[Resolvido] Remover Baidu

# AdwCleaner v4.103 - Relatório criado 02/12/2014 às 19:13:41

# Atualizado 01/12/2014 por Xplode

# Database : 2014-12-02.2 [Live]

# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)

# Usuário : User - USER-PC

# Executando de : C:\Users\User\Desktop\AdwCleaner.exe

# Opção : Limpar



***** [ Serviços ] *****



[#] Serviço Deletada : IePluginServices



***** [ Arquivos / Pastas ] *****



Pasta Deletada : C:\ProgramData\Ask

Pasta Deletada : C:\ProgramData\baidu

Pasta Deletada : C:\ProgramData\House Of Soft

Pasta Deletada : C:\ProgramData\IePluginServices

Pasta Deletada : C:\ProgramData\WindowsMangerProtect

Pasta Deletada : C:\ProgramData\WinterSoft

Pasta Deletada : C:\ProgramData\Download keeeeperu

Pasta Deletada : C:\ProgramData\Dowwnulload keeeper

Pasta Deletada : C:\ProgramData\grueatsavaeir

Pasta Deletada : C:\ProgramData\MinimumPraice

Pasta Deletada : C:\ProgramData\SaverExtteoNsion

Pasta Deletada : C:\ProgramData\TakETheCouupon

Pasta Deletada : C:\ProgramData\9d3b6f6508f4e524

Pasta Deletada : C:\Program Files\AutocompletePro

Pasta Deletada : C:\Program Files\ss helper

Pasta Deletada : C:\Program Files\Toolbar Cleaner

Pasta Deletada : C:\Program Files\SaverExtteoNsion

Pasta Deletada : C:\Users\User\AppData\Local\toolbarcleaner

Pasta Deletada : C:\Users\User\AppData\Roaming\baidu

Pasta Deletada : C:\Users\User\AppData\Roaming\Solvusoft

Pasta Deletada : C:\Users\User\AppData\Roaming\UpdaterEX

Pasta Deletada : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbar Cleaner

Arquivo Deletada : C:\Windows\system32\roboot.exe



***** [ Tarefas ] *****





***** [ Atalhos ] *****





***** [ Registro ] *****



Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices

Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect

Chave Deletedo : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command

Chave Deletedo : HKCU\Software\APN PIP

Chave Deletedo : HKCU\Software\AutocompletePro

Chave Deletedo : HKCU\Software\AutocompleteProBHO

Chave Deletedo : HKCU\Software\IGearSettings

Chave Deletedo : HKCU\Software\PIP

Chave Deletedo : HKCU\Software\Softonic

Chave Deletedo : HKCU\Software\UpdaterEX

Chave Deletedo : HKCU\Software\UpToDown

Chave Deletedo : HKLM\SOFTWARE\PIP

Chave Deletedo : HKLM\SOFTWARE\SP Global

Chave Deletedo : HKLM\SOFTWARE\SProtector

Chave Deletedo : HKLM\SOFTWARE\SupTab

Chave Deletedo : HKLM\SOFTWARE\supWindowsMangerProtect

Chave Deletedo : HKLM\SOFTWARE\supWPM

Chave Deletedo : HKLM\SOFTWARE\Toolbar Cleaner

Chave Deletedo : HKLM\SOFTWARE\webssearchesSoftware

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA41BB14-E67B-1653-C57B-5CA99418A866}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutocompletePro3_is1

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe



***** [ Navegadores ] *****



-\\ Internet Explorer v11.0.9600.17344



Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]



-\\ Google Chrome v36.0.1985.125





*************************



AdwCleaner[R0].txt - [5608 octets] - [02/12/2014 19:10:42]

AdwCleaner[S0].txt - [4890 octets] - [02/12/2014 19:13:41]



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4950 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.0 (11.29.2014:1)

OS: Windows 7 Professional x86

Ran by User on 02/12/2014 at 20:05:41,28

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~









~~~ Services







~~~ Registry Values







~~~ Registry Keys



Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}

Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}







~~~ Files







~~~ Folders



Successfully deleted: [Folder] C:\ProgramData\bblcfkkhpiklnmdpjpchaomopfplphhn

Successfully deleted: [Folder] "C:\ProgramData\baidu security"

Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\baidu security"

Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{738968A8-0CD5-4EAB-B348-2F0390A1323F}







~~~ Event Viewer Logs were cleared











~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 02/12/2014 at 20:06:42,33

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

• Baixe: <ZHPDiag ><> ( ...Nicolas Coolman)
  
• Salve-o no Disco local (C ou D).
  
• Desabilite seu antivírus, e execute ZHPDiag.exe para instalar.
  
  
  
• Execute o ícone do pergaminho!
  
  
  
• Clique na opção "COMPLETA" e aguarde a conclusão.
  
• Clique OK e,ao concluir, poste o relatório! ( ZHPDiag.txt )
  
• Obs: O relatório por ser extenso deve ser postado em um desses sites:
  
• Acesse: <>
  
• Ou anexe-o no fórum.
  

Scan Date: 02/12/2014

Scan Time: 21:08:10

Logfile: log mal.txt

Administrator: Yes



Version: 2.00.4.1028

Malware Database: v2014.12.02.10

Rootkit Database: v2014.12.02.02

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled



OS: Windows 7 Service Pack 1

CPU: x86

File System: NTFS

User: User



Scan Type: Custom Scan

Result: Completed

Objects Scanned: 500742

Time Elapsed: 1 hr, 6 min, 41 sec



Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled



Processes: 0

(No malicious items detected)



Modules: 0

(No malicious items detected)



Registry Keys: 3

PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\SearchSnacks, Quarantined, [868ce5797c00a690023f4208a75c7c84],

PUP.Optional.Complitly.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\defdhglnppeioeflggkmglipcecffkhk, Quarantined, [63af441a23597db9d4e3b10855af08f8],

PUP.Optional.SearchSnacks, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ssnfd, Quarantined, [eb2779e557250f27b8dc92c7db28b050],



Registry Values: 1

PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|[EMAIL]search-snacks@search-snacks.com[/EMAIL], C:\Program Files\Mozilla Firefox\extensions\[EMAIL]search-snacks@search-snacks.com[/EMAIL], Quarantined, [66ac93cb314b05315daa9fca10f30af6]



Registry Data: 0

(No malicious items detected)



Folders: 1

PUP.Optional.PlusHD.A, C:\Users\User\AppData\LocalLow\Plus-HD-4.1, Quarantined, [868c510d790355e1b16eaf6ae22109f7],



Files: 8

PUP.RiskwareTool.CK, C:\Users\User\Desktop\bkp alice\programas\Adobe CS6 Master Collection\Crack\Cracked amtlib.dll\32-bit\amtlib.dll, Quarantined, [769cf5696b1152e46fbcaabf81814fb1],

PUP.RiskwareTool.CK, C:\Users\User\Desktop\bkp alice\programas\Adobe CS6 Master Collection\Crack\Cracked amtlib.dll\64-bit\amtlib.dll, Quarantined, [31e14f0f5d1fe74fd656135609f9e41c],

PUP.Optional.ELEX, C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir, Quarantined, [2ae872ec9ce08aac8531deddbd44f40c],

PUP.RiskwareTool.CK, C:\Program Files\Adobe\Adobe Illustrator CS6\Support Files\Contents\Windows\amtlib.dll, Quarantined, [32e0adb1ec90a195e348e0891ee49967],

PUP.Optional.PlusHD.A, C:\Users\User\AppData\LocalLow\Plus-HD-4.1\DTFProxyToServerSect_bCrossriderApp0039200_p1280.dat, Quarantined, [868c510d790355e1b16eaf6ae22109f7],

PUP.Optional.PlusHD.A, C:\Users\User\AppData\LocalLow\Plus-HD-4.1\DTFProxyToServerSect_bCrossriderApp0039200_p1524.dat, Quarantined, [868c510d790355e1b16eaf6ae22109f7],

PUP.Optional.PlusHD.A, C:\Users\User\AppData\LocalLow\Plus-HD-4.1\DTFProxyToServerSect_bCrossriderApp0039200_p2368.dat, Quarantined, [868c510d790355e1b16eaf6ae22109f7],

PUP.Optional.PlusHD.A, C:\Users\User\AppData\LocalLow\Plus-HD-4.1\DTFProxyToServerSect_bCrossriderApp0039200_p5800.dat, Quarantined, [868c510d790355e1b16eaf6ae22109f7],



Physical Sectors: 0

(No malicious items detected)





(end)

Relatório do ZHPDiag v2014.11.30.168 - Nicolas Coolman  (30/11/2014)



~ Iniciado por User (03/12/2014 01:06:01)

~ Facebook : <a href="https://www.facebook.com/nicolascoolman1" target="_blank">https://www.facebook.com/nicolascoolman1</a>

~ Endereço do Webforum : <a href="http://forum.nicolascoolman.fr" target="_blank">http://forum.nicolascoolman.fr</a>

~ Tradução pelo utilizador

~ Estatuto da versão : Versão atualizada.

~  Lista Branca : Desativado pelo Utilizador

~ Elevação dos Privilégios : OK

~ Controle de Conta de Utilizador : Deactivate by user





---\\ Navegadores Internet

MSIE: Internet Explorer v11.0.9600.17358

GCIE: Google Chrome v36.0.1985.125



---\\ Informações sobre os produtos Windows

~ Langage: Portugais

Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)

Windows Server License Manager Script : OK

Software Protection Service (Protection logicielle) : OK

Windows Automatic Updates : OK

Windows Activation Technologies : OK



---\\ Softwares de proteçao do sistema

ClamWin Free Antivirus 0.97.4

Malwarebytes Anti-Malware versão 2.0.4.1028

Microsoft Security Client v4.6.0305.0

McAfee Security Scan Plus v3.8.150.1

Windows Defender W7 (Deactivate)



---\\ Softwares d'optimização do sistema

CCleaner v4.07



---\\ Softwares de partilha do PeerToPeer (P2P)



---\\ Monitoramento dos softwares

Adobe Flash Player 14 Plugin



---\\ Informações sobre o sistema

~ Processor: x86 Family 6 Model 42 Stepping 7, GenuineIntel

~ Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 3295 MB (81% free)

System Restore: Activé (Enable)

System drive C: has 262 GB (56%) free of 466 GB



---\\ Modo de conexão ao sistema

~ Computer Name: USER-PC

~ User Name: User

~ All Users Names: User, HomeGroupUser$, Convidado, Administrador,

~ Unselected Option: None

Logged in as Administrator



---\\ As variáveis de ambiente

~ System Unit : C:\

~ %AppZHP% : C:\Users\User\AppData\Roaming\ZHP\

~ %AppData% : C:\Users\User\AppData\Roaming\

~ %Desktop% : C:\Users\User\Desktop\

~ %Favorites% : C:\Users\User\Favorites\

~ %LocalAppData% : C:\Users\User\AppData\Local\

~ %StartMenu% : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\



---\\ Enumeração das unidades dos discos

C: Hard drive, Flash drive, Thumb drive (Free 262 Go of 466 Go)

D: CD-ROM drive (Not Inserted)







---\\ Estado do Centro de Segurança do Windows

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK

[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK

[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date

~ Security Center: 50 Scanned in 00mn 00s







---\\ Pesquisa particular de ficheiros genéricos

[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]

[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]

[MD5.7AE80F921027CF88CB9D0433088A3E55] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/09/2014 - 20:59:11.) -- C:\Windows\System32\wininet.dll [1810944]

[MD5.52449FD429D6053B78AE564DEF303870] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.16/07/2014 - 22:39:27.) -- C:\Windows\System32\Winlogon.exe [304128]

[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]

[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]

[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]

[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]

[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]

[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]

[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]

[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]

[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]

[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]

[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]

[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]

[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]

[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]

[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]

[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]

[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]

[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]

~ Generic Processes:  Scanned in 00mn 00s







---\\ Estatuto dos ficheiros ocultos (Oculto/Total)

~ Mes images (My Pictures) : 0/0

~ Mes musiques (My Musics) : 123/159

~ Mes Videos (My Videos) : 0/0

~ Mes Documents (My Documents) : 1/3

~ Mon Bureau (My Desktop) : 1/31040

~ Menu demarrer (Programs) : 1/35

~ Hidden Files:  Scanned in 00mn 42s







---\\ Processos lançados

[MD5.1841BE26ACDFEFF72BC5E7FB938D3612] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe   [546104] [PID.736]

