Relatório do Malwarebytes Anti-Malware:
Scan Date: 02/12/2014
Scan Time: 21:08:10
Logfile: log mal.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2014.12.02.10
Rootkit Database: v2014.12.02.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: User
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 500742
Time Elapsed: 1 hr, 6 min, 41 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 3
PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\SearchSnacks, Quarantined, [868ce5797c00a690023f4208a75c7c84],
PUP.Optional.Complitly.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\defdhglnppeioeflggkmglipcecffkhk, Quarantined, [63af441a23597db9d4e3b10855af08f8],
PUP.Optional.SearchSnacks, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ssnfd, Quarantined, [eb2779e557250f27b8dc92c7db28b050],
Registry Values: 1
PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|[EMAIL]search-snacks@search-snacks.com[/EMAIL], C:\Program Files\Mozilla Firefox\extensions\[EMAIL]search-snacks@search-snacks.com[/EMAIL], Quarantined, [66ac93cb314b05315daa9fca10f30af6]
Registry Data: 0
(No malicious items detected)
Folders: 1
PUP.Optional.PlusHD.A, C:\Users\User\AppData\LocalLow\Plus-HD-4.1, Quarantined, [868c510d790355e1b16eaf6ae22109f7],
Files: 8
PUP.RiskwareTool.CK, C:\Users\User\Desktop\bkp alice\programas\Adobe CS6 Master Collection\Crack\Cracked amtlib.dll\32-bit\amtlib.dll, Quarantined, [769cf5696b1152e46fbcaabf81814fb1],
PUP.RiskwareTool.CK, C:\Users\User\Desktop\bkp alice\programas\Adobe CS6 Master Collection\Crack\Cracked amtlib.dll\64-bit\amtlib.dll, Quarantined, [31e14f0f5d1fe74fd656135609f9e41c],
PUP.Optional.ELEX, C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir, Quarantined, [2ae872ec9ce08aac8531deddbd44f40c],
PUP.RiskwareTool.CK, C:\Program Files\Adobe\Adobe Illustrator CS6\Support Files\Contents\Windows\amtlib.dll, Quarantined, [32e0adb1ec90a195e348e0891ee49967],
PUP.Optional.PlusHD.A, C:\Users\User\AppData\LocalLow\Plus-HD-4.1\DTFProxyToServerSect_bCrossriderApp0039200_p1280.dat, Quarantined, [868c510d790355e1b16eaf6ae22109f7],
PUP.Optional.PlusHD.A, C:\Users\User\AppData\LocalLow\Plus-HD-4.1\DTFProxyToServerSect_bCrossriderApp0039200_p1524.dat, Quarantined, [868c510d790355e1b16eaf6ae22109f7],
PUP.Optional.PlusHD.A, C:\Users\User\AppData\LocalLow\Plus-HD-4.1\DTFProxyToServerSect_bCrossriderApp0039200_p2368.dat, Quarantined, [868c510d790355e1b16eaf6ae22109f7],
PUP.Optional.PlusHD.A, C:\Users\User\AppData\LocalLow\Plus-HD-4.1\DTFProxyToServerSect_bCrossriderApp0039200_p5800.dat, Quarantined, [868c510d790355e1b16eaf6ae22109f7],
Physical Sectors: 0
(No malicious items detected)
(end)
Relatório do ZHPDiag v2014.11.30.168 - Nicolas Coolman (30/11/2014)
~ Iniciado por User (03/12/2014 01:06:01)
~ Facebook : <a href="https://www.facebook.com/nicolascoolman1" target="_blank">https://www.facebook.com/nicolascoolman1</a>
~ Endereço do Webforum : <a href="http://forum.nicolascoolman.fr" target="_blank">http://forum.nicolascoolman.fr</a>
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Desativado pelo Utilizador
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17358
GCIE: Google Chrome v36.0.1985.125
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
ClamWin Free Antivirus 0.97.4
Malwarebytes Anti-Malware versão 2.0.4.1028
Microsoft Security Client v4.6.0305.0
McAfee Security Scan Plus v3.8.150.1
Windows Defender W7 (Deactivate)
---\\ Softwares d'optimização do sistema
CCleaner v4.07
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3295 MB (81% free)
System Restore: Activé (Enable)
System drive C: has 262 GB (56%) free of 466 GB
---\\ Modo de conexão ao sistema
~ Computer Name: USER-PC
~ User Name: User
~ All Users Names: User, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: None
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\User\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\User\AppData\Roaming\
~ %Desktop% : C:\Users\User\Desktop\
~ %Favorites% : C:\Users\User\Favorites\
~ %LocalAppData% : C:\Users\User\AppData\Local\
~ %StartMenu% : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 262 Go of 466 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 50 Scanned in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.7AE80F921027CF88CB9D0433088A3E55] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/09/2014 - 20:59:11.) -- C:\Windows\System32\wininet.dll [1810944]
[MD5.52449FD429D6053B78AE564DEF303870] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.16/07/2014 - 22:39:27.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 0/0
~ Mes musiques (My Musics) : 123/159
~ Mes Videos (My Videos) : 0/0
~ Mes Documents (My Documents) : 1/3
~ Mon Bureau (My Desktop) : 1/31040
~ Menu demarrer (Programs) : 1/35
~ Hidden Files: Scanned in 00mn 42s
---\\ Processos lançados
[MD5.1841BE26ACDFEFF72BC5E7FB938D3612] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe [546104] [PID.736]
[MD5.A4B109D057E15A438CE74E5B71187417] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192] [PID.932]
[MD5.543A4EF0923BF70D126625B034EF25AF] - (.Protexis Inc. - PsiService PsiService.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [189728] [PID.1668]
[MD5.CD9109534403399ACC7D2A079F9B5608] - (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) -- C:\Program Files\Diebold\Warsaw\core.exe [518968] [PID.1780]
[MD5.BFC91929336304802B21DC380F178444] - (.Microsoft Corporation - IType.exe.) -- c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1113296] [PID.2040]
[MD5.6E3C60AC09E03CAEF32AE3DEFD0CC410] - (.Microsoft Corporation - IPoint.exe.) -- c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1693904] [PID.344]
[MD5.2E5212A0BFB98FE0167C92C76C87AFE3] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064] [PID.2616]
[MD5.22884291BD017D70E047D50DAD3C4602] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [189912] [PID.2624]
[MD5.16AEDBEBD92D1ECBA79BCEB09ED90F32] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [815512] [PID.2944]
[MD5.D6E2ED7F1F7BE7CCB8676491BF950B57] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4673432] [PID.2992]
[MD5.3D558E2572EDF52FAD098AF2534B4E20] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe [279456] [PID.3012]
[MD5.072678E0D68E9C3A7960328671134C7B] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [54240] [PID.2736]
[MD5.358A9CCA612C68EB2F07DDAD4CE1D8D7] - (.Microsoft Corporation - Microsoft Office Software Protection Platfo.) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.exe [4640000] [PID.3616]
[MD5.42D4456168E4A85AE1C29CCB008DC803] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8135680] [PID.1804]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.3616]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [eemcgdkfndhakfknompkggombfjjjeno] Bookmark Manager v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [ennkphjdgehloodpbhlhldgbnhmacadg] Settings v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [mfehgcgbbipciphmccgaenjidiccnmng] Cloud Print v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [mgndgikekgjfcpckkfioiadnlibdjbkf] Chrome v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Google+ Hangouts v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
G2 - EXT: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [Google Wallet]
~ Google Lines Browser: 12 Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_24 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.30514.0.) -- c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll
P2 - FPN: [HKLM] [@microsoft.com/SharePoint,version=14.0] - (.Microsoft Corporation - The plug-in allows you to open and edit files using Microsoft Office a.) -- C:\Program Files\Microsoft Office\Office14\NPSPWRAP.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [Adobe Acrobat] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.2.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
P2 - FPN: [HKLM] [adobe.com/AdobeAAMDetect] - (.Adobe Systems - A plugin to detect whether the Adobe Application Manager is installed.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
~ Firefox Browser: 9 Scanned in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.google.com" target="_blank">http://www.google.com</a>
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com" target="_blank">http://go.microsoft.com</a>
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = <a href="http://www.google.com" target="_blank">http://www.google.com</a>
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://www.google.com" target="_blank">http://www.google.com</a>
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = <a href="'http://www.google.com'" target="_blank">www.google.com</a>
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems - A plugin to detect whether the Adobe Application Manager is installed.) (No version) -- (.not file.)
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
~ IE Browser: 12 Scanned in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean) (20)
~ Hosts File: Scanned in 00mn 00s
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehUni.dll
~ BHO: 4 Scanned in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [ClamWin] . (.alch - ClamWin Antivirus.) -- C:\Program Files\ClamWin\bin\ClamTray.exe
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
O4 - HKLM\..\Run: [Diebold - Warsaw] . (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) -- C:\Program Files\Diebold\Warsaw\core.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\User\AppData\Local\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [WindowexeAllkiller] . (.<a href="http://windowexeallkiller.com" target="_blank">http://windowexeallkiller.com</a> - WindowexeAllkiller.) -- C:\Users\User\Desktop\WindowexeAllkiller.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2280996496-2547309230-2409872793-1000\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\User\AppData\Local\Akamai\netsession_win.exe
O4 - HKUS\S-1-5-21-2280996496-2547309230-2409872793-1000\..\Run: [WindowexeAllkiller] . (.<a href="http://windowexeallkiller.com" target="_blank">http://windowexeallkiller.com</a> - WindowexeAllkiller.) -- C:\Users\User\Desktop\WindowexeAllkiller.exe
~ Application: Scanned in 00mn 00s
---\\ Icones das opções IE invisiveis no painel das configurações (05)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ IE Control Panel: 1 Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Provedor de Correção de Nomeação de Emails.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Provedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
~ Winsock: 6 Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itaupersonnalite.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA21903E-D431-4025-9F75-F35355ADFD89}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA21903E-D431-4025-9F75-F35355ADFD89}: DhcpDomain = MultilaserAP
O17 - HKLM\System\CS1\Services\Tcpip\..\{CA21903E-D431-4025-9F75-F35355ADFD89}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CA21903E-D431-4025-9F75-F35355ADFD89}: DhcpDomain = MultilaserAP
O17 - HKLM\System\CS2\Services\Tcpip\..\{CA21903E-D431-4025-9F75-F35355ADFD89}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{CA21903E-D431-4025-9F75-F35355ADFD89}: DhcpDomain = MultilaserAP
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginUni . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehUni.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ SSODL: 1 Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) . (.Protexis Inc. - PsiService PsiService.) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Warsaw Technology (Warsaw Technology) . (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) - C:\Program Files\Diebold\Warsaw\core.exe
~ Services: 5 Scanned in 00mn 01s
---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Desktop Component: 4 Scanned in 00mn 00s
---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ BEX: 1 Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
[MD5.3E6442B01E44B3AA31807FEF5235DC54] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [3919640]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [116648]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [116648]
[MD5.235C127898A9AA40B74043E4C72DCA96] [APT] [{0DD6E2EB-95BB-4896-A00C-38821E4D7870}] (...) -- C:\lexmark\drivers\1200\Setup.exe [303784]
[MD5.235C127898A9AA40B74043E4C72DCA96] [APT] [{9CDD84A3-4746-42E2-9568-A1C8E6255D82}] (...) -- C:\lexmark\drivers\1200\Setup.exe [303784]
[MD5.013A74B96D5FD6C9A630CA814A4D1E36] [APT] [{AC65F617-25FE-49BC-B98D-BB3EC3A9C51E}] (...) -- C:\Program Files\Lexmark 1200 Series\Install\x86\Uninst.exe [2781864]
[MD5.00000000000000000000000000000000] [APT] [{D1DCE0E3-F906-43D4-9D8C-814D70E6A4D6}] (...) -- C:\Program Files\Baidu Security\PC Faster\3.7.0.0\UninstCaller.exe (.not file.) [0]
[MD5.B43E68B8A022FB00FF54360D408E871B] [APT] [{D84C7656-826F-41A6-829F-12E36B14E54C}] (.Google Inc..) -- c:\program files\google\chrome\application\chrome.exe [860488]
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1054]
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054]
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1058]
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1058]
~ Scheduled Task: 11 Scanned in 00mn 01s
---\\ Componentes instalados (ActiveSetup Installed Components) (040)
O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll
O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll =>.Microsoft Corporation
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\Windows\System32\themeui.dll
O40 - ASIC: Internet Explorer - {2D46B6DC-2207-486B-B523-A557E6D54B47} . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\system32\cmd.exe
O40 - ASIC: Microsoft Windows - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe =>.Microsoft Corporation
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extensão shell da pasta FTP do Microsoft Internet Explorer.) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\Windows\System32\shell32.dll
O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
O40 - ASIC: Google Chrome - {8A69D345-D564-463c-AFF1-A69D9E530F96} . (.Google Inc. - Google Chrome Installer.) -- C:\Program Files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
~ Active Setup: 12 Scanned in 00mn 00s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys
O41 - Driver: C:\Windows\System32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys
O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Agendador de pacotes de serviço.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Driver do Subsistema de Buffer da Unidade R.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver: (Serial) . (.Microsoft Corporation - Driver de dispositivo serial.) - C:\Windows\System32\DRIVERS\serial.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys
~ Drivers: 81 Scanned in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM] -- Adobe AIR
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM] -- {FE23D063-934D-4829-A0D8-00634CE79B4A}
O42 - Logiciel: Adobe Acrobat X Pro - English, Français, Deutsch - (.Adobe Systems.) [HKLM] -- {AC76BA86-1033-F400-7760-000000000005}
O42 - Logiciel: Adobe Color Video Profiles CS CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {63C24A08-70F3-4C8E-B9FB-9F21A903801D}
O42 - Logiciel: Adobe Creative Suite 6 Master Collection - (.Adobe Systems Incorporated.) [HKLM] -- {E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}
O42 - Logiciel: Adobe Digital Editions 3.0 - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Digital Editions 3.0
O42 - Logiciel: Adobe Flash Player 13 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 14 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Help Manager - (.Adobe Systems Incorporated.) [HKLM] -- chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
O42 - Logiciel: Adobe Help Manager - (.Adobe Systems Incorporated.) [HKLM] -- {AF37176A-78CA-545B-34EF-8B6A21514DD1}
O42 - Logiciel: Adobe InDesign CS6 - (.Adobe Systems Incorporated.) [HKLM] -- {CFB770D7-8D43-1014-922B-CC2715FADE3F} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe Media Player - (.Adobe Systems Incorporated.) [HKLM] -- com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
