Logo Hardware.com.br
Monica Gurzoni
Monica Gurzo... Membro Senior Registrado
299 Mensagens 15 Curtidas

[Resolvido] Sequestrador de navegação. Vírus?

#1 Por Monica Gurzo... 16/06/2014 - 10:01
Olá!
Meu navegador habitual é o Chrome e o IE uso eventualmente.

De repente, há dois dias, abri o Chrome e apareceu a página "istart.webssearches.com" e minhas páginas de inicialização desapareceram. No IE a mesma coisa.espantado.png:

Pesquisei esse site e vi que é um "sequestrador de navegadores". Uns dizem que é vírus, outros dizem que não. A princípio, parece que nada foi afetado no meu computador, apenas as páginas de inicialização.

Fui no Painel de Controle... Lá estava ele. Desinstalei.

Usei SpyHunter e este detectou e removeu umas 500 infecções vindas desse site.

No Chromer consegui configurar as páginas de inicialização e tudo voltou ao normal.

No IE já fiz de tudo e não consigo tirar esse site. Atualizei o IE, fui em extensões e complementos, confugurações avançadas, tudo... e essa coisa não desaparece raivoso.png

Quase nunca acesso o IE, mas não quero esse site lá.

Como arranco ele? Se necessário, eis o Log HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:51:24, on 16/06/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\BatteryManagerService\BatteryManagerService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Online Games Manager\ogmservice.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Technology Pack\Amazing Audio\AudioPower.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Technology Pack\Battery Manager\BatteryPower.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Monica\Downloads\Hijackthis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.br/webhp?gfe_rd=cr&ei=feCeU_XdHMGi8weuu4DACQ&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files\GbPlugin\gbiehuni.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AudioPower] C:\Program Files\Technology Pack\Amazing Audio\AudioPower.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.itau.com.br
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: GbPluginUni - C:\Program Files\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Battery Manager Service (BatteryManagerSrv) - Positivo Informática S.A - C:\Program Files\BatteryManagerService\BatteryManagerService.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Online Games Manager (ogmservice) - RealNetworks, Inc. - C:\Program Files\Online Games Manager\ogmservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe

--
End of file - 10459 bytes
repente paginas virus ie navegacao eventualmente chrome sequestrador habitual
Responder
Monica Gurzoni
Monica Gurzo... Membro Senior Registrado
299 Mensagens 15 Curtidas
#16 Por Monica Gurzo...
20/06/2014 - 18:03
############################## | UsbFix V 7.171 | [Limpar]

Usuário: Monica (Administrador) # MONICA-PC
Atualizado em 09/06/2014 por El Desaparecido - SosVirus
Começou em 17:55:54 | 20/06/2014

Site : http://www.pt.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Asistencia : http://pt.kioskea.net/forum/seguranca-virus-7
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contato : http://www.pt.usbfix.net/contato/

PC: POSITIVO (P14)
CPU: Intel(R) Atom(TM) CPU D425 @ 1.80GHz
RAM -> [Total : 2038 Mo| Free : 1208 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Starter (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.17126
WB: Google Chrome : 35.0.1916.153

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender [Enabled | Updated]
AS: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall [Enabled]
AS: Malwarebytes' Anti-Malware : 1.51.1118

C:\ (%SystemDrive%) -> Disco fixo # 288 Gb (228 Mb livre - 79%) [] # NTFS
D:\ -> CD-ROM

