~ Relatório do ZHPDiag v2013.8.29.381 - Nicolas Coolman (29/08/2013) ~ Iniciado por administrador (05/09/2013 16:51:35) ~ Endereço do Website : http://nicolascoolman.webs.com ~ Tradução pelo utilizador ~ Estatuto da versão : Nova Versão disponivel ~ Lista Branca : Ativado pelo programa ~ Elevação dos Privilégios : OK ~ Controle de Conta de Utilizador : Not Found ---\\ Navegadores Internet MSIE: Internet Explorer v8.0.6001.18702 MFIE: Mozilla Firefox 23.0.1 (Defaut) GCIE: Google Chrome v29.0.1547.66 ---\\ Informações sobre os produtos Windows ~ Langage: Portugais Windows XP Professional Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : KO ---\\ Softwares de proteçao do sistema avast! Free Antivirus v7.0.1474.0 Malwarebytes Anti-Malware versão 1.60.1.1000 ---\\ Softwares d'optimização do sistema CCleaner v3.08 =>Piriform Ltd ---\\ Softwares de partilha do PeerToPeer (P2P) ---\\ Monitoramento dos softwares Adobe Flash Player 11 Plugin Adobe Reader XI ---\\ Informações sobre o sistema ~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 1791 MB (76% free) System Restore: Activé (Enable) System drive C: has 190 GB (81%) free of 233 GB ---\\ Modo de conexão ao sistema ~ Computer Name: FUN0080 ~ User Name: administrador ~ All Users Names: SUPPORT_388945a0, HelpAssistant, f002143, Convidado, administrador, ~ Unselected Option: None Logged in as Administrator ---\\ As variáveis de ambiente ~ System Unit : C:\ ~ %AppData% : C:\Documents and Settings\mcpd\Dados de aplicativos\ ~ %Desktop% : C:\Documents and Settings\mcpd\Desktop\ ~ %Favorites% : C:\Documents and Settings\mcpd\Favoritos\ ~ %LocalAppData% : C:\Documents and Settings\mcpd\Configurações locais\Dados de aplicativos\ ~ %StartMenu% : C:\Documents and Settings\mcpd\Menu Iniciar\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ Enumeração das unidades dos discos C:\ Hard drive, Flash drive, Thumb drive (Free 190 Go of 233 Go) D:\ CD-ROM drive (Not Inserted) ---\\ Estado do Centro de Segurança do Windows ~ Security Center: 33 Legitimates Filtered in 00mn 00s ---\\ Pesquisa particular de ficheiros genéricos [MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/04/2008 - 19:21:00.) -- C:\WINDOWS\Explorer.exe [1035776] [MD5.0CE085CD2FC5735CBC8D25F7EDDD393A] - (.Microsoft Corporation - Internet Extensions for Win32.) (.25/07/2013 - 23:48:57.) -- C:\WINDOWS\system32\wininet.dll [920064] [MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/04/2008 - 19:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 10:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/04/2008 - 18:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.13/04/2008 - 18:55:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 10:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.13/04/2008 - 19:02:26.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/04/2008 - 18:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240] [MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/04/2008 - 18:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248] ~ Generic Processes: Scanned in 00mn 00s ---\\ Estatuto dos ficheiros ocultos (Oculto/Total) ~ Mes images (My Pictures) : 1/2 ~ Mes musiques (My Musics) : 1/2 ~ Mes Videos (My Videos) : 0/0 ~ Mes Favoris (My Favorites) : 1/11 ~ Mes Documents (My Documents) : 1/13 ~ Mon Bureau (My Desktop) : 0/17 ~ Menu demarrer (Programs) : 1/29 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processos lançados au arranque du sistema [MD5.06752FAEA93BB8C9D4D72C56D360E415] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe [526888] [PID.1244] [MD5.91061352084424820AC6268808CB8EE3] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe [153376] [PID.344] [MD5.C81B8635DEE0D3EF5F64B3DD643023A5] - (.Microsoft Corporation - Windows User Mode Driver Manager.) -- C:\WINDOWS\system32\wdfmgr.exe [38912] [PID.860] [MD5.16C4956ECCCE1100A4D5434EDFBBEBAF] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [17331200] [PID.688] [MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2460] [MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.2900] [MD5.27502022B75551385957D223DD9CB72B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [7842304] [PID.2700] ~ Processes Running: Scanned in 00mn 00s ---\\ Internet Explorer, Gestão do Proxy (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 ~ Proxy management: Scanned in 00mn 00s ---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Redireção do ficheiro Hosts (01) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 19 ---\\ Browser Helper Objects do navegador (02) O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehCef.dll ~ BHO: 18 Legitimates Filtered in 00mn 00s ---\\ Barras do Internet Explorer (03)) O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (...) -- C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Chave orfã O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Chave orfã O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã ~ Toolbar: Scanned in 00mn 00s ---\\ Aplicações iniciadas por registo & pastas (04) O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Run: [avast] C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe (.not file.) O4 - HKLM\..\Run: [Java.exe] C:\Documents and Settings\All Users\Menu Iniciar\Programas\java.exeJava.exe (.not file.) O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-21-436374069-651377827-725345543-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-436374069-651377827-725345543-1003\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ~ Application: Scanned in 00mn 00s ---\\ Outras conexões do utilizador (04) O4 - GS\Desktop: Adobe Reader 9.lnk . (.Adobe Systems Incorporated - Adobe Reader 9.5.) -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AcroRd32.exe O4 - GS\Desktop: Adobe Reader XI.lnk . (.Adobe Systems Incorporated - Adobe Reader.) -- C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AcroRd32.exe O4 - GS\Desktop: avast! Free Antivirus.lnk . (.AVAST Software - avast! Antivirus.) -- C:\Avenger\AVAST Software\Avast\AvastUI.exe O4 - GS\Desktop: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Arquivos de programas\CCleaner\CCleaner.exe =>Piriform Ltd O4 - GS\Desktop: GPS.lnk . (.SRP / Dataprev - Impressor de GPS.) -- C:\Arquivos de programas\SRP\GPS.exe O4 - GS\Desktop: Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe O4 - GS\Desktop: MBRCheck.lnk . (...) -- C:\Arquivos de programas\ZHPDiag\mbrcheck.exe O4 - GS\Desktop: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe O4 - GS\Desktop: MV RegClean 6.0.lnk . (...) -- C:\Arquivos de programas\Marcos Velasco Security\MV RegClean 6.0\MVREGCLEAN.exe O4 - GS\Desktop: Nero StartSmart Essentials.lnk . (.Nero AG - Nero StartSmart.) -- C:\Arquivos de programas\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe O4 - GS\Desktop: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Arquivos de programas\ZHPDiag\ZHPhep.exe O4 - GS\Desktop: ZHPFix.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Arquivos de programas\ZHPDiag\ZHPFix\ZHPhep.exe O4 - GS\Desktop: Atalho para Arquivos Robson.lnk . (...) -- C:\Backup Robson O4 - GS\Desktop: ThunderbirdPortable.lnk . (.PortableApps.com - Mozilla Thunderbird, Portable Edition.) -- C:\ThunderBird Padrão\ThunderbirdPortable.exe ~ Global Startup: Scanned in 00mn 00s ---\\ Boutões da barra de ferramentas principal do Internet Explorer (09) O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\OFFICE11\REFBARH.ICO O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Piratagem da Opção " Redefinir Configurações da Web " (014) O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp" O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br" ~ IE Paramètres WEB: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} ((no name)) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Alteração Dominio/Clientes DNS (017) O17 - HKLM\System\CCS\Services\Tcpip\..\{694EB9DA-ABD4-4765-A512-3E453301F18C}: DhcpNameServer = 10.4.65.16 O17 - HKLM\System\CCS\Services\Tcpip\..\{694EB9DA-ABD4-4765-A512-3E453301F18C}: DhcpDomain = funpec.br O17 - HKLM\System\CS1\Services\Tcpip\..