cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Relatório do ZHPDiag v2015.5.25.52 - Nicolas Coolman (25/05/2015)
~ Iniciado por Família (26/05/2015 23:15:24)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Endereço do Webforum : http://forum.nicolascoolman.fr
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 37.0.2
GCIE: Google Chrome v43.0.2357.81 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Ultimate, 32-bit (Build 7600)

---\\ Softwares de proteçao do sistema
Microsoft Security Client v4.8.0204.0
Windows Defender W7 (Deactivate)

---\\ Softwares d'optimização do sistema
CCleaner v4.03

---\\ Softwares de partilha do PeerToPeer (P2P)
Pando Media Booster v2.6.0.2
Vuze Remote Toolbar v6.9.0.16 =>P2P.Azureus

---\\ Monitoramento dos softwares
Adobe Flash Player 11 ActiveX
Adobe Reader X

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2996 MB (42% free)
System Restore: Activé (Enable)
System drive C: has 13 GB (22%) free of 59 GB

---\\ Modo de conexão ao sistema
~ Computer Name: FAMÍLIA-PC
~ User Name: Família
~ All Users Names: HomeGroupUser$, Família, Convidado, Administrador,
~ Unselected Option: None
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Família\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Família\AppData\Roaming\
~ %Desktop% : C:\Users\Família\Desktop\
~ %Favorites% : C:\Users\Família\Favorites\
~ %LocalAppData% : C:\Users\Família\AppData\Local\
~ %StartMenu% : C:\Users\Família\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 13 Go of 59 Go)
D: Hard drive, Flash drive, Thumb drive (Free 415 Go of 537 Go)
E: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.2626FC9755BE22F805D3CFA0CE3EE727] - (.Microsoft Corporation - Windows Explorer.) (.31/10/2009 - 02:45:39.) -- C:\Windows\Explorer.exe [2614272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CFD26829131439B71D0109F9D5345573] - (.Microsoft Corporation - Internet Extensions para Win32.) (.30/06/2014 - 09:33:34.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/04/2011 - 23:35:40.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/04/2011 - 23:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03/05/2011 - 23:43:41.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.A8F59428E9F361C7AC42A94AC1560BC9] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:58:11.) -- C:\Windows\system32\Drivers\ntfs.sys [1210728]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/07/2009 - 21:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.59F06B4968E58BC83DFC56CA4517960E] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/09/2012 - 13:48:29.) -- C:\Windows\system32\Drivers\volsnap.sys [245616]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 3/157
~ Mes musiques (My Musics) : 4/79
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/34
~ Mes Documents (My Documents) : 3/76
~ Mon Bureau (My Desktop) : 3/152
~ Menu demarrer (Programs) : 1/102
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.5EA288E0410347787485791DC862576B] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [142680] [PID.3708]
[MD5.390EC1BB6A4C4F32934F0D1D1388C942] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [176472] [PID.3716]
[MD5.14019000FD1B32286B34BA7E7958D9C3] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [175448] [PID.3732]
[MD5.47EA5F76FAB723C61AB4A0D79BAD512C] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176] [PID.3756]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040] [PID.3920]
[MD5.6ECC8A2B5780B31D7FD0A88F8424262B] - (.ManyCam LLC - ManyCam Virtual Webcam.) -- C:\Program Files\ManyCam\Bin\ManyCam.exe [5399888] [PID.2620]
[MD5.3F03AC51CE406AE04902BF239EE4F8F8] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Família\AppData\Roaming\Dropbox\bin\Dropbox.exe [43374104] [PID.1132]
[MD5.C4EF32C1C0473392EF4204890AF8E457] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [813896] [PID.1120]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.3808]
[MD5.F6B0935B23E3C5B54DF33D3C180CA063] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8211968] [PID.2280]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Família\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Pasta de extensão do Google Chrome
G2 - EXT: C:\Users\Família\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpgpfncmphkckngffgckamkjhiocobn [Kryptonita Quebra Link]
~ Google Lines Browser: 9 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
M0 - MFSP: prefs.js [Família - 4h8m5dfx.default] www.321oyun.com
M2 - MFEP: Extension [Família - 4h8m5dfx.default] 67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\buscape.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\ddg.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\mercadolivre.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\wikipedia-br.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo-br.xml
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Família\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 31 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.321oyun.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.321oyun.com
R0 - HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\Main,Start Page = www.321oyun.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.321oyun.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.321oyun.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.) =>P2P.Azureus
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
~ IE Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:8080
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files\XTab\SupTab.dll =>PUP.SupTab
O2 - BHO: Smiley Bar for Facebook - {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} . (.Status Winks - ScriptHost.) -- C:\Program Files\Smiley Bar for Facebook\ScriptHost.dll =>Adware.SmileyBar
O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Vuze_Remote\prxtbVuze.dll =>Toolbar.Conduit
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
~ BHO: 36 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Vuze Remote Toolbar - [HKLM]{ba14329e-9550-4989-b3f2-9732e92d17cc} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Vuze_Remote\prxtbVuze.dll =>Toolbar.Conduit
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{BA14329E-9550-4989-B3F2-9732E92D17CC} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Program [Public]: Vuze.lnk . (.Azureus Software, Inc - No Comment.) -- C:\Program Files\Vuze\Azureus.exe =>P2P.Azureus
O4 - GS\QuickLaunch [Família]: Vuze.lnk . (.Azureus Software, Inc - No Comment.) -- C:\Program Files\Vuze\Azureus.exe =>P2P.Azureus
~ Global Startup: 2 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKCU\..\Run: [WinThemePack Logon] . (.WinThemePack.com - Tweak Planets Logon Screen.) -- C:\Program Files\WinThemePack\Planets Logon Screen\tweak.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Família\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [ManyCam] . (.ManyCam LLC - ManyCam Virtual Webcam.) -- C:\Program Files\ManyCam\Bin\ManyCam.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_0A24D40724EC3DD97A400ED691B1BD82] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Família\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3393474704-3534948117-546226987-1000\..\Run: [WinThemePack Logon] . (.WinThemePack.com - Tweak Planets Logon Screen.) -- C:\Program Files\WinThemePack\Planets Logon Screen\tweak.exe
O4 - HKUS\S-1-5-21-3393474704-3534948117-546226987-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Família\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-3393474704-3534948117-546226987-1000\..\Run: [ManyCam] . (.ManyCam LLC - ManyCam Virtual Webcam.) -- C:\Program Files\ManyCam\Bin\ManyCam.exe
O4 - HKUS\S-1-5-21-3393474704-3534948117-546226987-1000\..\Run: [GoogleChromeAutoLaunch_0A24D40724EC3DD97A400ED691B1BD82] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - HKUS\S-1-5-21-3393474704-3534948117-546226987-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Família\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Application: Scanned in 00mn 00s