################## | Processos parados |

C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (ID: 796|ParentID: 548|SISTEMA)
C:\PROGRA~1\GbPlugin\gbpsv.exe (ID: 816|ParentID: 548|SISTEMA)
C:\Program Files\IDT\WDM\stacsv.exe (ID: 1252|ParentID: 548|SISTEMA)
C:\Windows\System32\spoolsv.exe (ID: 1756|ParentID: 548|SISTEMA)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1872|ParentID: 548|SISTEMA)
C:\Program Files\BatteryManagerService\BatteryManagerService.exe (ID: 1904|ParentID: 548|SISTEMA)
C:\Program Files\Microsoft\BingBar\SeaPort.EXE (ID: 1936|ParentID: 548|SISTEMA)
C:\Program Files\Canon\IJPLM\ijplmsvc.exe (ID: 2004|ParentID: 548|SISTEMA)
C:\Program Files\Online Games Manager\ogmservice.exe (ID: 2044|ParentID: 548|SISTEMA)
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (ID: 1664|ParentID: 548|SISTEMA)
C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (ID: 2092|ParentID: 548|SISTEMA)
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (ID: 2148|ParentID: 548|SISTEMA)
C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (ID: 2268|ParentID: 2092|SISTEMA)
C:\Windows\System32\taskhost.exe (ID: 2516|ParentID: 548|Monica)
C:\Windows\explorer.exe (ID: 2624|ParentID: 2592|Monica)
C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (ID: 2720|ParentID: 548|SISTEMA)
C:\Program Files\IDT\WDM\sttray.exe (ID: 3012|ParentID: 2624|Monica)
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ID: 3024|ParentID: 2624|Monica)
C:\Windows\System32\igfxtray.exe (ID: 3036|ParentID: 2624|Monica)
C:\Windows\System32\hkcmd.exe (ID: 3084|ParentID: 2624|Monica)
C:\Windows\System32\igfxpers.exe (ID: 3104|ParentID: 2624|Monica)
C:\Program Files\Technology Pack\Amazing Audio\AudioPower.exe (ID: 3736|ParentID: 2624|Monica)
C:\Windows\System32\igfxsrvc.exe (ID: 3744|ParentID: 720|Monica)
C:\Program Files\Technology Pack\Battery Manager\BatteryPower.exe (ID: 3752|ParentID: 1904|SISTEMA)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 2140|ParentID: 2624|Monica)
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (ID: 2660|ParentID: 2624|Monica)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID: 2960|ParentID: 2140|Monica)
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (ID: 2732|ParentID: 2624|Monica)
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (ID: 2948|ParentID: 2624|Monica)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (ID: 3056|ParentID: 2624|Monica)
C:\Program Files\Skype\Phone\Skype.exe (ID: 3620|ParentID: 2624|Monica)
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (ID: 3320|ParentID: 2624|Monica)
C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (ID: 5028|ParentID: 548|SERVIÇO LOCAL)
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID: 4308|ParentID: 548|SISTEMA)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 4812|ParentID: 548|SERVIÇO DE REDE)
C:\Windows\System32\SearchIndexer.exe (ID: 1476|ParentID: 548|SISTEMA)
C:\Windows\System32\wuauclt.exe (ID: 7680|ParentID: 1208|Monica)
C:\Windows\System32\taskhost.exe (ID: 1196|ParentID: 548|Monica)
C:\Windows\System32\SearchProtocolHost.exe (ID: 3432|ParentID: 1476|SISTEMA)
C:\Windows\System32\SearchFilterHost.exe (ID: 6928|ParentID: 1476|SISTEMA)

################## | Autorun |


################## | Procura genérica |


(!) Ficheiros temporários suprimido.

################## | Registro |

Supprimido ! HKU\S-1-5-21-1748585246-2572997590-2566434535-1000\Software\.\.\.\.\Mountpoints2\E
Supprimido ! HKU\S-1-5-21-1748585246-2572997590-2566434535-1000\Software\.\.\.\.\Mountpoints2\H
Supprimido ! HKU\S-1-5-21-1748585246-2572997590-2566434535-1000\Software\.\.\.\.\Mountpoints2\{eaeec304-a907-11e3-bd0a-9c42e0ac91ab}

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKLM\..\Run : [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
04 - HKLM\..\Run : [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM\..\Run : [AudioPower] C:\Program Files\Technology Pack\Amazing Audio\AudioPower.exe
04 - HKLM\..\Run : [StartUpManagerPositivo] C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe
04 - HKLM\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
04 - HKLM\..\Run : [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1748585246-2572997590-2566434535-1000\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | C:\ %SystemDrive% - Disco fixo (NTFS) |

