SendTo\Destinat�rio de correio.MAPIMail [0]
O61 - LFC: 05/09/2013 - 16:31:12 ---A- . (...) -- C:\Documents and Settings\mcpd\SendTo\�rea de trabalho (criar atalho).DeskLink [0]
O61 - LFC: 05/09/2013 - 16:40:05 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi [347613]
O61 - LFC: 05/09/2013 - 16:40:06 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\extensions.sqlite [458752]
O61 - LFC: 05/09/2013 - 16:40:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav-groups [79]
O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\23eb34ea5fae7453144752bc6c470977 [4672]
O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\55ddfb98db01fb57a64483d6f633fa8e [9321]
O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\6134864eede6cc6010c985a1293277c9 [3148]
O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\683c7fd46bc89a794ce8ea47ffcc244f [2948]
O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\7a84e7dd5c1d40d22d660ba27f2191a6 [10323]
O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\7b80dfd3d4b02930203168cf3c56b17f [3229]
O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\88cdb13b534d11c653f2aa4521709841 [71086]
O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\9c55ca060f2d6d7d1bc1b838d8d1f0ac [10299]
O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\caa01505e77a859248f760f34da6f399 [6973]
O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\cd7eeed074dc2702ceb363825aee24fa [6520]
O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\ce9d24a9ccd920e7b3b00d822b5ab261 [28599]
O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\dbbe4a83785e4d2c58a0647b0830c4b2 [3019]
O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\fc67dede6a4da0488b8a1e054fffd38e [8055]
O61 - LFC: 05/09/2013 - 16:40:13 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\favs##9e3f36431f5a37b5ac13b225b429e31d [1519]
O61 - LFC: 05/09/2013 - 16:40:58 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\sessionstore.bak [3533]
O61 - LFC: 05/09/2013 - 16:41:14 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\parent.lock [0]
O61 - LFC: 05/09/2013 - 16:41:14 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\webapps\webapps.json [2]
O61 - LFC: 05/09/2013 - 16:41:16 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\urlclassifierkey3.txt [154]
O61 - LFC: 05/09/2013 - 16:42:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Configura��es locais\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\_CACHE_CLEAN_ [1]
O61 - LFC: 05/09/2013 - 16:42:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Configura��es locais\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\startupCache\startupCache.4.little [82883]
O61 - LFC: 05/09/2013 - 16:42:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\cert8.db [65536]
O61 - LFC: 05/09/2013 - 16:42:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\cookies.sqlite [524288]
O61 - LFC: 05/09/2013 - 16:42:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\downloads.sqlite [98304]
O61 - LFC: 05/09/2013 - 16:42:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\key3.db [16384]
O61 - LFC: 05/09/2013 - 16:42:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\localstore.rdf [1713]
O61 - LFC: 05/09/2013 - 16:42:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\places.sqlite [10485760]
O61 - LFC: 05/09/2013 - 16:42:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\sessionstore.js [1928]
O61 - LFC: 05/09/2013 - 16:44:14 -SHA- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Microsoft\Credentials\S-1-5-21-436374069-651377827-725345543-1003\Credentials [324]
O61 - LFC: 05/09/2013 - 16:45:35 ---A- . (...) -- C:\Documents and Settings\mcpd\Recent\AdwCleaner[S1].txt.lnk [420]
O61 - LFC: 05/09/2013 - 16:50:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\prefs.js [0]
O61 - LFC: 05/09/2013 - 16:50:23 ---A- . (...) -- C:\Documents and Settings\mcpd\Configura��es locais\temp\JRT.txt [4928]
O61 - LFC: 05/09/2013 - 16:50:23 ---A- . (...) -- C:\Documents and Settings\mcpd\Configura��es locais\temp\jrt\temp\null.txt [0]
O61 - LFC: 05/09/2013 - 16:51:15 -S-A- . (...) -- C:\Documents and Settings\mcpd\IETldCache\index.dat [262144]
~ 2 Fichiers cookies (Cookies files)
~ Files: 192 Legitimates Filtered in 00mn 05s
---\\ Ficheiros Alternate Data Stream (ADS) (O62)
O62 - ADS:Alternate Data Stream File - C:\WINDOWS\system32\:48B4557B_Bb.gbp
O62 - ADS:Alternate Data Stream File - C:\WINDOWS\system32\drivers\:GbpKmAp.lst
O62 - ADS:Alternate Data Stream File - C:\WINDOWS\system32\Drivers\:GbpKmAp.lst
~ ADS: Scanned in 00mn 01s
---\\ Lista das ferramentas de remo��o de v�rus (LAT) (063)
O63 - Logiciel: Ad-Remover par C_XX - (.C_XX.) [HKLM] -- Ad-Remover
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Lista dos servi�os Legacy du registo (064)
O64 - Services: CurCS - 22/01/2013 - C:\WINDOWS\system32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 22/01/2013 - C:\Arquivos de programas\GbPlugin\gbpsv.exe (GbpSv) .(.GAS Tecnologia - G-Buster Browser Defense - Service.) - LEGACY_GBPSV
~ Legacy: 124 Legitimates Filtered in 00mn 01s
---\\ Associa��es Shell Spawning (O67)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s
---\\ Menu de inicializa��o Internet (068)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infe��o nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional � raiz do sistema (radicular) (SPRF) (O84)
[MD5.7FD2C9E9D2129369539C68B2E4D0CBF7] [SPRF][15/04/2013] (...) -- C:\Documents and Settings\mcpd\Desktop\adwcleaner.exe [541569]
[MD5.C49D9245586816869F2D05037544D131] [SPRF][08/01/2013] (.No owner - AVAST Software Setup Engine.) -- C:\Documents and Settings\mcpd\Desktop\avast_free_antivirus_setup.exe [102315992]
[MD5.DDAD2986E044778537F842899CEF3540] [SPRF][11/02/2009] (.No owner - GbpDist Module.) -- C:\WINDOWS\Downloaded Program Files\gbpdist.dll [97584]
~ Files: 7 Legitimates Filtered in 00mn 03s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.01C94347F411B11EA3343D73ED140EA8] [WIS][22/12/2011] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\4b53c3.msi [24064] =>Toolbar.Google
~ WIS: 31 Legitimates Filtered in 00mn 01s
---\\ Estado general dos servi�os n�o Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 04/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 00\00\0000 0 | (avast! Antivirus) . (...) - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SR - | Auto 22/01/2013 526888 | (GbpSv) . (.GAS Tecnologia.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
SS - | Auto 01/02/2011 136176 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 01/02/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 15/08/2012 194032 | (gusvc) . (.Google.) - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 25/08/2011 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