---\\ Restrição do acesso a opções pelo Administrador (06)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel présent
~ IE Restrictions: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C94C0808-BD4D-4780-B061-46C648DB4B3B}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8212E24-F19E-4CE6-AF86-7CD1F6AEF76F}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C94C0808-BD4D-4780-B061-46C648DB4B3B}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{E8212E24-F19E-4CE6-AF86-7CD1F6AEF76F}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C94C0808-BD4D-4780-B061-46C648DB4B3B}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS2\Services\Tcpip\..\{E8212E24-F19E-4CE6-AF86-7CD1F6AEF76F}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files\SupTab\SEARCH~1.dll (.not file.) =>PUP.SupTab
~ AppInit DLL: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\GbpSv.exe
O23 - Service: IHProtect Service (IHProtect Service) . (.XTab system - ProtectSvc.exe.) - C:\Program Files\XTab\ProtectService.exe =>Adware.AgentODR
O23 - Service: MyLocalService (MyLocalService) . (...) - C:\Windows\system32\MyLocalServer\myservice.exe
O23 - Service: NTServiceSystem (NTServiceSystem) . (...) - C:\Windows\system32\NTServer\service.exe
O23 - Service: Orolix Device Monitor (OrolixDeviceMonitor) . (.Orolix Desenvolvimento de Software LTDA. - USB Device monitor.) - C:\Program Files\TIM Communicator\module\devicemon.exe
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) . (.SysTool PasSame LIMITED - Windows SysTool Svr.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
~ Services: 12 Legitimates Filtered in 00mn 02s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [DealPly] (...) -- C:\Users\Família\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.DealPly
[MD5.00000000000000000000000000000000] [APT] [{06E39EDE-FF55-4ACD-A1A4-057582CAF922}] (...) -- C:\Users\Família\Downloads\Tony Hawks Underground 2.By.ColdFire\Install.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{07CE9C41-8D71-4F38-831B-E30BAEDEB75B}] (...) -- C:\Users\Família\Desktop\rkfree_setup_1.4.exe (.not file.) [0] =>Keylogger.Logixoft
[MD5.00000000000000000000000000000000] [APT] [{18270EB3-F0A3-493B-8C96-307A7FF9077C}] (...) -- C:\Users\Família\Downloads\Shank_2 creed1994\Shank_2-ALI213\__Installer\vc\vc2008sp1\redist\vcredist_x64.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{2B4B6725-08DD-4F33-BF92-770A5F74CF7C}] (...) -- C:\Users\Família\AppData\Roaming\omiga-plus\UninstallManager.exe (.not file.) [0] =>Hijacker.OmigaPlus
[MD5.00000000000000000000000000000000] [APT] [{2F6088BA-46AC-4E03-ACC1-3A8FCF91CDC4}] (...) -- E:\QuickTimeInstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{35E32D24-76DA-4F53-A894-9BDE6C0DB568}] (...) -- C:\Program Files\Popcorn Time\PopcornTimeDesktop.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3BA0FE1C-AF7C-48FE-A308-1DD22B25E89A}] (...) -- C:\Users\Família\Desktop\Chiave Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3EE9975C-8DD4-4776-9E4C-DE78F811E801}] (...) -- C:\Users\Família\Desktop\lightloggersetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{47B1C501-2CAE-4395-80ED-973426154341}] (...) -- C:\Program Files\Popcorn Time\PopcornTimeDesktop.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{56B2A4B8-5A44-4919-A74D-67116EDCF105}] (...) -- E:\autorun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BFC5869B-4E1C-454E-AD6D-8CC2717D9656}] (...) -- E:\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CF61DBD9-7AD3-4973-B497-E2BC77FC1902}] (...) -- C:\Program Files\Popcorn Time\PopcornTimeDesktop.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3393474704-3534948117-546226987-1000Core [914]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3393474704-3534948117-546226987-1000UA [936]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1058]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\VisualBee-codedownloader [1222] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\System32\Tasks\VisualBee-firefoxinstaller [1838] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\System32\Tasks\VisualBee-updater [1216] =>PUP.CrossRider
~ Scheduled Task: 72 Legitimates Filtered in 00mn 01s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (360SpOEM) . (.360安全中心 - 360安全卫士 - SelfProtection.) - C:\Windows\System32\drivers\360SpOEM.sys
O41 - Driver: (dwkuhucv) . (. - .) - C:\Windows\system32\drivers\dwkuhucv.sys (.not file.)
O41 - Driver: (isdoxvhe) . (. - .) - C:\Windows\system32\drivers\isdoxvhe.sys (.not file.)
O41 - Driver: (mkwngkyi) . (. - .) - C:\Windows\system32\drivers\mkwngkyi.sys (.not file.)
O41 - Driver: (ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 78 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Chiave - (.Meadows Interactives.) [HKLM] -- Chiave
O42 - Logiciel: Control Center - (.TPS.) [HKLM] -- {A09AB2EA-4E3B-48A8-A716-CD4FB3529548}
O42 - Logiciel: Dic Michaelis - UOL - (...) [HKLM] -- WDIC
O42 - Logiciel: FreeUndelete 2.1.36867.1 - (.Recoveronix.) [HKLM] -- {0F5ADA2F-C0B2-4AD6-8FF7-7DFA9D6B4CBA}
O42 - Logiciel: Keyboard status - (...) [HKLM] -- Keyboard status Setup V.1.0_is1
O42 - Logiciel: Módulo de Segurança - Banco do Brasil - (...) [HKLM] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: Popcorn Time - (.Popcorn Official.) [HKCU] -- Popcorn Time
O42 - Logiciel: TIM Communicator - (...) [HKLM] -- OrolixCommunicator
O42 - Logiciel: WindowsMangerProtect20.0.0.502 - (.WindowsProtect LIMITED.) [HKLM] -- WindowsMangerProtect =>PUP.Fuyu
~ Logic: 36 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\1ClickDownload]