[07/11/2007 - 08:00:40 | N | 17 Ko] - C:\eula.2052.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - C:\eula.3082.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - C:\eula.1028.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - C:\eula.1042.txt
[07/11/2007 - 08:00:40 | N | 0 Ko] - C:\eula.1041.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - C:\eula.1040.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - C:\eula.1036.txt
[07/11/2007 - 08:00:40 | N | 10 Ko] - C:\eula.1033.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - C:\eula.1031.txt
[25/11/2013 - 16:17:50 | N | 1 Ko] - C:\DelFix.txt
[16/06/2014 - 17:17:18 | N | 0 Ko] - C:\runcheck.txt
[10/06/2009 - 18:42:20 | N | 0 Ko] - C:\config.sys
[12/07/2013 - 10:37:03 | RASH | 0 Ko] - C:\MSDOS.SYS
[12/07/2013 - 10:37:03 | RASH | 0 Ko] - C:\IO.SYS
[20/06/2014 - 09:05:51 | ASH | 1565412 Ko] - C:\hiberfil.sys
[20/06/2014 - 09:05:54 | ASH | 2087220 Ko] - C:\pagefile.sys
[07/11/2007 - 08:12:28 | N | 228 Ko] - C:\VC_RED.MSI
[18/06/2014 - 18:37:05 | D] - C:\Config.Msi
[18/10/2013 - 15:01:12 | N | 8 Ko] - C:\shldr.mbr
[27/05/2011 - 12:46:30 | N | 0 Ko] - C:\Audio.log
[27/05/2011 - 12:46:53 | N | 0 Ko] - C:\CR.log
[27/05/2011 - 12:47:27 | N | 366 Ko] - C:\chipset.log
[27/05/2011 - 12:47:35 | N | 0 Ko] - C:\LAN.log
[27/05/2011 - 12:49:38 | D] - C:\iaa.log
[27/05/2011 - 12:50:37 | N | 24 Ko] - C:\video.log
[27/05/2011 - 12:51:17 | N | 0 Ko] - C:\WLAN.log
[27/05/2011 - 12:51:44 | N | 0 Ko] - C:\WLAN2.log
[13/06/2014 - 16:51:06 | N | 91 Ko] - C:\spyhunter.log
[13/06/2014 - 19:52:17 | N | 20 Ko] - C:\sh4_service.log
[16/06/2014 - 17:19:28 | N | 17 Ko] - C:\zoek-results.log
[07/11/2007 - 08:00:40 | N | 1 Ko] - C:\globdata.ini
[07/11/2007 - 08:00:40 | N | 1 Ko] - C:\install.ini
[07/11/2007 - 08:03:18 | N | 550 Ko | SHA1: FB517ABB38E9CCC67DE411D4F18A9446C11C0923] - C:\install.exe
[07/11/2007 - 08:03:18 | N | 93 Ko | SHA1: 3B01AA2CE407D89AE218A4CD81D21E3F25077B5B] - C:\install.res.1040.dll
[07/11/2007 - 08:03:18 | N | 80 Ko | SHA1: CC9D7D205F965659429B95DD2F317D9D4DE8820B] - C:\install.res.1041.dll
[07/11/2007 - 08:03:18 | N | 78 Ko | SHA1: E263B6FB41E2984CDF8D23A25EF1C536F32C4EC3] - C:\install.res.1042.dll
[07/11/2007 - 08:03:18 | N | 74 Ko | SHA1: 24A1F8FF465746148BB82364713FB75297BC9656] - C:\install.res.2052.dll
[07/11/2007 - 08:03:18 | N | 94 Ko | SHA1: 9C57F09A4613B8F44C730511D3CCA9121780B630] - C:\install.res.3082.dll
[07/11/2007 - 08:03:18 | N | 95 Ko | SHA1: 0616CDE3285284430679368575A5A4ED3672722D] - C:\install.res.1036.dll
[07/11/2007 - 08:03:18 | N | 94 Ko | SHA1: 9723B8595A326B38ECB31F64B3A67C1ED339BB60] - C:\install.res.1031.dll
[07/11/2007 - 08:03:18 | N | 75 Ko | SHA1: 549AB876AC211651E77A458FC72859B6B1C304CB] - C:\install.res.1028.dll
[07/11/2007 - 08:03:18 | N | 89 Ko | SHA1: 9EC25485A7FF52D1211A28CCA095950901669B34] - C:\install.res.1033.dll
[07/11/2007 - 08:09:22 | N | 1409 Ko] - C:\VC_RED.cab
[07/11/2007 - 08:00:40 | N | 6 Ko] - C:\vcredist.bmp
[16/06/2014 - 17:19:36 | SHD] - C:\$RECYCLE.BIN
[10/06/2009 - 18:42:20 | A | 0 Ko] - C:\autoexec.bat
[13/07/2009 - 23:37:05 | D] - C:\PerfLogs
[14/07/2009 - 01:53:55 | SHD] - C:\Documents and Settings
[27/07/2011 - 21:14:54 | D] - C:\Arquivos de Programas
[24/08/2011 - 14:00:34 | D] - C:\5180b5154dac7caf526e
[12/12/2011 - 18:38:22 | D] - C:\BigFishGamesCache
[16/11/2012 - 15:29:31 | D] - C:\c51f322598e4b79aa29bdd941aaf
[11/04/2013 - 10:12:00 | D] - C:\cc93ffc4d4c16178ad9955b981
[18/10/2013 - 15:01:12 | N | 279 Ko] - C:\shldr
[03/03/2014 - 14:56:34 | D] - C:\sh4ldr
[20/04/2014 - 16:58:11 | D] - C:\Zylom Games
[16/06/2014 - 12:42:10 | D] - C:\AdwCleaner
[16/06/2014 - 16:59:43 | D] - C:\Users
[16/06/2014 - 17:04:01 | D] - C:\zoek_backup
[16/06/2014 - 17:18:37 | D] - C:\Windows
[20/06/2014 - 17:49:21 | SHD] - C:\System Volume Information
[20/06/2014 - 17:49:30 | D] - C:\Program Files
[20/06/2014 - 17:49:33 | HD] - C:\ProgramData
[20/06/2014 - 17:54:06 | D] - C:\UsbFix