\{694EB9DA-ABD4-4765-A512-3E453301F18C}: DhcpNameServer = 10.4.65.16 O17 - HKLM\System\CS1\Services\Tcpip\..\{694EB9DA-ABD4-4765-A512-3E453301F18C}: DhcpDomain = funpec.br O17 - HKLM\System\CS3\Services\Tcpip\..\{694EB9DA-ABD4-4765-A512-3E453301F18C}: DhcpNameServer = 10.4.65.16 O17 - HKLM\System\CS3\Services\Tcpip\..\{694EB9DA-ABD4-4765-A512-3E453301F18C}: DhcpDomain = funpec.br O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.4.65.16 ~ Domain: Scanned in 00mn 00s ---\\ Protocolo adicional (018) O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehCef.dll O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ Lista dos serviços NT não Microsoft e não desativados (023) O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 163.7.) - C:\WINDOWS\system32\nvsvc32.exe ~ Services: 4 Legitimates Filtered in 00mn 02s ---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024) O24 - Desktop Component 0: Minha página inicial atual - file:About:Home O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\mcpd\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\mcpd\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s ---\\ Listagem dos dados do BootExecute (Bex) (034) O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1046" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:2 /dir:"C:\Arquivos de programas\AVAST Software\Avast") - File not found ~ BEX: 2 Legitimates Filtered in 00mn 00s ---\\ Tarefas planificadas automaticamente (039) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At1.job [416] O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At2.job [416] O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\OGALogon.job [236] [MD5.00000000000000000000000000000000] [APT] [At1] (...) -- C:\DOCUME~1\administrador\DADOSD~1\Dealply\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.DealPly [MD5.00000000000000000000000000000000] [APT] [At2] (...) -- C:\DOCUME~1\administrador\DADOSD~1\Dealply\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.DealPly [MD5.EC9B420801D3D7F82388267D13D0F89B] [APT] [OGALogon] (...) -- C:\WINDOWS\system32\OGAexeC.exe [230768] ~ Scheduled Task: 17 Legitimates Filtered in 00mn 00s ---\\ Software instalados (042) O42 - Logiciel: GPS - (...) [HKLM] -- GPS O42 - Logiciel: MV RegClean 6.0 - (...) [HKLM] -- MV RegClean 6.0_is1 O42 - Logiciel: Módulo de Segurança - Banco do Brasil - (...) [HKLM] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 ~ Logic: 299 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKLM\Software\AutoHelpDesk] [HKLM\Software\Elf_1.12] ~ Key Software: 117 Legitimates Filtered in 00mn 00s ---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 22/10/2012 - 11:59:59 - [2,804] ----D C:\Arquivos de programas\InstallAffixationInfo O43 - CFD: 30/08/2013 - 16:52:51 - [2,828] ----D C:\Arquivos de programas\InstallInfo O43 - CFD: 14/07/2011 - 11:34:54 - [2,957] ----D C:\Arquivos de programas\Marcos Velasco Security O43 - CFD: 26/08/2010 - 16:04:52 - [0,000] ----D C:\Arquivos de programas\Programas SPED O43 - CFD: 30/04/2009 - 16:58:40 - [0,001] ----D C:\Arquivos de programas\Serviços on-line O43 - CFD: 29/09/2010 - 11:03:59 - [1,146] ----D C:\Arquivos de programas\SRP O43 - CFD: 30/04/2009 - 16:58:02 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Serviços O43 - CFD: 15/07/2010 - 17:53:21 - [0,014] R---D C:\Documents and Settings\mcpd\Menu Iniciar\Programas\Acessórios O43 - CFD: 16/07/2010 - 16:44:25 - [0,000] R---D C:\Documents and Settings\mcpd\Menu Iniciar\Programas\Ferramentas administrativas O43 - CFD: 30/04/2009 - 13:51:47 - [0,000] R---D C:\Documents and Settings\mcpd\Menu Iniciar\Programas\Inicializar ~ Program Folder: 108 Legitimates Filtered in 00mn 10s ---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044) O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 05/09/2013 - 16:46:59 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31088] O44 - LFC:[MD5.EF96B8D3157C9558843449F91DCC3F6F] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [552216] O44 - LFC:[MD5.7E5AD44CBC97A133B83C36A347AC4E27] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [38818] O44 - LFC:[MD5.12755DFF13EF425E543EA07A4D6E5D8E] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\comsetup.log [184236] O44 - LFC:[MD5.E5E39B1F2E54B04ECAD00FFC1B186098] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\iis6.log [637974] O44 - LFC:[MD5.F6CB57BE54311C4D255F3C52FC19486E] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\imsins.log [5802] O44 - LFC:[MD5.C625D58814564E439775B2CF40958664] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\msgsocm.log [28096] O44 - LFC:[MD5.92FCB79BE47E7E9328AA832C37362A02] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [113125] O44 - LFC:[MD5.8D2BFE20D804D41E16051B9FBD5514AB] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\ocgen.log [280402] O44 - LFC:[MD5.DDF6B797569BCD9184E077DA2DA5E7BD] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\ocmsn.log [34826] O44 - LFC:[MD5.A4FCE92965A94CE802E3741E3ACBF335] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\tabletoc.log [27368] O44 - LFC:[MD5.57900B8EE8CE2D054746B7CEB79440DD] - 05/09/2013 - 16:36:21 ---A- . (...) -- C:\WINDOWS\tsoc.log [257900] O44 - LFC:[MD5.79DAE71084BF47744DD7B9FA7F54C635] - 05/09/2013 - 16:35:38 ---A- . (...) -- C:\WINDOWS\msmqinst.log [182748] O44 - LFC:[MD5.6A9C2D3FB2615A08C5F9F266AFB8940E] - 05/09/2013 - 16:35:38 ---A- . (...) -- C:\WINDOWS\netfxocm.log [97167] O44 - LFC:[MD5.9E770479F329B3D0B04476866DCB41EB] - 05/09/2013 - 16:35:09 ---A- . (...) -- C:\WINDOWS\imsins.BAK [4507] O44 - LFC:[MD5.3ACACA31BC0735E7A7D44C4F728454A2] - 05/09/2013 - 16:22:15 ---A- . (...) -- C:\WINDOWS\spupdsvc.log [29594] O44 - LFC:[MD5.AEAE2295A409ED52DE64BAE137436574] - 05/09/2013 - 16:20:33 ---A- . (...) -- C:\WINDOWS\ie8_main.log [359398] O44 - LFC:[MD5.48B3DA07B8121789D6763CF1DE4983EC] - 05/09/2013 - 16:20:22 ---A- . (...) -- C:\WINDOWS\updspapi.log [167661] O44 - LFC:[MD5.2E036C4576E95FF397D38A18ACE24DC9] - 05/09/2013 - 16:17:33 ---A- . (...) -- C:\WINDOWS\ie8.log [135279] O44 - LFC:[MD5.4912AB269038A1A1D4CE112C512730B6] - 05/09/2013 - 16:05:35 ---A- . (...) -- C:\WINDOWS\system32\secsetup.sdb [3153920] O44 - LFC:[MD5.23B77ADBE7142F5F40E317B8BC2BB915] - 05/09/2013 - 16:02:00 ---A- . (...) -- C:\WINDOWS\ie8Uninst.log [98965] O44 - LFC:[MD5.597CC98AC7386803A70585F7F6003334] - 30/08/2013 - 16:51:46 ---A- . (...) -- C:\WINDOWS\ZTEInstallInfo.log [25336] O44 - LFC:[MD5.DCC78B14C94A442C60981A7095B4A730] - 30/08/2013 - 08:24:04 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [69] O44 - LFC:[MD5.08B2343A2C110AD62BA0BB84DCA25E3B] - 23/08/2013 - 09:28:49 ---A- . (...) -- C:\WINDOWS\wmsetup.log [4245] ~ Files: 44 Legitimates Filtered in 00mn 07s ---\\ Últimos ficheiros criados no Windows Prefetch (045) O45 - LFCP:[MD5.0110878EC7EA8801A94F3E99F8877E6F] - 03/09/2013 - 10:02:44 ---A- - C:\WINDOWS\Prefetch\SWAP.EXE-3B3C2F3B.pf O45 - LFCP:[MD5.C3304B9FEF7B770A2B4C4E35855913D2] - 04/09/2013 - 10:24:38 ---A- - C:\WINDOWS\Prefetch\EXCELCNV.EXE-20A20F75.pf O45 - LFCP:[MD5.41DF044C0CD0958B2892338262D51356] - 05/09/2013 - 06:21:52 ---A- - C:\WINDOWS\Prefetch\NDP30SP2-KB2756918-X86.EXE-2A686088.pf O45 - LFCP:[MD5.5B405AF144701D16F907686C18FCBF68] - 05/09/2013 - 06:55:20 ---A- - C:\WINDOWS\Prefetch\29.0.1547.66_28.0.1500.95_CHR-2B32ECE8.pf O45 - LFCP:[MD5.E4F40548DEEE7C8B197F00CEFA869CC9] - 05/09/2013 - 08:05:39 ---A- - C:\WINDOWS\Prefetch\OGAEXEC.EXE-25B59E50.pf O45 - LFCP:[MD5.DDB9328D9BF71DB21087C9FAE71576A5] - 05/09/2013 - 08:06:01 ---A- - C:\WINDOWS\Prefetch\DWTRIG20.EXE-21C9A857.pf O45 - LFCP:[MD5.F23DF204DDF90B86082CD53BAF5E2C2A] - 05/09/2013 - 14:33:03 ---A- - C:\WINDOWS\Prefetch\PDFSPO~1.EXE-1368E664.pf O45 - LFCP:[MD5.18D1057240E06684B6382D8A6C66B0AD] - 05/09/2013 - 14:34:57 ---A- - C:\WINDOWS\Prefetch\THUNDERBIRDPORTABLE.EXE-2471696B.pf O45 - LFCP:[MD5.8FD1BEEB6229BC4985CAD0A315222ED2] - 05/09/2013 - 15:37:09 ---A- - C:\WINDOWS\Prefetch\FUNPEC.EXE-0C5E44B0.pf O45 - LFCP:[MD5.A50070263A807B6A29B5DBE58428EF3E] - 05/09/2013 - 16:01:08 ---A- - C:\WINDOWS\Prefetch\SPUNINST.EXE-051BCCFC.pf O45 - LFCP:[MD5.94DB0FB1F93E8762731BF5FB0B18C1CF] - 05/09/2013 - 16:05:31 ---A- - C:\WINDOWS\Prefetch\SECEDIT.EXE-160D449D.pf O45 - LFCP:[MD5.70438FAFFDAEF53DA9CA38C96434BA9B] - 05/09/2013 - 16:10:35 ---A- - C:\WINDOWS\Prefetch\IE8-WINDOWSXP-X86-PTB.EXE-35E64B93.pf O45 - LFCP:[MD5.1261FAA4661118612A1C56C6F4B99838] - 05/09/2013 - 16:27:00 ---A- - C:\WINDOWS\Prefetch\UPDATE~1.EXE-2383CF9B.pf O45 - LFCP:[MD5.A0E8F2732F246BA551261C24DBB31A66] - 05/09/2013 - 16:37:07 ---A- - C:\WINDOWS\Prefetch\CINTREP.EXE-24EB8BCA.pf O45 - LFCP:[MD5.FAFACE2D19412128064C7E808D3103DA] - 23/08/2013 - 15:26:43 ---A- - C:\WINDOWS\Prefetch\DESCUBRA-COMO-SE-TORNAR-E-PER-041DC3F2.pf O45 - LFCP:[MD5.981196DBFA9F71D3593B590CDD717A7E] - 28/08/2013 - 15:11:44 ---A- - C:\WINDOWS\Prefetch\WORDCONV.EXE-21F3A16E.pf O45 - LFCP:[MD5.6EA119649390E6C8CA9BE9541A02D632] - 30/08/2013 - 08:23:58 ---A- - C:\WINDOWS\Prefetch\SHOWTIME.EXE-315FC159.pf O45 - LFCP:[MD5.9B86736D3549A8EC1128489992AE86C1] - 30/08/2013 - 08:25:11 ---A- - C:\WINDOWS\Prefetch\180313_D1.EXE-179FA0F4.pf O45 - LFCP:[MD5.7D794A7A824A0B9407DA7BB711D56ED1] - 30/08/2013 - 08:25:24 ---A- - C:\WINDOWS\Prefetch\100413_D.EXE-11BADEFD.pf O45 - LFCP:[MD5.DD2813A0FD8F732FF4CFB4ABB10BA8BA] - 30/08/2013 - 08:25:38 ---A- - C:\WINDOWS\Prefetch\180713_D.EXE-10797C16.pf O45 - LFCP:[MD5.B488758432C6AC819C4CD9BACAEB71FE] - 30/08/2013 - 08:27:10 ---A- - C:\WINDOWS\Prefetch\FUNMOODSSRV.EXE-3745A67B.pf =>PUP.Funmoods O45 - LFCP:[MD5.3C3055704BA37A05597D8AF9AA8E6E79] - 30/08/2013 - 08:27:16 ---A- - C:\WINDOWS\Prefetch\180713_Y.EXE-3379743C.pf O45 - LFCP:[MD5.C770D86ABDC1850663983DADEC0B61E9] - 30/08/2013 - 08:27:17 ---A- - C:\WINDOWS\Prefetch\UNINST.EXE-0CE4E799.pf O45 - LFCP:[MD5.48FB7B7E2C74268149201A5BE4334826] - 30/08/2013 - 08:27:20 ---A- - C:\WINDOWS\Prefetch\AT.EXE-2770DD18.pf O45 - LFCP:[MD5.CF6EAA9A867428944BED7C762362ACAD] - 30/08/2013 - 08:27:20 ---A- - C:\WINDOWS\Prefetch\DEALPLYUPDATEVER.EXE-0A702203.pf =>PUP.DealPly O45 - LFCP:[MD5.FF83EE51176DBF93A0AE5DA0439E063E] - 30/08/2013 - 08:27:23 ---A- - C:\WINDOWS\Prefetch\180713_F.EXE-25ACCB88.pf O45 - LFCP:[MD5.B13B0A3F00AB42F14845E3C82F981C2E] - 30/08/2013 - 16:51:36 ---A- - C:\WINDOWS\Prefetch\USBDRIVERINSTALLER_X86.EXE-1F05CC1C.pf O45 - LFCP:[MD5.2B1EF33542056AB1292084D1C1129FFD] - 30/08/2013 - 16:51:46 ---A- - C:\WINDOWS\Prefetch\KILLPROCESS.EXE-1286E78D.pf O45 - LFCP:[MD5.6A428A398589EA39BA73E838E003E396] - 30/08/2013 - 16:51:51 ---A- - C:\WINDOWS\Prefetch\DATA.EXE-191159E9.pf ~ Prefetcher: 129 Legitimates Filtered in 00mn 01s ---\\ Operações e funções ao arranque do Windows Explorer (046) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Exportar a chave da aplicação autorizada (047) O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" [Disabled] .(.Software 2000 Limited.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.exe ~ Keys Export: 1 Legitimates Filtered in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 ~ MWPS: 11 Legitimates Filtered in 00mn 00s ---\\ Lista dos drivers do sistema (SDL) (O58) O58 - SDL:[MD5.C2A6683C9FF46AA70E2C2092B008EDC7] - 11/10/2006 - 00:33:58 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ASUSHWIO.SYS [10288] O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 28/10/2001 - 12:06:08 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032] ~ Drivers: 11 Legitimates Filtered in 00mn 00s ---\\ Últimos ficheiros alterados ou criados (Utilizador) (061) O61 - LFC: 05/09/2013 - 16:03:37 -S-A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Microsoft\Crypto\RSA\S-1-5-21-436374069-651377827-725345543-1003\fb6eb5987243a9026d8b07d5c089f9be_be31be9a-13d4-4930-8fad-23f48d3b30a2 [54] O61 - LFC: 05/09/2013 - 16:22:19 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o Navegador Internet Explorer.lnk [855] O61 - LFC: 05/09/2013 - 16:22:19 ---A- . (...) -- C:\Documents and Settings\mcpd\Menu Iniciar\Programas\Acessórios\Ferramentas do Sistema\Internet Explorer (Sem Complementos).lnk [873] O61 - LFC: 05/09/2013 - 16:22:19 ---A- . (...) -- C:\Documents and Settings\mcpd\Menu Iniciar\Programas\Internet Explorer.lnk [843] O61 - LFC: 05/09/2013 - 16:22:21 ---A- . (...) -- C:\Documents and Settings\mcpd\Configurações locais\Dados de aplicativos\Microsoft\Internet Explorer\brndlog.bak [7542] O61 - LFC: 05/09/2013 - 16:22:21 ---A- . (...) -- C:\Documents and Settings\mcpd\Favoritos\Links\Galeria do Web Slice.url [226] O61 - LFC: 05/09/2013 - 16:22:21 ---A- . (...) -- C:\Documents and Settings\mcpd\Favoritos\Sites da Microsoft na Web\Marketplace.url [133] O61 - LFC: 05/09/2013 - 16:22:21 ---A- . (...) -- C:\Documents and Settings\mcpd\Favoritos\Sites da Microsoft na Web\Microsoft Brasil.url [133] O61 - LFC: 05/09/2013 - 16:22:21 ---A- . (...) -- C:\Documents and Settings\mcpd\Favoritos\Sites da Microsoft na Web\Ofertas da Microsoft.url [133] O61 - LFC: 05/09/2013 - 16:22:21 ---A- . (...) -- C:\Documents and Settings\mcpd\Favoritos\Sites da Microsoft na Web\Site do IE na Microsoft.com.url [133] O61 - LFC: 05/09/2013 - 16:24:53 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Crash Reports\InstallTime20130814063812 [10] O61 - LFC: 05/09/2013 - 16:24:59 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\pluginreg.dat [5450] O61 - LFC: 05/09/2013 - 16:25:04 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\search.json [12144] O61 - LFC: 05/09/2013 - 16:27:54 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\formhistory.sqlite [196608] O61 - LFC: 05/09/2013 - 16:27:55 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\signons.sqlite [327680] O61 - LFC: 05/09/2013 - 16:28:38 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\mimeTypes.rdf [4437] O61 - LFC: 05/09/2013 - 16:28:39 ---A- . (...) -- C:\Documents and Settings\mcpd\Recent\Downloads.lnk [443] O61 - LFC: 05/09/2013 - 16:28:39 ---A- . (...) -- C:\Documents and Settings\mcpd\Recent\cintrep.zip.lnk [551] O61 - LFC: 05/09/2013 - 16:29:02 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\addons.sqlite [524288] O61 - LFC: 05/09/2013 - 16:29:49 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\bookmarkbackups\bookmarks-2013-09-05.json [3131] O61 - LFC: 05/09/2013 - 16:29:49 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\healthreport.sqlite [1146880] O61 - LFC: 05/09/2013 - 16:29:50 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\permissions.sqlite [65536] O61 - LFC: 05/09/2013 - 16:29:50 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\webappsstore.sqlite [98304] O61 - LFC: 05/09/2013 - 16:30:13 ---A- . (...) -- C:\Documents and Settings\mcpd\Configurações locais\Dados de aplicativos\Microsoft\Internet Explorer\brndlog.txt [113] O61 - LFC: 05/09/2013 - 16:31:07 ---A- . (...) -- C:\Documents and Settings\mcpd\Menu Iniciar\Programas\Acessórios\Sincronizar.lnk [603] O61 - LFC: 05/09/2013 - 16:31:12 ---A- . (...) -- C:\Documents and Settings\mcpd\SendTo\Destinatário de correio.MAPIMail [0] O61 - LFC: 05/09/2013 - 16:31:12 ---A- . (...) -- C:\Documents and Settings\mcpd\SendTo\Área de trabalho (criar atalho).DeskLink [0] O61 - LFC: 05/09/2013 - 16:40:05 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi [347613] O61 - LFC: 05/09/2013 - 16:40:06 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\extensions.sqlite [458752] O61 - LFC: 05/09/2013 - 16:40:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav-groups [79] O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\23eb34ea5fae7453144752bc6c470977 [4672] O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\55ddfb98db01fb57a64483d6f633fa8e [9321] O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\6134864eede6cc6010c985a1293277c9 [3148] O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\683c7fd46bc89a794ce8ea47ffcc244f [2948] O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\7a84e7dd5c1d40d22d660ba27f2191a6 [10323] O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\7b80dfd3d4b02930203168cf3c56b17f [3229] O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\88cdb13b534d11c653f2aa4521709841 [71086] O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\9c55ca060f2d6d7d1bc1b838d8d1f0ac [10299] O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\caa01505e77a859248f760f34da6f399 [6973] O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\cd7eeed074dc2702ceb363825aee24fa [6520] O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\ce9d24a9ccd920e7b3b00d822b5ab261 [28599] O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\dbbe4a83785e4d2c58a0647b0830c4b2 [3019] O61 - LFC: 05/09/2013 - 16:40:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\fav_thumbs\fc67dede6a4da0488b8a1e054fffd38e [8055] O61 - LFC: 05/09/2013 - 16:40:13 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\nspdl\favs##9e3f36431f5a37b5ac13b225b429e31d [1519] O61 - LFC: 05/09/2013 - 16:40:58 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\sessionstore.bak [3533] O61 - LFC: 05/09/2013 - 16:41:14 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\parent.lock [0] O61 - LFC: 05/09/2013 - 16:41:14 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\webapps\webapps.json [2] O61 - LFC: 05/09/2013 - 16:41:16 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\urlclassifierkey3.txt [154] O61 - LFC: 05/09/2013 - 16:42:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\_CACHE_CLEAN_ [1] O61 - LFC: 05/09/2013 - 16:42:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\startupCache\startupCache.4.little [82883] O61 - LFC: 05/09/2013 - 16:42:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\cert8.db [65536] O61 - LFC: 05/09/2013 - 16:42:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\cookies.sqlite [524288] O61 - LFC: 05/09/2013 - 16:42:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\downloads.sqlite [98304] O61 - LFC: 05/09/2013 - 16:42:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\key3.db [16384] O61 - LFC: 05/09/2013 - 16:42:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\localstore.rdf [1713] O61 - LFC: 05/09/2013 - 16:42:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\places.sqlite [10485760] O61 - LFC: 05/09/2013 - 16:42:08 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\sessionstore.js [1928] O61 - LFC: 05/09/2013 - 16:44:14 -SHA- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Microsoft\Credentials\S-1-5-21-436374069-651377827-725345543-1003\Credentials [324] O61 - LFC: 05/09/2013 - 16:45:35 ---A- . (...) -- C:\Documents and Settings\mcpd\Recent\AdwCleaner[S1].txt.lnk [420] O61 - LFC: 05/09/2013 - 16:50:12 ---A- . (...) -- C:\Documents and Settings\mcpd\Dados de aplicativos\Mozilla\Firefox\Profiles\bl7s8co8.default\prefs.js [0] O61 - LFC: 05/09/2013 - 16:50:23 ---A- . (...) -- C:\Documents and Settings\mcpd\Configurações locais\temp\JRT.txt [4928] O61 - LFC: 05/09/2013 - 16:50:23 ---A- . (...) -- C:\Documents and Settings\mcpd\Configurações locais\temp\jrt\temp\null.txt [0] O61 - LFC: 05/09/2013 - 16:51:15 -S-A- . (...) -- C:\Documents and Settings\mcpd\IETldCache\index.dat [262144] ~ 2 Fichiers cookies (Cookies files) ~ Files: 192 Legitimates Filtered in 00mn 05s ---\\ Ficheiros Alternate Data Stream (ADS) (O62) O62 - ADS:Alternate Data Stream File - C:\WINDOWS\system32\:48B4557B_Bb.gbp O62 - ADS:Alternate Data Stream File - C:\WINDOWS\system32\drivers\:GbpKmAp.lst O62 - ADS:Alternate Data Stream File - C:\WINDOWS\system32\Drivers\:GbpKmAp.lst ~ ADS: Scanned in 00mn 01s ---\\ Lista das ferramentas de remoção de vírus (LAT) (063) O63 - Logiciel: Ad-Remover par C_XX - (.C_XX.) [HKLM] -- Ad-Remover O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Lista dos serviços Legacy du registo (064) O64 - Services: CurCS - 22/01/2013 - C:\WINDOWS\system32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM O64 - Services: CurCS - 22/01/2013 - C:\Arquivos de programas\GbPlugin\gbpsv.exe (GbpSv) .