SS - | Demand 19/08/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 28/11/2007 800040 | (NBService) . (.Nero AG.) - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 27/06/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
SS - | Auto 04/10/2007 155716 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SR - | Auto 14/05/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
~ Services: Scanned in 00mn 01s
---\\ Pesquisa de infe��o no Registo Mestre de Inicializa��o (MBR) (080)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by administrador at 05/09/2013 16:53:52
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 nt!IofCallDriver[0x804E1311] >> \Device\Harddisk0\DR0[0x8A1DEAB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Legitimates Filtered in 00mn 02s
---\\ Pesquisa de infe��o no Registo Mestre de Inicializa��o (MBRCheck) (080)
Written by ad13, http://ad13.geekstog
Run by administrador at 05/09/2013 16:53:54
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Sc�ner Aditional (088)
Database Version : v2.12869 - (29/08/2013)
Cl�s trouv�es (Keys found) : 4
Valeurs trouv�es (Values found) : 1
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 4
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}] =>Adware.CometSystems
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}] =>Adware.CometSystems
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A531D99C-5A22-449b-83DA-872725C6D0ED}] =>Adware.CometSystems
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A531D99C-5A22-449b-83DA-872725C6D0ED}] =>Adware.CometSystems
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google^
C:\WINDOWS\Prefetch\FUNMOODSSRV.EXE-3745A67B.pf =>PUP.Funmoods^
C:\WINDOWS\Prefetch\DEALPLYUPDATEVER.EXE-0A702203.pf =>PUP.DealPly^
C:\Windows\Installer\4b53c3.msi =>Toolbar.Google^
~ Additionnel Scan: 160943 Items scanned in 00mn 15s
---\\ Sum�rio das dete��es encontradas na sua esta��o
~ http://nicolascoolman.webs.com32384220-toolbar-google =>Toolbar.Google
~ http://nicolascoolman.webs.com28060597-pup-dealply =>PUP.DealPly
~ http://nicolascoolman.webs.com27630986-pup-funmoods =>PUP.Funmoods
~ http://nicolascoolman.webs.com26664342-adware-comet =>Adware.Comet
~ MSI: 4 link(s) detected in 00mn 15s
~ 1069 Legitimates filtered by white list
End of the scan (623 lines in 02mn 34s)(0)
~ Iniciado por administrador (05/09/2013 16:51:35)
~ Endere�o do Website : http://nicolascoolman.webs.com
~ Tradu��o pelo utilizador
~ Estatuto da vers�o : Nova Vers�o disponivel
~ Lista Branca : Ativado pelo programa
~ Eleva��o dos Privil�gios : OK
~ Controle de Conta de Utilizador : Not Found
---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 23.0.1 (Defaut)
GCIE: Google Chrome v29.0.1547.66
---\\ Informa��es sobre os produtos Windows
~ Langage: Portugais
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
---\\ Softwares de prote�ao do sistema
avast! Free Antivirus v7.0.1474.0
Malwarebytes Anti-Malware vers�o 1.60.1.1000
---\\ Softwares d'optimiza��o do sistema
CCleaner v3.08 =>Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader XI
---\\ Informa��es sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1791 MB (76% free)
System Restore: Activ� (Enable)
System drive C: has 190 GB (81%) free of 233 GB
---\\ Modo de conex�o ao sistema
~ Computer Name: FUN0080
~ User Name: administrador
~ All Users Names: SUPPORT_388945a0, HelpAssistant, f002143, Convidado, administrador,
~ Unselected Option: None
Logged in as Administrator
---\\ As vari�veis de ambiente
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\mcpd\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\mcpd\Desktop\
~ %Favorites% : C:\Documents and Settings\mcpd\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\mcpd\Configura��es locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\mcpd\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumera��o das unidades dos discos
C:\ Hard drive, Flash drive, Thumb drive (Free 190 Go of 233 Go)
D:\ CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Seguran�a do Windows
~ Security Center: 33 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros gen�ricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/04/2008 - 19:21:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.0CE085CD2FC5735CBC8D25F7EDDD393A] - (.Microsoft Corporation - Internet Extensions for Win32.) (.25/07/2013 - 23:48:57.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/04/2008 - 19:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 10:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/04/2008 - 18:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.13/04/2008 - 18:55:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 10:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.13/04/2008 - 19:02:26.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/04/2008 - 18:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de c�pia de sombra de volume.) (.13/04/2008 - 18:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/11
~ Mes Documents (My Documents) : 1/13
~ Mon Bureau (My Desktop) : 0/17
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lan�ados au arranque du sistema
[MD5.06752FAEA93BB8C9D4D72C56D360E415] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe [526888] [PID.1244]
[MD5.91061352084424820AC6268808CB8EE3] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe [153376] [PID.344]
[MD5.C81B8635DEE0D3EF5F64B3DD643023A5] - (.Microsoft Corporation - Windows User Mode Driver Manager.) -- C:\WINDOWS\system32\wdfmgr.exe [38912] [PID.860]
[MD5.16C4956ECCCE1100A4D5434EDFBBEBAF] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [17331200] [PID.688]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2460]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.2900]
[MD5.27502022B75551385957D223DD9CB72B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [7842304] [PID.2700]
~ Processes Running: Scanned in 00mn 00s
---\\ Internet Explorer, Gest�o do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s
---\\ An�lise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Autom�tico de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redire��o do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehCef.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (...) -- C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Chave orf�
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Chave orf�
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orf�
~ Toolbar: Scanned in 00mn 00s
---\\ Aplica��es iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [avast] C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe (.not file.)