################## | Vaccin |


################## | E.O.F | http://www.sosvirus.net/ | http://www.pt.usbfix.net/ |


_________________________________________________

https://www.virustotal.com/pt/url/ef75e12e8cf006c713b9e46233cce02563da2be6192b00217b78f353ff90fb84/analysis/1403296276/

https://www.virustotal.com/pt/url/8b0d0629ef31dc902aa84e4fea975bab6822dbfd20470ac7b6172247092675cd/analysis/1403296401/


________________________________________________

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Monica at 20/06/2014 17:49:44
High Elevated Privileges : OK
Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 09s)
Reparação de atalhos do navegador

========== Estado dos serviços ==========
360HOOKOEM Parado
360REGOEM Parado
360SPOEM Parado
BHBASE Parado

========== Chaves do Registo ==========
ELIMINÉ Driver Key: 360RegOem
ELIMINÉ Driver Key: 360SpOEM
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKLM\Software\360Safe
ELIMINÉ: HKLM\Software\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\Mediaa_Play_AIR_1.4
ELIMINÉ CLSID MPSK: {393979e6-b913-11e0-8f74-dae171c615b0}
ELIMINÉ CLSID MPSK: {393979f5-b913-11e0-8f74-dae171c615b0}
ELIMINÉ CLSID MPSK: {ea87a2fc-c489-11e0-be79-80ee73173730}
ELIMINÉ: SearchScopes :{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\facetheme-apl-17-NOV_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\facetheme-apl-17-NOV_RASMANCS

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
ELIMINÉ: C:\Users\Monica\AppData\Local\{B0BAAAA8-0659-4E7D-9F3C-65B5036BA833}

========== Ficheiros ==========
ELIMINÉ: c:\windows\system32\drivers\360hookoem.sys
ELIMINÉ: c:\windows\system32\drivers\360regoem.sys
ELIMINÉ: c:\windows\system32\drivers\360spoem.sys
ELIMINÉ: c:\windows\system32\drivers\bhbase.sys
ELIMINÉ Temporários windows (127) (2.307.263 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
12 : Chaves do Registo
7 : Valores do Registo
1 : Pastas
6 : Ficheiros
4 : Estado dos serviços
1 : Restauração Sistema


End of clean in 01mn 31s

========== Caminho do ficheiro do relatório ==========
C:\Users\Monica\AppData\Roaming\ZHP\ZHPFix[R1].txt - 20/06/2014 17:49:54 [2145]
arkGreen">arkOrange">

Sir Kadosh
Sir Kadosh Zerinho Registrado
48 Mensagens 5 Curtidas
#17 Por Sir Kadosh
20/06/2014 - 18:04
@Monica Gurzoni,

Monica Gurzoni disse:

A página em dl.sinoadv.com diz:

Atenção!
Sua versão do Java está Desatualizada. Há Riscos de Segurança.
Por favor Atualize Agora

Clico em fechar, vai para outra página e faz o download do Java. E o Avast bloqueia dizendo que é uma ameaça, movendo para quarentena.

Não consigo sair da pagina, do site, nada... Fechei o navegador e voltei pra cá...


Isso faz parte do sequestrador. Ele redireciona para essa pagina falsa do java para instalar softwares maliciosos.

Clique "Início" ("Logo Windows" no canto inferior esquerdo do seu ambiente de trabalho), escolha o "Painel de Controle".

Na janela de programas de desinstalação: procure por "WPM17.8.0.3442" e "desinstalador webssearches", selecione estas entradas e clique em "Desinstalar" ou "Remover".