(.GAS Tecnologia - G-Buster Browser Defense - Service.) - LEGACY_GBPSV ~ Legacy: 124 Legitimates Filtered in 00mn 01s ---\\ Associações Shell Spawning (O67) O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.) ~ FASS Keys: 19 Legitimates Filtered in 00mn 00s ---\\ Menu de inicialização Internet (068) O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84) [MD5.7FD2C9E9D2129369539C68B2E4D0CBF7] [SPRF][15/04/2013] (...) -- C:\Documents and Settings\mcpd\Desktop\adwcleaner.exe [541569] [MD5.C49D9245586816869F2D05037544D131] [SPRF][08/01/2013] (.No owner - AVAST Software Setup Engine.) -- C:\Documents and Settings\mcpd\Desktop\avast_free_antivirus_setup.exe [102315992] [MD5.DDAD2986E044778537F842899CEF3540] [SPRF][11/02/2009] (.No owner - GbpDist Module.) -- C:\WINDOWS\Downloaded Program Files\gbpdist.dll [97584] ~ Files: 7 Legitimates Filtered in 00mn 03s ---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS) [MD5.01C94347F411B11EA3343D73ED140EA8] [WIS][22/12/2011] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\4b53c3.msi [24064] =>Toolbar.Google ~ WIS: 31 Legitimates Filtered in 00mn 01s ---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados) SS - | Demand 04/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 00\00\0000 0 | (avast! Antivirus) . (...) - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SR - | Auto 22/01/2013 526888 | (GbpSv) . (.GAS Tecnologia.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe SS - | Auto 01/02/2011 136176 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe SS - | Demand 01/02/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe SS - | Demand 15/08/2012 194032 | (gusvc) . (.Google.) - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Auto 25/08/2011 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Arquivos de programas\Java\jre6\bin\jqs.exe SS - | Demand 19/08/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand 28/11/2007 800040 | (NBService) . (.Nero AG.) - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe SS - | Demand 27/06/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe SS - | Auto 04/10/2007 155716 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe SR - | Auto 14/05/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ~ Services: Scanned in 00mn 01s ---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBR) (080) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by administrador at 05/09/2013 16:53:52 device: opened successfully user: MBR read successfully Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 1 nt!IofCallDriver[0x804E1311] >> \Device\Harddisk0\DR0[0x8A1DEAB8] kernel: MBR read successfully user & kernel MBR OK ~ MBR: 13 Legitimates Filtered in 00mn 02s ---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBRCheck) (080) Written by ad13, http://ad13.geekstog Run by administrador at 05/09/2013 16:53:54 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ---\\ Scâner Aditional (088) Database Version : v2.12869 - (29/08/2013) Clés trouvées (Keys found) : 4 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 4 [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}] =>Adware.CometSystems [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}] =>Adware.CometSystems [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A531D99C-5A22-449b-83DA-872725C6D0ED}] =>Adware.CometSystems [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A531D99C-5A22-449b-83DA-872725C6D0ED}] =>Adware.CometSystems [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^ C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google^ C:\WINDOWS\Prefetch\FUNMOODSSRV.EXE-3745A67B.pf =>PUP.Funmoods^ C:\WINDOWS\Prefetch\DEALPLYUPDATEVER.EXE-0A702203.pf =>PUP.DealPly^ C:\Windows\Installer\4b53c3.msi =>Toolbar.Google^ ~ Additionnel Scan: 160943 Items scanned in 00mn 15s ---\\ Sumário das deteções encontradas na sua estação ~ http://nicolascoolman.webs.com32384220-toolbar-google =>Toolbar.Google ~ http://nicolascoolman.webs.com28060597-pup-dealply =>PUP.DealPly ~ http://nicolascoolman.webs.com27630986-pup-funmoods =>PUP.Funmoods ~ http://nicolascoolman.webs.com26664342-adware-comet =>Adware.Comet ~ MSI: 4 link(s) detected in 00mn 15s ~ 1069 Legitimates filtered by white list End of the scan (623 lines in 02mn 34s)(0)