O4 - HKLM\..\Run: [Java.exe] C:\Documents and Settings\All Users\Menu Iniciar\Programas\java.exeJava.exe (.not file.)
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-436374069-651377827-725345543-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-436374069-651377827-725345543-1003\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
~ Application: Scanned in 00mn 00s
---\\ Outras conex�es do utilizador (04)
O4 - GS\Desktop: Adobe Reader 9.lnk . (.Adobe Systems Incorporated - Adobe Reader 9.5.) -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AcroRd32.exe
O4 - GS\Desktop: Adobe Reader XI.lnk . (.Adobe Systems Incorporated - Adobe Reader.) -- C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AcroRd32.exe
O4 - GS\Desktop: avast! Free Antivirus.lnk . (.AVAST Software - avast! Antivirus.) -- C:\Avenger\AVAST Software\Avast\AvastUI.exe
O4 - GS\Desktop: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Arquivos de programas\CCleaner\CCleaner.exe =>Piriform Ltd
O4 - GS\Desktop: GPS.lnk . (.SRP / Dataprev - Impressor de GPS.) -- C:\Arquivos de programas\SRP\GPS.exe
O4 - GS\Desktop: Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
O4 - GS\Desktop: MBRCheck.lnk . (...) -- C:\Arquivos de programas\ZHPDiag\mbrcheck.exe
O4 - GS\Desktop: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O4 - GS\Desktop: MV RegClean 6.0.lnk . (...) -- C:\Arquivos de programas\Marcos Velasco Security\MV RegClean 6.0\MVREGCLEAN.exe
O4 - GS\Desktop: Nero StartSmart Essentials.lnk . (.Nero AG - Nero StartSmart.) -- C:\Arquivos de programas\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe
O4 - GS\Desktop: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Arquivos de programas\ZHPDiag\ZHPhep.exe
O4 - GS\Desktop: ZHPFix.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Arquivos de programas\ZHPDiag\ZHPFix\ZHPhep.exe
O4 - GS\Desktop: Atalho para Arquivos Robson.lnk . (...) -- C:\Backup Robson
O4 - GS\Desktop: ThunderbirdPortable.lnk . (.PortableApps.com - Mozilla Thunderbird, Portable Edition.) -- C:\ThunderBird Padr�o\ThunderbirdPortable.exe
~ Global Startup: Scanned in 00mn 00s
---\\ Bout�es da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orf�
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Piratagem da Op��o " Redefinir Configura��es da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Param�tres WEB: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} ((no name)) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Altera��o Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{694EB9DA-ABD4-4765-A512-3E453301F18C}: DhcpNameServer = 10.4.65.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{694EB9DA-ABD4-4765-A512-3E453301F18C}: DhcpDomain = funpec.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{694EB9DA-ABD4-4765-A512-3E453301F18C}: DhcpNameServer = 10.4.65.16
O17 - HKLM\System\CS1\Services\Tcpip\..\{694EB9DA-ABD4-4765-A512-3E453301F18C}: DhcpDomain = funpec.br
O17 - HKLM\System\CS3\Services\Tcpip\..\{694EB9DA-ABD4-4765-A512-3E453301F18C}: DhcpNameServer = 10.4.65.16
O17 - HKLM\System\CS3\Services\Tcpip\..\{694EB9DA-ABD4-4765-A512-3E453301F18C}: DhcpDomain = funpec.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.4.65.16
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notifica��o do servi�o de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pr�-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usu�rio do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pr�-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usu�rio do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Lista dos servi�os NT n�o Microsoft e n�o desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 163.7.) - C:\WINDOWS\system32\nvsvc32.exe
~ Services: 4 Legitimates Filtered in 00mn 02s
---\\ Enumera��o Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha p�gina inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\mcpd\Configura��es locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\mcpd\Configura��es locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1046" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:2 /dir:"C:\Arquivos de programas\AVAST Software\Avast") - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At1.job [416]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At2.job [416]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\OGALogon.job [236]