Após a desinstalação dos programas potencialmente indesejados que causam o redirecionamento do navegador indesejado para istart.webssearches.com, faça uma verificação ao seu computador por componentes indesejados restantes. Para fazer uma verificação ao seu computador, use o software de remoção deste malware recomendado.

Por fim, verifique o seu DNS (protocolo TCP/IP do sistema e roteador), caso não tenha redirecionamentos também.

Inicie o sistema imediatamente e veja como fica.

[]'s
Monica Gurzoni
Monica Gurzo... Membro Senior Registrado
299 Mensagens 15 Curtidas
#19 Por Monica Gurzo...
20/06/2014 - 18:21
Quanto a sugestão do Sir Kadosh, não consta nenhum "WPM17.8.0.3442" e "desinstalador webssearches", em Programas no Painel de Controle.


~ Relatório do ZHPDiag v2014.6.19.94 - Nicolas Coolman (19/06/2014)
~ Iniciado por Monica (20/06/2014 18:13:23)
~ Endereço do Website : http://nicolascoolman.fr
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17126
GCIE: Google Chrome v35.0.1916.153 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Starter, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2013
Malwarebytes' Anti-Malware versão 1.51.2.1300
McAfee Security Scan Plus v3.8.130.10
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v3.25

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (59% free)
System Restore: Activé (Enable)
System drive C: has 228 GB (79%) free of 288 GB

---\\ Modo de conexão ao sistema
~ Computer Name: MONICA-PC
~ User Name: Monica
~ All Users Names: Monica, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Monica\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Monica\AppData\Roaming\
~ %Desktop% : C:\Users\Monica\Desktop\
~ %Favorites% : C:\Users\Monica\Favorites\
~ %LocalAppData% : C:\Users\Monica\AppData\Local\
~ %StartMenu% : C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 228 Go of 288 Go)
D: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.771CDBC3D62437D6DB070820BB1EDCCF] - (.Microsoft Corporation - Internet Extensions para Win32.) (.30/05/2014 - 04:21:10.) -- C:\Windows\System32\wininet.dll [1790976]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 18:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.22/04/2014 - 14:14:49.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 18:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/850
~ Mes musiques (My Musics) : 9/184
~ Mes Videos (My Videos) : 1/797
~ Mes Favoris (My Favorites) : 1/13
~ Mes Documents (My Documents) : 2/11067
~ Mon Bureau (My Desktop) : 2/71
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 32s



---\\ Processos lançados
[MD5.CC42F104172B4A62793083D380867317] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1640]
[MD5.FA18468460906465C6A181904F5B706B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3774312] [PID.3152]
[MD5.29D34D2A92E1A729EFBCF90911A4C889] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe [529224] [PID.4948]
[MD5.E56F39F6B7FDA0AC77A79B0FD3DE1A2F] - (.Microsoft Corporation - PresentationFontCache.exe.) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [42856] [PID.6596]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.7240]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.832]
[MD5.6101A08505E45E1230A67FB8E32A707F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8070656] [PID.2500]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.2732]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 13s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Monica\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Monica\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 10 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 0



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehuni.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AudioPower] . (.Positivo Informática S.A. - AudioPower.) -- C:\Program Files\Technology Pack\Amazing Audio\AudioPower.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] . (...) -- C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
O4 - HKLM\..\Run: [CanonSolutionMenuEx] . (.CANON INC. - Canon Solution Menu EX.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1748585246-2572997590-2566434535-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CCB4FDD-086A-4EAE-86AF-41E4889B7DE9}: DhcpNameServer = 201.6.2.143 201.6.2.23
O17 - HKLM\System\CS1\Services\Tcpip\..\{9CCB4FDD-086A-4EAE-86AF-41E4889B7DE9}: DhcpNameServer = 201.6.2.143 201.6.2.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.2.143 201.6.2.23
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: GbPluginUni . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehUni.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
~ Services: 11 Legitimates Filtered in 00mn 15s



---\\ Tarefas planificadas automaticamente (039)
[MD5.EA65218D0A76F5CF71C039E520557B98] [APT] [{C8A0C1C5-C138-45D9-BA81-8F64E1818A54}] (...) -- C:\Program Files\Zylom Games\UninstallPlugin.exe [510488]
[MD5.DFC8CD930EAA92BF3B30833D620EB013] [APT] [{D2D19287-70D1-461B-B807-D86903DCA227}] (.Studio V5.) -- C:\Users\Monica\Downloads\uk-logomaker-2-web-full.exe [74789265]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 14s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
O41 - Driver: (360RegOem) . (. - .) - C:\Windows\system32\drivers\360RegOem.sys (.not file.)
O41 - Driver: (360SpOEM) . (. - .) - C:\Windows\System32\drivers\360SpOEM.sys (.not file.)
~ Drivers: 74 Legitimates Filtered in 00mn 05s