[MD5.A4B109D057E15A438CE74E5B71187417] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe   [22192] [PID.932]

[MD5.543A4EF0923BF70D126625B034EF25AF] - (.Protexis Inc. - PsiService PsiService.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe   [189728] [PID.1668]

[MD5.CD9109534403399ACC7D2A079F9B5608] - (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) -- C:\Program Files\Diebold\Warsaw\core.exe   [518968] [PID.1780]

[MD5.BFC91929336304802B21DC380F178444] - (.Microsoft Corporation - IType.exe.) -- c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe   [1113296] [PID.2040]

[MD5.6E3C60AC09E03CAEF32AE3DEFD0CC410] - (.Microsoft Corporation - IPoint.exe.) -- c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe   [1693904] [PID.344]

[MD5.2E5212A0BFB98FE0167C92C76C87AFE3] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   [249064] [PID.2616]

[MD5.22884291BD017D70E047D50DAD3C4602] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe   [189912] [PID.2624]

[MD5.16AEDBEBD92D1ECBA79BCEB09ED90F32] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe   [815512] [PID.2944]

[MD5.D6E2ED7F1F7BE7CCB8676491BF950B57] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\User\AppData\Local\Akamai\netsession_win.exe   [4673432] [PID.2992]

[MD5.3D558E2572EDF52FAD098AF2534B4E20] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe   [279456] [PID.3012]

[MD5.072678E0D68E9C3A7960328671134C7B] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe   [54240] [PID.2736]

[MD5.358A9CCA612C68EB2F07DDAD4CE1D8D7] - (.Microsoft Corporation - Microsoft Office Software Protection Platfo.) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.exe   [4640000] [PID.3616]

[MD5.42D4456168E4A85AE1C29CCB008DC803] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [8135680] [PID.1804]

[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe   [3179520] [PID.3616]

~ Processes Running:  Scanned in 00mn 00s







---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences

G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)

G2 - GCE: Preference [User Data\Default] [eemcgdkfndhakfknompkggombfjjjeno] Bookmark Manager v.0.1 (Activé)

G2 - GCE: Preference [User Data\Default] [ennkphjdgehloodpbhlhldgbnhmacadg] Settings v.0.2 (Activé)

G2 - GCE: Preference [User Data\Default] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé)

G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)

G2 - GCE: Preference [User Data\Default] [mfehgcgbbipciphmccgaenjidiccnmng] Cloud Print v.0.1 (Activé)

G2 - GCE: Preference [User Data\Default] [mgndgikekgjfcpckkfioiadnlibdjbkf] Chrome v.0.1 (Activé)

G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)

G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Google+ Hangouts v.1.0 (Activé)

G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)

G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)



---\\ Pasta de extensão do Google Chrome

G2 - EXT: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [Google Wallet]

~ Google Lines Browser: 12 Scanned in 00mn 00s







---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)

P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll

P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_24 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.30514.0.) -- c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll

P2 - FPN: [HKLM] [@microsoft.com/SharePoint,version=14.0] - (.Microsoft Corporation - The plug-in allows you to open and edit files using Microsoft Office a.) -- C:\Program Files\Microsoft Office\Office14\NPSPWRAP.dll

P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll

P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll

P2 - FPN: [HKLM] [Adobe Acrobat] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.2.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

P2 - FPN: [HKLM] [adobe.com/AdobeAAMDetect] - (.Adobe Systems - A plugin to detect whether the Adobe Application Manager is installed.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll

~ Firefox Browser: 9 Scanned in 00mn 00s







---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)

R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.google.com" target="_blank">http://www.google.com</a>

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com" target="_blank">http://go.microsoft.com</a>

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = <a href="http://www.google.com" target="_blank">http://www.google.com</a>

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://www.google.com" target="_blank">http://www.google.com</a>

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = <a href="'http://www.google.com'" target="_blank">www.google.com</a>

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems - A plugin to detect whether the Adobe Application Manager is installed.) (No version) -- (.not file.)

R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0

~ IE Browser: 12 Scanned in 00mn 00s







---\\ Internet Explorer, Gestão do Proxy (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management:  Scanned in 00mn 00s







---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Keys:  Scanned in 00mn 00s







---\\ Redireção do ficheiro Hosts (01)

~ Le fichier hôte est sain (The hosts file is clean) (20)

~ Hosts File:  Scanned in 00mn 00s







---\\ Browser Helper Objects do navegador (02)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehUni.dll

~ BHO: 4 Scanned in 00mn 00s







---\\ Barras do Internet Explorer (03))

O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chave orfã

~ Toolbar:  Scanned in 00mn 00s







---\\ Aplicações iniciadas por registo & pastas (04)

O4 - HKLM\..\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation

O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe

O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [ClamWin] . (.alch - ClamWin Antivirus.) -- C:\Program Files\ClamWin\bin\ClamTray.exe

O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe   =>.Microsoft Corporation

O4 - HKLM\..\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe   =>.Adobe Systems Incorporated

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe

O4 - HKLM\..\Run: [Diebold - Warsaw] . (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) -- C:\Program Files\Diebold\Warsaw\core.exe

O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\User\AppData\Local\Akamai\netsession_win.exe

O4 - HKCU\..\Run: [WindowexeAllkiller] . (.<a href="http://windowexeallkiller.com" target="_blank">http://windowexeallkiller.com</a> - WindowexeAllkiller.) -- C:\Users\User\Desktop\WindowexeAllkiller.exe

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation

O4 - HKUS\S-1-5-21-2280996496-2547309230-2409872793-1000\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\User\AppData\Local\Akamai\netsession_win.exe

O4 - HKUS\S-1-5-21-2280996496-2547309230-2409872793-1000\..\Run: [WindowexeAllkiller] . (.<a href="http://windowexeallkiller.com" target="_blank">http://windowexeallkiller.com</a> - WindowexeAllkiller.) -- C:\Users\User\Desktop\WindowexeAllkiller.exe

~ Application:  Scanned in 00mn 00s







---\\ Icones das opções IE invisiveis no painel das configurações (05)

O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no

~ IE Control Panel: 1 Scanned in 00mn 00s







---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)

O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll  =>.Microsoft Corporation

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll  =>.Microsoft Corporation

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO

~ IE Extra Buttons:  Scanned in 00mn 00s







---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Provedor de Correção de Nomeação de Emails.) -- C:\Windows\system32\napinsp.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Provedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\Windows\system32\mswsock.dll

O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll

~ Winsock: 6 Scanned in 00mn 00s







---\\ Site na zona confiavél do Internet Explorer (05)

O15 - Trusted Zone: [HKCU\...\Domains\www] http.bb.com.br

O15 - Trusted Zone: [HKCU\...\Domains\www] http.itau.com.br

O15 - Trusted Zone: [HKCU\...\Domains\www] http.itaupersonnalite.com.br

~ IE Zone Confiance:  Scanned in 00mn 00s







---\\ Alteração Dominio/Clientes DNS (017)

O17 - HKLM\System\CCS\Services\Tcpip\..\{CA21903E-D431-4025-9F75-F35355ADFD89}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{CA21903E-D431-4025-9F75-F35355ADFD89}: DhcpDomain = MultilaserAP

O17 - HKLM\System\CS1\Services\Tcpip\..\{CA21903E-D431-4025-9F75-F35355ADFD89}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{CA21903E-D431-4025-9F75-F35355ADFD89}: DhcpDomain = MultilaserAP

O17 - HKLM\System\CS2\Services\Tcpip\..\{CA21903E-D431-4025-9F75-F35355ADFD89}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{CA21903E-D431-4025-9F75-F35355ADFD89}: DhcpDomain = MultilaserAP

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

~ Domain:  Scanned in 00mn 00s







---\\ Protocolo adicional (018)

O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll

O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll  =>.Microsoft Corporation

~ Protocole Additionnel:  Scanned in 00mn 00s







---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify:  GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll

O20 - Winlogon Notify:  GbPluginUni . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehUni.dll

O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll

~ Winlogon:  Scanned in 00mn 00s







---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

~ SSODL: 1 Scanned in 00mn 00s







---\\ Lista dos serviços NT não Microsoft e não desativados (023)

O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) . (.Protexis Inc. - PsiService PsiService.) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: Warsaw Technology (Warsaw Technology) . (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) - C:\Program Files\Diebold\Warsaw\core.exe

~ Services: 5 Scanned in 00mn 01s







---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)

O24 - Default MHTML Editor: Last - .(...) -  (.not file.)

~ Desktop Component: 4 Scanned in 00mn 00s







---\\ Listagem dos dados do BootExecute (Bex) (034)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

~ BEX: 1 Scanned in 00mn 00s







---\\ Tarefas planificadas automaticamente (039)

[MD5.3E6442B01E44B3AA31807FEF5235DC54] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe   [3919640]

[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe   [116648]

[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe   [116648]

[MD5.235C127898A9AA40B74043E4C72DCA96] [APT] [{0DD6E2EB-95BB-4896-A00C-38821E4D7870}] (...) -- C:\lexmark\drivers\1200\Setup.exe   [303784]

[MD5.235C127898A9AA40B74043E4C72DCA96] [APT] [{9CDD84A3-4746-42E2-9568-A1C8E6255D82}] (...) -- C:\lexmark\drivers\1200\Setup.exe   [303784]

[MD5.013A74B96D5FD6C9A630CA814A4D1E36] [APT] [{AC65F617-25FE-49BC-B98D-BB3EC3A9C51E}] (...) -- C:\Program Files\Lexmark 1200 Series\Install\x86\Uninst.exe   [2781864]

[MD5.00000000000000000000000000000000] [APT] [{D1DCE0E3-F906-43D4-9D8C-814D70E6A4D6}] (...) -- C:\Program Files\Baidu Security\PC Faster\3.7.0.0\UninstCaller.exe (.not file.)   [0]

[MD5.B43E68B8A022FB00FF54360D408E871B] [APT] [{D84C7656-826F-41A6-829F-12E36B14E54C}] (.Google Inc..) -- c:\program files\google\chrome\application\chrome.exe   [860488]

O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job   [1054]

O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore   [1054]

O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job   [1058]

O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA   [1058]

~ Scheduled Task: 11 Scanned in 00mn 01s







---\\ Componentes instalados (ActiveSetup Installed Components) (040)

O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll  =>.Microsoft Corporation

O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll

O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll  =>.Microsoft Corporation

O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\Windows\System32\themeui.dll

O40 - ASIC: Internet Explorer - {2D46B6DC-2207-486B-B523-A557E6D54B47} . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\system32\cmd.exe

O40 - ASIC: Microsoft Windows - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe  =>.Microsoft Corporation

O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extensão shell da pasta FTP do Microsoft Internet Explorer.) -- C:\Windows\System32\msieftp.dll

O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll  =>.Microsoft Corporation

O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\Windows\System32\shell32.dll

O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe

O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll

O40 - ASIC: Google Chrome - {8A69D345-D564-463c-AFF1-A69D9E530F96} . (.Google Inc. - Google Chrome Installer.) -- C:\Program Files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe

~ Active Setup: 12 Scanned in 00mn 00s







---\\ Drivers lançados ao arranque do sistema (041)

O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys

O41 - Driver:  (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)

O41 - Driver:  (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)

O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys

O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex.sys (.not file.)

O41 - Driver:  (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef.sys (.not file.)