[MD5.00000000000000000000000000000000] [APT] [At1] (...) -- C:\DOCUME~1\administrador\DADOSD~1\Dealply\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.DealPly
[MD5.00000000000000000000000000000000] [APT] [At2] (...) -- C:\DOCUME~1\administrador\DADOSD~1\Dealply\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.DealPly
[MD5.EC9B420801D3D7F82388267D13D0F89B] [APT] [OGALogon] (...) -- C:\WINDOWS\system32\OGAexeC.exe [230768]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: GPS - (...) [HKLM] -- GPS
O42 - Logiciel: MV RegClean 6.0 - (...) [HKLM] -- MV RegClean 6.0_is1
O42 - Logiciel: M�dulo de Seguran�a - Banco do Brasil - (...) [HKLM] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
~ Logic: 299 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Elf_1.12]
~ Key Software: 117 Legitimates Filtered in 00mn 00s
---\\ Conte�do das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/10/2012 - 11:59:59 - [2,804] ----D C:\Arquivos de programas\InstallAffixationInfo
O43 - CFD: 30/08/2013 - 16:52:51 - [2,828] ----D C:\Arquivos de programas\InstallInfo
O43 - CFD: 14/07/2011 - 11:34:54 - [2,957] ----D C:\Arquivos de programas\Marcos Velasco Security
O43 - CFD: 26/08/2010 - 16:04:52 - [0,000] ----D C:\Arquivos de programas\Programas SPED
O43 - CFD: 30/04/2009 - 16:58:40 - [0,001] ----D C:\Arquivos de programas\Servi�os on-line
O43 - CFD: 29/09/2010 - 11:03:59 - [1,146] ----D C:\Arquivos de programas\SRP
O43 - CFD: 30/04/2009 - 16:58:02 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Servi�os
O43 - CFD: 15/07/2010 - 17:53:21 - [0,014] R---D C:\Documents and Settings\mcpd\Menu Iniciar\Programas\Acess�rios
O43 - CFD: 16/07/2010 - 16:44:25 - [0,000] R---D C:\Documents and Settings\mcpd\Menu Iniciar\Programas\Ferramentas administrativas
O43 - CFD: 30/04/2009 - 13:51:47 - [0,000] R---D C:\Documents and Settings\mcpd\Menu Iniciar\Programas\Inicializar
~ Program Folder: 108 Legitimates Filtered in 00mn 10s
---\\ �ltimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 05/09/2013 - 16:46:59 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31088]
O44 - LFC:[MD5.EF96B8D3157C9558843449F91DCC3F6F] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [552216]
O44 - LFC:[MD5.7E5AD44CBC97A133B83C36A347AC4E27] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [38818]
O44 - LFC:[MD5.12755DFF13EF425E543EA07A4D6E5D8E] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\comsetup.log [184236]
O44 - LFC:[MD5.E5E39B1F2E54B04ECAD00FFC1B186098] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\iis6.log [637974]
O44 - LFC:[MD5.F6CB57BE54311C4D255F3C52FC19486E] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\imsins.log [5802]
O44 - LFC:[MD5.C625D58814564E439775B2CF40958664] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\msgsocm.log [28096]
O44 - LFC:[MD5.92FCB79BE47E7E9328AA832C37362A02] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [113125]
O44 - LFC:[MD5.8D2BFE20D804D41E16051B9FBD5514AB] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\ocgen.log [280402]
O44 - LFC:[MD5.DDF6B797569BCD9184E077DA2DA5E7BD] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\ocmsn.log [34826]
O44 - LFC:[MD5.A4FCE92965A94CE802E3741E3ACBF335] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\tabletoc.log [27368]
O44 - LFC:[MD5.57900B8EE8CE2D054746B7CEB79440DD] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\tsoc.log [257900]
O44 - LFC:[MD5.79DAE71084BF47744DD7B9FA7F54C635] - 05/09/2013 - 16:35:38 ---A- . (...) -- C:\WINDOWS\msmqinst.log [182748]
O44 - LFC:[MD5.6A9C2D3FB2615A08C5F9F266AFB8940E] - 05/09/2013 - 16:35:38 ---A- . (...) -- C:\WINDOWS\netfxocm.log [97167]
O44 - LFC:[MD5.9E770479F329B3D0B04476866DCB41EB] - 05/09/2013 - 16:35:09 ---A- . (...) -- C:\WINDOWS\imsins.BAK [4507]
O44 - LFC:[MD5.3ACACA31BC0735E7A7D44C4F728454A2] - 05/09/2013 - 16:22:15 ---A- . (...) -- C:\WINDOWS\spupdsvc.log [29594]
O44 - LFC:[MD5.AEAE2295A409ED52DE64BAE137436574] - 05/09/2013 - 16:20:33 ---A- . (...) -- C:\WINDOWS\ie8_main.log [359398]
O44 - LFC:[MD5.48B3DA07B8121789D6763CF1DE4983EC] - 05/09/2013 - 16:20:22 ---A- . (...) -- C:\WINDOWS\updspapi.log [167661]
O44 - LFC:[MD5.2E036C4576E95FF397D38A18ACE24DC9] - 05/09/2013 - 16:17:33 ---A- . (...) -- C:\WINDOWS\ie8.log [135279]
O44 - LFC:[MD5.4912AB269038A1A1D4CE112C512730B6] - 05/09/2013 - 16:05:35 ---A- . (...) -- C:\WINDOWS\system32\secsetup.sdb [3153920]
O44 - LFC:[MD5.23B77ADBE7142F5F40E317B8BC2BB915] - 05/09/2013 - 16:02:00 ---A- . (...) -- C:\WINDOWS\ie8Uninst.log [98965]