[HKCU\Software\APN PIP]
[HKCU\Software\Amigo Mouse]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\BabylonToolbar] =>PUP.Babylon
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\FileScout] =>PUP.FileScout
[HKCU\Software\GbAs]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKCU\Software\KeyBoard_status]
[HKCU\Software\OrolixCommunicator]
[HKCU\Software\Orolix]
[HKCU\Software\Pando Networks]
[HKCU\Software\Recover Files]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\Zugo] =>Adware.Zugo
[HKCU\Software\a578ddab13aef13] =>Hijacker.Eazel
[HKCU\Software\bi]
[HKLM\Software\360Safe]
[HKLM\Software\Babylon] =>PUP.Babylon
[HKLM\Software\Bahamut]
[HKLM\Software\Baidu Security]
[HKLM\Software\Baidu_Drp_pos]
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\NetTcpHandler]
[HKLM\Software\Orolix]
[HKLM\Software\PIP]
[HKLM\Software\Pando Networks]
[HKLM\Software\PicexaSvc]
[HKLM\Software\RZsoft]
[HKLM\Software\Sakura]
[HKLM\Software\SupDp] =>PUP.SupTab
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\VBMZ] =>PUP.Duuqu
[HKLM\Software\a578ddab13aef13] =>Hijacker.Eazel
[HKLM\Software\supTab] =>PUP.SupTab
~ Key Software: 381 Legitimates Filtered in 00mn 01s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 23/07/2014 - 15:45:21 - [] ----D C:\Program Files\Baidu Security
O43 - CFD: 30/09/2012 - 19:07:26 - [] ----D C:\Program Files\Conduit
O43 - CFD: 24/01/2012 - 16:26:37 - [] ----D C:\Program Files\Control Center
O43 - CFD: 27/01/2013 - 19:56:18 - [] ----D C:\Program Files\File Scout =>PUP.FileScout
O43 - CFD: 06/01/2013 - 15:52:37 - [] -SH-D C:\Program Files\Ink
O43 - CFD: 24/01/2012 - 16:29:03 - [] ----D C:\Program Files\Keyboard status
O43 - CFD: 24/01/2012 - 18:33:26 - [] ----D C:\Program Files\Meadows Interactives
O43 - CFD: 14/02/2012 - 21:20:42 - [] ----D C:\Program Files\Pando Networks
O43 - CFD: 23/07/2014 - 17:08:03 - [] ----D C:\Program Files\SupTab =>PUP.SupTab
O43 - CFD: 16/07/2012 - 14:29:49 - [] ----D C:\Program Files\TIM Communicator
O43 - CFD: 18/01/2013 - 15:22:56 - [] -SH-D C:\Program Files\Viky
O43 - CFD: 06/01/2013 - 11:32:11 - [] ----D C:\Program Files\VIVO INTERNET
O43 - CFD: 23/04/2015 - 07:02:12 - [] ----D C:\Program Files\XTab
O43 - CFD: 11/11/2012 - 09:50:58 - [] ----D C:\Program Files\Common Files\YUMediaCodec
O43 - CFD: 03/04/2013 - 20:13:59 - [] ----D C:\ProgramData\APN
O43 - CFD: 17/03/2013 - 15:34:04 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 23/07/2014 - 15:48:09 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 11/04/2015 - 23:20:25 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 28/06/2014 - 14:13:24 - [] ----D C:\ProgramData\IBUpdaterService =>Adware.InstallBrain
O43 - CFD: 15/07/2014 - 18:51:16 - [] ----D C:\ProgramData\IePluginServices =>PUP.IePluginService
O43 - CFD: 16/07/2012 - 14:29:49 - [] ----D C:\ProgramData\OrolixCommunicator
O43 - CFD: 05/01/2013 - 18:17:58 - [] ---AD C:\ProgramData\rkfree =>Keylogger.Logixoft
O43 - CFD: 17/02/2012 - 00:02:46 - [0] ----D C:\ProgramData\SpeedBit
O43 - CFD: 17/03/2013 - 19:26:08 - [] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 16/06/2014 - 20:03:43 - [] ----D C:\ProgramData\Trymedia =>Adware.Trymedia
O43 - CFD: 23/04/2015 - 07:00:40 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 07/10/2014 - 20:28:21 - [] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 29/08/2012 - 13:23:17 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Claro
O43 - CFD: 24/01/2012 - 16:26:26 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Control Center
O43 - CFD: 07/10/2014 - 20:28:21 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dic Michaelis - UOL
O43 - CFD: 24/01/2012 - 16:29:03 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Keyboard status
O43 - CFD: 11/07/2013 - 12:02:03 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recover Files
O43 - CFD: 14/07/2009 - 04:48:45 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 16/07/2012 - 14:29:49 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TIM Communicator
O43 - CFD: 17/03/2013 - 15:34:03 - [] ----D C:\Users\Família\AppData\Roaming\Babylon =>PUP.Babylon
O43 - CFD: 20/05/2013 - 20:35:06 - [] ----D C:\Users\Família\AppData\Roaming\baidu
O43 - CFD: 23/07/2014 - 15:48:09 - [] ----D C:\Users\Família\AppData\Roaming\Baidu Security
O43 - CFD: 07/10/2014 - 20:28:22 - [] ----D C:\Users\Família\AppData\Roaming\Claro
O43 - CFD: 19/05/2013 - 19:56:40 - [] ----D C:\Users\Família\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 31/08/2014 - 23:34:22 - [] ----D C:\Users\Família\AppData\Roaming\PopcornTime
O43 - CFD: 23/12/2012 - 01:08:59 - [] ----D C:\Users\Família\AppData\Roaming\VIVO INTERNET
O43 - CFD: 09/02/2012 - 05:16:13 - [] ----D C:\Users\Família\AppData\Local\Ares
O43 - CFD: 30/09/2012 - 19:07:24 - [] ----D C:\Users\Família\AppData\Local\Conduit
O43 - CFD: 11/04/2015 - 23:50:11 - [] ----D C:\Users\Família\AppData\Local\Popcorn Time
O43 - CFD: 03/05/2015 - 00:05:29 - [] ----D C:\Users\Família\AppData\Local\Popcorn-Time
O43 - CFD: 13/09/2013 - 17:13:32 - [] ----D C:\Users\Família\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard =>PUP.BitGuard
O43 - CFD: 24/01/2012 - 15:13:11 - [0] ----D C:\Users\Família\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dic Michaelis - UOL
O43 - CFD: 23/01/2013 - 15:51:12 - [] ----D C:\Users\Família\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeUndelete
O43 - CFD: 11/04/2015 - 23:50:11 - [] ----D C:\Users\Família\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
~ 87 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 410 Legitimates Filtered in 00mn 02s



---\\ Últimos arquivos criados no Windows Prefetcher (045)
O45 - LFCP:[MD5.1E457EE9D7E01574EBE763736748B860] - 26/05/2015 - 22:32:07 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-C9E7F4BE.pf =>P2P.µTorrent
O45 - LFCP:[MD5.E07BF771676F5F2F4D227196A518969A] - 25/05/2015 - 00:27:00 ---A- - C:\Windows\Prefetch\VISUALBEE-CODEDOWNLOADER.EXE-E7922829.pf =>Adware.VisualBeeToolbar
O45 - LFCP:[MD5.5AFE9B9D956AC14D6448E728B92AF0B2] - 25/05/2015 - 00:26:01 ---A- - C:\Windows\Prefetch\VISUALBEE-FIREFOXINSTALLER.EX-9B2CD504.pf =>Adware.VisualBeeToolbar
O45 - LFCP:[MD5.A133488B1C2F402597554713B3FE26FE] - 25/05/2015 - 00:27:03 ---A- - C:\Windows\Prefetch\VISUALBEE-UPDATER.EXE-CC8B3168.pf =>Adware.VisualBeeToolbar
~ Prefetcher: 4 Legitimates Filtered in 00mn 00s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{8fc642ca-97c5-11e1-9a81-00e04c0dc181}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{8fc642dc-97c5-11e1-9a81-00e04c0dc181}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
O51 - MPSK:{9cd74f61-a88c-11e2-94be-f4f99a2c0913}\AutoRun\command. (...) -- F:\LGAutoRun.exe (.not file.)
O51 - MPSK:{9e0c19fb-1115-11e4-8bbc-ec73f683746e}\AutoRun\command. (...) -- F:\MotorolaDeviceManagerSetup.exe (.not file.)
O51 - MPSK:{c7413046-cf68-11e1-9aed-1c659d06514d}\AutoRun\command. (...) -- G:\autorun.exe (.not file.)
O51 - MPSK:{c8adf7cd-59b0-11e1-9fb5-00e04c0dc181}\AutoRun\command. (...) -- F:\WindowsUI\Autorun.exe (.not file.)
O51 - MPSK:{c997daaa-f1f4-11e1-b9ab-bb82847c7b12}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{c997dac9-f1f4-11e1-b9ab-bb82847c7b12}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\ares [Key] . (...) -- C:\Program Files\Ares\Ares.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Chiave [Key] . (.Meadows Interactives - Chiave.) -- C:\Program Files\Meadows Interactives\Chiave\Chiave.exe
O53 - SMSR:HKLM\...\startupreg\Control Center [Key] . (...) -- C:\Program Files\Control Center\CCenter.exe
~ SMSR Keys: 14 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:05/04/2013 - 17:42:50 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [152880]
O58 - SDL:05/04/2013 - 17:42:50 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [61488]
O58 - SDL:05/04/2013 - 17:42:50 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [29744]
O58 - SDL:05/04/2013 - 17:42:50 R--A- . (.360安全中心 - 360安全卫士 - SelfProtection.) -- C:\Windows\System32\Drivers\360SpOEM.sys [64048]
O58 - SDL:27/06/2013 - 19:50:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:27/06/2013 - 19:50:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:27/06/2013 - 19:50:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175] =>.ALWIL Software
O58 - SDL:11/03/2014 - 00:14:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [47456]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:21/07/2014 - 11:23:58 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47192]
O58 - SDL:02/10/2014 - 23:29:58 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:31/01/2013 - 06:50:58 ---A- . (.ManyCam LLC - ManyCam Virtual Microphone.) -- C:\Windows\System32\Drivers\mcaudrv.sys [22656]
O58 - SDL:11/10/2012 - 00:08:10 ---A- . (.ManyCam LLC - ManyCam Virtual Webcam.) -- C:\Windows\System32\Drivers\mcvidrv.sys [34432]
O58 - SDL:10/06/2010 - 02:14:34 ---A- . (.Windows (R) Codename Longhorn DDK provider - Alcatelusb Driver.) -- C:\Windows\System32\Drivers\Olicard160Usb.sys [19968]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
O58 - SDL:04/10/2010 - 20:59:32 ---A- . (...) -- C:\Windows\System32\StarOpen.sys [5632]
~ Drivers: 95 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados (Utilizador) (061)
O61 - LFC: 26/05/2015 - 23:15:42 ---A- . (...) -- C:\Users\Família\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [1113849]
~ 2456 Fichiers temporaires (Temporary files)
~ 292 Fichiers cookies (Cookies files)
~ Files: 4 Legitimates Filtered in 00mn 01s