O41 - Driver:  (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)

O41 - Driver:  (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys

O41 - Driver: C:\Windows\System32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys

O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys

O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys

O41 - Driver:  (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys

O41 - Driver:  (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys

O41 - Driver:  (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys

O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys

O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys

O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Agendador de pacotes de serviço.) - C:\Windows\System32\DRIVERS\pacer.sys

O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Driver do Subsistema de Buffer da Unidade R.) - C:\Windows\System32\DRIVERS\rdbss.sys

O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys

O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys

O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys

O41 - Driver:  (Serial) . (.Microsoft Corporation - Driver de dispositivo serial.) - C:\Windows\System32\DRIVERS\serial.sys

O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys

O41 - Driver:  (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys

O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys

O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys

O41 - Driver:  (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys

~ Drivers: 81 Scanned in 00mn 00s







---\\ Software instalados (042)

O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM] -- Adobe AIR

O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM] -- {FE23D063-934D-4829-A0D8-00634CE79B4A}

O42 - Logiciel: Adobe Acrobat X Pro - English, Français, Deutsch - (.Adobe Systems.) [HKLM] -- {AC76BA86-1033-F400-7760-000000000005}

O42 - Logiciel: Adobe Color Video Profiles CS CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {63C24A08-70F3-4C8E-B9FB-9F21A903801D}

O42 - Logiciel: Adobe Creative Suite 6 Master Collection - (.Adobe Systems Incorporated.) [HKLM] -- {E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}

O42 - Logiciel: Adobe Digital Editions 3.0 - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Digital Editions 3.0

O42 - Logiciel: Adobe Flash Player 13 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX

O42 - Logiciel: Adobe Flash Player 14 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin

O42 - Logiciel: Adobe Help Manager - (.Adobe Systems Incorporated.) [HKLM] -- chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

O42 - Logiciel: Adobe Help Manager - (.Adobe Systems Incorporated.) [HKLM] -- {AF37176A-78CA-545B-34EF-8B6A21514DD1}

O42 - Logiciel: Adobe InDesign CS6 - (.Adobe Systems Incorporated.) [HKLM] -- {CFB770D7-8D43-1014-922B-CC2715FADE3F}  =>.Adobe Systems Incorporated

O42 - Logiciel: Adobe Media Player - (.Adobe Systems Incorporated.) [HKLM] -- com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

O42 - Logiciel: Adobe Media Player - (.Adobe Systems Incorporated.) [HKLM] -- {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}

O42 - Logiciel: AdobeColorCommonSetRGB - (.Adobe Systems Incorporated.) [HKLM] -- {16E6D2C1-7C90-4309-8EC4-D2212690AAA4}

O42 - Logiciel: Akamai NetSession Interface - (.Akamai Technologies, Inc.) [HKCU] -- Akamai

O42 - Logiciel: Arquivo do WinRAR - (...) [HKLM] -- WinRAR archiver

O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner

O42 - Logiciel: Central de Mouse e Teclado da Microsoft - (.Microsoft Corporation.) [HKLM] -- Microsoft Mouse and Keyboard Center

O42 - Logiciel: ClamWin Free Antivirus 0.97.4 - (.alch.) [HKLM] -- ClamWin Free Antivirus_is1

O42 - Logiciel: Corel Graphics - Windows Shell Extension - (.Corel Corporation.) [HKLM] -- _{B92076C0-C5FE-4DB1-AA8D-855430CDF098}

O42 - Logiciel: Corel Graphics - Windows Shell Extension - (.Corel Corporation.) [HKLM] -- {B92076C0-C5FE-4DB1-AA8D-855430CDF098}

O42 - Logiciel: CorelDRAW Graphics Suite X6 - (.Corel Corporation.) [HKLM] -- _{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}

O42 - Logiciel: CorelDRAW Graphics Suite X6 - Content - (. Corel Corporation.) [HKLM] -- _{C221B72F-C0AC-4DD7-B27E-701B1E9DE23A}

O42 - Logiciel: CorelDRAW Graphics Suite X6 - Content - (. Corel Corporation.) [HKLM] -- {C221B72F-C0AC-4DD7-B27E-701B1E9DE23A}

O42 - Logiciel: CorelDRAW Graphics Suite X6 - IPM - (.Corel Corporation.) [HKLM] -- {0084B0C3-F376-42E3-804A-885D249282BD}

O42 - Logiciel: CorelDRAW Graphics Suite X6 - Writing Tools - (. Corel Corporation.) [HKLM] -- {318FF3D7-0C40-483B-AF92-AF36416B0AC6}

O42 - Logiciel: FotoSketcher 2.60 - (.David THOIRON.) [HKLM] -- {E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1

O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome

O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}

O42 - Logiciel: Java(TM) 6 Update 24 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216024FF}

O42 - Logiciel: K-Lite Mega Codec Pack 9.5.5 - (...) [HKLM] -- KLiteCodecPack_is1

O42 - Logiciel: Legendas 3.0 - (.LegendasBrasil.com.br.) [HKLM] -- {461C0377-D2EC-4FB0-B038-847BC6455432}_is1

O42 - Logiciel: Lexmark 1200 Series - (.Lexmark International, Inc..) [HKLM] -- Lexmark 1200 Series

O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

O42 - Logiciel: Malwarebytes Anti-Malware versão 2.0.4.1028 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes Anti-Malware_is1

O42 - Logiciel: McAfee Security Scan Plus - (.McAfee, Inc..) [HKLM] -- McAfee Security Scan

O42 - Logiciel: Microsoft Security Client - (.Microsoft Corporation.) [HKLM] -- {107F27B7-8EE4-4B3A-9CE5-497B120369DC}

O42 - Logiciel: Microsoft Security Essentials - (.Microsoft Corporation.) [HKLM] -- Microsoft Security Client

O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

O42 - Logiciel: PDF Settings CS6 - (.Adobe Systems Incorporated.) [HKLM] -- {BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}

O42 - Logiciel: Photo Story 3 for Windows - (.Microsoft Corporation.) [HKLM] -- {4F41AD68-89F2-4262-A32C-2F70B01FCE9E}

O42 - Logiciel: Rainlendar2 (remove only) - (...) [HKLM] -- Rainlendar2

O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476}

O42 - Logiciel: Revo Uninstaller 1.95 - (.VS Revo Group.) [HKLM] -- Revo Uninstaller

O42 - Logiciel: Skype™ 6.21 - (.Skype Technologies S.A..) [HKLM] -- {24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}

O42 - Logiciel: Warsaw 1.3.1 - (.GAS Tecnologia.) [HKLM] -- {20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1

O42 - Logiciel: Windows Installer Clean Up - (.Microsoft Corporation.) [HKLM] -- {121634B0-2F4B-11D3-ADA3-00C04F52DD52}

O42 - Logiciel: aTube Catcher - (.DsNET Corp.) [HKLM] -- aTube Catcher

~ Logic: 35 Scanned in 00mn 00s







---\\ HKCU & HKLM Software Keys

[HKCU\Software\ASProtect]

[HKCU\Software\Adobe]

[HKCU\Software\Affinix]

[HKCU\Software\Ahead]

[HKCU\Software\AppDataLow]

[HKCU\Software\Autodesk]

[HKCU\Software\BitTorrent]  =>P2P.BitTorrent

[HKCU\Software\CR8software]

[HKCU\Software\Classes]

[HKCU\Software\Clients]

[HKCU\Software\Corel]

[HKCU\Software\Cyberlink]

[HKCU\Software\Dnldstr_Aggregator]

[HKCU\Software\FotoSketcher]

[HKCU\Software\GNU]

[HKCU\Software\Gabest]

[HKCU\Software\GbAs]

[HKCU\Software\GbPlugin]

[HKCU\Software\Google]

[HKCU\Software\Haali]

[HKCU\Software\High-Logic]

[HKCU\Software\IM Providers]

[HKCU\Software\Icaros]

[HKCU\Software\Intel]

[HKCU\Software\JavaSoft]

[HKCU\Software\Kanz Software]

[HKCU\Software\Lake]

[HKCU\Software\LexmarkPhoto]

[HKCU\Software\Licenses]

[HKCU\Software\MCAFEE]

[HKCU\Software\Macromedia]

[HKCU\Software\MediaInfo]

[HKCU\Software\MozillaPlugins]

[HKCU\Software\Netscape]

[HKCU\Software\ODBC]

[HKCU\Software\Piriform]

[HKCU\Software\Policies]

[HKCU\Software\RegisteredApplications]

[HKCU\Software\Skype]

[HKCU\Software\SlimWare Utilities Inc]

[HKCU\Software\ToolbarCleaner]

[HKCU\Software\ToolbarCleaneroptions]

[HKCU\Software\Trolltech]

[HKCU\Software\VB and VBA Program Settings]

[HKCU\Software\VSRevoGroup]

[HKCU\Software\WinRAR SFX]

[HKCU\Software\WinRAR]

[HKCU\Software\madFlac]

[HKCU\Software\madshi]

[HKLM\Software\ATI Technologies]

[HKLM\Software\Adobe]

[HKLM\Software\AdwCleaner]

[HKLM\Software\Ahead]

[HKLM\Software\Apple Computer, Inc.]

[HKLM\Software\Audible]

[HKLM\Software\AutoHelpDesk]

[HKLM\Software\Autodesk]

[HKLM\Software\Bitstream]

[HKLM\Software\Bunndle]

[HKLM\Software\ClamWin]

[HKLM\Software\Classes]

[HKLM\Software\Clients]

[HKLM\Software\Corel]

[HKLM\Software\CyberLink]

[HKLM\Software\EnigmaSoftwareGroup]

[HKLM\Software\GNU]

[HKLM\Software\Google]

[HKLM\Software\HaaliMkx]

[HKLM\Software\High-Logic]

[HKLM\Software\IM Providers]

[HKLM\Software\Intel]

[HKLM\Software\JavaSoft]

[HKLM\Software\JreMetrics]

[HKLM\Software\KLCodecPack]

[HKLM\Software\KSW]

[HKLM\Software\Khronos]

[HKLM\Software\LAV]

[HKLM\Software\Lake]

[HKLM\Software\LexmarkInkjet]

[HKLM\Software\Lexmark]

[HKLM\Software\MAXSOFT-OCRON]

[HKLM\Software\Macromedia]

[HKLM\Software\Macrovision]

[HKLM\Software\Malwarebytes' Anti-Malware]

[HKLM\Software\McAfee.com]

[HKLM\Software\MozillaPlugins]

[HKLM\Software\Mozilla]

[HKLM\Software\Nero]

[HKLM\Software\ODBC]

[HKLM\Software\Piriform]

[HKLM\Software\Polaris-Software.com]

[HKLM\Software\Policies]

[HKLM\Software\Protexis]

[HKLM\Software\RTLSetup]

[HKLM\Software\Realtek]

[HKLM\Software\RegisteredApplications]

[HKLM\Software\Skype]

[HKLM\Software\SlimWare Utilities Inc]

[HKLM\Software\Sonic]

[HKLM\Software\SuperMp3Normalizer]

[HKLM\Software\Volatile]

[HKLM\Software\WinRAR]

[HKLM\Software\Wow6432Node]

[HKLM\Software\mozilla.org]

~ Key Software: 194 Scanned in 00mn 00s







---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 02/09/2014 - 17:16:08 - [] ----D C:\Program Files\Adobe

O43 - CFD: 13/09/2012 - 18:40:50 - [] ----D C:\Program Files\Adobe Media Player

O43 - CFD: 12/09/2012 - 18:18:58 - [] -SH-D C:\Program Files\Arquivos Comuns

O43 - CFD: 26/12/2013 - 14:56:46 - [] ----D C:\Program Files\CCleaner

O43 - CFD: 13/09/2012 - 10:44:59 - [] ----D C:\Program Files\ClamWin

O43 - CFD: 30/11/2014 - 23:22:34 - [] ----D C:\Program Files\Common Files

O43 - CFD: 08/11/2012 - 15:00:34 - [] ----D C:\Program Files\Corel

O43 - CFD: 30/11/2014 - 16:55:25 - [] ----D C:\Program Files\Crack Ativador Permanente Office 2010

O43 - CFD: 23/12/2013 - 16:44:09 - [] ----D C:\Program Files\CyberLink

O43 - CFD: 01/12/2014 - 00:30:41 - [] ----D C:\Program Files\Diebold

O43 - CFD: 26/05/2014 - 11:19:00 - [] ----D C:\Program Files\DsNET Corp

O43 - CFD: 25/10/2012 - 18:44:09 - [] ----D C:\Program Files\DVD Maker

O43 - CFD: 29/10/2013 - 10:46:35 - [] ----D C:\Program Files\FotoSketcher

O43 - CFD: 21/11/2014 - 15:41:57 - [] --H-D C:\Program Files\GAS Tecnologia

O43 - CFD: 01/12/2014 - 00:30:32 - [] ----D C:\Program Files\GbPlugin

O43 - CFD: 25/07/2014 - 12:55:46 - [] ----D C:\Program Files\Google

O43 - CFD: 23/12/2013 - 16:44:09 - [] --H-D C:\Program Files\InstallShield Installation Information