O44 - LFC:[MD5.597CC98AC7386803A70585F7F6003334] - 30/08/2013 - 16:51:46 ---A- . (...) -- C:\WINDOWS\ZTEInstallInfo.log [25336]
O44 - LFC:[MD5.DCC78B14C94A442C60981A7095B4A730] - 30/08/2013 - 08:24:04 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [69]
O44 - LFC:[MD5.08B2343A2C110AD62BA0BB84DCA25E3B] - 23/08/2013 - 09:28:49 ---A- . (...) -- C:\WINDOWS\wmsetup.log [4245]
~ Files: 44 Legitimates Filtered in 00mn 07s
---\\ �ltimos ficheiros criados no Windows Prefetch (045)
O45 - LFCP:[MD5.0110878EC7EA8801A94F3E99F8877E6F] - 03/09/2013 - 10:02:44 ---A- - C:\WINDOWS\Prefetch\SWAP.EXE-3B3C2F3B.pf
O45 - LFCP:[MD5.C3304B9FEF7B770A2B4C4E35855913D2] - 04/09/2013 - 10:24:38 ---A- - C:\WINDOWS\Prefetch\EXCELCNV.EXE-20A20F75.pf
O45 - LFCP:[MD5.41DF044C0CD0958B2892338262D51356] - 05/09/2013 - 06:21:52 ---A- - C:\WINDOWS\Prefetch\NDP30SP2-KB2756918-X86.EXE-2A686088.pf
O45 - LFCP:[MD5.5B405AF144701D16F907686C18FCBF68] - 05/09/2013 - 06:55:20 ---A- - C:\WINDOWS\Prefetch\29.0.1547.66_28.0.1500.95_CHR-2B32ECE8.pf
O45 - LFCP:[MD5.E4F40548DEEE7C8B197F00CEFA869CC9] - 05/09/2013 - 08:05:39 ---A- - C:\WINDOWS\Prefetch\OGAEXEC.EXE-25B59E50.pf
O45 - LFCP:[MD5.DDB9328D9BF71DB21087C9FAE71576A5] - 05/09/2013 - 08:06:01 ---A- - C:\WINDOWS\Prefetch\DWTRIG20.EXE-21C9A857.pf
O45 - LFCP:[MD5.F23DF204DDF90B86082CD53BAF5E2C2A] - 05/09/2013 - 14:33:03 ---A- - C:\WINDOWS\Prefetch\PDFSPO~1.EXE-1368E664.pf
O45 - LFCP:[MD5.18D1057240E06684B6382D8A6C66B0AD] - 05/09/2013 - 14:34:57 ---A- - C:\WINDOWS\Prefetch\THUNDERBIRDPORTABLE.EXE-2471696B.pf
O45 - LFCP:[MD5.8FD1BEEB6229BC4985CAD0A315222ED2] - 05/09/2013 - 15:37:09 ---A- - C:\WINDOWS\Prefetch\FUNPEC.EXE-0C5E44B0.pf
O45 - LFCP:[MD5.A50070263A807B6A29B5DBE58428EF3E] - 05/09/2013 - 16:01:08 ---A- - C:\WINDOWS\Prefetch\SPUNINST.EXE-051BCCFC.pf
O45 - LFCP:[MD5.94DB0FB1F93E8762731BF5FB0B18C1CF] - 05/09/2013 - 16:05:31 ---A- - C:\WINDOWS\Prefetch\SECEDIT.EXE-160D449D.pf
O45 - LFCP:[MD5.70438FAFFDAEF53DA9CA38C96434BA9B] - 05/09/2013 - 16:10:35 ---A- - C:\WINDOWS\Prefetch\IE8-WINDOWSXP-X86-PTB.EXE-35E64B93.pf
O45 - LFCP:[MD5.1261FAA4661118612A1C56C6F4B99838] - 05/09/2013 - 16:27:00 ---A- - C:\WINDOWS\Prefetch\UPDATE~1.EXE-2383CF9B.pf
O45 - LFCP:[MD5.A0E8F2732F246BA551261C24DBB31A66] - 05/09/2013 - 16:37:07 ---A- - C:\WINDOWS\Prefetch\CINTREP.EXE-24EB8BCA.pf
O45 - LFCP:[MD5.FAFACE2D19412128064C7E808D3103DA] - 23/08/2013 - 15:26:43 ---A- - C:\WINDOWS\Prefetch\DESCUBRA-COMO-SE-TORNAR-E-PER-041DC3F2.pf
O45 - LFCP:[MD5.981196DBFA9F71D3593B590CDD717A7E] - 28/08/2013 - 15:11:44 ---A- - C:\WINDOWS\Prefetch\WORDCONV.EXE-21F3A16E.pf
O45 - LFCP:[MD5.6EA119649390E6C8CA9BE9541A02D632] - 30/08/2013 - 08:23:58 ---A- - C:\WINDOWS\Prefetch\SHOWTIME.EXE-315FC159.pf
O45 - LFCP:[MD5.9B86736D3549A8EC1128489992AE86C1] - 30/08/2013 - 08:25:11 ---A- - C:\WINDOWS\Prefetch\180313_D1.EXE-179FA0F4.pf
O45 - LFCP:[MD5.7D794A7A824A0B9407DA7BB711D56ED1] - 30/08/2013 - 08:25:24 ---A- - C:\WINDOWS\Prefetch\100413_D.EXE-11BADEFD.pf
O45 - LFCP:[MD5.DD2813A0FD8F732FF4CFB4ABB10BA8BA] - 30/08/2013 - 08:25:38 ---A- - C:\WINDOWS\Prefetch\180713_D.EXE-10797C16.pf
O45 - LFCP:[MD5.B488758432C6AC819C4CD9BACAEB71FE] - 30/08/2013 - 08:27:10 ---A- - C:\WINDOWS\Prefetch\FUNMOODSSRV.EXE-3745A67B.pf =>PUP.Funmoods
O45 - LFCP:[MD5.3C3055704BA37A05597D8AF9AA8E6E79] - 30/08/2013 - 08:27:16 ---A- - C:\WINDOWS\Prefetch\180713_Y.EXE-3379743C.pf
O45 - LFCP:[MD5.C770D86ABDC1850663983DADEC0B61E9] - 30/08/2013 - 08:27:17 ---A- - C:\WINDOWS\Prefetch\UNINST.EXE-0CE4E799.pf
O45 - LFCP:[MD5.48FB7B7E2C74268149201A5BE4334826] - 30/08/2013 - 08:27:20 ---A- - C:\WINDOWS\Prefetch\AT.EXE-2770DD18.pf
O45 - LFCP:[MD5.CF6EAA9A867428944BED7C762362ACAD] - 30/08/2013 - 08:27:20 ---A- - C:\WINDOWS\Prefetch\DEALPLYUPDATEVER.EXE-0A702203.pf =>PUP.DealPly
O45 - LFCP:[MD5.FF83EE51176DBF93A0AE5DA0439E063E] - 30/08/2013 - 08:27:23 ---A- - C:\WINDOWS\Prefetch\180713_F.EXE-25ACCB88.pf
O45 - LFCP:[MD5.B13B0A3F00AB42F14845E3C82F981C2E] - 30/08/2013 - 16:51:36 ---A- - C:\WINDOWS\Prefetch\USBDRIVERINSTALLER_X86.EXE-1F05CC1C.pf
O45 - LFCP:[MD5.2B1EF33542056AB1292084D1C1129FFD] - 30/08/2013 - 16:51:46 ---A- - C:\WINDOWS\Prefetch\KILLPROCESS.EXE-1286E78D.pf
O45 - LFCP:[MD5.6A428A398589EA39BA73E838E003E396] - 30/08/2013 - 16:51:51 ---A- - C:\WINDOWS\Prefetch\DATA.EXE-191159E9.pf
~ Prefetcher: 129 Legitimates Filtered in 00mn 01s
---\\ Opera��es e fun��es ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Exportar a chave da aplica��o autorizada (047)
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" [Disabled] .(.Software 2000 Limited.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.exe
~ Keys Export: 1 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Enumera��o das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
~ MWPS: 11 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.C2A6683C9FF46AA70E2C2092B008EDC7] - 11/10/2006 - 00:33:58 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ASUSHWIO.SYS [10288]
O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 28/10/2001 - 12:06:08 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
~ Drivers: 11 Legitimates Filtered in 00mn 00s
---\\ �ltimos ficheiros alterados ou criados (Utilizador) (061)
O61 - LFC: 05/09/2013 - 16:03:37 -S-A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Microsoft\Crypto\RSA\S-1-5-21-436374069-651377827-725345543-1003\fb6eb5987243a9026d8b07d5c089f9be_be31be9a-13d4-4930-8fad-23f48d3b30a2 [54]
O61 - LFC: 05/09/2013 - 16:22:19 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o Navegador Internet Explorer.lnk [855]
O61 - LFC: 05/09/2013 - 16:22:19 ---A- . (...) -- C:\Documents and Settings\mcpd\Menu Iniciar\Programas\Acess�rios\Ferramentas do Sistema\Internet Explorer (Sem Complementos).lnk [873]
O61 - LFC: 05/09/2013 - 16:22:19 ---A- . (...) -- C:\Documents and Settings\mcpd\Menu Iniciar\Programas\Internet Explorer.lnk [843]
O61 - LFC: 05/09/2013 - 16:22:21 ---A- . (...) -- C:\Documents and Settings\mcpd\Configura��es locais\Dados de aplicativos\Microsoft\Internet Explorer\brndlog.bak [7542]
O61 - LFC: 05/09/2013 - 16:22:21 ---A- . (...) -- C:\Documents and Settings\mcpd\Favoritos\Links\Galeria do Web Slice.url [226]
O61 - LFC: 05/09/2013 - 16:22:21 ---A- . (...) -- C:\Documents and Settings\mcpd\Favoritos\Sites da Microsoft na Web\Marketplace.url [133]
O61 - LFC: 05/09/2013 - 16:22:21 ---A- . (...) -- C:\Documents and Settings\mcpd\Favoritos\Sites da Microsoft na Web\Microsoft Brasil.url [133]
O61 - LFC: 05/09/2013 - 16:22:21 ---A- . (...) -- C:\Documents and Settings\mcpd\Favoritos\Sites da Microsoft na Web\Ofertas da Microsoft.url [133]
O61 - LFC: 05/09/2013 - 16:22:21 ---A- . (...) -- C:\Documents and Settings\mcpd\Favoritos\Sites da Microsoft na Web\Site do IE na Microsoft.com.url [133]
O61 - LFC: 05/09/2013 - 16:24:53 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Crash Reports\InstallTime20130814063812 [10]
O61 - LFC: 05/09/2013 - 16:24:59 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\pluginreg.dat [5450]
O61 - LFC: 05/09/2013 - 16:25:04 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\search.json [12144]
O61 - LFC: 05/09/2013 - 16:27:54 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\formhistory.sqlite [196608]
O61 - LFC: 05/09/2013 - 16:27:55 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\signons.sqlite [327680]
O61 - LFC: 05/09/2013 - 16:28:38 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\mimeTypes.rdf [4437]
O61 - LFC: 05/09/2013 - 16:28:39 ---A- . (...) -- C:\Documents and Settings\mcpd\Recent\Downloads.lnk [443]
O61 - LFC: 05/09/2013 - 16:28:39 ---A- . (...) -- C:\Documents and Settings\mcpd\Recent\cintrep.zip.lnk [551]
O61 - LFC: 05/09/2013 - 16:29:02 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\addons.sqlite [524288]
O61 - LFC: 05/09/2013 - 16:29:49 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\bookmarkbackups\bookmarks-2013-09-05.json [3131]
O61 - LFC: 05/09/2013 - 16:29:49 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\healthreport.sqlite [1146880]
O61 - LFC: 05/09/2013 - 16:29:50 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\permissions.sqlite [65536]
O61 - LFC: 05/09/2013 - 16:29:50 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\webappsstore.sqlite [98304]
O61 - LFC: 05/09/2013 - 16:30:13 ---A- . (...) -- C:\Documents and Settings\mcpd\Configura��es locais\Dados de aplicativos\Microsoft\Internet Explorer\brndlog.txt [113]
O61 - LFC: 05/09/2013 - 16:31:07 ---A- . (...) -- C:\Documents and Settings\mcpd\Menu Iniciar\Programas\Acess�rios\Sincronizar.lnk [603]
O61 - LFC: 05/09/2013 - 16:31:12 ---A- . (...) -- C:\Documents and Settings\mcpd\SendTo\Destinat�rio de correio.MAPIMail [0]
O61 - LFC: 05/09/2013 - 16:31:12 ---A- . (...) -- C:\Documents and Settings\mcpd\SendTo\�rea de trabalho (criar atalho).DeskLink [0]
O61 - LFC: 05/09/2013 - 16:40:05 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi [347613]
O61 - LFC: 05/09/2013 - 16:40:06 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\extensions.sqlite [458752]
O61 - LFC: 05/09/2013 - 16:40:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav-groups [79]
O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\23eb34ea5fae7453144752bc6c470977 [4672]
O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\55ddfb98db01fb57a64483d6f633fa8e [9321]
O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\6134864eede6cc6010c985a1293277c9 [3148]
O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\683c7fd46bc89a794ce8ea47ffcc244f [2948]
O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\7a84e7dd5c1d40d22d660ba27f2191a6 [10323]
O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\7b80dfd3d4b02930203168cf3c56b17f [3229]
O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\88cdb13b534d11c653f2aa4521709841 [71086]
O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\9c55ca060f2d6d7d1bc1b838d8d1f0ac [10299]
O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\caa01505e77a859248f760f34da6f399 [6973]
O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\cd7eeed074dc2702ceb363825aee24fa [6520]
O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\ce9d24a9ccd920e7b3b00d822b5ab261 [28599]
O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\dbbe4a83785e4d2c58a0647b0830c4b2 [3019]
O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\fc67dede6a4da0488b8a1e054fffd38e [8055]
O61 - LFC: 05/09/2013 - 16:40:13 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\favs##9e3f36431f5a37b5ac13b225b429e31d [1519]
O61 - LFC: 05/09/2013 - 16:40:58 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\sessionstore.bak [3533]
O61 - LFC: 05/09/2013 - 16:41:14 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\parent.lock [0]
O61 - LFC: 05/09/2013 - 16:41:14 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\webapps\webapps.json [2]
O61 - LFC: 05/09/2013 - 16:41:16 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\urlclassifierkey3.txt [154]
O61 - LFC: 05/09/2013 - 16:42:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Configura��es locais\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\_CACHE_CLEAN_ [1]
O61 - LFC: 05/09/2013 - 16:42:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Configura��es locais\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\startupCache\startupCache.4.little [82883]
O61 - LFC: 05/09/2013 - 16:42:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\cert8.db [65536]
O61 - LFC: 05/09/2013 - 16:42:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\cookies.sqlite [524288]
O61 - LFC: 05/09/2013 - 16:42:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\downloads.sqlite [98304]
O61 - LFC: 05/09/2013 - 16:42:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\key3.db [16384]
O61 - LFC: 05/09/2013 - 16:42:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\localstore.rdf [1713]
O61 - LFC: 05/09/2013 - 16:42:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\places.sqlite [10485760]
O61 - LFC: 05/09/2013 - 16:42:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\sessionstore.js [1928]
O61 - LFC: 05/09/2013 - 16:44:14 -SHA- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Microsoft\Credentials\S-1-5-21-436374069-651377827-725345543-1003\Credentials [324]
O61 - LFC: 05/09/2013 - 16:45:35 ---A- . (...) -- C:\Documents and Settings\mcpd\Recent\AdwCleaner[S1].txt.lnk [420]
O61 - LFC: 05/09/2013 - 16:50:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\prefs.js [0]
O61 - LFC: 05/09/2013 - 16:50:23 ---A- . (...) -- C:\Documents and Settings\mcpd\Configura��es locais\temp\JRT.txt [4928]
O61 - LFC: 05/09/2013 - 16:50:23 ---A- . (...) -- C:\Documents and Settings\mcpd\Configura��es locais\temp\jrt\temp\null.txt [0]
O61 - LFC: 05/09/2013 - 16:51:15 -S-A- . (...) -- C:\Documents and Settings\mcpd\IETldCache\index.dat [262144]
~ 2 Fichiers cookies (Cookies files)
~ Files: 192 Legitimates Filtered in 00mn 05s
---\\ Ficheiros Alternate Data Stream (ADS) (O62)
O62 - ADS:Alternate Data Stream File - C:\WINDOWS\system32\:48B4557B_Bb.gbp
O62 - ADS:Alternate Data Stream File - C:\WINDOWS\system32\drivers\:GbpKmAp.lst
O62 - ADS:Alternate Data Stream File - C:\WINDOWS\system32\Drivers\:GbpKmAp.lst
~ ADS: Scanned in 00mn 01s
---\\ Lista das ferramentas de remo��o de v�rus (LAT) (063)
O63 - Logiciel: Ad-Remover par C_XX - (.C_XX.) [HKLM] -- Ad-Remover
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Lista dos servi�os Legacy du registo (064)
O64 - Services: CurCS - 22/01/2013 - C:\WINDOWS\system32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 22/01/2013 - C:\Arquivos de programas\GbPlugin\gbpsv.exe (GbpSv) .(.GAS Tecnologia - G-Buster Browser Defense - Service.) - LEGACY_GBPSV
~ Legacy: 124 Legitimates Filtered in 00mn 01s
---\\ Associa��es Shell Spawning (O67)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s
---\\ Menu de inicializa��o Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infe��o nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional � raiz do sistema (radicular) (SPRF) (O84)
[MD5.7FD2C9E9D2129369539C68B2E4D0CBF7] [SPRF][15/04/2013] (...) -- C:\Documents and Settings\mcpd\Desktop\adwcleaner.exe [541569]
[MD5.C49D9245586816869F2D05037544D131] [SPRF][08/01/2013] (.No owner - AVAST Software Setup Engine.) -- C:\Documents and Settings\mcpd\Desktop\avast_free_antivirus_setup.exe [102315992]
[MD5.DDAD2986E044778537F842899CEF3540] [SPRF][11/02/2009] (.No owner - GbpDist Module.) -- C:\WINDOWS\Downloaded Program Files\gbpdist.dll [97584]
~ Files: 7 Legitimates Filtered in 00mn 03s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.01C94347F411B11EA3343D73ED140EA8] [WIS][22/12/2011] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\4b53c3.msi [24064] =>Toolbar.Google
~ WIS: 31 Legitimates Filtered in 00mn 01s
---\\ Estado general dos servi�os n�o Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 04/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 00\00\0000 0 | (avast! Antivirus) . (...) - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SR - | Auto 22/01/2013 526888 | (GbpSv) . (.GAS Tecnologia.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
SS - | Auto 01/02/2011 136176 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 01/02/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 15/08/2012 194032 | (gusvc) . (.Google.) - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 25/08/2011 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
SS - | Demand 19/08/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 28/11/2007 800040 | (NBService) . (.Nero AG.) - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 27/06/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
SS - | Auto 04/10/2007 155716 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SR - | Auto 14/05/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
~ Services: Scanned in 00mn 01s
---\\ Pesquisa de infe��o no Registo Mestre de Inicializa��o (MBR) (080)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by administrador at 05/09/2013 16:53:52
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 nt!IofCallDriver[0x804E1311] >> \Device\Harddisk0\DR0[0x8A1DEAB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Legitimates Filtered in 00mn 02s
---\\ Pesquisa de infe��o no Registo Mestre de Inicializa��o (MBRCheck) (080)
Written by ad13, http://ad13.geekstog
Run by administrador at 05/09/2013 16:53:54
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Sc�ner Aditional (088)
Database Version : v2.12869 - (29/08/2013)
Cl�s trouv�es (Keys found) : 4
Valeurs trouv�es (Values found) : 1
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 4
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}] =>Adware.CometSystems
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}] =>Adware.CometSystems
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A531D99C-5A22-449b-83DA-872725C6D0ED}] =>Adware.CometSystems
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A531D99C-5A22-449b-83DA-872725C6D0ED}] =>Adware.CometSystems
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google^
C:\WINDOWS\Prefetch\FUNMOODSSRV.EXE-3745A67B.pf =>PUP.Funmoods^
C:\WINDOWS\Prefetch\DEALPLYUPDATEVER.EXE-0A702203.pf =>PUP.DealPly^
C:\Windows\Installer\4b53c3.msi =>Toolbar.Google^
~ Additionnel Scan: 160943 Items scanned in 00mn 15s
---\\ Sum�rio das dete��es encontradas na sua esta��o
~ http://nicolascoolman.webs.com32384220-toolbar-google =>Toolbar.Google
~ http://nicolascoolman.webs.com28060597-pup-dealply =>PUP.DealPly
~ http://nicolascoolman.webs.com27630986-pup-funmoods =>PUP.Funmoods
~ http://nicolascoolman.webs.com26664342-adware-comet =>Adware.Comet
~ MSI: 4 link(s) detected in 00mn 15s
~ 1069 Legitimates filtered by white list
End of the scan (623 lines in 02mn 34s)(0)