---\\ Ficheiros Alternate Data Stream (ADS) (O62)
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\:4B8300DD_Bb.gbp
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\drivers\:GbpKmAp.lst
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\Drivers\:GbpKmAp.lst
~ ADS: Scanned in 00mn 00s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 11/03/2014 - C:\Windows\System32\drivers\Bhbase.sys (Bhbase) .(.Baidu, Inc. - Baidu Antivirus Hook Base.) - LEGACY_BHBASE
O64 - Services: CurCS - 21/07/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 115 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} [DefaultScope] - (e) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {483830EE-A4CD-4b71-B0A3-3D82E62A6909} - () - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {7DC0055E-1C76-479B-9C92-9D2459569A1F} - (atajitos) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} - (Google) - http://do-search.com =>PUP.DoSearches
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.2055D75501CB8D51CE95A7A3A0F40CBE] [SPRF][23/04/2015] (...) -- C:\Users\Família\AppData\Roaming\unins000.dat [16743]
[MD5.6E0BB5B9C845CDC764B2998FE612F73E] [SPRF][06/10/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Família\AppData\Roaming\unins000.exe [815314]
[MD5.BC849BA56CE71049C5B7234346F94CC0] [SPRF][24/01/2012] (...) -- C:\Users\Família\Desktop\AMCAP.exe [49152]
[MD5.30FADBA93E9430A63F19DA9935DE4369] [SPRF][23/07/2014] (.Gabest - Media Player Classic.) -- C:\Users\Família\Desktop\media-player-classic-6.9.4.1-en.exe [4411392]
~ Files: 6 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{F21571B2-25A5-4F70-B6BB-1CA1F6B0BAC8}" | In - Private - P6 - TRUE | .(.Azureus Software, Inc - No Comment.) -- C:\Program Files\Vuze\Azureus.exe =>P2P.Azureus
O87 - FAEL: "{9CFF69E4-A20A-4606-A441-ED9FF80BDB11}" | In - Private - P17 - TRUE | .(.Azureus Software, Inc - No Comment.) -- C:\Program Files\Vuze\Azureus.exe =>P2P.Azureus
O87 - FAEL: "TCP Query User{36A56254-7139-42B5-A255-1906A21A81D4}C:\program files\vuze\azureus.exe" | In - Public - P6 - TRUE | .(.Azureus Software, Inc - No Comment.) -- C:\program files\vuze\azureus.exe =>P2P.Azureus
O87 - FAEL: "UDP Query User{6C2665EB-F355-4E1E-8349-DBB0FC905A9D}C:\program files\vuze\azureus.exe" | In - Public - P17 - TRUE | .(.Azureus Software, Inc - No Comment.) -- C:\program files\vuze\azureus.exe =>P2P.Azureus
O87 - FAEL: "{D8FF17CA-9823-4E6B-AE6D-34E2666DC888}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Família\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{7BEC05F1-4668-4D18-8C8E-0FB4452BB0CF}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Família\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 6 Legitimates Filtered in 00mn 01s



---\\ Exportar as chaves do registo aleatórias (091)
[HKCU\Software\a578ddab13aef13\2.6.1339.144\upd]:="upd=1" =>Hijacker.Eazel
[HKCU\Software\a578ddab13aef13\2.6.1519.190\upd]:="upd=1" =>Hijacker.Eazel
[HKCU\Software\a578ddab13aef13\2.6.1673.238\upd]:="upd=1" =>Hijacker.Eazel
[HKCU\Software\a578ddab13aef13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\a578ddab13aef13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:version="2.6.1125.80" =>Hijacker.Eazel
[HKCU\Software\a578ddab13aef13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\a578ddab13aef13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:version="2.6.1249.132" =>Hijacker.Eazel
[HKCU\Software\a578ddab13aef13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\a578ddab13aef13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:version="2.6.1339.144" =>Hijacker.Eazel
[HKCU\Software\a578ddab13aef13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\a578ddab13aef13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:version="2.6.1519.190" =>Hijacker.Eazel
[HKCU\Software\a578ddab13aef13] =>PUP.Babylon^
[HKCU\Software\a578ddab13aef13]:version="2.6.1673.238" =>Hijacker.Eazel
[HKLM\Software\a578ddab13aef13]:version="2.6.1673.238" =>Hijacker.Eazel
~ Export Key Software: Scanned in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\Azureus_RASAPI32 =>P2P.Azureus
HKLM\SOFTWARE\Microsoft\Tracing\Azureus_RASMANCS =>P2P.Azureus
HKLM\SOFTWARE\Microsoft\Tracing\FindLyrics_RASAPI32 =>Adware.AddLyrics
HKLM\SOFTWARE\Microsoft\Tracing\FindLyrics_RASMANCS =>Adware.AddLyrics
HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32 =>Adware.OpenCandy
HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS =>Adware.OpenCandy
HKLM\SOFTWARE\Microsoft\Tracing\Offercast2802_MYC__RASAPI32 =>Toolbar.Ask
HKLM\SOFTWARE\Microsoft\Tracing\Offercast2802_MYC__RASMANCS =>Toolbar.Ask
HKLM\SOFTWARE\Microsoft\Tracing\PCPerformer_RASAPI32 =>PUP.PerformerSoft
HKLM\SOFTWARE\Microsoft\Tracing\PCPerformer_RASMANCS =>PUP.PerformerSoft
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_lightlogger_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_lightlogger_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_revealer-keylogger_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_revealer-keylogger_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\startnow_RASAPI32 =>Adware.Zugo
HKLM\SOFTWARE\Microsoft\Tracing\startnow_RASMANCS =>Adware.Zugo
HKLM\SOFTWARE\Microsoft\Tracing\SupTab_v5_RASAPI32 =>PUP.SupTab
HKLM\SOFTWARE\Microsoft\Tracing\SupTab_v5_RASMANCS =>PUP.SupTab
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\vbmz_RASAPI32 =>PUP.Duuqu
HKLM\SOFTWARE\Microsoft\Tracing\vbmz_RASMANCS =>PUP.Duuqu
HKLM\SOFTWARE\Microsoft\Tracing\visualbee-bg_RASAPI32 =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\visualbee-bg_RASMANCS =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-chromeinstaller_RASAPI32 =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-chromeinstaller_RASMANCS =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-codedownloader_RASAPI32 =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-codedownloader_RASMANCS =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-enabler_RASAPI32 =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-enabler_RASMANCS =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-firefoxinstaller_RASAPI32 =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-firefoxinstaller_RASMANCS =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-updater_RASAPI32 =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-updater_RASMANCS =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\wpm_v20_RASAPI32 =>PUP.WpManager
HKLM\SOFTWARE\Microsoft\Tracing\wpm_v20_RASMANCS =>PUP.WpManager
HKLM\SOFTWARE\Microsoft\Tracing\yontoo-C4-1BF8_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Microsoft\Tracing\yontoo-C4-1BF8_RASMANCS =>Adware.Yontoo
HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS =>Adware.Yontoo
~ BTK: 528 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{11111111-1111-1111-1111-110311391106}] (VisualBee) =>Adware.VisualBeeToolbar
[HKCR\CLSID\{206DAA08-0036-11D5-80D8-0050DA5F08E3}] (Groove WebBrowserView2) =>PUP.CrossRider
[HKCR\CLSID\{22222222-2222-2222-2222-220322392206}] (CrossriderApp0033906.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}] (Smiley Bar for Facebook) =>Adware.SmileyBar
[HKCR\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}] (Vuze Remote Toolbar) =>P2P.Azureus
[HKCR\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}] (Vuze Remote API Server) =>P2P.Azureus
~ BCK: 8061 Legitimates Filtered in 00mn 15s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 22/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 26/05/2012 1044816 | (FLEXnet Licensing Service) . (.Flexera Software, Inc..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 26/10/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 26/10/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 15/04/2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 09/10/2006 724992 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 29/12/2011 4111704 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 22/07/1658 0 | (WinRing0_1_2_0) . (...) - C:\Users\Família\AppData\Local\Temp\tmp3EFA.tmp
SR - | Auto 08/05/2014 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 03/12/2012 2571704 | (CodeMeter.exe) . (.WIBU-SYSTEMS AG.) - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
SR - | Auto 21/07/2014 546104 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\GbpSv.exe
SR - | Auto 13/10/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 19/04/2015 158816 | (IHProtect Service) . (.XTab system.) - C:\Program Files\XTab\ProtectService.exe =>Adware.AgentODR
SR - | Auto 30/04/2015 22216 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 16/06/2014 144472 | (MyLocalService) . (...) - C:\Windows\system32\MyLocalServer\myservice.exe
SR - | Auto 05/01/2013 91664 | (NTServiceSystem) . (...) - C:\Windows\system32\NTServer\service.exe
SR - | Auto 27/03/2014 581568 | (ogmservice) . (.RealNetworks, Inc..) - C:\Program Files\Online Games Manager\ogmservice.exe
SR - | Auto 05/10/2011 32672 | (OrolixDeviceMonitor) . (.Orolix Desenvolvimento de Software LTDA..) - C:\Program Files\TIM Communicator\module\devicemon.exe
SR - | Auto 23/04/2015 531968 | (WindowsMangerProtect) . (.SysTool PasSame LIMITED.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 16s