O42 - Logiciel: Adobe Media Player - (.Adobe Systems Incorporated.) [HKLM] -- {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
O42 - Logiciel: AdobeColorCommonSetRGB - (.Adobe Systems Incorporated.) [HKLM] -- {16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
O42 - Logiciel: Akamai NetSession Interface - (.Akamai Technologies, Inc.) [HKCU] -- Akamai
O42 - Logiciel: Arquivo do WinRAR - (...) [HKLM] -- WinRAR archiver
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Central de Mouse e Teclado da Microsoft - (.Microsoft Corporation.) [HKLM] -- Microsoft Mouse and Keyboard Center
O42 - Logiciel: ClamWin Free Antivirus 0.97.4 - (.alch.) [HKLM] -- ClamWin Free Antivirus_is1
O42 - Logiciel: Corel Graphics - Windows Shell Extension - (.Corel Corporation.) [HKLM] -- _{B92076C0-C5FE-4DB1-AA8D-855430CDF098}
O42 - Logiciel: Corel Graphics - Windows Shell Extension - (.Corel Corporation.) [HKLM] -- {B92076C0-C5FE-4DB1-AA8D-855430CDF098}
O42 - Logiciel: CorelDRAW Graphics Suite X6 - (.Corel Corporation.) [HKLM] -- _{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}
O42 - Logiciel: CorelDRAW Graphics Suite X6 - Content - (. Corel Corporation.) [HKLM] -- _{C221B72F-C0AC-4DD7-B27E-701B1E9DE23A}
O42 - Logiciel: CorelDRAW Graphics Suite X6 - Content - (. Corel Corporation.) [HKLM] -- {C221B72F-C0AC-4DD7-B27E-701B1E9DE23A}
O42 - Logiciel: CorelDRAW Graphics Suite X6 - IPM - (.Corel Corporation.) [HKLM] -- {0084B0C3-F376-42E3-804A-885D249282BD}
O42 - Logiciel: CorelDRAW Graphics Suite X6 - Writing Tools - (. Corel Corporation.) [HKLM] -- {318FF3D7-0C40-483B-AF92-AF36416B0AC6}
O42 - Logiciel: FotoSketcher 2.60 - (.David THOIRON.) [HKLM] -- {E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}
O42 - Logiciel: Java(TM) 6 Update 24 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216024FF}
O42 - Logiciel: K-Lite Mega Codec Pack 9.5.5 - (...) [HKLM] -- KLiteCodecPack_is1
O42 - Logiciel: Legendas 3.0 - (.LegendasBrasil.com.br.) [HKLM] -- {461C0377-D2EC-4FB0-B038-847BC6455432}_is1
O42 - Logiciel: Lexmark 1200 Series - (.Lexmark International, Inc..) [HKLM] -- Lexmark 1200 Series
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Malwarebytes Anti-Malware versão 2.0.4.1028 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes Anti-Malware_is1
O42 - Logiciel: McAfee Security Scan Plus - (.McAfee, Inc..) [HKLM] -- McAfee Security Scan
O42 - Logiciel: Microsoft Security Client - (.Microsoft Corporation.) [HKLM] -- {107F27B7-8EE4-4B3A-9CE5-497B120369DC}
O42 - Logiciel: Microsoft Security Essentials - (.Microsoft Corporation.) [HKLM] -- Microsoft Security Client
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: PDF Settings CS6 - (.Adobe Systems Incorporated.) [HKLM] -- {BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}
O42 - Logiciel: Photo Story 3 for Windows - (.Microsoft Corporation.) [HKLM] -- {4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
O42 - Logiciel: Rainlendar2 (remove only) - (...) [HKLM] -- Rainlendar2
O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476}
O42 - Logiciel: Revo Uninstaller 1.95 - (.VS Revo Group.) [HKLM] -- Revo Uninstaller
O42 - Logiciel: Skype™ 6.21 - (.Skype Technologies S.A..) [HKLM] -- {24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}
O42 - Logiciel: Warsaw 1.3.1 - (.GAS Tecnologia.) [HKLM] -- {20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1
O42 - Logiciel: Windows Installer Clean Up - (.Microsoft Corporation.) [HKLM] -- {121634B0-2F4B-11D3-ADA3-00C04F52DD52}
O42 - Logiciel: aTube Catcher - (.DsNET Corp.) [HKLM] -- aTube Catcher
~ Logic: 35 Scanned in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ASProtect]
[HKCU\Software\Adobe]
[HKCU\Software\Affinix]
[HKCU\Software\Ahead]
[HKCU\Software\AppDataLow]
[HKCU\Software\Autodesk]
[HKCU\Software\BitTorrent] =>P2P.BitTorrent
[HKCU\Software\CR8software]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Corel]
[HKCU\Software\Cyberlink]
[HKCU\Software\Dnldstr_Aggregator]
[HKCU\Software\FotoSketcher]
[HKCU\Software\GNU]
[HKCU\Software\Gabest]
[HKCU\Software\GbAs]
[HKCU\Software\GbPlugin]
[HKCU\Software\Google]
[HKCU\Software\Haali]
[HKCU\Software\High-Logic]
[HKCU\Software\IM Providers]
[HKCU\Software\Icaros]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\Kanz Software]
[HKCU\Software\Lake]
[HKCU\Software\LexmarkPhoto]
[HKCU\Software\Licenses]
[HKCU\Software\MCAFEE]
[HKCU\Software\Macromedia]
[HKCU\Software\MediaInfo]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\RegisteredApplications]
[HKCU\Software\Skype]
[HKCU\Software\SlimWare Utilities Inc]
[HKCU\Software\ToolbarCleaner]
[HKCU\Software\ToolbarCleaneroptions]
[HKCU\Software\Trolltech]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\VSRevoGroup]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\madFlac]
[HKCU\Software\madshi]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Adobe]
[HKLM\Software\AdwCleaner]
[HKLM\Software\Ahead]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Audible]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Autodesk]
[HKLM\Software\Bitstream]
[HKLM\Software\Bunndle]
[HKLM\Software\ClamWin]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Corel]
[HKLM\Software\CyberLink]
[HKLM\Software\EnigmaSoftwareGroup]
[HKLM\Software\GNU]
[HKLM\Software\Google]
[HKLM\Software\HaaliMkx]
[HKLM\Software\High-Logic]
[HKLM\Software\IM Providers]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\KLCodecPack]
[HKLM\Software\KSW]
[HKLM\Software\Khronos]
[HKLM\Software\LAV]
[HKLM\Software\Lake]
[HKLM\Software\LexmarkInkjet]
[HKLM\Software\Lexmark]
[HKLM\Software\MAXSOFT-OCRON]
[HKLM\Software\Macromedia]
[HKLM\Software\Macrovision]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\McAfee.com]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Nero]
[HKLM\Software\ODBC]
[HKLM\Software\Piriform]
[HKLM\Software\Polaris-Software.com]
[HKLM\Software\Policies]
[HKLM\Software\Protexis]
[HKLM\Software\RTLSetup]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Skype]
[HKLM\Software\SlimWare Utilities Inc]
[HKLM\Software\Sonic]
[HKLM\Software\SuperMp3Normalizer]
[HKLM\Software\Volatile]
[HKLM\Software\WinRAR]
[HKLM\Software\Wow6432Node]
[HKLM\Software\mozilla.org]
~ Key Software: 194 Scanned in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 02/09/2014 - 17:16:08 - [] ----D C:\Program Files\Adobe
O43 - CFD: 13/09/2012 - 18:40:50 - [] ----D C:\Program Files\Adobe Media Player
O43 - CFD: 12/09/2012 - 18:18:58 - [] -SH-D C:\Program Files\Arquivos Comuns
O43 - CFD: 26/12/2013 - 14:56:46 - [] ----D C:\Program Files\CCleaner
O43 - CFD: 13/09/2012 - 10:44:59 - [] ----D C:\Program Files\ClamWin
O43 - CFD: 30/11/2014 - 23:22:34 - [] ----D C:\Program Files\Common Files
O43 - CFD: 08/11/2012 - 15:00:34 - [] ----D C:\Program Files\Corel
O43 - CFD: 30/11/2014 - 16:55:25 - [] ----D C:\Program Files\Crack Ativador Permanente Office 2010
O43 - CFD: 23/12/2013 - 16:44:09 - [] ----D C:\Program Files\CyberLink
O43 - CFD: 01/12/2014 - 00:30:41 - [] ----D C:\Program Files\Diebold
O43 - CFD: 26/05/2014 - 11:19:00 - [] ----D C:\Program Files\DsNET Corp
O43 - CFD: 25/10/2012 - 18:44:09 - [] ----D C:\Program Files\DVD Maker
O43 - CFD: 29/10/2013 - 10:46:35 - [] ----D C:\Program Files\FotoSketcher
O43 - CFD: 21/11/2014 - 15:41:57 - [] --H-D C:\Program Files\GAS Tecnologia
O43 - CFD: 01/12/2014 - 00:30:32 - [] ----D C:\Program Files\GbPlugin
O43 - CFD: 25/07/2014 - 12:55:46 - [] ----D C:\Program Files\Google
O43 - CFD: 23/12/2013 - 16:44:09 - [] --H-D C:\Program Files\InstallShield Installation Information
O43 - CFD: 27/12/2013 - 13:19:22 - [] ----D C:\Program Files\Intel
O43 - CFD: 23/10/2014 - 00:02:09 - [] ----D C:\Program Files\Internet Explorer
O43 - CFD: 13/09/2012 - 10:23:26 - [] ----D C:\Program Files\Java
O43 - CFD: 12/12/2012 - 09:30:03 - [] ----D C:\Program Files\K-Lite Codec Pack
O43 - CFD: 03/09/2014 - 22:20:46 - [] ----D C:\Program Files\Legendas-2.30
O43 - CFD: 17/01/2014 - 12:21:14 - [] ----D C:\Program Files\Legendas-2.31
O43 - CFD: 03/09/2014 - 22:20:45 - [] ----D C:\Program Files\Legendas-2.32
O43 - CFD: 03/09/2014 - 22:20:46 - [] ----D C:\Program Files\Legendas-3.0
O43 - CFD: 27/12/2013 - 16:18:27 - [] ----D C:\Program Files\Lexmark 1200 Series
O43 - CFD: 02/12/2014 - 21:07:20 - [] ----D C:\Program Files\Malwarebytes Anti-Malware
O43 - CFD: 13/11/2013 - 14:31:34 - [] ----D C:\Program Files\Maxis
O43 - CFD: 13/06/2014 - 17:03:22 - [] ----D C:\Program Files\McAfee Security Scan
O43 - CFD: 13/09/2012 - 10:37:35 - [] ----D C:\Program Files\Microsoft Analysis Services
O43 - CFD: 18/10/2012 - 17:02:27 - [] ----D C:\Program Files\Microsoft Games
O43 - CFD: 10/12/2013 - 09:38:22 - [] ----D C:\Program Files\Microsoft Mouse and Keyboard Center
O43 - CFD: 10/09/2014 - 12:20:43 - [] ----D C:\Program Files\Microsoft Office
O43 - CFD: 14/09/2012 - 12:38:33 - [] ----D C:\Program Files\Microsoft SDKs
O43 - CFD: 11/09/2014 - 10:57:25 - [] ----D C:\Program Files\Microsoft Security Client
O43 - CFD: 28/07/2014 - 19:00:32 - [] ----D C:\Program Files\Microsoft Silverlight
O43 - CFD: 13/09/2012 - 10:38:34 - [] ----D C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD: 13/09/2012 - 10:38:34 - [] ----D C:\Program Files\Microsoft Sync Framework
O43 - CFD: 13/09/2012 - 10:38:55 - [] ----D C:\Program Files\Microsoft Synchronization Services
O43 - CFD: 13/09/2012 - 10:38:09 - [] ----D C:\Program Files\Microsoft Visual Studio 8
O43 - CFD: 14/09/2012 - 12:38:41 - [] ----D C:\Program Files\Microsoft Visual Studio 9.0
O43 - CFD: 13/09/2012 - 17:47:28 - [] ----D C:\Program Files\Microsoft.NET
O43 - CFD: 14/07/2014 - 23:10:50 - [] ----D C:\Program Files\Mp3GainPRO
O43 - CFD: 13/09/2012 - 10:39:14 - [] ----D C:\Program Files\MSBuild
O43 - CFD: 20/12/2013 - 16:28:33 - [] ----D C:\Program Files\MSECACHE
O43 - CFD: 13/09/2012 - 19:36:22 - [0] ----D C:\Program Files\MSXML 4.0
O43 - CFD: 13/09/2012 - 19:08:58 - [] ----D C:\Program Files\Photo Story 3 for Windows
O43 - CFD: 13/11/2012 - 10:19:10 - [] ----D C:\Program Files\Rainlendar2
O43 - CFD: 13/09/2012 - 10:26:26 - [] ----D C:\Program Files\Realtek
O43 - CFD: 14/07/2009 - 02:52:30 - [] ----D C:\Program Files\Reference Assemblies
O43 - CFD: 02/11/2014 - 11:25:46 - [] R---D C:\Program Files\Skype
O43 - CFD: 14/07/2009 - 02:53:23 - [0] --H-D C:\Program Files\Uninstall Information
O43 - CFD: 01/03/2014 - 10:12:00 - [] ----D C:\Program Files\uTorrent =>P2P.µTorrent
O43 - CFD: 30/11/2014 - 23:56:58 - [] ----D C:\Program Files\VS Revo Group
O43 - CFD: 16/09/2013 - 10:25:46 - [] ----D C:\Program Files\Windows Defender
O43 - CFD: 20/12/2013 - 16:29:29 - [] ----D C:\Program Files\Windows Installer Clean Up
O43 - CFD: 12/07/2014 - 21:18:07 - [] ----D C:\Program Files\Windows Journal
O43 - CFD: 25/10/2012 - 18:44:09 - [] ----D C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 18/12/2013 - 18:24:06 - [] ----D C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 12/09/2012 - 18:18:58 - [] ----D C:\Program Files\Windows NT
O43 - CFD: 25/10/2012 - 18:44:08 - [] ----D C:\Program Files\Windows Photo Viewer
O43 - CFD: 25/10/2012 - 18:44:09 - [] ----D C:\Program Files\Windows Portable Devices
O43 - CFD: 25/10/2012 - 18:44:09 - [] ----D C:\Program Files\Windows Sidebar
O43 - CFD: 13/09/2012 - 10:23:00 - [] ----D C:\Program Files\WinRAR
O43 - CFD: 03/12/2014 - 01:05:43 - [] ----D C:\Program Files\ZHPDiag =>.Nicolas Coolman
O43 - CFD: 18/07/2013 - 17:04:04 - [] ----D C:\Program Files\Common Files\Adobe
O43 - CFD: 13/09/2012 - 19:02:56 - [] ----D C:\Program Files\Common Files\Adobe AIR
O43 - CFD: 08/11/2012 - 15:05:27 - [] ----D C:\Program Files\Common Files\Corel
O43 - CFD: 16/05/2014 - 10:55:38 - [] ----D C:\Program Files\Common Files\DESIGNER
O43 - CFD: 13/09/2012 - 10:24:16 - [] ----D C:\Program Files\Common Files\InstallShield
O43 - CFD: 13/09/2012 - 10:23:51 - [] ----D C:\Program Files\Common Files\Java
O43 - CFD: 05/03/2014 - 13:50:21 - [] ----D C:\Program Files\Common Files\Macrovision Shared
O43 - CFD: 01/12/2014 - 00:00:07 - [] ----D C:\Program Files\Common Files\microsoft shared
O43 - CFD: 08/11/2012 - 15:04:59 - [] ----D C:\Program Files\Common Files\Protexis
O43 - CFD: 14/07/2009 - 00:37:05 - [] ----D C:\Program Files\Common Files\Services
O43 - CFD: 12/09/2012 - 18:18:58 - [] -SH-D C:\Program Files\Common Files\Sistema
O43 - CFD: 03/10/2014 - 22:54:07 - [] ----D C:\Program Files\Common Files\Skype
O43 - CFD: 14/07/2009 - 00:37:05 - [] ----D C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 14/11/2012 - 18:19:02 - [] ----D C:\Program Files\Common Files\System
O43 - CFD: 30/11/2014 - 23:22:34 - [0] ----D C:\Program Files\Common Files\Windows Live
O43 - CFD: 13/09/2012 - 10:44:59 - [] ----D C:\ProgramData\.clamwin
O43 - CFD: 19/07/2013 - 15:55:39 - [] ----D C:\ProgramData\Adobe
O43 - CFD: 13/09/2012 - 10:25:51 - [] ----D C:\ProgramData\Ahead
O43 - CFD: 13/03/2014 - 16:37:16 - [0] ----D C:\ProgramData\AodaBluoCCknWaetch =>PUP.ADBlocknWatch
O43 - CFD: 14/07/2009 - 02:53:55 - [] -SH-D C:\ProgramData\Application Data
O43 - CFD: 12/04/2014 - 12:43:33 - [] ----D C:\ProgramData\Autodesk
O43 - CFD: 30/11/2014 - 15:17:18 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 13/09/2012 - 10:46:14 - [] --H-D C:\ProgramData\Common Files
O43 - CFD: 19/12/2012 - 10:20:21 - [] ----D C:\ProgramData\Corel
O43 - CFD: 14/09/2012 - 12:45:26 - [0] ----D C:\ProgramData\CorelDRAW Graphics Suite X6
O43 - CFD: 13/12/2012 - 23:00:13 - [] ----D C:\ProgramData\CyberLink
O43 - CFD: 12/09/2012 - 18:18:58 - [] -SH-D C:\ProgramData\Dados de aplicativos
O43 - CFD: 14/07/2009 - 02:53:55 - [] -SH-D C:\ProgramData\Desktop
O43 - CFD: 12/09/2012 - 18:18:58 - [] -SH-D C:\ProgramData\Documentos
O43 - CFD: 14/07/2009 - 02:53:55 - [] -SH-D C:\ProgramData\Documents
O43 - CFD: 14/07/2009 - 02:53:55 - [] -SH-D C:\ProgramData\Favorites
O43 - CFD: 12/09/2012 - 18:18:58 - [] -SH-D C:\ProgramData\Favoritos
O43 - CFD: 05/03/2014 - 14:08:33 - [] ----D C:\ProgramData\FLEXnet
O43 - CFD: 28/11/2014 - 21:13:11 - [] ----D C:\ProgramData\GAS Tecnologia
O43 - CFD: 01/12/2014 - 19:01:50 - [] ----D C:\ProgramData\GbPlugin
O43 - CFD: 17/01/2014 - 12:21:21 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 27/12/2013 - 13:52:53 - [] ----D C:\ProgramData\LexmarkInstallData
O43 - CFD: 13/06/2014 - 16:20:34 - [] ----D C:\ProgramData\Malwarebytes
O43 - CFD: 16/11/2012 - 09:33:52 - [] ----D C:\ProgramData\McAfee
O43 - CFD: 13/06/2014 - 17:03:25 - [] ----D C:\ProgramData\McAfee Security Scan
O43 - CFD: 12/09/2012 - 18:18:58 - [] -SH-D C:\ProgramData\Menu Iniciar
O43 - CFD: 30/11/2014 - 23:59:56 - [] -S--D C:\ProgramData\Microsoft
O43 - CFD: 22/10/2014 - 20:05:18 - [] ----D C:\ProgramData\Microsoft Help
O43 - CFD: 12/09/2012 - 18:18:58 - [] -SH-D C:\ProgramData\Modelos
O43 - CFD: 13/09/2012 - 17:34:36 - [] ----D C:\ProgramData\Mozilla
O43 - CFD: 30/11/2014 - 22:51:53 - [] ----D C:\ProgramData\mpbhhobbbmkhafllijmchkjeblocipji
O43 - CFD: 23/09/2014 - 18:14:41 - [] ----D C:\ProgramData\Package Cache
O43 - CFD: 08/10/2012 - 12:35:40 - [] ----D C:\ProgramData\Protexis
O43 - CFD: 01/12/2014 - 20:05:32 - [] ----D C:\ProgramData\regid.1986-12.com.adobe
O43 - CFD: 02/11/2014 - 11:25:50 - [] ----D C:\ProgramData\Skype
O43 - CFD: 14/07/2009 - 02:53:55 - [] -SH-D C:\ProgramData\Start Menu
O43 - CFD: 13/09/2012 - 10:23:51 - [] ----D C:\ProgramData\Sun
O43 - CFD: 14/07/2009 - 02:53:55 - [] -SH-D C:\ProgramData\Templates
O43 - CFD: 27/12/2013 - 13:48:57 - [] ----D C:\ProgramData\UD1
O43 - CFD: 27/12/2013 - 13:30:14 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 12/09/2012 - 18:17:21 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 02/09/2014 - 17:16:13 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
O43 - CFD: 18/07/2013 - 17:03:06 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
O43 - CFD: 02/07/2013 - 16:23:54 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
O43 - CFD: 26/05/2014 - 11:19:25 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
O43 - CFD: 26/12/2013 - 14:56:44 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
O43 - CFD: 10/12/2013 - 09:39:11 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Central de Mouse e Teclado da Microsoft
O43 - CFD: 13/09/2012 - 10:45:04 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus
O43 - CFD: 08/11/2012 - 15:16:37 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6
O43 - CFD: 29/10/2013 - 10:46:36 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FotoSketcher
O43 - CFD: 18/10/2012 - 17:02:42 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
O43 - CFD: 25/07/2014 - 12:55:57 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
O43 - CFD: 12/12/2012 - 09:29:56 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
O43 - CFD: 27/12/2013 - 16:18:23 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 1200 Series
O43 - CFD: 14/07/2009 - 02:42:30 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 02/12/2014 - 21:07:20 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
O43 - CFD: 13/11/2013 - 14:32:47 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
O43 - CFD: 13/06/2014 - 17:03:30 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
O43 - CFD: 22/09/2014 - 22:52:28 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
O43 - CFD: 27/07/2014 - 23:25:19 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
O43 - CFD: 13/09/2012 - 10:39:37 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
O43 - CFD: 03/10/2014 - 22:54:08 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
O43 - CFD: 29/11/2014 - 01:27:01 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 14/07/2009 - 05:49:10 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 13/09/2012 - 10:23:00 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
O43 - CFD: 03/12/2014 - 01:05:43 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP =>.Nicolas Coolman
O43 - CFD: 13/09/2012 - 10:45:05 - [] ----D C:\Users\User\AppData\Roaming\.clamwin
O43 - CFD: 04/04/2014 - 18:29:11 - [] ----D C:\Users\User\AppData\Roaming\Adobe
O43 - CFD: 28/09/2012 - 22:58:14 - [] ----D C:\Users\User\AppData\Roaming\Ahead
O43 - CFD: 12/04/2014 - 12:02:38 - [] ----D C:\Users\User\AppData\Roaming\Autodesk
O43 - CFD: 05/10/2014 - 21:42:56 - [] ----D C:\Users\User\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
O43 - CFD: 14/09/2012 - 12:50:09 - [] ----D C:\Users\User\AppData\Roaming\Corel
O43 - CFD: 13/12/2012 - 23:00:11 - [] ----D C:\Users\User\AppData\Roaming\CyberLink
O43 - CFD: 23/12/2013 - 16:00:37 - [] ----D C:\Users\User\AppData\Roaming\Dropbox
O43 - CFD: 23/04/2014 - 16:05:39 - [] ----D C:\Users\User\AppData\Roaming\FontCreator
O43 - CFD: 12/09/2012 - 18:19:18 - [] ----D C:\Users\User\AppData\Roaming\Identities
O43 - CFD: 17/11/2014 - 09:00:24 - [] ----D C:\Users\User\AppData\Roaming\inkscape
O43 - CFD: 13/09/2012 - 17:29:24 - [] ----D C:\Users\User\AppData\Roaming\Macromedia
O43 - CFD: 14/07/2009 - 05:49:10 - [0] ----D C:\Users\User\AppData\Roaming\Media Center Programs
O43 - CFD: 18/11/2014 - 21:40:14 - [0] ----D C:\Users\User\AppData\Roaming\Media Player Classic
O43 - CFD: 02/09/2014 - 17:31:25 - [] -S--D C:\Users\User\AppData\Roaming\Microsoft
O43 - CFD: 02/12/2014 - 14:13:57 - [] ----D C:\Users\User\AppData\Roaming\Skype
O43 - CFD: 14/09/2012 - 11:05:28 - [] ----D C:\Users\User\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
O43 - CFD: 30/11/2014 - 15:41:12 - [] ----D C:\Users\User\AppData\Roaming\uTorrent =>P2P.µTorrent
O43 - CFD: 13/09/2012 - 18:53:03 - [] ----D C:\Users\User\AppData\Roaming\Windows Live Writer
O43 - CFD: 13/09/2012 - 10:25:48 - [] ----D C:\Users\User\AppData\Roaming\WinRAR
O43 - CFD: 03/12/2014 - 01:06:59 - [] ----D C:\Users\User\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 01/12/2014 - 20:05:33 - [] ----D C:\Users\User\AppData\Local\Adobe
O43 - CFD: 02/09/2014 - 17:17:00 - [] ----D C:\Users\User\AppData\Local\Adobe_Systems_Incorporate
O43 - CFD: 13/09/2012 - 10:26:03 - [] ----D C:\Users\User\AppData\Local\Ahead
O43 - CFD: 14/11/2014 - 12:36:36 - [] ----D C:\Users\User\AppData\Local\Akamai
O43 - CFD: 05/03/2014 - 14:08:13 - [] ----D C:\Users\User\AppData\Local\Autodesk
O43 - CFD: 05/03/2014 - 14:11:28 - [] ----D C:\Users\User\AppData\Local\cache
O43 - CFD: 12/09/2012 - 18:19:06 - [] -SH-D C:\Users\User\AppData\Local\Dados de aplicativos
O43 - CFD: 30/11/2014 - 17:07:59 - [] ----D C:\Users\User\AppData\Local\ElevatedDiagnostics
O43 - CFD: 16/04/2014 - 11:47:04 - [] -SH-D C:\Users\User\AppData\Local\EmieSiteList
O43 - CFD: 16/04/2014 - 11:47:04 - [] -SH-D C:\Users\User\AppData\Local\EmieUserList
O43 - CFD: 23/04/2014 - 15:57:07 - [] ----D C:\Users\User\AppData\Local\FontCreator
O43 - CFD: 24/06/2014 - 21:04:07 - [] ----D C:\Users\User\AppData\Local\GAS Tecnologia
O43 - CFD: 25/07/2014 - 12:56:02 - [] ----D C:\Users\User\AppData\Local\Google
O43 - CFD: 12/09/2012 - 18:19:06 - [] -SH-D C:\Users\User\AppData\Local\Histórico
O43 - CFD: 13/09/2012 - 19:11:13 - [] ----D C:\Users\User\AppData\Local\Macromedia
O43 - CFD: 30/11/2014 - 23:58:46 - [] ----D C:\Users\User\AppData\Local\Microsoft
O43 - CFD: 23/08/2013 - 17:31:44 - [] ----D C:\Users\User\AppData\Local\Microsoft Games
O43 - CFD: 13/09/2012 - 10:37:04 - [0] ----D C:\Users\User\AppData\Local\Microsoft Help
O43 - CFD: 09/10/2013 - 19:26:43 - [] ----D C:\Users\User\AppData\Local\Mozilla
O43 - CFD: 12/12/2012 - 09:29:22 - [] ----D C:\Users\User\AppData\Local\Programs
O43 - CFD: 16/03/2014 - 16:07:44 - [] ----D C:\Users\User\AppData\Local\Skype
O43 - CFD: 13/09/2012 - 10:46:16 - [] ----D C:\Users\User\AppData\Local\SlimWare Utilities Inc
O43 - CFD: 03/12/2014 - 01:05:45 - [] ----D C:\Users\User\AppData\Local\Temp
O43 - CFD: 12/09/2012 - 18:19:06 - [] -SH-D C:\Users\User\AppData\Local\Temporary Internet Files
O43 - CFD: 12/09/2012 - 18:19:07 - [0] ----D C:\Users\User\AppData\Local\VirtualStore
O43 - CFD: 01/12/2014 - 00:01:11 - [] ----D C:\Users\User\AppData\Local\Windows Live
O43 - CFD: 16/11/2012 - 09:01:56 - [] ----D C:\Users\User\AppData\Local\Windows Live Writer
O43 - CFD: 14/07/2009 - 02:42:04 - [] R---D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 29/08/2014 - 14:52:43 - [] R---D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 05/03/2014 - 14:00:08 - [] ----D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
O43 - CFD: 23/12/2013 - 16:43:40 - [0] ----D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
O43 - CFD: 16/03/2013 - 18:34:56 - [] ----D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free WAV to MP3 Converter
O43 - CFD: 14/07/2009 - 02:37:42 - [] R---D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 16/08/2013 - 18:06:54 - [] ----D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maxis
O43 - CFD: 30/11/2014 - 23:56:59 - [] ----D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
O43 - CFD: 29/08/2014 - 14:52:43 - [] R---D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 13/09/2012 - 10:23:00 - [] ----D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
~ Program Folder: 204 Scanned in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0C26B71AF0AEF5AD105675535C3E20C4] - 02/12/2014 - 17:40:21 ---A- . (...) -- C:\Windows\System32\FNTCACHE.DAT [5506344]
O44 - LFC:[MD5.DBD7D914CA6FD0602C50BC2C44E60DFB] - 02/12/2014 - 18:09:50 ---A- . (...) -- C:\Windows\ntbtlog.txt [71002]
O44 - LFC:[MD5.31194D1349646CA59CDC7F3ADA0876E3] - 02/12/2014 - 21:43:11 ---A- . (...) -- C:\Windows\PFRO.log [3574]
O44 - LFC:[MD5.4F3BB5CA906CDFED4CBEE14065A561F2] - 02/12/2014 - 21:43:29 ---A- . (...) -- C:\Windows\setupact.log [336]
O44 - LFC:[MD5.8E2E9CCD873ABF180F48BCAEEEBE347D] - 02/12/2014 - 21:49:31 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Windows\System32\Drivers\MBAMSwissArmy.sys [114904]
O44 - LFC:[MD5.8EF136DA152DD91324577DD14C7DB4A6] - 02/12/2014 - 23:53:56 ---A- . (...) -- C:\lxcz.log [34188]
O44 - LFC:[MD5.A192C5EFAF6519C42280173A296CEB06] - 03/12/2014 - 00:04:45 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.0A6D970540A72B165BB4505BA5F553D8] - 03/12/2014 - 00:05:03 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1919558]
O44 - LFC:[MD5.A3F4391DFDF2F9E9FE4EAD193265A5AD] - 21/11/2014 - 05:14:06 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Windows\System32\Drivers\mbam.sys [23256]
O44 - LFC:[MD5.9BD41E40039098BF5F8FE878A9A6989E] - 21/11/2014 - 05:14:10 ---A- . (.Malwarebytes Corporation - Malwarebytes Chameleon Protection Driver.) -- C:\Windows\System32\Drivers\mbamchameleon.sys [75480]
O44 - LFC:[MD5.312CD3307F600E7CD340B79B3DCB3A01] - 21/11/2014 - 05:14:20 ---A- . (.Malwarebytes Corporation - Malwarebytes Web Access Control.) -- C:\Windows\System32\Drivers\mwac.sys [51928]
O44 - LFC:[MD5.FA317387EA46AE66E2486FD0073156C3] - 21/11/2014 - 14:45:47 ---A- . (...) -- C:\Windows\System32\local.cfg [47]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 30/11/2014 - 23:21:33 ---A- . (...) -- C:\Windows\setuperr.log [0]
O44 - LFC:[MD5.42DF2940CEE7E0FAA1A77B16336728DD] - 30/11/2014 - 23:31:10 ---A- . (...) -- C:\.rnd [1024]
~ Files: 14 Scanned in 00mn 25s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehUni.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Negação do serviço (Local Security Authority) (048)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pacote de Segurança Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll
~ LSA: 8 Scanned in 00mn 00s
---\\ Controlo do Modo de Segurança (CSB) (49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
~ CSB: 13 Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{69d3b34a-fd9d-11e1-8b96-806e6f6e6963}\AutoRun\command. (...) -- E:\fscommand\LS_Start_Launch.cmd (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\Windows\System32\iccvid.dll
O52 - TDSD: \Drivers32\"VIDC.FMVC"="fmcodec.dll" . (.Fox Magic Software - FM Screen Capture Codec (VFW).) -- C:\Windows\System32\fmcodec.dll
O52 - TDSD: \Drivers32\"VIDC.XVID"="xvidvfw.dll" . (...) -- C:\Windows\System32\xvidvfw.dll
O52 - TDSD: \Drivers32\"VIDC.LAGS"="lagarith.dll" . (.No owner - Lagarith.) -- C:\Windows\System32\lagarith.dll
O52 - TDSD: \Drivers32\"VIDC.FFDS"="ff_vfw.dll" . (.No owner - ffdshow VFW.) -- C:\Windows\System32\ff_vfw.dll
O52 - TDSD: \Drivers32\"msacm.ac3acm"="ac3acm.acm" . (.fccHandler - AC-3 ACM Codec.) -- C:\Windows\System32\ac3acm.acm
O52 - TDSD: \Drivers32\"msacm.l3codecp"="l3codecp.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Audio Layer-3 Codec for MSACM.) -- C:\Windows\System32\l3codecp.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"lagarith.dll"="Lagarith lossless codec" . (.No owner - Lagarith.) -- C:\Windows\System32\lagarith.dll
O52 - TDSD: \drivers.desc\"ff_vfw.dll"="ffdshow video encoder" . (.No owner - ffdshow VFW.) -- C:\Windows\System32\ff_vfw.dll
O52 - TDSD: \drivers.desc\"ac3acm.acm"="AC-3 ACM Codec" . (.fccHandler - AC-3 ACM Codec.) -- C:\Windows\System32\ac3acm.acm
O52 - TDSD: \drivers.desc\"l3codecp.acm"="Fraunhofer IIS MPEG Layer-3 Codec (Professional)" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Audio Layer-3 Codec for MSACM.) -- C:\Windows\System32\l3codecp.acm
~ TDSD: 13 Scanned in 00mn 00s
---\\ Enumeração das chaves do registo SecurityProviders (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
~ MSCP: 2 Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKCU\...\Policies\System] - "DisableRegistryTools"=0
O55 - MWPS:[HKCU\...\Policies\System] - "DisableTaskMgr"=0
~ MWPS: 18 Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145
~ MWPE Keys: 2 Scanned in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]
O58 - SDL:13/07/2009 - 22:26:17 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\Drivers\adpahci.sys [297552]
O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\System32\Drivers\adpu320.sys [146512]
O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\Drivers\aliide.sys [14400]
O58 - SDL:11/03/2011 - 02:38:37 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\Drivers\amdsata.sys [80256]
O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\System32\Drivers\amdsbs.sys [159312]
O58 - SDL:11/03/2011 - 02:38:37 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\Drivers\amdxata.sys [22400]
O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\Drivers\arc.sys [76368]
O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\Drivers\arcsas.sys [86608]
O58 - SDL:13/07/2009 - 19:02:49 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\System32\Drivers\b57nd60x.sys [229888]
O58 - SDL:11/03/2014 - 00:14:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [47456]
O58 - SDL:13/07/2009 - 19:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltLo.sys [13568]
O58 - SDL:13/07/2009 - 19:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltUp.sys [5248]
O58 - SDL:13/07/2009 - 21:57:25 ---A- . (.Brother Industries Ltd. - Brother Serial I/F Driver (WDM).) -- C:\Windows\System32\Drivers\BrSerId.sys [272128]
O58 - SDL:13/07/2009 - 19:53:32 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\Drivers\BrSerWdm.sys [62336]
O58 - SDL:13/07/2009 - 19:53:33 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\Drivers\BrUsbMdm.sys [12160]
O58 - SDL:13/07/2009 - 19:53:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\Drivers\BrUsbSer.sys [11904]
O58 - SDL:13/07/2009 - 19:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\Drivers\bxvbdx.sys [430080]
O58 - SDL:13/07/2009 - 22:26:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\cmdide.sys [15952]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\System32\Drivers\djsvs.sys [70720]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\Drivers\evbdx.sys [3100160]
O58 - SDL:10/06/2014 - 10:46:02 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47192]
O58 - SDL:11/03/2014 - 08:56:16 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\gbpndisrd.sys [31088]
O58 - SDL:03/03/2014 - 09:03:04 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\System32\Drivers\HpSAMD.sys [67152]
O58 - SDL:11/03/2011 - 02:38:51 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\Drivers\iaStorV.sys [332160]
O58 - SDL:07/11/2013 - 01:02:14 ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\Drivers\igdkmd32.sys [3768320]
O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\Drivers\iirsp.sys [41040]
O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_fc.sys [95824]
O58 - SDL:13/07/2009 - 22:20:37 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas.sys [89168]
O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas2.sys [54864]
O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_scsi.sys [96848]
O58 - SDL:21/11/2014 - 05:14:06 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Windows\System32\Drivers\mbam.sys [23256]
O58 - SDL:21/11/2014 - 05:14:10 ---A- . (.Malwarebytes Corporation - Malwarebytes Chameleon Protection Driver.) -- C:\Windows\System32\Drivers\mbamchameleon.sys [75480]
O58 - SDL:02/12/2014 - 21:49:31 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Windows\System32\Drivers\MBAMSwissArmy.sys [114904]
O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\Windows\System32\Drivers\megasas.sys [30800]
O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\Drivers\MegaSR.sys [235584]
O58 - SDL:21/11/2014 - 05:14:20 ---A- . (.Malwarebytes Corporation - Malwarebytes Web Access Control.) -- C:\Windows\System32\Drivers\mwac.sys [51928]
O58 - SDL:13/07/2009 - 22:20:44 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\Drivers\nfrd960.sys [44624]
O58 - SDL:11/03/2011 - 02:39:00 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\Drivers\nvraid.sys [117120]
O58 - SDL:11/03/2011 - 02:39:00 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\Drivers\nvstor.sys [143744]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\Drivers\ql2300.sys [1383488]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\Drivers\ql40xx.sys [106064]
O58 - SDL:16/02/2012 - 13:42:00 ---A- . (.Realtek - Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver.) -- C:\Windows\System32\Drivers\Rt86win7.sys [514152]
O58 - SDL:13/07/2009 - 17:50:20 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\System32\Drivers\secdrv.sys [20480]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid2.sys [40016]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid4.sys [77888]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/09/2012 - 09:46:19 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [13024]
O58 - SDL:13/07/2009 - 22:19:10 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\viaide.sys [16976]
O58 - SDL:13/07/2009 - 22:19:11 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\Drivers\vsmraid.sys [141904]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 68 Scanned in 00mn 02s
---\\ Últimos ficheiros alterados ou criados (Utilizador) (061)
O61 - LFC: 01/12/2014 - 01:07:33 ---A- . (...) -- C:\Users\User\AppData\Local\Temp\Quarantine.exe [601088]
O61 - LFC: 02/12/2014 - 01:07:31 ---A- . (...) -- C:\Users\User\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin [172402]
O61 - LFC: 02/12/2014 - 01:07:31 ---A- . (...) -- C:\Users\User\AppData\Local\Google\Chrome\User Data\nacl_validation_cache.bin [128]
O61 - LFC: 02/12/2014 - 01:07:39 ---A- . (...) -- C:\Users\User\Desktop\AdwCleaner.exe [2154496]
O61 - LFC: 02/12/2014 - 01:07:40 ---A- . (...) -- C:\Users\User\Downloads\DownloadManagerSetup.exe [801408]
O61 - LFC: 02/12/2014 - 01:07:40 ---A- . (.Malwarebytes Corporation.) -- C:\Users\User\Desktop\mbam-setup-2.0.4.1028.exe [20447072]
O61 - LFC: 02/12/2014 - 01:07:40 ---A- . (.Nicolas Coolman.) -- C:\Users\User\Desktop\ZHPDiag2.exe [6866303] =>.Nicolas Coolman
O61 - LFC: 02/12/2014 - 01:07:40 ---A- . (.Thisisu.) -- C:\Users\User\Desktop\JRT.exe [1707646]
O61 - LFC: 26/11/2014 - 01:07:40 ---A- . (.<a href="http://windowexeallkiller.com" target="_blank">http://windowexeallkiller.com</a>.) -- C:\Users\User\Desktop\WindowexeAllkiller.exe [369872]
O61 - LFC: 29/11/2014 - 01:07:33 ---A- . (...) -- C:\Users\User\AppData\Local\Temp\jrt\get.bat [14957]
O61 - LFC: 29/11/2014 - 01:07:33 ---A- . (...) -- C:\Users\User\AppData\Local\Temp\jrt\misc.bat [190569]
O61 - LFC: 29/11/2014 - 01:07:33 ---A- . (...) -- C:\Users\User\AppData\Local\Temp\jrt\runvalues.bat [10880]
O61 - LFC: 30/11/2014 - 01:07:33 ---A- . (...) -- C:\Users\User\AppData\Local\Temp\utt8508.tmp.bat [100]
O61 - LFC: 30/11/2014 - 01:07:40 ---A- . (.Google Inc..) -- C:\Users\User\Downloads\ChromeSetup.exe [880784]
~ 196 Fichiers temporaires (Temporary files)
~ 13 Fichiers cookies (Cookies files)
~ Files: 14 Scanned in 00mn 09s
---\\ Ficheiros Alternate Data Stream (ADS) (O62)
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\:F0E9F896_Bb.gbp
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\:F0E9F896_Uni.gbp
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\drivers\:GbpKmAp.lst
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\Drivers\:GbpKmAp.lst
~ ADS: Scanned in 00mn 00s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 11/03/2014 - C:\Windows\System32\drivers\Bhbase.sys (Bhbase) .(.Baidu, Inc. - Baidu Antivirus Hook Base.) - LEGACY_BHBASE
O64 - Services: CurCS - 10/06/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 03/03/2014 - C:\Windows\System32\DRIVERS\gbpndisrdn.sys (Ndisrd) .(.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - LEGACY_NDISRD
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 101 Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <SparkSafeHTML>[HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html> <SparkSafeHTML>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.scr> <AutoCADScriptFile>[HKCU\..\open\Command] (.Microsoft Corporation - Bloco de notas.) -- C:\Windows\system32\notepad.exe
~ FASS Keys: 12 Scanned in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] 64DF209C6DD245538C7BDD7C70C0800D [DefaultScope] - (Google) - <a href="http://www.google.com" target="_blank">http://www.google.com</a>
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - <a href="http://www.bing.com" target="_blank">http://www.bing.com</a>
~ Keys: Scanned in 00mn 00s
---\\ Listagem dos ficheiros Crack & Keygen (CKF) (O82)
C:\Users\User\Downloads\Corel Draw Graphics Suite X7.2 -WIN32-XFORCE- [MUMBAI-TPB]\Crack\Keygen.exe =>.Crack,Keygen
~ Files: Scanned in 00mn 28s
---\\ Listagem dos serviços iniciados pelo Svchost (SSS) (O83)
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Serviço de Experiência com Aplicativo.) -- C:\Windows\System32\aelupsvc.dll [62464]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [67584]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [67584]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll [168960]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Cliente da Diretiva de Grupo.) -- C:\Windows\System32\gpsvc.dll [593408]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\System32\ikeext.dll [679424]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Serviço de Áudio do Windows.) -- C:\Windows\System32\Audiosrv.dll [473600]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gerenciador de Discagem Automática de Acesso Remoto.) -- C:\Windows\System32\rasauto.dll [90624]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\System32\rasmans.dll [286208]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gerenciador de Interface Dinâmica.) -- C:\Windows\System32\mprdim.dll [75264]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistema (SENS).) -- C:\Windows\System32\sens.dll [49664]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\System32\ipnathlp.dll [300544]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft(R) Windows(TM).) -- C:\Windows\System32\tapisrv.dll [242176]
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gerenciador de Conexões Remotas do Servidor Host da Sessão da Área de.) -- C:\Windows\System32\termsrv.dll [523264]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [1973728]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de plano de fundo.) -- C:\Windows\System32\qmgr.dll [585728]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\System32\shsvcs.dll [328192]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 em uma rede IPv4..) -- C:\Windows\System32\iphlpsvc.dll [499712]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\Windows\system32\seclogon.dll [21504]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações de Aplicativos.) -- C:\Windows\System32\appinfo.dll [47104]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Descoberta iSCSI.) -- C:\Windows\System32\iscsiexe.dll [114688]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Serviço Agendador de Classes de Multimídia.) -- C:\Windows\System32\mmcss.dll [49664]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\System32\wercplsupport.dll [61440]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Serviço Microsoft EAPHost.) -- C:\Windows\System32\eapsvc.dll [98304]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [164352]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll [750592]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\Windows\System32\kmsvc.dll [71168]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração da Área de Trabalho Remota.) -- C:\Windows\System32\sessenv.dll [113664]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [168960]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\System32\browser.dll [102912]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\System32\themeservice.dll [37376]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Serviço BDE.) -- C:\Windows\System32\bdesvc.dll [76800]
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Serviço de instalação do software.) -- C:\Windows\System32\appmgmts.dll [149504]
~ Services: 33 Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.CBDDB6C4BCD895F8879FD6AC588007A0] [SPRF][02/12/2014] (.No owner - Aut2Exe.) -- C:\Users\User\Desktop\AdwCleaner.exe [2154496]
[MD5.C254F3ECEB9B1AC795BA6B25DE008EBA] [SPRF][02/12/2014] (.Thisisu - Junkware Removal Tool.) -- C:\Users\User\Desktop\JRT.exe [1707646]
[MD5.3BD59D6C407AB1F6DDD7C5D9BD727469] [SPRF][02/12/2014] (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Users\User\Desktop\mbam-setup-2.0.4.1028.exe [20447072]
[MD5.8C15A8B7FB94B6FAA0DB8A1D8016113D] [SPRF][26/11/2014] (.<a href="http://windowexeallkiller.com" target="_blank">http://windowexeallkiller.com</a> - WindowexeAllkiller.) -- C:\Users\User\Desktop\WindowexeAllkiller.exe [369872]
[MD5.5136C23598002F53C82AB47723378422] [SPRF][02/12/2014] (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Users\User\Desktop\ZHPDiag2.exe [6866303]
[MD5.53B3595DE38F69DC3BBCDA8DCDBE3778] [SPRF][08/02/2013] (.Autodesk, Inc. - Autodesk i-drop control.) -- C:\Windows\Downloaded Program Files\IDropENU.dll [117064]
~ Files: 6 Scanned in 00mn 04s
---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS: Pastas da Web - {BDEADF00-C265-11D0-BCED-00A0C90AB50F}
~ MNS: 1 Scanned in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 07/11/2013 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\System32\IntelCpHeciSvc.exe
SS - | Demand 05/03/2014 1064312 | (FlexNet Licensing Service) . (.Flexera Software LLC.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 25/07/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 25/07/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Disabled 19/04/2007 537520 | (lxcz_device) . (...) - C:\Windows\system32\lxczcoms.exe
SS - | Demand 09/04/2014 235696 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
SS - | Auto 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/07/2014 546104 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 22/08/2014 22192 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 10/03/2010 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 12/07/2014 518968 | (Warsaw Technology) . (.GAS Tecnologia LTDA.) - C:\Program Files\Diebold\Warsaw\core.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s
---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBR) (080)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, <a href="http://www.gmer.net" target="_blank">http://www.gmer.net</a>
Run by User at 03/12/2014 01:08:30
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
1 ntkrnlpa!IofCallDriver[0x82C38BBA] >> \Device\Harddisk0\DR0[0x8641D030]
3 CLASSPNP[0x8C00C59E] >> ntkrnlpa!IofCallDriver[0x82C38BBA] >> \Device\Ide\IdeDeviceP1T0L0-1[0x85EB2908]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 12 Scanned in 00mn 02s
---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBRCheck) (080)
Written by ad13, <a href="http://ad13.geekstog" target="_blank">http://ad13.geekstog</a>
Run by User at 03/12/2014 01:08:32
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scâner Aditional (088)
Database Version : 13026 - (30/11/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 1
C:\Program Files\uTorrent =>P2P.µTorrent^
C:\ProgramData\AodaBluoCCknWaetch =>PUP.ADBlocknWatch^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Users\User\AppData\Roaming\uTorrent =>P2P.µTorrent^
[HKCU\Software\BitTorrent] =>P2P.BitTorrent^
~ Additionnel Scan: 326643 Items scanned in 00mn 12s
---\\ Informações complémentaires do módulos
~ <a href="http://nicolascoolman.fr/g2-google-chrome-extensions/" target="_blank">http://nicolascoolman.fr/g2-google-chrome-extensions/</a> =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ <a href="http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/" target="_blank">http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/</a> =>.Internet Explorer, Gestão do Proxy (R5)
~ <a href="http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/" target="_blank">http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/</a> =>.Browser Helper Objects do navegador (02)
~ <a href="http://nicolascoolman.fr/o3-internet-explorer-toolbars/" target="_blank">http://nicolascoolman.fr/o3-internet-explorer-toolbars/</a> =>.Barras do Internet Explorer (03))
~ <a href="http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/" target="_blank">http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/</a> =>.Aplicações iniciadas por registo & pastas (04)
~ <a href="http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/" target="_blank">http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/</a> =>.Chave do registo Shell MountPoints2 (MPSK) (O51)
~ AMI: 6 Scanned in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
<a href="http://www.nicolascoolman.fr/blog/" target="_blank">http://www.nicolascoolman.fr/blog/</a> =>PUP.ADBlocknWatch
<a href="http://nicolascoolman.fr/pup-tarma" target="_blank">http://nicolascoolman.fr/pup-tarma</a> =>PUP.Tarma
~ MSI: 2 link(s) detected in 00mn 00s
End of the scan (1192 lines in 02mn 46s)(1)