---\\ Software instalados (042)
O42 - Logiciel: Claro 3G - (...) [HKLM] -- {93D34EE3-99B3-4DB1-8B0A-0A657466F90D}
O42 - Logiciel: Driver 1.2 - (.OEM.) [HKLM] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: IPM 1.5 - (.OEM.) [HKLM] -- {AADF4228-0772-4D43-92EB-B245E3A17B00}
O42 - Logiciel: OSD 1.7 - (.OEM.) [HKLM] -- {5A9C96FE-1376-45E1-8556-C81255F0B5A7}
O42 - Logiciel: Sicalc Auto Atendimento - (.Receita Federal do Brasil.) [HKLM] -- Sicalc Auto Atendimento
~ Logic: 46 Legitimates Filtered in 00mn 04s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\GbAs]
[HKCU\Software\Projects]
[HKCU\Software\SERPRO]
[HKCU\Software\SHUTTLE]
[HKCU\Software\SoilAP]
[HKCU\Software\SunFlowerOSD]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Claro 3G]
[HKLM\Software\Programas RFB]
[HKLM\Software\SoilIO]
~ Key Software: 240 Legitimates Filtered in 00mn 04s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 27/05/2011 - 12:58:55 - [] ----D C:\Program Files\BatteryManagerService
O43 - CFD: 15/07/2012 - 13:34:59 - [] ----D C:\Program Files\Claro 3G
O43 - CFD: 29/05/2012 - 06:43:11 - [] ----D C:\Program Files\Programas RFB
O43 - CFD: 27/05/2011 - 13:20:37 - [] ----D C:\Program Files\Technology Pack
O43 - CFD: 28/07/2011 - 10:05:28 - [] ----D C:\Program Files\VIVO INTERNET
O43 - CFD: 27/05/2011 - 12:57:01 - [] ----D C:\ProgramData\Audio Power
O43 - CFD: 28/07/2011 - 11:05:59 - [0] ----D C:\Users\Monica\AppData\Roaming\File Safe
O43 - CFD: 14/12/2012 - 18:07:10 - [] ----D C:\Users\Monica\AppData\Roaming\{90140011-0066-0416-0000-0000000FF1CE}
O43 - CFD: 29/05/2012 - 06:43:12 - [] ----D C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB
O43 - CFD: 01/04/2014 - 10:34:56 - [] ----D C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
O43 - CFD: 03/03/2014 - 14:56:37 - [] ----D C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter
~ Program Folder: 199 Legitimates Filtered in 00mn 04s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.84847DBC5974505D0C9801C9187C7DF3] - 13/06/2014 - 16:51:06 ----- . (...) -- C:\spyhunter.log [93370] =>Crapware.SpyHunter
O44 - LFC:[MD5.6080A4C0378EF26953A6E9F4BA5B8DC2] - 13/06/2014 - 19:52:17 ----- . (...) -- C:\sh4_service.log [20680]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 16/06/2014 - 12:40:11 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 16/06/2014 - 16:11:54 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.D0936C38993BE5DAD8C0CFAD1B77F0E6] - 16/06/2014 - 17:17:18 ----- . (...) -- C:\runcheck.txt [33]
O44 - LFC:[MD5.00729632EB5D640BBE0B10CAE1E02057] - 16/06/2014 - 17:19:28 ----- . (...) -- C:\zoek-results.log [17100]
O44 - LFC:[MD5.377917CEB9BC688F686E4D560833BCE5] - 20/06/2014 - 14:42:07 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [146560]
O44 - LFC:[MD5.30CF72644ED9EEDCFA7C8959655BB802] - 20/06/2014 - 14:42:07 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [704032]
~ Files: 53 Legitimates Filtered in 00mn 10s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehuni.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:19/06/2013 - 19:51:44 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [152880]
O58 - SDL:03/03/2014 - 14:36:35 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:03/03/2014 - 14:36:36 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180248] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:22/06/2012 - 11:01:32 ---A- . (...) -- C:\Windows\System32\Drivers\EsgScanner.sys [19984]
O58 - SDL:09/08/2007 - 04:06:40 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [23424]
O58 - SDL:05/05/2014 - 09:42:00 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [46392]
O58 - SDL:27/03/2014 - 17:58:23 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\gbpndisrd.sys [31088]
O58 - SDL:01/03/2014 - 14:49:38 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:12/01/2011 - 15:43:56 ---A- . (...) -- C:\Windows\System32\Drivers\pad.sys [54544]
O58 - SDL:04/12/2009 - 16:43:46 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [16248]