---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBR) (080)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Família at 26/05/2015 23:16:17
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x83A52718] >> \Device\Harddisk0\DR0[0x87BB9948]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 26 Legitimates Filtered in 00mn 02s



---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBRCheck) (080)
Written by ad13, http://ad13.geekstog
Run by Família at 26/05/2015 23:16:19
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scâner Aditional (088)
Database Version : 13008 - (25/05/2015)
Clés trouvées (Keys found) : 85
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 19
Fichiers trouvés (Files found) : 21

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] =>PUP.SupTab^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}] =>Adware.SmileyBar^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}] =>Toolbar.Conduit^
[HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service] =>Adware.AgentODR^
[HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect] =>PUP.Fuyu^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect] =>PUP.Fuyu^
[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Adware.iWinArcade
[HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}] =>Adware.BullseyeToolbar
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba14329e-9550-4989-b3f2-9732e92d17cc}] =>PUP.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ba14329e-9550-4989-b3f2-9732e92d17cc}] =>PUP.Conduit
[HKLM\Software\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}] =>PUP.Conduit
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Classes\Prod.cap] =>PUP.ClaroSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}] =>PUP.Conduit
[HKLM\Software\Classes\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}] =>PUP.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}] =>PUP.Conduit
[HKLM\Software\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}] =>Adware.Adkubru
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\BabylonToolbar] =>PUP.Babylon
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>PUP.Conduit
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\PIP] =>Toolbar.Ask
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\Softonic] =>PUP.Conduit
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKCU\Software\AppDataLow\Toolbar] =>PUP.Conduit
[HKCU\Software\Zugo] =>Adware.Zugo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar] =>Toolbar.Agent
[HKLM\Software\VBMZ] =>PUP.Conduit
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smiley Bar for Facebook] =>Adware.SmileyBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}] =>Adware.SmileyBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}] =>Adware.SmileyBar
[HKLM\Software\Classes\CLSID\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}] =>Adware.SmileyBar
[HKLM\Software\Classes\ScriptHost.Tool.1] =>Toolbar.Agent
[HKLM\Software\Classes\ScriptHost.Tool] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\AddonsFramework.DLL] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\ButtonSite.DLL] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\PropertySync.EXE] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\ScriptHost.DLL] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}] =>Toolbar.Freecorder
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\AppDataLow\Software\findlyrics] =>Adware.AddLyrics
[HKLM\Software\Google\Chrome\Extensions\jmhhdaimhfblnamlcdijbaakkifakade] =>Adware.AddLyrics
[HKCU\Software\BI] =>Adware.MegaSearch
[HKLM\Software\delta-homesSoftware] =>Toolbar.DeltaSearch
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0033906.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0033906.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0033906.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0033906.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\Toolbar.CT2504091] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110311391106}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220322392206}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311391106}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar] =>Adware.IMBooster
[HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{ba14329e-9550-4989-b3f2-9732e92d17cc} =>P2P.Azureus^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{ba14329e-9550-4989-b3f2-9732e92d17cc} =>Toolbar.Conduit^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Program Files\File Scout =>PUP.FileScout^
C:\Program Files\SupTab =>PUP.SupTab^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\IBUpdaterService =>Adware.InstallBrain^
C:\ProgramData\IePluginServices =>PUP.IePluginService^
C:\ProgramData\rkfree =>Keylogger.Logixoft^
C:\ProgramData\Tarma Installer =>PUP.Tarma^
C:\ProgramData\Trymedia =>Adware.Trymedia^
C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu^
C:\Users\Família\AppData\Roaming\Babylon =>PUP.Babylon^
C:\Users\Família\AppData\Roaming\OpenCandy =>Adware.OpenCandy^
C:\Users\Família\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard =>PUP.BitGuard^
C:\Program Files\Conduit =>PUP.Conduit
C:\Program Files\Vuze_Remote =>PUP.Conduit
C:\Program Files\Smiley Bar for Facebook =>Adware.SmileyBar
C:\Users\Família\AppData\Local\Conduit =>PUP.Conduit
C:\Users\Família\AppData\LocalLow\Conduit =>PUP.Conduit
C:\Users\Família\AppData\LocalLow\PriceGong =>Adware.PriceGong
C:\Users\Família\AppData\LocalLow\Vuze_Remote =>PUP.Conduit
C:\Windows\System32\Tasks\VisualBee-codedownloader =>PUP.CrossRider^
C:\Windows\System32\Tasks\VisualBee-firefoxinstaller =>PUP.CrossRider^
C:\Windows\System32\Tasks\VisualBee-updater =>PUP.CrossRider^
[HKCU\Software\BabSolution] =>Hijacker.BabSolution^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\FileScout] =>PUP.FileScout^
[HKLM\Software\Babylon] =>PUP.Babylon^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\SupDp] =>PUP.SupTab^
[HKLM\Software\supTab] =>PUP.SupTab^
[HKCU\Software\a578ddab13aef13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKCU\Software\a578ddab13aef13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKCU\Software\a578ddab13aef13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKCU\Software\a578ddab13aef13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKCU\Software\a578ddab13aef13] =>PUP.Babylon^^
[HKCR\CLSID\{11111111-1111-1111-1111-110311391106}] (VisualBee) =>Adware.VisualBeeToolbar^
[HKCR\CLSID\{206DAA08-0036-11D5-80D8-0050DA5F08E3}] (Groove WebBrowserView2) =>PUP.CrossRider^
[HKCR\CLSID\{22222222-2222-2222-2222-220322392206}] (CrossriderApp0033906.Sandbox) =>PUP.CrossRider^
[HKCR\CLSID\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}] (Smiley Bar for Facebook) =>Adware.SmileyBar^
[HKCR\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}] (Vuze Remote Toolbar) =>P2P.Azureus^
[HKCR\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}] (Vuze Remote API Server) =>P2P.Azureus^
~ Additionnel Scan: 300864 Items scanned in 00mn 15s



---\\ Informações complémentaires do módulos
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Gestão do Proxy (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects do navegador (02)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Barras do Internet Explorer (03))
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Aplicações iniciadas por registo & pastas (04)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Chave do registo Shell MountPoints2 (MPSK) (O51)
~ AMI: 6 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
http://nicolascoolman.fr/hijacker-omigaplus =>Hijacker.OmigaPlus
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://nicolascoolman.fr/adware-smileybar =>Adware.SmileyBar
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://www.nicolascoolman.fr/blog/ =>Adware.AgentODR
http://www.nicolascoolman.fr/blog/ =>PUP.Fuyu
http://nicolascoolman.fr/pup-dealply =>PUP.DealPly
http://nicolascoolman.fr/keylogger-logixoft =>Keylogger.Logixoft
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/hijacker-babsolution =>Hijacker.BabSolution
http://nicolascoolman.fr/pup-babylon =>PUP.Babylon
http://nicolascoolman.fr/pup-filescout =>PUP.FileScout
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://www.nicolascoolman.fr/blog/ =>PUP.BrowserExtensions
http://nicolascoolman.fr/pup-sweetim =>PUP.SweetIM
http://nicolascoolman.fr/adware-zugo =>Adware.Zugo
http://nicolascoolman.fr/hijacker-eazel =>Hijacker.Eazel
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://nicolascoolman.fr/pup-tarma =>PUP.Tarma
http://nicolascoolman.fr/pup-duuqu =>PUP.Duuqu
http://nicolascoolman.fr/adware-installbrain =>Adware.InstallBrain
http://www.nicolascoolman.fr/blog/ =>PUP.IePluginService
http://nicolascoolman.fr/adware-trymedia =>Adware.Trymedia
http://nicolascoolman.fr/adware-opencandy =>Adware.OpenCandy
http://nicolascoolman.fr/pup-bitguard =>PUP.BitGuard
http://nicolascoolman.fr/adware-visualbeetoolbar =>Adware.VisualBeeToolbar
http://nicolascoolman.fr/pup-dosearches =>PUP.DoSearches
http://nicolascoolman.fr/adware-addlyrics =>Adware.AddLyrics
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://www.nicolascoolman.fr/blog/ =>PUP.PerformerSoft
http://nicolascoolman.fr/pup-wpmanager =>PUP.WpManager
http://nicolascoolman.fr/adware-yontoo =>Adware.Yontoo
http://nicolascoolman.fr/adware-iwinarcade =>Adware.iWinArcade
http://nicolascoolman.fr/adware-bullseyetoolbar =>Adware.BullseyeToolbar
http://nicolascoolman.fr/adware-socialskinz =>Adware.SocialSkinz
http://www.nicolascoolman.fr/blog/ =>PUP.Conduit
http://www.nicolascoolman.fr/blog/ =>Adware.CDNHelper
http://nicolascoolman.fr/pup-clarosearch =>PUP.ClaroSearch
http://www.nicolascoolman.fr/blog/ =>Adware.Adkubru
http://nicolascoolman.fr/pup-1clickdownloader =>PUP.1ClickDownloader
http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
http://nicolascoolman.fr/adware-pricegong =>Adware.PriceGong
http://www.nicolascoolman.fr/blog/ =>Toolbar.Agent
http://nicolascoolman.fr/pup-bprotector =>PUP.BProtector
http://www.nicolascoolman.fr/blog/ =>Toolbar.Freecorder
http://nicolascoolman.fr/adware-megasearch =>Adware.MegaSearch
http://nicolascoolman.fr/toolbar-deltasearch =>Toolbar.DeltaSearch
~ MSI: 47 link(s) detected in 00mn 00s



~ 1303 Legitimates filtered by white list
End of the scan (944 lines in 01mn 12s)(0.6)

Publicité


Signaler le contenu de ce document

Publicité