O43 - CFD: 27/12/2013 - 13:19:22 - [] ----D C:\Program Files\Intel

O43 - CFD: 23/10/2014 - 00:02:09 - [] ----D C:\Program Files\Internet Explorer

O43 - CFD: 13/09/2012 - 10:23:26 - [] ----D C:\Program Files\Java

O43 - CFD: 12/12/2012 - 09:30:03 - [] ----D C:\Program Files\K-Lite Codec Pack

O43 - CFD: 03/09/2014 - 22:20:46 - [] ----D C:\Program Files\Legendas-2.30

O43 - CFD: 17/01/2014 - 12:21:14 - [] ----D C:\Program Files\Legendas-2.31

O43 - CFD: 03/09/2014 - 22:20:45 - [] ----D C:\Program Files\Legendas-2.32

O43 - CFD: 03/09/2014 - 22:20:46 - [] ----D C:\Program Files\Legendas-3.0

O43 - CFD: 27/12/2013 - 16:18:27 - [] ----D C:\Program Files\Lexmark 1200 Series

O43 - CFD: 02/12/2014 - 21:07:20 - [] ----D C:\Program Files\Malwarebytes Anti-Malware

O43 - CFD: 13/11/2013 - 14:31:34 - [] ----D C:\Program Files\Maxis

O43 - CFD: 13/06/2014 - 17:03:22 - [] ----D C:\Program Files\McAfee Security Scan

O43 - CFD: 13/09/2012 - 10:37:35 - [] ----D C:\Program Files\Microsoft Analysis Services

O43 - CFD: 18/10/2012 - 17:02:27 - [] ----D C:\Program Files\Microsoft Games

O43 - CFD: 10/12/2013 - 09:38:22 - [] ----D C:\Program Files\Microsoft Mouse and Keyboard Center

O43 - CFD: 10/09/2014 - 12:20:43 - [] ----D C:\Program Files\Microsoft Office

O43 - CFD: 14/09/2012 - 12:38:33 - [] ----D C:\Program Files\Microsoft SDKs

O43 - CFD: 11/09/2014 - 10:57:25 - [] ----D C:\Program Files\Microsoft Security Client

O43 - CFD: 28/07/2014 - 19:00:32 - [] ----D C:\Program Files\Microsoft Silverlight

O43 - CFD: 13/09/2012 - 10:38:34 - [] ----D C:\Program Files\Microsoft SQL Server Compact Edition

O43 - CFD: 13/09/2012 - 10:38:34 - [] ----D C:\Program Files\Microsoft Sync Framework

O43 - CFD: 13/09/2012 - 10:38:55 - [] ----D C:\Program Files\Microsoft Synchronization Services

O43 - CFD: 13/09/2012 - 10:38:09 - [] ----D C:\Program Files\Microsoft Visual Studio 8

O43 - CFD: 14/09/2012 - 12:38:41 - [] ----D C:\Program Files\Microsoft Visual Studio 9.0

O43 - CFD: 13/09/2012 - 17:47:28 - [] ----D C:\Program Files\Microsoft.NET

O43 - CFD: 14/07/2014 - 23:10:50 - [] ----D C:\Program Files\Mp3GainPRO

O43 - CFD: 13/09/2012 - 10:39:14 - [] ----D C:\Program Files\MSBuild

O43 - CFD: 20/12/2013 - 16:28:33 - [] ----D C:\Program Files\MSECACHE

O43 - CFD: 13/09/2012 - 19:36:22 - [0] ----D C:\Program Files\MSXML 4.0

O43 - CFD: 13/09/2012 - 19:08:58 - [] ----D C:\Program Files\Photo Story 3 for Windows

O43 - CFD: 13/11/2012 - 10:19:10 - [] ----D C:\Program Files\Rainlendar2

O43 - CFD: 13/09/2012 - 10:26:26 - [] ----D C:\Program Files\Realtek

O43 - CFD: 14/07/2009 - 02:52:30 - [] ----D C:\Program Files\Reference Assemblies

O43 - CFD: 02/11/2014 - 11:25:46 - [] R---D C:\Program Files\Skype

O43 - CFD: 14/07/2009 - 02:53:23 - [0] --H-D C:\Program Files\Uninstall Information

O43 - CFD: 01/03/2014 - 10:12:00 - [] ----D C:\Program Files\uTorrent  =>P2P.µTorrent

O43 - CFD: 30/11/2014 - 23:56:58 - [] ----D C:\Program Files\VS Revo Group

O43 - CFD: 16/09/2013 - 10:25:46 - [] ----D C:\Program Files\Windows Defender

O43 - CFD: 20/12/2013 - 16:29:29 - [] ----D C:\Program Files\Windows Installer Clean Up

O43 - CFD: 12/07/2014 - 21:18:07 - [] ----D C:\Program Files\Windows Journal

O43 - CFD: 25/10/2012 - 18:44:09 - [] ----D C:\Program Files\Windows Mail  =>.Microsoft Corporation

O43 - CFD: 18/12/2013 - 18:24:06 - [] ----D C:\Program Files\Windows Media Player  =>.Microsoft Corporation

O43 - CFD: 12/09/2012 - 18:18:58 - [] ----D C:\Program Files\Windows NT

O43 - CFD: 25/10/2012 - 18:44:08 - [] ----D C:\Program Files\Windows Photo Viewer

O43 - CFD: 25/10/2012 - 18:44:09 - [] ----D C:\Program Files\Windows Portable Devices

O43 - CFD: 25/10/2012 - 18:44:09 - [] ----D C:\Program Files\Windows Sidebar

O43 - CFD: 13/09/2012 - 10:23:00 - [] ----D C:\Program Files\WinRAR

O43 - CFD: 03/12/2014 - 01:05:43 - [] ----D C:\Program Files\ZHPDiag  =>.Nicolas Coolman

O43 - CFD: 18/07/2013 - 17:04:04 - [] ----D C:\Program Files\Common Files\Adobe

O43 - CFD: 13/09/2012 - 19:02:56 - [] ----D C:\Program Files\Common Files\Adobe AIR

O43 - CFD: 08/11/2012 - 15:05:27 - [] ----D C:\Program Files\Common Files\Corel

O43 - CFD: 16/05/2014 - 10:55:38 - [] ----D C:\Program Files\Common Files\DESIGNER

O43 - CFD: 13/09/2012 - 10:24:16 - [] ----D C:\Program Files\Common Files\InstallShield

O43 - CFD: 13/09/2012 - 10:23:51 - [] ----D C:\Program Files\Common Files\Java

O43 - CFD: 05/03/2014 - 13:50:21 - [] ----D C:\Program Files\Common Files\Macrovision Shared

O43 - CFD: 01/12/2014 - 00:00:07 - [] ----D C:\Program Files\Common Files\microsoft shared

O43 - CFD: 08/11/2012 - 15:04:59 - [] ----D C:\Program Files\Common Files\Protexis

O43 - CFD: 14/07/2009 - 00:37:05 - [] ----D C:\Program Files\Common Files\Services

O43 - CFD: 12/09/2012 - 18:18:58 - [] -SH-D C:\Program Files\Common Files\Sistema

O43 - CFD: 03/10/2014 - 22:54:07 - [] ----D C:\Program Files\Common Files\Skype

O43 - CFD: 14/07/2009 - 00:37:05 - [] ----D C:\Program Files\Common Files\SpeechEngines

O43 - CFD: 14/11/2012 - 18:19:02 - [] ----D C:\Program Files\Common Files\System

O43 - CFD: 30/11/2014 - 23:22:34 - [0] ----D C:\Program Files\Common Files\Windows Live

O43 - CFD: 13/09/2012 - 10:44:59 - [] ----D C:\ProgramData\.clamwin

O43 - CFD: 19/07/2013 - 15:55:39 - [] ----D C:\ProgramData\Adobe

O43 - CFD: 13/09/2012 - 10:25:51 - [] ----D C:\ProgramData\Ahead

O43 - CFD: 13/03/2014 - 16:37:16 - [0] ----D C:\ProgramData\AodaBluoCCknWaetch  =>PUP.ADBlocknWatch

O43 - CFD: 14/07/2009 - 02:53:55 - [] -SH-D C:\ProgramData\Application Data

O43 - CFD: 12/04/2014 - 12:43:33 - [] ----D C:\ProgramData\Autodesk

O43 - CFD: 30/11/2014 - 15:17:18 - [] ----D C:\ProgramData\boost_interprocess

O43 - CFD: 13/09/2012 - 10:46:14 - [] --H-D C:\ProgramData\Common Files

O43 - CFD: 19/12/2012 - 10:20:21 - [] ----D C:\ProgramData\Corel

O43 - CFD: 14/09/2012 - 12:45:26 - [0] ----D C:\ProgramData\CorelDRAW Graphics Suite X6

O43 - CFD: 13/12/2012 - 23:00:13 - [] ----D C:\ProgramData\CyberLink

O43 - CFD: 12/09/2012 - 18:18:58 - [] -SH-D C:\ProgramData\Dados de aplicativos

O43 - CFD: 14/07/2009 - 02:53:55 - [] -SH-D C:\ProgramData\Desktop

O43 - CFD: 12/09/2012 - 18:18:58 - [] -SH-D C:\ProgramData\Documentos

O43 - CFD: 14/07/2009 - 02:53:55 - [] -SH-D C:\ProgramData\Documents

O43 - CFD: 14/07/2009 - 02:53:55 - [] -SH-D C:\ProgramData\Favorites

O43 - CFD: 12/09/2012 - 18:18:58 - [] -SH-D C:\ProgramData\Favoritos

O43 - CFD: 05/03/2014 - 14:08:33 - [] ----D C:\ProgramData\FLEXnet

O43 - CFD: 28/11/2014 - 21:13:11 - [] ----D C:\ProgramData\GAS Tecnologia

O43 - CFD: 01/12/2014 - 19:01:50 - [] ----D C:\ProgramData\GbPlugin

O43 - CFD: 17/01/2014 - 12:21:21 - [] ----D C:\ProgramData\InstallMate  =>PUP.Tarma

O43 - CFD: 27/12/2013 - 13:52:53 - [] ----D C:\ProgramData\LexmarkInstallData

O43 - CFD: 13/06/2014 - 16:20:34 - [] ----D C:\ProgramData\Malwarebytes

O43 - CFD: 16/11/2012 - 09:33:52 - [] ----D C:\ProgramData\McAfee

O43 - CFD: 13/06/2014 - 17:03:25 - [] ----D C:\ProgramData\McAfee Security Scan

O43 - CFD: 12/09/2012 - 18:18:58 - [] -SH-D C:\ProgramData\Menu Iniciar

O43 - CFD: 30/11/2014 - 23:59:56 - [] -S--D C:\ProgramData\Microsoft

O43 - CFD: 22/10/2014 - 20:05:18 - [] ----D C:\ProgramData\Microsoft Help

O43 - CFD: 12/09/2012 - 18:18:58 - [] -SH-D C:\ProgramData\Modelos

O43 - CFD: 13/09/2012 - 17:34:36 - [] ----D C:\ProgramData\Mozilla

O43 - CFD: 30/11/2014 - 22:51:53 - [] ----D C:\ProgramData\mpbhhobbbmkhafllijmchkjeblocipji

O43 - CFD: 23/09/2014 - 18:14:41 - [] ----D C:\ProgramData\Package Cache

O43 - CFD: 08/10/2012 - 12:35:40 - [] ----D C:\ProgramData\Protexis

O43 - CFD: 01/12/2014 - 20:05:32 - [] ----D C:\ProgramData\regid.1986-12.com.adobe

O43 - CFD: 02/11/2014 - 11:25:50 - [] ----D C:\ProgramData\Skype

O43 - CFD: 14/07/2009 - 02:53:55 - [] -SH-D C:\ProgramData\Start Menu

O43 - CFD: 13/09/2012 - 10:23:51 - [] ----D C:\ProgramData\Sun

O43 - CFD: 14/07/2009 - 02:53:55 - [] -SH-D C:\ProgramData\Templates

O43 - CFD: 27/12/2013 - 13:48:57 - [] ----D C:\ProgramData\UD1

O43 - CFD: 27/12/2013 - 13:30:14 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

O43 - CFD: 12/09/2012 - 18:17:21 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools

O43 - CFD: 02/09/2014 - 17:16:13 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe

O43 - CFD: 18/07/2013 - 17:03:06 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2

O43 - CFD: 02/07/2013 - 16:23:54 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6

O43 - CFD: 26/05/2014 - 11:19:25 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher

O43 - CFD: 26/12/2013 - 14:56:44 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

O43 - CFD: 10/12/2013 - 09:39:11 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Central de Mouse e Teclado da Microsoft

O43 - CFD: 13/09/2012 - 10:45:04 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus

O43 - CFD: 08/11/2012 - 15:16:37 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6

O43 - CFD: 29/10/2013 - 10:46:36 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FotoSketcher

O43 - CFD: 18/10/2012 - 17:02:42 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

O43 - CFD: 25/07/2014 - 12:55:57 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

O43 - CFD: 12/12/2012 - 09:29:56 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack

O43 - CFD: 27/12/2013 - 16:18:23 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 1200 Series

O43 - CFD: 14/07/2009 - 02:42:30 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance

O43 - CFD: 02/12/2014 - 21:07:20 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

O43 - CFD: 13/11/2013 - 14:32:47 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis

O43 - CFD: 13/06/2014 - 17:03:30 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

O43 - CFD: 22/09/2014 - 22:52:28 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

O43 - CFD: 27/07/2014 - 23:25:19 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

O43 - CFD: 13/09/2012 - 10:39:37 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint

O43 - CFD: 03/10/2014 - 22:54:08 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

O43 - CFD: 29/11/2014 - 01:27:01 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

O43 - CFD: 14/07/2009 - 05:49:10 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC

O43 - CFD: 13/09/2012 - 10:23:00 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

O43 - CFD: 03/12/2014 - 01:05:43 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP  =>.Nicolas Coolman

O43 - CFD: 13/09/2012 - 10:45:05 - [] ----D C:\Users\User\AppData\Roaming\.clamwin

O43 - CFD: 04/04/2014 - 18:29:11 - [] ----D C:\Users\User\AppData\Roaming\Adobe

O43 - CFD: 28/09/2012 - 22:58:14 - [] ----D C:\Users\User\AppData\Roaming\Ahead

O43 - CFD: 12/04/2014 - 12:02:38 - [] ----D C:\Users\User\AppData\Roaming\Autodesk

O43 - CFD: 05/10/2014 - 21:42:56 - [] ----D C:\Users\User\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

O43 - CFD: 14/09/2012 - 12:50:09 - [] ----D C:\Users\User\AppData\Roaming\Corel

O43 - CFD: 13/12/2012 - 23:00:11 - [] ----D C:\Users\User\AppData\Roaming\CyberLink

O43 - CFD: 23/12/2013 - 16:00:37 - [] ----D C:\Users\User\AppData\Roaming\Dropbox

O43 - CFD: 23/04/2014 - 16:05:39 - [] ----D C:\Users\User\AppData\Roaming\FontCreator

O43 - CFD: 12/09/2012 - 18:19:18 - [] ----D C:\Users\User\AppData\Roaming\Identities

O43 - CFD: 17/11/2014 - 09:00:24 - [] ----D C:\Users\User\AppData\Roaming\inkscape

O43 - CFD: 13/09/2012 - 17:29:24 - [] ----D C:\Users\User\AppData\Roaming\Macromedia

O43 - CFD: 14/07/2009 - 05:49:10 - [0] ----D C:\Users\User\AppData\Roaming\Media Center Programs

O43 - CFD: 18/11/2014 - 21:40:14 - [0] ----D C:\Users\User\AppData\Roaming\Media Player Classic

O43 - CFD: 02/09/2014 - 17:31:25 - [] -S--D C:\Users\User\AppData\Roaming\Microsoft

O43 - CFD: 02/12/2014 - 14:13:57 - [] ----D C:\Users\User\AppData\Roaming\Skype

O43 - CFD: 14/09/2012 - 11:05:28 - [] ----D C:\Users\User\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

O43 - CFD: 30/11/2014 - 15:41:12 - [] ----D C:\Users\User\AppData\Roaming\uTorrent  =>P2P.µTorrent

O43 - CFD: 13/09/2012 - 18:53:03 - [] ----D C:\Users\User\AppData\Roaming\Windows Live Writer

O43 - CFD: 13/09/2012 - 10:25:48 - [] ----D C:\Users\User\AppData\Roaming\WinRAR

O43 - CFD: 03/12/2014 - 01:06:59 - [] ----D C:\Users\User\AppData\Roaming\ZHP  =>.Nicolas Coolman

O43 - CFD: 01/12/2014 - 20:05:33 - [] ----D C:\Users\User\AppData\Local\Adobe

O43 - CFD: 02/09/2014 - 17:17:00 - [] ----D C:\Users\User\AppData\Local\Adobe_Systems_Incorporate

O43 - CFD: 13/09/2012 - 10:26:03 - [] ----D C:\Users\User\AppData\Local\Ahead

O43 - CFD: 14/11/2014 - 12:36:36 - [] ----D C:\Users\User\AppData\Local\Akamai

O43 - CFD: 05/03/2014 - 14:08:13 - [] ----D C:\Users\User\AppData\Local\Autodesk

O43 - CFD: 05/03/2014 - 14:11:28 - [] ----D C:\Users\User\AppData\Local\cache

O43 - CFD: 12/09/2012 - 18:19:06 - [] -SH-D C:\Users\User\AppData\Local\Dados de aplicativos

O43 - CFD: 30/11/2014 - 17:07:59 - [] ----D C:\Users\User\AppData\Local\ElevatedDiagnostics

O43 - CFD: 16/04/2014 - 11:47:04 - [] -SH-D C:\Users\User\AppData\Local\EmieSiteList

O43 - CFD: 16/04/2014 - 11:47:04 - [] -SH-D C:\Users\User\AppData\Local\EmieUserList

O43 - CFD: 23/04/2014 - 15:57:07 - [] ----D C:\Users\User\AppData\Local\FontCreator

O43 - CFD: 24/06/2014 - 21:04:07 - [] ----D C:\Users\User\AppData\Local\GAS Tecnologia

O43 - CFD: 25/07/2014 - 12:56:02 - [] ----D C:\Users\User\AppData\Local\Google

O43 - CFD: 12/09/2012 - 18:19:06 - [] -SH-D C:\Users\User\AppData\Local\Histórico

O43 - CFD: 13/09/2012 - 19:11:13 - [] ----D C:\Users\User\AppData\Local\Macromedia

O43 - CFD: 30/11/2014 - 23:58:46 - [] ----D C:\Users\User\AppData\Local\Microsoft

O43 - CFD: 23/08/2013 - 17:31:44 - [] ----D C:\Users\User\AppData\Local\Microsoft Games

O43 - CFD: 13/09/2012 - 10:37:04 - [0] ----D C:\Users\User\AppData\Local\Microsoft Help

O43 - CFD: 09/10/2013 - 19:26:43 - [] ----D C:\Users\User\AppData\Local\Mozilla

O43 - CFD: 12/12/2012 - 09:29:22 - [] ----D C:\Users\User\AppData\Local\Programs

O43 - CFD: 16/03/2014 - 16:07:44 - [] ----D C:\Users\User\AppData\Local\Skype

O43 - CFD: 13/09/2012 - 10:46:16 - [] ----D C:\Users\User\AppData\Local\SlimWare Utilities Inc

O43 - CFD: 03/12/2014 - 01:05:45 - [] ----D C:\Users\User\AppData\Local\Temp

O43 - CFD: 12/09/2012 - 18:19:06 - [] -SH-D C:\Users\User\AppData\Local\Temporary Internet Files

O43 - CFD: 12/09/2012 - 18:19:07 - [0] ----D C:\Users\User\AppData\Local\VirtualStore

O43 - CFD: 01/12/2014 - 00:01:11 - [] ----D C:\Users\User\AppData\Local\Windows Live

O43 - CFD: 16/11/2012 - 09:01:56 - [] ----D C:\Users\User\AppData\Local\Windows Live Writer

O43 - CFD: 14/07/2009 - 02:42:04 - [] R---D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

O43 - CFD: 29/08/2014 - 14:52:43 - [] R---D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

O43 - CFD: 05/03/2014 - 14:00:08 - [] ----D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk

O43 - CFD: 23/12/2013 - 16:43:40 - [0] ----D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite

O43 - CFD: 16/03/2013 - 18:34:56 - [] ----D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free WAV to MP3 Converter

O43 - CFD: 14/07/2009 - 02:37:42 - [] R---D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

O43 - CFD: 16/08/2013 - 18:06:54 - [] ----D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maxis

O43 - CFD: 30/11/2014 - 23:56:59 - [] ----D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

O43 - CFD: 29/08/2014 - 14:52:43 - [] R---D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

O43 - CFD: 13/09/2012 - 10:23:00 - [] ----D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

~ Program Folder: 204 Scanned in 00mn 00s







---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)

O44 - LFC:[MD5.0C26B71AF0AEF5AD105675535C3E20C4] - 02/12/2014 - 17:40:21 ---A- . (...) -- C:\Windows\System32\FNTCACHE.DAT   [5506344]

O44 - LFC:[MD5.DBD7D914CA6FD0602C50BC2C44E60DFB] - 02/12/2014 - 18:09:50 ---A- . (...) -- C:\Windows\ntbtlog.txt   [71002]

O44 - LFC:[MD5.31194D1349646CA59CDC7F3ADA0876E3] - 02/12/2014 - 21:43:11 ---A- . (...) -- C:\Windows\PFRO.log   [3574]

O44 - LFC:[MD5.4F3BB5CA906CDFED4CBEE14065A561F2] - 02/12/2014 - 21:43:29 ---A- . (...) -- C:\Windows\setupact.log   [336]

O44 - LFC:[MD5.8E2E9CCD873ABF180F48BCAEEEBE347D] - 02/12/2014 - 21:49:31 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Windows\System32\Drivers\MBAMSwissArmy.sys   [114904]

O44 - LFC:[MD5.8EF136DA152DD91324577DD14C7DB4A6] - 02/12/2014 - 23:53:56 ---A- . (...) -- C:\lxcz.log   [34188]

O44 - LFC:[MD5.A192C5EFAF6519C42280173A296CEB06] - 03/12/2014 - 00:04:45 -S-A- . (...) -- C:\Windows\bootstat.dat   [67584]

O44 - LFC:[MD5.0A6D970540A72B165BB4505BA5F553D8] - 03/12/2014 - 00:05:03 ---A- . (...) -- C:\Windows\WindowsUpdate.log   [1919558]

O44 - LFC:[MD5.A3F4391DFDF2F9E9FE4EAD193265A5AD] - 21/11/2014 - 05:14:06 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Windows\System32\Drivers\mbam.sys   [23256]

O44 - LFC:[MD5.9BD41E40039098BF5F8FE878A9A6989E] - 21/11/2014 - 05:14:10 ---A- . (.Malwarebytes Corporation - Malwarebytes Chameleon Protection Driver.) -- C:\Windows\System32\Drivers\mbamchameleon.sys   [75480]

O44 - LFC:[MD5.312CD3307F600E7CD340B79B3DCB3A01] - 21/11/2014 - 05:14:20 ---A- . (.Malwarebytes Corporation - Malwarebytes Web Access Control.) -- C:\Windows\System32\Drivers\mwac.sys   [51928]

O44 - LFC:[MD5.FA317387EA46AE66E2486FD0073156C3] - 21/11/2014 - 14:45:47 ---A- . (...) -- C:\Windows\System32\local.cfg   [47]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 30/11/2014 - 23:21:33 ---A- . (...) -- C:\Windows\setuperr.log   [0]

O44 - LFC:[MD5.42DF2940CEE7E0FAA1A77B16336728DD] - 30/11/2014 - 23:31:10 ---A- . (...) -- C:\.rnd   [1024]

~ Files: 14 Scanned in 00mn 25s







---\\ Operações e funções ao arranque do Windows Explorer (046)

O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll

O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehUni.dll

~ ShellExecuteHooks:  Scanned in 00mn 00s







---\\ Negação do serviço (Local Security Authority) (048)

O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll

O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\Windows\System32\scecli.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pacote de Segurança Kerberos.) -- C:\Windows\System32\kerberos.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll

~ LSA: 8 Scanned in 00mn 00s







---\\ Controlo do Modo de Segurança (CSB) (49)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys

~ CSB: 13 Scanned in 00mn 00s







---\\ Chave do registo Shell MountPoints2 (MPSK) (O51)

O51 - MPSK:{69d3b34a-fd9d-11e1-8b96-806e6f6e6963}\AutoRun\command. (...) -- E:\fscommand\LS_Start_Launch.cmd (.not file.)

~ Keys:  Scanned in 00mn 00s







---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)

O52 - TDSD: \Drivers32\"msacm.l3acm"="l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\Windows\System32\iccvid.dll

O52 - TDSD: \Drivers32\"VIDC.FMVC"="fmcodec.dll" . (.Fox Magic Software - FM Screen Capture Codec (VFW).) -- C:\Windows\System32\fmcodec.dll

O52 - TDSD: \Drivers32\"VIDC.XVID"="xvidvfw.dll" . (...) -- C:\Windows\System32\xvidvfw.dll

O52 - TDSD: \Drivers32\"VIDC.LAGS"="lagarith.dll" . (.No owner - Lagarith.) -- C:\Windows\System32\lagarith.dll

O52 - TDSD: \Drivers32\"VIDC.FFDS"="ff_vfw.dll" . (.No owner - ffdshow VFW.) -- C:\Windows\System32\ff_vfw.dll

O52 - TDSD: \Drivers32\"msacm.ac3acm"="ac3acm.acm" . (.fccHandler - AC-3 ACM Codec.) -- C:\Windows\System32\ac3acm.acm

O52 - TDSD: \Drivers32\"msacm.l3codecp"="l3codecp.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Audio Layer-3 Codec for MSACM.) -- C:\Windows\System32\l3codecp.acm

O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

O52 - TDSD: \drivers.desc\"lagarith.dll"="Lagarith lossless codec" . (.No owner - Lagarith.) -- C:\Windows\System32\lagarith.dll

O52 - TDSD: \drivers.desc\"ff_vfw.dll"="ffdshow video encoder" . (.No owner - ffdshow VFW.) -- C:\Windows\System32\ff_vfw.dll

O52 - TDSD: \drivers.desc\"ac3acm.acm"="AC-3 ACM Codec" . (.fccHandler - AC-3 ACM Codec.) -- C:\Windows\System32\ac3acm.acm

O52 - TDSD: \drivers.desc\"l3codecp.acm"="Fraunhofer IIS MPEG Layer-3 Codec (Professional)" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Audio Layer-3 Codec for MSACM.) -- C:\Windows\System32\l3codecp.acm

~ TDSD: 13 Scanned in 00mn 00s







---\\ Enumeração das chaves do registo SecurityProviders (MCSP) (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll

~ MSCP: 2 Scanned in 00mn 00s







---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3

O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1

O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0

O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0

O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

O55 - MWPS:[HKCU\...\Policies\System] - "DisableRegistryTools"=0

O55 - MWPS:[HKCU\...\Policies\System] - "DisableTaskMgr"=0

~ MWPS: 18 Scanned in 00mn 00s







---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145

~ MWPE Keys: 2 Scanned in 00mn 00s







---\\ Lista dos drivers do sistema (SDL) (O58)

O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys   [422976]

O58 - SDL:13/07/2009 - 22:26:17 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\Drivers\adpahci.sys   [297552]

O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\System32\Drivers\adpu320.sys   [146512]

O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\Drivers\aliide.sys   [14400]

O58 - SDL:11/03/2011 - 02:38:37 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\Drivers\amdsata.sys   [80256]

O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\System32\Drivers\amdsbs.sys   [159312]

O58 - SDL:11/03/2011 - 02:38:37 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\Drivers\amdxata.sys   [22400]

O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\Drivers\arc.sys   [76368]

O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\Drivers\arcsas.sys   [86608]

O58 - SDL:13/07/2009 - 19:02:49 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\System32\Drivers\b57nd60x.sys   [229888]

O58 - SDL:11/03/2014 - 00:14:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys   [47456]

O58 - SDL:13/07/2009 - 19:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltLo.sys   [13568]

O58 - SDL:13/07/2009 - 19:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltUp.sys   [5248]

O58 - SDL:13/07/2009 - 21:57:25 ---A- . (.Brother Industries Ltd. - Brother Serial I/F Driver (WDM).) -- C:\Windows\System32\Drivers\BrSerId.sys   [272128]

O58 - SDL:13/07/2009 - 19:53:32 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\Drivers\BrSerWdm.sys   [62336]

O58 - SDL:13/07/2009 - 19:53:33 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\Drivers\BrUsbMdm.sys   [12160]

O58 - SDL:13/07/2009 - 19:53:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\Drivers\BrUsbSer.sys   [11904]

O58 - SDL:13/07/2009 - 19:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\Drivers\bxvbdx.sys   [430080]

O58 - SDL:13/07/2009 - 22:26:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\cmdide.sys   [15952]

O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\System32\Drivers\djsvs.sys   [70720]

O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [453712]

O58 - SDL:13/07/2009 - 19:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\Drivers\evbdx.sys   [3100160]

O58 - SDL:10/06/2014 - 10:46:02 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys   [47192]

O58 - SDL:11/03/2014 - 08:56:16 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\gbpndisrd.sys   [31088]

O58 - SDL:03/03/2014 - 09:03:04 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys   [29400]

O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [26624]

O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\System32\Drivers\HpSAMD.sys   [67152]

O58 - SDL:11/03/2011 - 02:38:51 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\Drivers\iaStorV.sys   [332160]

O58 - SDL:07/11/2013 - 01:02:14 ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\Drivers\igdkmd32.sys   [3768320]

O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\Drivers\iirsp.sys   [41040]

O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_fc.sys   [95824]

O58 - SDL:13/07/2009 - 22:20:37 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas.sys   [89168]

O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas2.sys   [54864]

O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_scsi.sys   [96848]

O58 - SDL:21/11/2014 - 05:14:06 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Windows\System32\Drivers\mbam.sys   [23256]

O58 - SDL:21/11/2014 - 05:14:10 ---A- . (.Malwarebytes Corporation - Malwarebytes Chameleon Protection Driver.) -- C:\Windows\System32\Drivers\mbamchameleon.sys   [75480]

O58 - SDL:02/12/2014 - 21:49:31 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Windows\System32\Drivers\MBAMSwissArmy.sys   [114904]

O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\Windows\System32\Drivers\megasas.sys   [30800]

O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\Drivers\MegaSR.sys   [235584]

O58 - SDL:21/11/2014 - 05:14:20 ---A- . (.Malwarebytes Corporation - Malwarebytes Web Access Control.) -- C:\Windows\System32\Drivers\mwac.sys   [51928]

O58 - SDL:13/07/2009 - 22:20:44 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\Drivers\nfrd960.sys   [44624]

O58 - SDL:11/03/2011 - 02:39:00 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\Drivers\nvraid.sys   [117120]

O58 - SDL:11/03/2011 - 02:39:00 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\Drivers\nvstor.sys   [143744]

O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\Drivers\ql2300.sys   [1383488]

O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\Drivers\ql40xx.sys   [106064]

O58 - SDL:16/02/2012 - 13:42:00 ---A- . (.Realtek - Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver.) -- C:\Windows\System32\Drivers\Rt86win7.sys   [514152]

O58 - SDL:13/07/2009 - 17:50:20 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\System32\Drivers\secdrv.sys   [20480]

O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid2.sys   [40016]

O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid4.sys   [77888]

O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [21072]

O58 - SDL:13/09/2012 - 09:46:19 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys   [13024]

O58 - SDL:13/07/2009 - 22:19:10 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\viaide.sys   [16976]

O58 - SDL:13/07/2009 - 22:19:11 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\Drivers\vsmraid.sys   [141904]

O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]

O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys   [27097]

O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS   [4768]

O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS   [42809]

O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS   [42537]

O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS   [27866]

O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS   [29146]

O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS   [29370]

O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS   [29274]

O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS   [29146]

O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS   [33952]

O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS   [34672]

O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS   [35776]

O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS   [35536]

O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS   [34672]

~ Drivers: 68 Scanned in 00mn 02s







---\\ Últimos ficheiros alterados ou criados (Utilizador) (061)

O61 - LFC: 01/12/2014 - 01:07:33 ---A- . (...) -- C:\Users\User\AppData\Local\Temp\Quarantine.exe   [601088]

O61 - LFC: 02/12/2014 - 01:07:31 ---A- . (...) -- C:\Users\User\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin   [172402]

O61 - LFC: 02/12/2014 - 01:07:31 ---A- . (...) -- C:\Users\User\AppData\Local\Google\Chrome\User Data\nacl_validation_cache.bin   [128]

O61 - LFC: 02/12/2014 - 01:07:39 ---A- . (...) -- C:\Users\User\Desktop\AdwCleaner.exe   [2154496]

O61 - LFC: 02/12/2014 - 01:07:40 ---A- . (...) -- C:\Users\User\Downloads\DownloadManagerSetup.exe   [801408]

O61 - LFC: 02/12/2014 - 01:07:40 ---A- . (.Malwarebytes Corporation.) -- C:\Users\User\Desktop\mbam-setup-2.0.4.1028.exe   [20447072]

O61 - LFC: 02/12/2014 - 01:07:40 ---A- . (.Nicolas Coolman.) -- C:\Users\User\Desktop\ZHPDiag2.exe   [6866303]  =>.Nicolas Coolman

O61 - LFC: 02/12/2014 - 01:07:40 ---A- . (.Thisisu.) -- C:\Users\User\Desktop\JRT.exe   [1707646]

O61 - LFC: 26/11/2014 - 01:07:40 ---A- . (.<a href="http://windowexeallkiller.com" target="_blank">http://windowexeallkiller.com</a>.) -- C:\Users\User\Desktop\WindowexeAllkiller.exe   [369872]

O61 - LFC: 29/11/2014 - 01:07:33 ---A- . (...) -- C:\Users\User\AppData\Local\Temp\jrt\get.bat   [14957]

O61 - LFC: 29/11/2014 - 01:07:33 ---A- . (...) -- C:\Users\User\AppData\Local\Temp\jrt\misc.bat   [190569]

O61 - LFC: 29/11/2014 - 01:07:33 ---A- . (...) -- C:\Users\User\AppData\Local\Temp\jrt\runvalues.bat   [10880]

O61 - LFC: 30/11/2014 - 01:07:33 ---A- . (...) -- C:\Users\User\AppData\Local\Temp\utt8508.tmp.bat   [100]

O61 - LFC: 30/11/2014 - 01:07:40 ---A- . (.Google Inc..) -- C:\Users\User\Downloads\ChromeSetup.exe   [880784]

~ 196 Fichiers temporaires (Temporary files)

~ 13 Fichiers cookies (Cookies files)

~ Files: 14 Scanned in 00mn 09s







---\\ Ficheiros Alternate Data Stream (ADS) (O62)

O62 - ADS:Alternate Data Stream File - C:\Windows\System32\:F0E9F896_Bb.gbp

O62 - ADS:Alternate Data Stream File - C:\Windows\System32\:F0E9F896_Uni.gbp

O62 - ADS:Alternate Data Stream File - C:\Windows\System32\drivers\:GbpKmAp.lst

O62 - ADS:Alternate Data Stream File - C:\Windows\System32\Drivers\:GbpKmAp.lst

~ ADS:  Scanned in 00mn 00s







---\\ Lista das ferramentas de remoção de vírus (LAT) (063)

O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman

~ ADS:  Scanned in 00mn 00s







---\\ Lista dos serviços Legacy du registo (064)

O64 - Services: CurCS - 11/03/2014 - C:\Windows\System32\drivers\Bhbase.sys (Bhbase)  .(.Baidu, Inc. - Baidu Antivirus Hook Base.) - LEGACY_BHBASE

O64 - Services: CurCS - 10/06/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm)  .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM

O64 - Services: CurCS - 03/03/2014 - C:\Windows\System32\DRIVERS\gbpndisrdn.sys (Ndisrd)  .(.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - LEGACY_NDISRD

O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv)  .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV

~ Legacy: 101 Scanned in 00mn 00s







---\\ Associações Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe  =>.Microsoft Corporation

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\System32\eventvwr.exe

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <SparkSafeHTML>[HKLM\..\open\Command] (.Not Key.)

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe

O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S

O67 - Shell Spawning: <.html> <SparkSafeHTML>[HKCU\..\open\Command] (.Not Key.)

O67 - Shell Spawning: <.scr> <AutoCADScriptFile>[HKCU\..\open\Command] (.Microsoft Corporation - Bloco de notas.) -- C:\Windows\system32\notepad.exe

~ FASS Keys: 12 Scanned in 00mn 00s







---\\ Menu de inicialização Internet (068)

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

~ Keys:  Scanned in 00mn 00s







---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)

O69 - SBI: SearchScopes [HKCU] 64DF209C6DD245538C7BDD7C70C0800D [DefaultScope] - (Google) - <a href="http://www.google.com" target="_blank">http://www.google.com</a>

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - <a href="http://www.bing.com" target="_blank">http://www.bing.com</a>

~ Keys:  Scanned in 00mn 00s







---\\ Listagem dos ficheiros Crack & Keygen (CKF) (O82)

C:\Users\User\Downloads\Corel Draw Graphics Suite X7.2 -WIN32-XFORCE- [MUMBAI-TPB]\Crack\Keygen.exe  =>.Crack,Keygen

~ Files:  Scanned in 00mn 28s







---\\ Listagem dos serviços iniciados pelo Svchost (SSS) (O83)

O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Serviço de Experiência com Aplicativo.) -- C:\Windows\System32\aelupsvc.dll   [62464]

O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll   [67584]

O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll   [67584]

O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll   [168960]

O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Cliente da Diretiva de Grupo.) -- C:\Windows\System32\gpsvc.dll   [593408]

O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\System32\ikeext.dll   [679424]

O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Serviço de Áudio do Windows.) -- C:\Windows\System32\Audiosrv.dll   [473600]

O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gerenciador de Discagem Automática de Acesso Remoto.) -- C:\Windows\System32\rasauto.dll   [90624]

O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\System32\rasmans.dll   [286208]

O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gerenciador de Interface Dinâmica.) -- C:\Windows\System32\mprdim.dll   [75264]

O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistema (SENS).) -- C:\Windows\System32\sens.dll   [49664]

O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\System32\ipnathlp.dll   [300544]

O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft(R) Windows(TM).) -- C:\Windows\System32\tapisrv.dll   [242176]

O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gerenciador de Conexões Remotas do Servidor Host da Sessão da Área de.) -- C:\Windows\System32\termsrv.dll   [523264]

O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll   [1973728]

O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de plano de fundo.) -- C:\Windows\System32\qmgr.dll   [585728]

O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\System32\shsvcs.dll   [328192]

O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 em uma rede IPv4..) -- C:\Windows\System32\iphlpsvc.dll   [499712]

O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\Windows\system32\seclogon.dll   [21504]

O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações de Aplicativos.) -- C:\Windows\System32\appinfo.dll   [47104]

O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Descoberta iSCSI.) -- C:\Windows\System32\iscsiexe.dll   [114688]

O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Serviço Agendador de Classes de Multimídia.) -- C:\Windows\System32\mmcss.dll   [49664]

O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\System32\wercplsupport.dll   [61440]

O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Serviço Microsoft EAPHost.) -- C:\Windows\System32\eapsvc.dll   [98304]

O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll   [164352]

O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll   [750592]

O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\Windows\System32\kmsvc.dll   [71168]

O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração da Área de Trabalho Remota.) -- C:\Windows\System32\sessenv.dll   [113664]

O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll   [168960]

O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\System32\browser.dll   [102912]

O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\System32\themeservice.dll   [37376]

O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Serviço BDE.) -- C:\Windows\System32\bdesvc.dll   [76800]

O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Serviço de instalação do software.) -- C:\Windows\System32\appmgmts.dll   [149504]

~ Services: 33 Scanned in 00mn 00s







---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)

[MD5.CBDDB6C4BCD895F8879FD6AC588007A0] [SPRF][02/12/2014] (.No owner - Aut2Exe.) -- C:\Users\User\Desktop\AdwCleaner.exe   [2154496]

[MD5.C254F3ECEB9B1AC795BA6B25DE008EBA] [SPRF][02/12/2014] (.Thisisu - Junkware Removal Tool.) -- C:\Users\User\Desktop\JRT.exe   [1707646]

[MD5.3BD59D6C407AB1F6DDD7C5D9BD727469] [SPRF][02/12/2014] (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Users\User\Desktop\mbam-setup-2.0.4.1028.exe   [20447072]

[MD5.8C15A8B7FB94B6FAA0DB8A1D8016113D] [SPRF][26/11/2014] (.<a href="http://windowexeallkiller.com" target="_blank">http://windowexeallkiller.com</a> - WindowexeAllkiller.) -- C:\Users\User\Desktop\WindowexeAllkiller.exe   [369872]

[MD5.5136C23598002F53C82AB47723378422] [SPRF][02/12/2014] (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Users\User\Desktop\ZHPDiag2.exe   [6866303]

[MD5.53B3595DE38F69DC3BBCDA8DCDBE3778] [SPRF][08/02/2013] (.Autodesk, Inc. - Autodesk i-drop control.) -- C:\Windows\Downloaded Program Files\IDropENU.dll   [117064]

~ Files: 6 Scanned in 00mn 04s







---\\ Listagem dos dados da chave NameSpace (MNS) (O92)

O92 - MNS: Pastas da Web - {BDEADF00-C265-11D0-BCED-00A0C90AB50F}

~ MNS: 1 Scanned in 00mn 00s







---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)

SS - | Demand 07/11/2013 279000 |  (cphs) . (.Intel Corporation.) - C:\Windows\System32\IntelCpHeciSvc.exe

SS - | Demand 05/03/2014 1064312 |  (FlexNet Licensing Service) . (.Flexera Software LLC.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

SS - | Auto 25/07/2014 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe

SS - | Demand 25/07/2014 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe

SS - | Disabled 19/04/2007 537520 |  (lxcz_device) . (...) - C:\Windows\system32\lxczcoms.exe

SS - | Demand 09/04/2014 235696 |  (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe

SS - | Auto 03/04/2014 315008 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe

SS - | Demand 19/02/2010 517096 |  (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 21/07/2014 546104 |  (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe

SR - | Auto 22/08/2014 22192 |  (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe

SR - | Auto 10/03/2010 189728 |  (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

SR - | Auto 12/07/2014 518968 |  (Warsaw Technology) . (.GAS Tecnologia LTDA.) - C:\Program Files\Diebold\Warsaw\core.exe

SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services:  Scanned in 00mn 09s







---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBR) (080)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, <a href="http://www.gmer.net" target="_blank">http://www.gmer.net</a>

Run by User at 03/12/2014 01:08:30

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys

1 ntkrnlpa!IofCallDriver[0x82C38BBA] >> \Device\Harddisk0\DR0[0x8641D030]

3 CLASSPNP[0x8C00C59E] >> ntkrnlpa!IofCallDriver[0x82C38BBA] >> \Device\Ide\IdeDeviceP1T0L0-1[0x85EB2908]

kernel: MBR read successfully

user & kernel MBR OK

~ MBR: 12 Scanned in 00mn 02s







---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBRCheck) (080)

Written by ad13, <a href="http://ad13.geekstog" target="_blank">http://ad13.geekstog</a>

Run by User at 03/12/2014 01:08:32

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

~ MBR:  Scanned in 00mn 04s







---\\ Scâner Aditional (088)

Database Version : 13026 - (30/11/2014)

Clés trouvées (Keys found) : 0

Valeurs trouvées (Values found) : 0

Dossiers trouvés  (Folders found) : 4

Fichiers trouvés  (Files found) : 1



C:\Program Files\uTorrent   =>P2P.µTorrent^

C:\ProgramData\AodaBluoCCknWaetch   =>PUP.ADBlocknWatch^

C:\ProgramData\InstallMate   =>PUP.Tarma^

C:\Users\User\AppData\Roaming\uTorrent   =>P2P.µTorrent^

[HKCU\Software\BitTorrent]   =>P2P.BitTorrent^

~ Additionnel Scan: 326643 Items scanned in 00mn 12s







---\\ Informações complémentaires do módulos

~ <a href="http://nicolascoolman.fr/g2-google-chrome-extensions/" target="_blank">http://nicolascoolman.fr/g2-google-chrome-extensions/</a>  =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)

~ <a href="http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/" target="_blank">http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/</a>  =>.Internet Explorer, Gestão do Proxy (R5)

~ <a href="http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/" target="_blank">http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/</a>  =>.Browser Helper Objects do navegador (02)

~ <a href="http://nicolascoolman.fr/o3-internet-explorer-toolbars/" target="_blank">http://nicolascoolman.fr/o3-internet-explorer-toolbars/</a>  =>.Barras do Internet Explorer (03))

~ <a href="http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/" target="_blank">http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/</a>  =>.Aplicações iniciadas por registo & pastas (04)

~ <a href="http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/" target="_blank">http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/</a>  =>.Chave do registo Shell MountPoints2 (MPSK) (O51)

~ AMI: 6 Scanned in 00mn 00s







---\\ Sumário das deteções encontradas na sua estação

<a href="http://www.nicolascoolman.fr/blog/" target="_blank">http://www.nicolascoolman.fr/blog/</a>  =>PUP.ADBlocknWatch

<a href="http://nicolascoolman.fr/pup-tarma" target="_blank">http://nicolascoolman.fr/pup-tarma</a>  =>PUP.Tarma

~ MSI: 2 link(s) detected in 00mn 00s







End of the scan (1192 lines in 02mn 46s)(1)

• Execute este script na ferramenta ZHPFix.
  
• Copie estas informações que estão em vermelho para o Bloco de notas.
  
• Com o Bloco de notas aberto, faça: ctrl+a >> ctrl+c.
  
• À seguir, minimize o Bloco de notas.
  
  

Rapport de ZHPFix 2014.10.24.12 par Nicolas Coolman, Update du 24/10/2014

Fichier d'export Registre :

Run by User at 03/12/2014 11:26:01

High Elevated Privileges : OK

Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)



Reciclagem vazia (02mn 55s)

Prefetcher vazio



========== Softwares ==========

ELIMINÉ: Warsaw 1.3.1



========== Estado dos serviços ==========

BHBASE Parado

Bfilter Parado

Bfmon Parado

Bnbase Parado

Bndef Parado

Bprotect Parado



========== Chaves do Registo ==========

ELIMINÉ Driver Key: Bfilter

ELIMINÉ Driver Key: Bfmon

ELIMINÉ Driver Key: Bnbase

ELIMINÉ Driver Key: Bndef

ELIMINÉ Driver Key: Bprotect

ELIMINÉ: HKCU\Software\ToolbarCleaner

ELIMINÉ: HKCU\Software\ToolbarCleaneroptions



========== Valores do Registo ==========

Ausente Valor Perfil Padrão: FirewallRaz :

Ausente Valor Perfil Domínio FirewallRaz :

ELIMINÉ: Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93}



========== Pastas ==========

ELIMINÉ Temporários windows (24)

ELIMINÉ Flash Cookies (0)

ELIMINÉ: C:\ProgramData\AodaBluoCCknWaetch

ELIMINÉ: C:\ProgramData\boost_interprocess

ELIMINÉ: C:\ProgramData\InstallMate



========== Ficheiros ==========

ELIMINÉ Temporários windows (200) (36.252.237 octets)

ELIMINÉ Flash Cookies (0) (0 octets)

ELIMINA REINICIAR: c:\program files\diebold\warsaw\core.exe

ELIMINÉ: c:\windows\system32\drivers\bhbase.sys



========== Tarefa planificada ==========

ELIMINÉ: {D1DCE0E3-F906-43D4-9D8C-814D70E6A4D6}



========== Restauração Sistema ==========

Ponto de restauro do sistema criado com sucesso





========== Recapitulativo ==========

7 : Chaves do Registo

3 : Valores do Registo

5 : Pastas

4 : Ficheiros

1 : Softwares

6 : Estado dos serviços

1 : Tarefa planificada

1 : Restauração Sistema





End of clean in 03mn 40s



========== Caminho do ficheiro do relatório ==========

C:\Users\User\AppData\Roaming\ZHP\ZHPFix[R1].txt - 03/12/2014 11:28:57 [1876]

• Baixe:<> <(...by Farbar)>
  
• Ou aqui:<Farbar Recovery Scan Tool 64-bits>
  
• Salve-a na Área de trabalho !
  
• Execute a ferramenta ! Clique "Yes" >> "Scan".
  
  
  
• Verifique se as caixinhas em "Whitelist" estão assinaladas.
  
• Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
  
• Será gerado o relatório! (FRST.txt)
  
• Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
  
• Acesse: <>
  
• Ou anexe-o ao fórum !
  

Addition:



Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-12-2014

Ran by User at 2014-12-03 17:43:21

Running from C:\Users\User\Desktop

Boot Mode: Safe Mode (with Networking)

==========================================================





==================== Security Center ========================



(If an entry is included in the fixlist, it will be removed.)



AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



==================== Installed Programs ======================



(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)



Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.2 - Adobe Systems)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)

Adobe Creative Suite 6 Master Collection (HKLM\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)

Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)

Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)

Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)

Adobe InDesign CS6 (HKLM\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.0 - Adobe Systems Incorporated)

Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)

Akamai NetSession Interface (HKU\S-1-5-21-2280996496-2547309230-2409872793-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)

Arquivo do WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

aTube Catcher (HKLM\...\aTube Catcher) (Version: 3.8.7955 - DsNET Corp)

CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)

Central de Mouse e Teclado da Microsoft (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)

Central de Mouse e Teclado da Microsoft (Version: 2.2.173.0 - Microsoft Corporation) Hidden

ClamWin Free Antivirus 0.97.4 (HKLM\...\ClamWin Free Antivirus_is1) (Version:  - alch)

Corel Graphics - Windows Shell Extension (HKLM\...\_{B92076C0-C5FE-4DB1-AA8D-855430CDF098}) (Version: 16.0.0.707 - Corel Corporation)

Corel Graphics - Windows Shell Extension (Version: 16.0.707 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - BR (Version: 16.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - Capture (Version: 16.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - Common (Version: 16.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - Connect (Version: 16.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - Content (HKLM\...\_{C221B72F-C0AC-4DD7-B27E-701B1E9DE23A}) (Version: 16.0 -  Corel Corporation)

CorelDRAW Graphics Suite X6 - Content (Version: 16.0 -  Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - Custom Data (Version: 16.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - Draw (Version: 16.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - EN (Version: 16.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - ES (Version: 16.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - Filters (Version: 16.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - FontNav (Version: 16.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - FR (Version: 16.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - IPM (Version: 16.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - PHOTO-PAINT (Version: 16.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - Photozoom Plugin (Version: 16.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - Redist (Version: 16.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - Setup Files (Version: 16.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - VBA (Version: 16.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - VideoBrowser (Version: 16.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - VSTA (Version: 16.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - Writing Tools (Version: 16.0 -  Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 (HKLM\...\_{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}) (Version: 16.0.0.707 - Corel Corporation)

CorelDRAW Graphics Suite X6 (Version: 16.0 - Corel Corporation) Hidden

FotoSketcher 2.60 (HKLM\...\{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1) (Version:  - David THOIRON)

Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)

Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)

K-Lite Mega Codec Pack 9.5.5 (HKLM\...\KLiteCodecPack_is1) (Version: 9.5.5 - )

Legendas 3.0 (HKLM\...\{461C0377-D2EC-4FB0-B038-847BC6455432}_is1) (Version: 3.0 - LegendasBrasil.com.br)

Lexmark 1200 Series (HKLM\...\Lexmark 1200 Series) (Version:  - Lexmark International, Inc.)

Malwarebytes Anti-Malware versão 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden

Photo Story 3 for Windows (HKLM\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)

Rainlendar2 (remove only) (HKLM\...\Rainlendar2) (Version:  - )

Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)

Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)

Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)

ZHPDiag 2014 (HKLM\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)



==================== Custom CLSID (selected items): ==========================



(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)



CustomCLSID: HKU\S-1-5-21-2280996496-2547309230-2409872793-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2280996496-2547309230-2409872793-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2280996496-2547309230-2409872793-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2280996496-2547309230-2409872793-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2280996496-2547309230-2409872793-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2280996496-2547309230-2409872793-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2280996496-2547309230-2409872793-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2280996496-2547309230-2409872793-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2280996496-2547309230-2409872793-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2280996496-2547309230-2409872793-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2280996496-2547309230-2409872793-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2280996496-2547309230-2409872793-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2280996496-2547309230-2409872793-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)



==================== Restore Points  =========================



30-11-2014 17:27:46 Windows Update

30-11-2014 17:38:13 Removido WinZip 18.5

30-11-2014 17:41:11 Removed Prezi.

30-11-2014 17:58:08 WinThruster dom, nov 30, 14  15:58

30-11-2014 18:13:08 antes do window allkiller

30-11-2014 18:29:22 Removed Prezi.

01-12-2014 01:58:31 Revo Uninstaller's restore point - Windows Live Essentials

01-12-2014 02:02:16 Revo Uninstaller's restore point - Windows Live Essentials

03-12-2014 13:25:48 ZHPFix Restore System Point



==================== Hosts content: ==========================



(If needed Hosts: directive could be included in the fixlist to reset Hosts.)



2009-07-14 00:04 - 2014-12-01 00:30 - 00000748 ____N C:\Windows\system32\Drivers\etc\hosts



==================== Scheduled Tasks (whitelisted) =============



(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)



Task: {216552BB-3610-4445-8D2B-0BD558AA2498} - System32\Tasks\{0DD6E2EB-95BB-4896-A00C-38821E4D7870} => C:\lexmark\drivers\1200\Setup.exe [2009-04-27] ( )

Task: {267E5C0F-25B3-4EDE-98DB-8712DC85A099} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-25] (Google Inc.)

Task: {3A0025E2-5104-4228-B345-6257A8FAA8B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-25] (Google Inc.)

Task: {42CFC03E-E998-4CDE-8E6B-E9659DCDBF9F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {6749630A-19D4-47DF-9029-D67610DEC6DE} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)

Task: {72CD6C8E-9E0D-46F2-B0F5-C0857FC54E86} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)

Task: {ADE3FE40-39F0-4AAC-A74E-7DB019DD566A} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)

Task: {B35810D8-CB4D-4C2C-8190-F77CC5BC6A56} - System32\Tasks\{D84C7656-826F-41A6-829F-12E36B14E54C} => Chrome.exe <a href="http://ui.skype.com/ui/0/6.21.0.104/pt/abandoninstall?page=tsBing" target="_blank">http://ui.skype.com/ui/0/6.21.0.104/pt/abandoninstall?page=tsBing</a>

Task: {CBB93908-6611-47C4-A0E0-BA5F3F60B723} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)

Task: {E63A3D9A-13C3-4E36-AF39-ABAD153BA64C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)

Task: {F051C75C-C310-46DF-BA26-02E3A6A51D60} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)



(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)



Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe



==================== Loaded Modules (whitelisted) =============



2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2012-09-13 10:22 - 2010-03-15 12:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll

2012-09-13 10:45 - 2008-04-19 18:35 - 00081920 _____ () C:\Program Files\ClamWin\bin\ExpShell.dll



==================== Alternate Data Streams (whitelisted) =========



(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)



AlternateDataStreams: C:\Windows\System32:F0E9F896_Bb.gbp

AlternateDataStreams: C:\Windows\System32:F0E9F896_Uni.gbp

AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst



==================== Safe Mode (whitelisted) ===================



(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)



HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"



==================== EXE Association (whitelisted) =============



(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)





==================== MSCONFIG/TASK MANAGER disabled items =========



(Currently there is no automatic fix for this section.)



MSCONFIG\Services: lxcz_device => 2

MSCONFIG\Services: MozillaMaintenance => 3

MSCONFIG\Services: NBService => 3

MSCONFIG\Services: NMIndexingService => 3

MSCONFIG\Services: RichVideo => 2



========================= Accounts: ==========================



Administrador (S-1-5-21-2280996496-2547309230-2409872793-500 - Administrator - Disabled)

Convidado (S-1-5-21-2280996496-2547309230-2409872793-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2280996496-2547309230-2409872793-1002 - Limited - Enabled)

User (S-1-5-21-2280996496-2547309230-2409872793-1000 - Administrator - Enabled) => C:\Users\User



==================== Faulty Device Manager Devices =============



Name: Microsoft PS/2 Mouse

Description: Microsoft PS/2 Mouse

Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: i8042prt

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.



Name: Security Processor Loader Driver

Description: Security Processor Loader Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: spldr

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.



Name: Teclado Padrão PS/2

Description: Teclado Padrão PS/2

Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}

Manufacturer: (teclados padrões)

Service: i8042prt

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.



Name: Mobile USB Modem 1.0

Description: Mobile USB Modem 1.0

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.





==================== Event log errors: =========================



Application errors:

==================

Error: (12/03/2014 05:27:00 PM) (Source: ESENT) (EventID: 623) (User: )

Description: wuaueng.dll (1152) SUS20ClientDataStore: O armazenamento de versão desta instância (0) atingiu seu tamanho máximo de 32 Mb. É possível que uma transação de execução demorada esteja evitando a limpeza do armazenamento de versão e causando o seu aumento de tamanho. As atualizações serão rejeitadas até que a transação de execução demorada tenha sido completamente confirmada ou revertida.



Provável transação de execução demorada:



    SessionId: 0x00FD0320



    Contexto de sessão: 0x00000000



    ThreadId do contexto de sessão: 0x00000468



    Cleanup: 1



Error: (12/03/2014 11:25:47 AM) (Source: VSS) (EventID: 8194) (User: )

Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback.  hr =  0x80070005, Acesso negado.

.

Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.





Operação:

   Obtendo Dados do Gravador



Contexto:

   Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}

   Nome do Gravador: System Writer

   ID de Instância de Gravador: {b2dd1b6e-a456-4ef1-9a3d-0530c94cd306}





System errors:

=============

Error: (12/03/2014 05:41:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: O serviço Provedor do Grupo Doméstico depende do serviço Host de Provedor da Descoberta de Função, mas não foi possível iniciá-lo devido ao seguinte erro:

%%1068



Error: (12/03/2014 05:41:34 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}



Error: (12/03/2014 05:41:34 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}



Error: (12/03/2014 05:41:30 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}



Error: (12/03/2014 05:41:24 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}



Error: (12/03/2014 05:41:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização:

Bhbase

discache

MpFilter

spldr

Wanarpv6



Error: (12/03/2014 05:41:15 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )

Description: O recurso de Proteção em Tempo Real %%860 encontrou um erro e falhou.



    Recurso: %%834



    Código de Erro: 0x8007043c



    Descrição do erro: Não é possível compartilhar este serviço no modo de segurança



    Motivo: %%858



Error: (12/03/2014 05:32:11 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %AUTORIDADE NT60 encontrou um erro ao atualizar assinaturas.



    Nova Versão da Assinatura:



    Versão da Assinatura Anterior: 1.189.1182.0



    Origem da Atualização: %AUTORIDADE NT59



    Etapa da Atualização: 4.6.0305.00



    Caminho de Origem: 4.6.0305.01



    Tipo de Assinatura: %AUTORIDADE NT602



    Tipo de Atualização: %AUTORIDADE NT604



    Usuário: AUTORIDADE NT\SISTEMA



    Versão do Mecanismo Atual: %AUTORIDADE NT605



    Versão do Mecanismo Anterior: %AUTORIDADE NT606



    Código de Erro: %AUTORIDADE NT607



    Descrição do erro: %AUTORIDADE NT608



Error: (12/03/2014 05:21:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização:

Bhbase



Error: (12/03/2014 05:21:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Não foi possível iniciar o serviço adfs devido ao seguinte erro:

%%2





Microsoft Office Sessions:

=========================

Error: (12/03/2014 05:27:00 PM) (Source: ESENT) (EventID: 623) (User: )

Description: wuaueng.dll1152SUS20ClientDataStore: 0320x00FD03200x000000000x000004681



Error: (12/03/2014 11:25:47 AM) (Source: VSS) (EventID: 8194) (User: )

Description: 0x80070005, Acesso negado.





Operação:

   Obtendo Dados do Gravador



Contexto:

   Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}

   Nome do Gravador: System Writer

   ID de Instância de Gravador: {b2dd1b6e-a456-4ef1-9a3d-0530c94cd306}





CodeIntegrity Errors:

===================================

  Date: 2014-11-12 13:07:51.102

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.



  Date: 2014-11-12 13:07:51.004

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.



  Date: 2014-11-12 13:00:08.513

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.



  Date: 2014-11-11 17:44:40.175

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.



  Date: 2014-11-11 17:44:40.110

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.



  Date: 2014-11-11 17:44:40.046

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.



  Date: 2014-11-11 17:33:34.077

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.



  Date: 2014-11-11 17:33:34.003

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.



  Date: 2014-11-11 17:33:33.916

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.



  Date: 2014-11-11 15:17:33.667

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.





==================== Memory info ===========================



Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz

Percentage of memory in use: 28%

Total physical RAM: 3295.75 MB

Available physical RAM: 2346.52 MB

Total Pagefile: 6589.79 MB

Available Pagefile: 5627.25 MB

Total Virtual: 2047.88 MB

Available Virtual: 1898.39 MB



==================== Drives ================================



Drive c: () (Fixed) (Total:465.66 GB) (Free:265.99 GB) NTFS



==================== MBR & Partition Table ==================



========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 63C0461A)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)



==================== End Of Log ============================