O58 - SDL:04/12/2009 - 16:44:18 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\Soilkbc.sys [10744]
O58 - SDL:04/12/2009 - 16:44:36 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [10616]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:17/06/2010 - 10:10:14 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt.sys [431616]
O58 - SDL:07/01/2008 - 23:37:34 ---A- . (.Windows (R) Codename Longhorn DDK provider - ZTUB10 Driver.) -- C:\Windows\System32\Drivers\ZTUB10.sys [39168]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:22/06/2012 - 11:01:32 ---A- . (...) -- C:\Windows\System32\ESGScanner.sys [19984]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 95 Legitimates Filtered in 00mn 08s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: UsbFix - (.El Desaparecido - www.usbfix.net - www.sosvirus.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 09/05/1744 - C:\Windows\System32\drivers\360HookOEM.sys (360HookOem) .(...) - LEGACY_360HOOKOEM
O64 - Services: CurCS - 09/05/1744 - C:\Windows\System32\drivers\Bhbase.sys (Bhbase) .(...) - LEGACY_BHBASE
O64 - Services: CurCS - 05/05/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 102 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {9B6DF44E-3601-45A4-8772-7E073E5A5B7D} - ((www.google.com) Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.600160D3C850B1ECDBE889777828B031] [SPRF][01/03/2014] (...) -- C:\Users\Monica\AppData\Roaming\unins000.dat [17763]
[MD5.9F7E1E1CF0F678A6B457C165E1D7D620] [SPRF][23/04/2014] (...) -- C:\Users\Monica\AppData\Roaming\unins001.dat [16762]
[MD5.42F24559E8C472F6FF745BB7C5465FB2] [SPRF][16/06/2014] (...) -- C:\Users\Monica\Desktop\AdwCleaner.exe [1333465]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][16/06/2014] (...) -- C:\Users\Monica\Desktop\zoek.exe [1285120]
~ Files: 7 Legitimates Filtered in 00mn 01s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "2D2F0D61C2425884EB1FB461551C14EA" . (.Bing Bar.) -- C:\Windows\Installer\{16D0F2D2-242C-4885-BEF1-4B1655C141AE}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 1 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.37E4DD1982398ABBD8CC9F46CD61F0C6] [WIS][07/07/2011] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\fc6a.msi [4745728] =>Toolbar.Bing
~ WIS: 1 Legitimates Filtered in 00mn 02s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Microsoft\Tracing\FreeVideoPerformer_RASAPI32 =>PUP.VideoPerformer
HKLM\SOFTWARE\Microsoft\Tracing\FreeVideoPerformer_RASMANCS =>PUP.VideoPerformer
~ BTK: 274 Legitimates Filtered in 00mn 01s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing
~ BCK: 5463 Legitimates Filtered in 00mn 35s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 14/09/2010 41472 | (BatteryManagerSrv) . (.Positivo Informática S.A.) - C:\Program Files\BatteryManagerService\BatteryManagerService.exe
SS - | Demand 07/07/2011 195336 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\BBSvc.exe =>Toolbar.Bing
SS - | Auto 15/06/2011 249648 | (BBUpdate) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\BingBar\SeaPort.exe =>Toolbar.Bing
SS - | Auto 25/08/2011 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 25/08/2011 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 03/03/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SS - | Auto 05/04/2010 116104 | (IJPLMSVC) . (...) - C:\Program Files\Canon\IJPLM\IJPLMSVC.exe
SS - | Auto 27/03/2014 581568 | (ogmservice) . (.RealNetworks, Inc..) - C:\Program Files\Online Games Manager\ogmservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 09/01/2014 770432 | (SpyHunter 4 Service) . (.Enigma Software Group USA, LLC..) - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe =>Crapware.SpyHunter
SS - | Auto 17/06/2010 237650 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV.exe
SR - | Auto 03/03/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Disabled 10/07/1658 0 | (avast! Firewall) . (...) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 09/05/2014 529224 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 37s



---\\ Scâner Aditional (088)
Database Version : 13026 - (19/06/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 2

[HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service] =>Crapware.SpyHunter
[HKLM\Software\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter^
C:\Windows\Installer\fc6a.msi =>Toolbar.Bing^
[HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing^
~ Additionnel Scan: 220043 Items scanned in 01mn 26s



---\\ Informações complémentaires do módulos
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Gestão do Proxy (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects do navegador (02)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Barras do Internet Explorer (03))
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
http://nicolascoolman.fr/crapware-spyhunter =>Crapware.SpyHunter
http://nicolascoolman.fr/pup-videoperformer =>PUP.VideoPerformer
~ MSI: 2 link(s) detected in 00mn 00s



~ 833 Legitimates filtered by white list
End of the scan (519 lines in 04mn 49s)(0)
arkGreen">arkOrange">

TmfeijoMMonroe
TmfeijoMMonr... Cyber Highlander Registrado
13.7K Mensagens 4.2K Curtidas
#20 Por TmfeijoMMonr...
20/06/2014 - 18:23
Bom final de tarde ! Prezados

Pela igualdade do caso; tive que postar .

Sir Kadosh

Exato aconteceu aqui comigo; agora à pouco :


https://www.hardware.com.br/comunidade/adwares-ganchos/1344634/#post6903142

http://s1062.photobucket.com/user/Edson_Melo/media/ScreenShot06-20-14at0550PM.png.html?sort=3&o=1

https://www.hardware.com.br/comunidade/trojan-pensamos/1344279/


Abraços
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#21 Por Power Max
20/06/2014 - 18:28
veja.png Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

veja.png Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Monica Gurzoni
Monica Gurzo... Membro Senior Registrado
299 Mensagens 15 Curtidas
#22 Por Monica Gurzo...
20/06/2014 - 18:37
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Monica at 20/06/2014 18:37:38
High Elevated Privileges : OK
Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 14s)
Reparação de atalhos do navegador

========== Estado dos serviços ==========
360HOOKOEM Parado
BHBASE Parado

========== Chaves do Registo ==========
ELIMINÉ Driver Key: 360RegOem
ELIMINÉ Driver Key: 360SpOEM

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (1) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
2 : Chaves do Registo
1 : Pastas
2 : Ficheiros
2 : Estado dos serviços
1 : Restauração Sistema


End of clean in 00mn 49s

========== Caminho do ficheiro do relatório ==========
C:\Users\Monica\AppData\Roaming\ZHP\ZHPFix[R1].txt - 20/06/2014 17:49:54 [2226]
C:\Users\Monica\AppData\Roaming\ZHP\ZHPFix[R2].txt - 20/06/2014 18:37:52 [1082]
arkGreen">arkOrange">

Monica Gurzoni
Monica Gurzo... Membro Senior Registrado
299 Mensagens 15 Curtidas
#24 Por Monica Gurzo...
21/06/2014 - 09:31
Parece tudo bem, tudo normal.

Tenho algumas considerações e dúvidas.

Desinstalei o Mcafee.
O Spyhunter ainda não...

Quanto ao Spyhunter: é um programa pago... É inútil, mesmo...?

Pelo Ccleaner, desativei alguns programas que iniciavam. Apenas os que tenho certeza do que é...

Tenho 3 jogos do Zylon, mas não consigo abri-los. Dá erro.

O Avast: é válido atualizar para o pago?

Aguardo novas instruções!!! Obrigada!
arkGreen">arkOrange">

Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#25 Por Power Max
21/06/2014 - 09:38
Quanto ao Spyhunter: é um programa pago... É inútil, mesmo...?

Você comprou a licença dele? Se comprou pode continuar com ele. Mas se não comprou é melhor desinstalar, porque na versão gratuita ele só mostra os problemas mas não remove.
__________________________________________________________

Tenho 3 jogos do Zylon, mas não consigo abri-los. Dá erro.

Talvez desinstalando e reinstalando dê certo.
___________________________________________________________

O Avast: é válido atualizar para o pago?

Pode ficar com o gratuito mesmo.
___________________________________________________________

isso_ai.png Fico feliz que o problema tenha sido resolvido.

veja.png Só para finalizar siga estes tutoriais abaixo, por gentileza:

Excluindo erros e otimizando seu PC com o CCleaner

Elimine arquivos inúteis de seu PC com o PureRa
_______________________________________________________________________________________________________________________

veja.png Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas deste tutorial.
_______________________________________________________________________________________________________________________

bom_trabalho.gif Foi um prazer ajudar. Conte sempre conosco!
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Responder Tópico
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal