Logo Hardware.com.br
wonderwall
wonderwall Highlander Registrado
28.4K Mensagens 174 Curtidas

Ad Aware Jollywallet

#1 Por wonderwall 09/04/2014 - 09:25
Pessoal,

Andei pesquisando na net estou com esse Jollywallet instalado, já fiz scan com Avira, Spybot, Hijackthis e continua alguém sabe como removê-lo?

Também já tentei pelas extensões do Chrome e pelo desinstalador do Windows 7, mas nem aparece listado.
instalado net pesquisando ad scan aware avira andei jollywallet
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#2 Por Power Max
09/04/2014 - 11:49
smile.png Olá wonderwall.

veja.png Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
http://www.bleepingcomputer.com/download/adwcleaner/

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
wonderwall
wonderwall Highlander Registrado
28.4K Mensagens 174 Curtidas
#3 Por wonderwall
09/04/2014 - 12:07
Olá Powe Max,

Segue o log:

# AdwCleaner v3.023 - Relatório criado 09/04/2014 às 11:54:45
# Atualizado 01/04/2014 por Xplode
# Sistema Operacional : Windows 7 Professional (32 bits)
# Usuário : plinio.seitsi - MICRO36
# Executando de : C:\Users\plinio.seitsi\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\blekko toolbars
Pasta Deletada : C:\ProgramData\boost_interprocess
Pasta Deletada : C:\ProgramData\Search Protection
Pasta Deletada : C:\Program Files\Toolbar Cleaner
Pasta Deletada : C:\Users\plinio.seitsi\AppData\LocalLow\adawaretb
Pasta Deletada : C:\Users\administrador\AppData\LocalLow\adawaretb
Pasta Deletada : C:\Users\Jose Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\uoeabe7e.default\adawaretb
Pasta Deletada : C:\Users\administrador\AppData\Roaming\Mozilla\Firefox\Profiles\lk40ymun.default\adawaretb

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Chave Deletedo : HKLM\Software\adawaretb
Chave Deletedo : HKLM\Software\Description
Chave Deletedo : HKLM\Software\Toolbar Cleaner
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16514


-\\ Google Chrome v33.0.1750.154

[ Arquivo : C:\Users\plinio.seitsi\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo : homepage

[ Arquivo : C:\Users\administrador\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8893 octets] - [13/03/2014 10:03:04]
AdwCleaner[R1].txt - [1077 octets] - [14/03/2014 10:34:23]
AdwCleaner[R2].txt - [2865 octets] - [09/04/2014 11:52:11]
AdwCleaner[S0].txt - [7713 octets] - [13/03/2014 10:05:30]
AdwCleaner[S1].txt - [1132 octets] - [14/03/2014 10:39:38]
AdwCleaner[S2].txt - [2755 octets] - [09/04/2014 11:54:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2815 octets] ##########
NB1: Samsung CORE I3 2310/2GB DDR3/320GB
NB2: T4300/2GB DDR2 800/GF 8200M/350GB
PC1:E8400/GA EP45 UD3L/4GB DDR2 Kingston / HD6850/Corsair CX430/Virtua 30MB
PC2:E7500/GA 945GCM/ST 350BKV/HD 5670/2GB
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#4 Por Power Max
09/04/2014 - 12:28
veja.png Desative temporariamente seu antivírus para evitar conflitos.

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
http://www.hijackthis.nl/smeenk/

*Clique com o botão direito do mouse no Zoek.exe e selecione 74f6572c00b779edf6f194710ceb6ce9

* Selecione e copie todo este texto destacado em vermelho abaixo e cole-o no espaço em branco do Zoek:

createsrpoint;
autoclean;
emptyalltemp;
iedefaults;
resetieproxy;
resethosts;
shortcutfix;
ffdefaults;
firefoxlook;
reset chrome;
chrdefaults;
chromelook;

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

7b39b88d7dc13608b71e97baa6485a34

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
wonderwall
wonderwall Highlander Registrado
28.4K Mensagens 174 Curtidas
#5 Por wonderwall
09/04/2014 - 14:34
Power Max,


Engraçado que o Avira acusa como Trojan o Zoek confuso.png

Segue o Log do Zoek



Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by plinio.seitsi on 09/04/2014 at 13:59:56,42.
Microsoft Windows 7 Professional 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\plinio.seitsi\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

09/04/2014 14:02:07 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\lk40ymun.default\prefs.js:
user_pref("browser.startup.homepage", "http://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtByBtD0EtCzytD0F0Dzz0ByBtAtBtN0D0Tzu0CyCzytBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=347445940&ir=");
user_pref("browser.startup.homepage", "http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-03-14&ent=hp&u=382C642C976975EA68EFA153230E2F7D");
user_pref("browser.search.defaultenginename", "Mysearchdial");
user_pref("browser.search.selectedEngine", "Mysearchdial");
user_pref("keyword.URL", "");

Added to C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\lk40ymun.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\JOSEAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\uoeabe7e.default\prefs.js:
user_pref("browser.startup.homepage", "http://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtByBtD0EtCzytD0F0Dzz0ByBtAtBtN0D0Tzu0CyCzytBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=347445940&ir=");
user_pref("browser.startup.homepage", "http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-03-14&ent=hp&u=382C642C976975EA68EFA153230E2F7D");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Mysearchdial");
user_pref("browser.search.selectedEngine", "Mysearchdial");
user_pref("browser.search.order.1", "Ask.com");
user_pref("keyword.URL", "");

Added to C:\Users\JOSEAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\uoeabe7e.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\lk40ymun.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ----

prefs_042014_1416_.backup

ProfilePath: C:\Users\JOSEAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\uoeabe7e.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ----

prefs_042014_1416_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\pmcmighognkjnneiepkhfcnbjgpdlinn deleted
C:\PROGRA~2\49696d571ee159d2 deleted
C:\Users\plinio.seitsi\daemonprocess.txt deleted
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar deleted
C:\PROGRA~2\InstallMate deleted
C:\Users\plinio.seitsi\AppData\Local\adawarebp deleted
C:\Users\plinio.seitsi\AppData\Local\cache deleted
C:\Users\wangzhisong\AppData\Local\Mobogenie deleted
C:\Windows\system32\tasks\Baidu PC Faster Update deleted
C:\Users\wangzhisong deleted
C:\Windows\System32\InstallUtil.InstallLog deleted
C:\Windows\System32\REN7714.tmp deleted
C:\Windows\System32\REN7715.tmp deleted
C:\Windows\System32\~GLH001b.TMP deleted
C:\Windows\System32\~GLH001c.TMP deleted
C:\Windows\System32\~GLH0022.TMP deleted
C:\Windows\System32\~GLH002e.TMP deleted
C:\Windows\System32\~GLH0044.TMP deleted
C:\Windows\System32\~GLH004e.TMP deleted
C:\Windows\System32\~GLH0053.TMP deleted
C:\Windows\System32\~GLH0056.TMP deleted
C:\Windows\System32\~GLH007a.TMP deleted
C:\Windows\System32\~GLH0083.TMP deleted
C:\Users\plinio.seitsi\AppData\Roaming\unins000.exe deleted
C:\Users\plinio.seitsi\AppData\Roaming\unins001.exe deleted
C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\lk40ymun.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} deleted
C:\Users\JOSEAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\uoeabe7e.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} deleted
"C:\PROGRA~2\bdojojhihlkpalmkipjdfheibdnnhepc\bdojojhihlkpalmkipjdfheibdnnhepc.crx" deleted
"C:\PROGRA~2\bdojojhihlkpalmkipjdfheibdnnhepc\update.xml" deleted
"C:\PROGRA~2\bdojojhihlkpalmkipjdfheibdnnhepc" deleted

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E8874}"="C:\Users\plinio.seitsi\AppData\Local\GAS Tecnologia\GBBD\abn\xpi" [21/03/2014 10:19]

==== Firefox Extensions ======================

ProfilePath: C:\Users\JOSEAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\uoeabe7e.default
- Undetermined - C:\Users\Jose Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\uoeabe7e.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
oejkcgajlodefenbbjdnaiahmbnnoole - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
caimihdmbpgddfpkbochehpehdglpcim - C:\Users\plinio.seitsi\AppData\Local\GAS Tecnologia\GBBD\uni\sf.crx[17/10/2013 19:21]

FiNddBessttDeAAla - administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\idocgjmgpdpmpmfnndbpgmencaeclfoi
EnnjoyCouppoan - administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdpkoegmkkcdiieajgcmdlangnmmlfp
Google Wallet - administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Google Drive - plinio.seitsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
UTuberrAdBlOCker - plinio.seitsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdojojhihlkpalmkipjdfheibdnnhepc
GBBD Banco Itaú - plinio.seitsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\caimihdmbpgddfpkbochehpehdglpcim
Webmail Ad Blocker - plinio.seitsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbhfdchmklhpcngcgjmpdbjakdggkkjp
Google Calendar - plinio.seitsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn
AdBlock - plinio.seitsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
LastPass - plinio.seitsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
GBBD Banco Santander (Brasil) S.A. - plinio.seitsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnljhnpjegfbcohjhdnhjlnfnffmbnf
Google Maps - plinio.seitsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh
Google Wallet - plinio.seitsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Checker Plus for Gmailâ„¢ - plinio.seitsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj

==== Chrome Fix ======================

C:\Users\plinio.seitsi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage deleted successfully
C:\Users\plinio.seitsi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage-journal deleted successfully
C:\Users\administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\idocgjmgpdpmpmfnndbpgmencaeclfoi deleted successfully
C:\Users\administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdpkoegmkkcdiieajgcmdlangnmmlfp deleted successfully
C:\Users\plinio.seitsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdojojhihlkpalmkipjdfheibdnnhepc deleted successfully
C:\Users\plinio.seitsi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bdojojhihlkpalmkipjdfheibdnnhepc_0.localstorage deleted successfully
C:\Users\plinio.seitsi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bdojojhihlkpalmkipjdfheibdnnhepc_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-03-14&ent=hp&u=382C642C976975EA68EFA153230E2F7D"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\administrador\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\plinio.seitsi\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\administrador\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\plinio.seitsi\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\alberto.liborio\Desktop\Dirf 2010.LNK - C:\Program Files\Programas RFB\Dirf2010\Dirf2010.exe
C:\Users\alberto.liborio\Desktop\Dirf 2012.LNK - C:\Arquivos de Programas RFB\Dirf2012\Dirf2012.exe
C:\Users\alberto.liborio\Desktop\Folha Phoenix.lnk - C:\phoenix\folha.exe
C:\Users\alberto.liborio\Desktop\GDRaisGenérico76_10.lnk -
C:\Users\ANTONIO\Desktop\CNPJ 3.3.lnk - C:\Program Files\CNPJ2011\CNPJ.EXE
C:\Users\ANTONIO\Desktop\Conectividade Social.lnk - C:\Program Files\CAIXA\CNS\cnsini.exe
C:\Users\ANTONIO\Desktop\DIPJ 2010.lnk - C:\Arquivos de Programas RFB\DIPJ2010\DIPJ2010.exe
C:\Users\ANTONIO\Desktop\Dirf 2009.LNK - C:\Program Files\Programas RFB\Dirf2009\Dirf2009.exe
C:\Users\ANTONIO\Desktop\Dirf 2010.LNK - C:\Program Files\Programas RFB\Dirf2010\Dirf2010.exe
C:\Users\ANTONIO\Desktop\Dirf 2011.LNK - C:\Arquivos de Programas RFB\Dirf2011\Dirf2011.exe
C:\Users\ANTONIO\Desktop\Dirf 2012.LNK - C:\Arquivos de Programas RFB\Dirf2012\Dirf2012.exe
C:\Users\ANTONIO\Desktop\Dirf 2013.LNK - C:\Arquivos de Programas RFB\Dirf2013\Dirf2013.exe
C:\Users\ANTONIO\Desktop\Dirf 2014.LNK - C:\Arquivos de Programas RFB\Dirf2014\Dirf2014.exe
C:\Users\ANTONIO\Desktop\EVEREST Home Edition.lnk - C:\Program Files\Lavalys\EVEREST Home Edition\everest.exe
C:\Users\ANTONIO\Desktop\Folha Phoenix.lnk - C:\phoenix\folha.exe
C:\Users\ANTONIO\Desktop\GDRais2009.lnk - C:\GDRais2009\GDRais2009.exe
C:\Users\ANTONIO\Desktop\GDRais2010.lnk - C:\GDRais2010\GDRais2010.exe
C:\Users\ANTONIO\Desktop\GDRaisGenérico76_08.lnk -
C:\Users\ANTONIO\Desktop\GDRaisGenérico76_09.lnk -
C:\Users\ANTONIO\Desktop\GDRaisGenérico76_10.lnk -
C:\Users\ANTONIO\Desktop\IRPF2007 - Declaração de Ajuste Anual.lnk -
C:\Users\ANTONIO\Desktop\IRPF2008 Windows - Declaração de Ajuste Anual.lnk -
C:\Users\ANTONIO\Desktop\IRPF2009 - Declaração de Ajuste Anual e Final de Espólio.lnk -
C:\Users\ANTONIO\Desktop\IRPF2010 - Declaração de Ajuste Anual e Final de Espólio.lnk -
C:\Users\ANTONIO\Desktop\Receitanet 2010.lnk - C:\Recnet\Receitanet.exe
C:\Users\elane.jesus\Desktop\CNPJ 3.3.lnk - C:\Program Files\CNPJ2011\CNPJ.EXE
C:\Users\elane.jesus\Desktop\Dirf 2010.LNK - C:\Program Files\Programas RFB\Dirf2010\Dirf2010.exe
C:\Users\elane.jesus\Desktop\Dirf 2011.LNK - C:\Arquivos de Programas RFB\Dirf2011\Dirf2011.exe
C:\Users\elane.jesus\Desktop\Dirf 2012.LNK - C:\Arquivos de Programas RFB\Dirf2012\Dirf2012.exe
C:\Users\elane.jesus\Desktop\Dirf 2013.LNK - C:\Arquivos de Programas RFB\Dirf2013\Dirf2013.exe
C:\Users\elane.jesus\Desktop\Dirf 2014.LNK - C:\Arquivos de Programas RFB\Dirf2014\Dirf2014.exe
C:\Users\elane.jesus\Desktop\EVEREST Home Edition.lnk - C:\Program Files\Lavalys\EVEREST Home Edition\everest.exe
C:\Users\elane.jesus\Desktop\Folha Phoenix.lnk - C:\phoenix\folha.exe
C:\Users\elane.jesus\Desktop\GDRaisGenérico76_09.lnk -
C:\Users\elane.jesus\Desktop\GDRaisGenérico76_10.lnk -
C:\Users\elane.jesus\Desktop\IRPF2009 - Declaração de Ajuste Anual e Final de Espólio.lnk -
C:\Users\everton.buch\Desktop\CNPJ 3.3.lnk - C:\Program Files\CNPJ2011\CNPJ.EXE
C:\Users\everton.buch\Desktop\Conectividade Social.lnk - C:\Program Files\CAIXA\CNS\cnsini.exe
C:\Users\everton.buch\Desktop\DIPJ 2010.lnk - C:\Arquivos de Programas RFB\DIPJ2010\DIPJ2010.exe
C:\Users\everton.buch\Desktop\Dirf 2009.LNK - C:\Program Files\Programas RFB\Dirf2009\Dirf2009.exe
C:\Users\everton.buch\Desktop\Dirf 2010.LNK - C:\Program Files\Programas RFB\Dirf2010\Dirf2010.exe
C:\Users\everton.buch\Desktop\Dirf 2011.LNK - C:\Arquivos de Programas RFB\Dirf2011\Dirf2011.exe
C:\Users\everton.buch\Desktop\Dirf 2012.LNK - C:\Arquivos de Programas RFB\Dirf2012\Dirf2012.exe
C:\Users\everton.buch\Desktop\Dirf 2013.LNK - C:\Arquivos de Programas RFB\Dirf2013\Dirf2013.exe
C:\Users\everton.buch\Desktop\Dirf 2014.LNK - C:\Arquivos de Programas RFB\Dirf2014\Dirf2014.exe
C:\Users\everton.buch\Desktop\EVEREST Home Edition.lnk - C:\Program Files\Lavalys\EVEREST Home Edition\everest.exe
C:\Users\everton.buch\Desktop\Folha Phoenix.lnk - C:\phoenix\folha.exe
C:\Users\everton.buch\Desktop\GDRais2009.lnk - C:\GDRais2009\GDRais2009.exe
C:\Users\everton.buch\Desktop\GDRais2010.lnk - C:\GDRais2010\GDRais2010.exe
C:\Users\everton.buch\Desktop\GDRaisGenérico76_08.lnk -
C:\Users\everton.buch\Desktop\GDRaisGenérico76_09.lnk -
C:\Users\everton.buch\Desktop\GDRaisGenérico76_10.lnk -
C:\Users\everton.buch\Desktop\IRPF2009 - Declaração de Ajuste Anual e Final de Espólio.lnk -
C:\Users\everton.buch\Desktop\IRPF2010 - Declaração de Ajuste Anual e Final de Espólio.lnk -
C:\Users\everton.buch\Desktop\Receitanet 2010.lnk - C:\Recnet\Receitanet.exe
C:\Users\Jose Antonio\Desktop\11245777000132.lnk - C:\Declaracoes Gravadas RFB\Dirf2012\11245777000132
C:\Users\Jose Antonio\Desktop\50997063000132.lnk - H:\Declaracoes Gravadas RFB\Dirf2012\50997063000132
C:\Users\Jose Antonio\Desktop\Dirf 2011.LNK - C:\Arquivos de Programas RFB\Dirf2011\Dirf2011.exe
C:\Users\Jose Antonio\Desktop\Dirf 2013.LNK - C:\Arquivos de Programas RFB\Dirf2013\Dirf2013.exe
C:\Users\Jose Antonio\Desktop\Dirf 2014.LNK - C:\Arquivos de Programas RFB\Dirf2014\Dirf2014.exe
C:\Users\Jose Antonio\Desktop\EVEREST Home Edition.lnk - C:\Program Files\Lavalys\EVEREST Home Edition\everest.exe
C:\Users\Jose Antonio\Desktop\GDRaisGenérico76_10.lnk -
C:\Users\Jose Antonio\Desktop\GdRaisJava.lnk - C:\Program Files\GdRaisJava1\gdrais.bat
C:\Users\Jose Antonio\Desktop\MENSIS - Atalho.lnk - F:\ASPLAN\MENSIS.BAT
C:\Users\Jose Antonio\Desktop\Microsoft Office Excel 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\Jose Antonio\Desktop\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Jose Antonio\Desktop\Outlook.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
C:\Users\Jose Antonio\Desktop\TOTVS Folha de Pagamento.lnk - C:\totvs\CorporeRM\RMLabore\RMLabore.exe
C:\Users\Jose Antonio\Desktop\Antonio\ACI.lnk - C:\Program Files\ACI\aci.exe
C:\Users\Jose Antonio\Desktop\Antonio\Adobe Reader 8.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Users\Jose Antonio\Desktop\Antonio\Adobe Reader X.lnk - C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Jose Antonio\Desktop\Antonio\Backup da Agenda.lnk - C:\tecnobyte\agenda\backup.exe
C:\Users\Jose Antonio\Desktop\Antonio\BizAgi Process Modeler.lnk - C:\Windows\Installer\{45E994E6-6D52-4437-BAFF-647421305D49}\BizAgiProcessModel_0902A025D49346F285EA31E0213F3D43.exe
C:\Users\Jose Antonio\Desktop\Antonio\CADASTRO GERAL.lnk - G:\BUDDYWIN\CadastroGeral\cadastrogeral.exe
C:\Users\Jose Antonio\Desktop\Antonio\CAGEDNet.lnk - C:\Program Files\CAGEDNet\CAGEDNet.exe
C:\Users\Jose Antonio\Desktop\Antonio\CAT - Comunicação de Acidente de Trabalho.lnk -
C:\Users\Jose Antonio\Desktop\Antonio\CNPJ 3.3.lnk - C:\Program Files\CNPJ2011\CNPJ.EXE
C:\Users\Jose Antonio\Desktop\Antonio\Conectividade Social.lnk - C:\Program Files\CAIXA\CNS\cnsini.exe
C:\Users\Jose Antonio\Desktop\Antonio\DIPJ 2010.lnk - C:\Arquivos de Programas RFB\DIPJ2010\DIPJ2010.exe
C:\Users\Jose Antonio\Desktop\Antonio\Dirf 2009.LNK - C:\Program Files\Programas RFB\Dirf2009\Dirf2009.exe
C:\Users\Jose Antonio\Desktop\Antonio\Dirf 2010.LNK - C:\Program Files\Programas RFB\Dirf2010\Dirf2010.exe
C:\Users\Jose Antonio\Desktop\Antonio\Dirf 2011.LNK - C:\Arquivos de Programas RFB\Dirf2011\Dirf2011.exe
C:\Users\Jose Antonio\Desktop\Antonio\Dirf 2012.LNK - C:\Arquivos de Programas RFB\Dirf2012\Dirf2012.exe
C:\Users\Jose Antonio\Desktop\Antonio\EssentialPIM.lnk - C:\Program Files\EssentialPIM\EssentialPIM.exe
C:\Users\Jose Antonio\Desktop\Antonio\Folha Phoenix.lnk - C:\phoenix\folha.exe
C:\Users\Jose Antonio\Desktop\Antonio\FOLHA.lnk - G:\BUDDYWIN\FolhaPagamento\folhapagamento.exe
C:\Users\Jose Antonio\Desktop\Antonio\GDRais2009.lnk - C:\GDRais2009\GDRais2009.exe
C:\Users\Jose Antonio\Desktop\Antonio\GDRais2010.lnk - C:\GDRais2010\GDRais2010.exe
C:\Users\Jose Antonio\Desktop\Antonio\GDRaisGenérico76_08.lnk -
C:\Users\Jose Antonio\Desktop\Antonio\GDRaisGenérico76_09.lnk -
C:\Users\Jose Antonio\Desktop\Antonio\GdRaisJava.lnk - C:\Program Files\GdRaisJava\gdrais.bat
C:\Users\Jose Antonio\Desktop\Antonio\IRPF2007 - Declaração de Ajuste Anual.lnk -
C:\Users\Jose Antonio\Desktop\Antonio\IRPF2008 Windows - Declaração de Ajuste Anual.lnk -
C:\Users\Jose Antonio\Desktop\Antonio\IRPF2009 - Declaração de Ajuste Anual e Final de Espólio.lnk -
C:\Users\Jose Antonio\Desktop\Antonio\IRPF2010 - Declaração de Ajuste Anual e Final de Espólio.lnk -
C:\Users\Jose Antonio\Desktop\Antonio\IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Jose Antonio\Desktop\Antonio\Receitanet 1.01 .lnk - C:\Program Files\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\Users\Jose Antonio\Desktop\Antonio\Receitanet 2010.lnk - C:\Recnet\Receitanet.exe
C:\Users\Jose Antonio\Desktop\Antonio\Receitanet Java 2010.02b.lnk - C:\Program Files\Programas RFB\Receitanet Java\receitanet.exe
C:\Users\Jose Antonio\Desktop\Antonio\RM.lnk -
C:\Users\Jose Antonio\Desktop\Antonio\SEFIP.lnk - C:\Program Files\CAIXA\SEFIP\Sefip.exe
C:\Users\Jose Antonio\Desktop\Antonio\Sispag Itaú.lnk -
C:\Users\Jose Antonio\Desktop\Antonio\SXPIS Empresa.lnk - C:\caixa\SXPIS\Sxpisw.exe
C:\Users\Jose Antonio\Desktop\Antonio\Tecnobyte Agenda.lnk - C:\tecnobyte\agenda\agenda.exe
C:\Users\Jose Antonio\Desktop\Antonio\Gustavo\Folha Phoenix.lnk - C:\phoenix\folha.exe
C:\Users\Jose Antonio\Desktop\Impressões temporárias\Mozilla Firefox.lnk -
C:\Users\Jose Antonio\Desktop\Impressões temporárias\Receitanet 1.01 .lnk -
C:\Users\Jose Antonio\Desktop\Impressões temporárias\RecentPlaces.lnk -
C:\Users\Jose Antonio\Desktop\Impressões temporárias\TeamViewer 7.lnk -
C:\Users\plinio.seitsi\Desktop\ACI.lnk - C:\Users\plinio.seitsi\ACI\aci.exe
C:\Users\plinio.seitsi\Desktop\Contábil Phoenix.lnk -
C:\Users\plinio.seitsi\Desktop\Dirf 2011.LNK - C:\Arquivos de Programas RFB\Dirf2011\Dirf2011.exe
C:\Users\plinio.seitsi\Desktop\Dirf 2014.LNK - C:\Arquivos de Programas RFB\Dirf2014\Dirf2014.exe
C:\Users\plinio.seitsi\Desktop\Folha Phoenix.lnk - P:\folha.exe
C:\Users\plinio.seitsi\Desktop\GDRais 2013.lnk - C:\GDRais2013\gdrais.bat
C:\Users\plinio.seitsi\Desktop\SEFIP.lnk - C:\Program Files\CAIXA\SEFIP\Sefip.exe
C:\Users\thiago.dias\Desktop\Dirf 2011.LNK - C:\Arquivos de Programas RFB\Dirf2011\Dirf2011.exe
C:\Users\thiago.dias\Desktop\Dirf 2013.LNK - C:\Arquivos de Programas RFB\Dirf2013\Dirf2013.exe
C:\Users\thiago.dias\Desktop\Dirf 2014.LNK - C:\Arquivos de Programas RFB\Dirf2014\Dirf2014.exe
C:\Users\thiago.dias\Desktop\EVEREST Home Edition.lnk - C:\Program Files\Lavalys\EVEREST Home Edition\everest.exe
C:\Users\vladmir.abreu\Desktop\CNPJ 3.3.lnk - C:\Program Files\CNPJ2011\CNPJ.EXE
C:\Users\vladmir.abreu\Desktop\Dirf 2010.LNK - C:\Program Files\Programas RFB\Dirf2010\Dirf2010.exe
C:\Users\vladmir.abreu\Desktop\Dirf 2011.LNK - C:\Arquivos de Programas RFB\Dirf2011\Dirf2011.exe
C:\Users\vladmir.abreu\Desktop\Dirf 2012.LNK - C:\Arquivos de Programas RFB\Dirf2012\Dirf2012.exe
C:\Users\vladmir.abreu\Desktop\Folha Phoenix.lnk - C:\phoenix\folha.exe
C:\Users\vladmir.abreu\Desktop\GDRais2010.lnk - C:\GDRais2010\GDRais2010.exe
C:\Users\vladmir.abreu\Desktop\GDRaisGenérico76_09.lnk -
C:\Users\vladmir.abreu\Desktop\IRPF2009 - Declaração de Ajuste Anual e Final de Espólio.lnk -
C:\Users\vladmir.abreu\Desktop\Receitanet 2010.lnk - C:\Recnet\Receitanet.exe
C:\Users\ALBERT~1.LIB\Desktop\Dirf 2010.LNK - C:\Program Files\Programas RFB\Dirf2010\Dirf2010.exe
C:\Users\ALBERT~1.LIB\Desktop\Dirf 2012.LNK - C:\Arquivos de Programas RFB\Dirf2012\Dirf2012.exe
C:\Users\ALBERT~1.LIB\Desktop\Folha Phoenix.lnk - C:\phoenix\folha.exe
C:\Users\ALBERT~1.LIB\Desktop\GDRaisGenérico76_10.lnk -
C:\Users\ELANE~1.JES\Desktop\CNPJ 3.3.lnk - C:\Program Files\CNPJ2011\CNPJ.EXE
C:\Users\ELANE~1.JES\Desktop\Dirf 2010.LNK - C:\Program Files\Programas RFB\Dirf2010\Dirf2010.exe
C:\Users\ELANE~1.JES\Desktop\Dirf 2011.LNK - C:\Arquivos de Programas RFB\Dirf2011\Dirf2011.exe
C:\Users\ELANE~1.JES\Desktop\Dirf 2012.LNK - C:\Arquivos de Programas RFB\Dirf2012\Dirf2012.exe
C:\Users\ELANE~1.JES\Desktop\Dirf 2013.LNK - C:\Arquivos de Programas RFB\Dirf2013\Dirf2013.exe
C:\Users\ELANE~1.JES\Desktop\Dirf 2014.LNK - C:\Arquivos de Programas RFB\Dirf2014\Dirf2014.exe
C:\Users\ELANE~1.JES\Desktop\EVEREST Home Edition.lnk - C:\Program Files\Lavalys\EVEREST Home Edition\everest.exe
C:\Users\ELANE~1.JES\Desktop\Folha Phoenix.lnk - C:\phoenix\folha.exe
C:\Users\ELANE~1.JES\Desktop\GDRaisGenérico76_09.lnk -
C:\Users\ELANE~1.JES\Desktop\GDRaisGenérico76_10.lnk -
C:\Users\ELANE~1.JES\Desktop\IRPF2009 - Declaração de Ajuste Anual e Final de Espólio.lnk -
C:\Users\EVERTO~1.BUC\Desktop\CNPJ 3.3.lnk - C:\Program Files\CNPJ2011\CNPJ.EXE
C:\Users\EVERTO~1.BUC\Desktop\Conectividade Social.lnk - C:\Program Files\CAIXA\CNS\cnsini.exe
C:\Users\EVERTO~1.BUC\Desktop\DIPJ 2010.lnk - C:\Arquivos de Programas RFB\DIPJ2010\DIPJ2010.exe
C:\Users\EVERTO~1.BUC\Desktop\Dirf 2009.LNK - C:\Program Files\Programas RFB\Dirf2009\Dirf2009.exe
C:\Users\EVERTO~1.BUC\Desktop\Dirf 2010.LNK - C:\Program Files\Programas RFB\Dirf2010\Dirf2010.exe
C:\Users\EVERTO~1.BUC\Desktop\Dirf 2011.LNK - C:\Arquivos de Programas RFB\Dirf2011\Dirf2011.exe
C:\Users\EVERTO~1.BUC\Desktop\Dirf 2012.LNK - C:\Arquivos de Programas RFB\Dirf2012\Dirf2012.exe
C:\Users\EVERTO~1.BUC\Desktop\Dirf 2013.LNK - C:\Arquivos de Programas RFB\Dirf2013\Dirf2013.exe
C:\Users\EVERTO~1.BUC\Desktop\Dirf 2014.LNK - C:\Arquivos de Programas RFB\Dirf2014\Dirf2014.exe
C:\Users\EVERTO~1.BUC\Desktop\EVEREST Home Edition.lnk - C:\Program Files\Lavalys\EVEREST Home Edition\everest.exe
C:\Users\EVERTO~1.BUC\Desktop\Folha Phoenix.lnk - C:\phoenix\folha.exe
C:\Users\EVERTO~1.BUC\Desktop\GDRais2009.lnk - C:\GDRais2009\GDRais2009.exe
C:\Users\EVERTO~1.BUC\Desktop\GDRais2010.lnk - C:\GDRais2010\GDRais2010.exe
C:\Users\EVERTO~1.BUC\Desktop\GDRaisGenérico76_08.lnk -
C:\Users\EVERTO~1.BUC\Desktop\GDRaisGenérico76_09.lnk -
C:\Users\EVERTO~1.BUC\Desktop\GDRaisGenérico76_10.lnk -
C:\Users\EVERTO~1.BUC\Desktop\IRPF2009 - Declaração de Ajuste Anual e Final de Espólio.lnk -
C:\Users\EVERTO~1.BUC\Desktop\IRPF2010 - Declaração de Ajuste Anual e Final de Espólio.lnk -
C:\Users\EVERTO~1.BUC\Desktop\Receitanet 2010.lnk - C:\Recnet\Receitanet.exe
C:\Users\THIAGO~1.DIA\Desktop\Dirf 2011.LNK - C:\Arquivos de Programas RFB\Dirf2011\Dirf2011.exe
C:\Users\THIAGO~1.DIA\Desktop\Dirf 2013.LNK - C:\Arquivos de Programas RFB\Dirf2013\Dirf2013.exe
C:\Users\THIAGO~1.DIA\Desktop\Dirf 2014.LNK - C:\Arquivos de Programas RFB\Dirf2014\Dirf2014.exe
C:\Users\THIAGO~1.DIA\Desktop\EVEREST Home Edition.lnk - C:\Program Files\Lavalys\EVEREST Home Edition\everest.exe
C:\Users\VLADMI~1.ABR\Desktop\CNPJ 3.3.lnk - C:\Program Files\CNPJ2011\CNPJ.EXE
C:\Users\VLADMI~1.ABR\Desktop\Dirf 2010.LNK - C:\Program Files\Programas RFB\Dirf2010\Dirf2010.exe
C:\Users\VLADMI~1.ABR\Desktop\Dirf 2011.LNK - C:\Arquivos de Programas RFB\Dirf2011\Dirf2011.exe
C:\Users\VLADMI~1.ABR\Desktop\Dirf 2012.LNK - C:\Arquivos de Programas RFB\Dirf2012\Dirf2012.exe
C:\Users\VLADMI~1.ABR\Desktop\Folha Phoenix.lnk - C:\phoenix\folha.exe
C:\Users\VLADMI~1.ABR\Desktop\GDRais2010.lnk - C:\GDRais2010\GDRais2010.exe
C:\Users\VLADMI~1.ABR\Desktop\GDRaisGenérico76_09.lnk -
C:\Users\VLADMI~1.ABR\Desktop\IRPF2009 - Declaração de Ajuste Anual e Final de Espólio.lnk -
C:\Users\VLADMI~1.ABR\Desktop\Receitanet 2010.lnk - C:\Recnet\Receitanet.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Able2Extract Professional.lnk - C:\Program Files\Investintech.com Inc\Able2Extract Professional 7.0\Able2ExtractPro.exe
C:\Users\Public\Desktop\CAGEDNet.lnk - C:\Program Files\CAGED\CAGEDNet\CAGEDNet.exe
C:\Users\Public\Desktop\Camtasia Studio 7.lnk - C:\Program Files\TechSmith\Camtasia Studio 7\CamtasiaStudio.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\GGP - DANFE.lnk - C:\Windows\Installer\{3C42212D-6D41-4B57-B7A3-301093B0157B}\_818FCEA07BF5C8E38A0815.exe
C:\Users\Public\Desktop\GPS.lnk - C:\Program Files\SRP\GPS.exe
C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk - C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe

==== shortcuts in Users Start Menu ======================

C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Contmatic Phoenix\Contábil Phoenix.lnk -
C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Contmatic Phoenix\Desinstala\Estação Phoenix.lnk -
C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\plinio.seitsi\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\plinio.seitsi\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GdRaisJava\Desinstalar.lnk - C:\Windows\System32\java.exe -jar "C:\GDRais2013\Uninstaller\Uninstaller.jar"
C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GdRaisJava\GDRais 2013.lnk - C:\GDRais2013\gdrais.bat
C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Generico\Desinstalar.lnk - C:\Windows\System32\java.exe -jar "C:\Generico2012_v1.2\Uninstaller\Uninstaller.jar"
C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Generico\Generico 2012.lnk - C:\Generico2012_v1.2\gdrais.bat
C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Ajuda do IRPF2014.lnk -
C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Desinstalar IRPF2014.lnk -
C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Leia-me do IRPF2014.lnk -
C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\plinio.seitsi\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk - C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk - C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks\Start BlueStacks.lnk - C:\Program Files\BlueStacks\HD-StartLauncher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++\Notepad++.lnk - C:\Program Files\Notepad++\notepad++.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2011\Dirf 2011\Ajuda da Dirf 2011.LNK - C:\Arquivos de Programas RFB\Dirf2011\Dirf2011.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2011\Dirf 2011\Desinstalar Dirf 2011.LNK - C:\Arquivos de Programas RFB\Dirf2011\UNWISE.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2011\Dirf 2011\Dirf 2011.LNK - C:\Arquivos de Programas RFB\Dirf2011\Dirf2011.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2011\Dirf 2011\Leia-me da Dirf 2011.LNK - C:\Windows\system32\NOTEPAD.EXE C:\Arquivos de Programas RFB\Dirf2011\LEIAME.TXT
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Create System Report.lnk - C:\Program Files\Spybot - Search & Destroy 2\SDLogReport.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\File Scan.lnk - C:\Program Files\Spybot - Search & Destroy 2\SDFiles.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Immunization.lnk - C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Rootkit Scan.lnk - C:\Program Files\Spybot - Search & Destroy 2\SDRootAlyzer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Spybot-S&D Start Center.lnk - C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\System Scan.lnk - C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Tray Icon (Live Protection).lnk - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Uninstall Spybot-S&D.lnk - C:\Program Files\Spybot - Search & Destroy 2\unins000.exe

==== shortcuts in Quick Launch ======================

C:\Users\alberto.liborio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\alberto.liborio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\alberto.liborio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\alberto.liborio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\alberto.liborio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\ANTONIO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\EssentialPIM.lnk - C:\Program Files\EssentialPIM\EssentialPIM.exe
C:\Users\ANTONIO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\ANTONIO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\ANTONIO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\ANTONIO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\ANTONIO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\ANTONIO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\elane.jesus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\elane.jesus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\elane.jesus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\elane.jesus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\elane.jesus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\everton.buch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\everton.buch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\everton.buch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\everton.buch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\everton.buch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\everton.buch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ACI.lnk - C:\Program Files\ACI\aci.exe
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CAGEDNet.lnk - C:\Program Files\CAGEDNet\CAGEDNet.exe
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\EssentialPIM.lnk - C:\Program Files\EssentialPIM\EssentialPIM.exe
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GdRaisJava.lnk - C:\Program Files\GdRaisJava1\gdrais.bat
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE /recycle
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PDF To Word Converter.lnk - C:\PDFToWordConverter\PDF2Word.exe
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Dirf 2010.LNK - C:\Program Files\Programas RFB\Dirf2010\Dirf2010.exe
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Dirf 2011.LNK - C:\Arquivos de Programas RFB\Dirf2011\Dirf2011.exe
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\displayswitch.lnk - C:\Windows\system32\displayswitch.exe
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Outlook.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Remote Desktop Connection.lnk - C:\Windows\system32\mstsc.exe
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\SEFIP.lnk - C:\Program Files\CAIXA\SEFIP\Sefip.exe
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Sicalc Auto Atendimento.lnk - C:\Program Files\Programas RFB\Sicalc Auto Atendimento\sicalcp.exe
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\SQL Server Management Studio.lnk - C:\Program Files\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\TextPad.lnk - C:\Program Files\TextPad 5\TextPad.exe
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\TOTVS Folha de Pagamento.lnk - C:\totvs\CorporeRM\RMLabore\RMLabore.exe
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\UltraVNC Viewer.lnk - C:\Program Files\UltraVNC\vncviewer.exe
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe Reader X.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AA1000000001}\SC_Reader.ico
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CATMpact.lnk - C:\CatMpact\SP2CL32.EXE
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Outlook.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\RM.lnk - C:\totvs\CorporeRM\RM.Net\RM.exe
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\UltraVNC Viewer.lnk - C:\Program Files\UltraVNC\vncviewer.exe
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Jose Antonio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CAGEDNet.lnk - C:\Program Files\CAGED\CAGEDNet\CAGEDNet.exe
C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE /recycle
C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk - C:\Program Files\SAMSUNG\Kies\KiesAgent.exe /lite
C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies 3.lnk - C:\Program Files\SAMSUNG\Kies3\Kies3.exe
C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk - C:\Program Files\SAMSUNG\Kies\KiesAgent.exe
C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Outlook 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TOTVS Folha de Pagamento.lnk - C:\totvs\CorporeRM\RMLabore\RMLabore.exe
C:\Users\thiago.dias\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\thiago.dias\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\thiago.dias\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\thiago.dias\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\thiago.dias\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\vladmir.abreu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\vladmir.abreu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\vladmir.abreu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\vladmir.abreu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\vladmir.abreu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\ALBERT~1.LIB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\ALBERT~1.LIB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\ALBERT~1.LIB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\ALBERT~1.LIB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\ALBERT~1.LIB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\ELANE~1.JES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\ELANE~1.JES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\ELANE~1.JES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\ELANE~1.JES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\ELANE~1.JES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\EVERTO~1.BUC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\EVERTO~1.BUC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\EVERTO~1.BUC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\EVERTO~1.BUC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\EVERTO~1.BUC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\EVERTO~1.BUC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\THIAGO~1.DIA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\THIAGO~1.DIA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\THIAGO~1.DIA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\THIAGO~1.DIA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\THIAGO~1.DIA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\VLADMI~1.ABR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\VLADMI~1.ABR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\VLADMI~1.ABR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\VLADMI~1.ABR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\VLADMI~1.ABR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"="127.0.0.1:9666"
"ProxyOverride"="127.0.0.1"
"ProxyEnable"=dword:00000001

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{68A92BBD-640D-3BC5-E5DA-9B4A2E2EA966} deleted successfully
HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mobilegeni daemon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection deleted successfully

==== Empty IE Cache ======================

C:\Users\administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\alberto.liborio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ANTONIO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ANTONIO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\elane.jesus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\everton.buch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jose Antonio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jose Antonio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Jose Antonio\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\plinio.seitsi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\plinio.seitsi\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\thiago.dias\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\vladmir.abreu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ALBERT~1.LIB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ELANE~1.JES\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\EVERTO~1.BUC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\THIAGO~1.DIA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\VLADMI~1.ABR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\plinio.seitsi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RRQS0QI2 will be deleted at reboot
C:\Users\plinio.seitsi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\administrador\AppData\Local\Mozilla\Firefox\Profiles\lk40ymun.default\Cache emptied successfully
C:\Users\Jose Antonio\AppData\Local\Mozilla\Firefox\Profiles\uoeabe7e.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\administrador\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\plinio.seitsi\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1345 folders=145 19831660 bytes)

==== Empty Temp Folders ======================

C:\Users\administrador\AppData\Local\Temp emptied successfully
C:\Users\alberto.liborio\AppData\Local\Temp emptied successfully
C:\Users\ANTONIO\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\elane.jesus\AppData\Local\Temp emptied successfully
C:\Users\everton.buch\AppData\Local\Temp emptied successfully
C:\Users\Jose Antonio\AppData\Local\Temp emptied successfully
C:\Users\plinio.seitsi\AppData\Local\Temp will be emptied at reboot
C:\Users\PLINIO~1~SEI\AppData\Local\Temp emptied successfully
C:\Users\thiago.dias\AppData\Local\Temp emptied successfully
C:\Users\vladmir.abreu\AppData\Local\Temp emptied successfully
C:\Users\ALBERT~1.LIB\AppData\Local\Temp emptied successfully
C:\Users\ELANE~1.JES\AppData\Local\Temp emptied successfully
C:\Users\EVERTO~1.BUC\AppData\Local\Temp emptied successfully
C:\Users\THIAGO~1.DIA\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Users\VLADMI~1.ABR\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\TEMP successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\plinio.seitsi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\plinio.seitsi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RRQS0QI2" not found
"C:\Users\plinio.seitsi\AppData\Local\Temp\_MEI45162" not found

==== EOF on 09/04/2014 at 14:28:29,76 ======================
NB1: Samsung CORE I3 2310/2GB DDR3/320GB
NB2: T4300/2GB DDR2 800/GF 8200M/350GB
PC1:E8400/GA EP45 UD3L/4GB DDR2 Kingston / HD6850/Corsair CX430/Virtua 30MB
PC2:E7500/GA 945GCM/ST 350BKV/HD 5670/2GB
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#6 Por Power Max
09/04/2014 - 14:37
veja.png Baixe o programa Junkware Removal Tool no link abaixo:
http://thisisudax.org/downloads/JRT.exe

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
wonderwall
wonderwall Highlander Registrado
28.4K Mensagens 174 Curtidas
#7 Por wonderwall
09/04/2014 - 14:55
Segue log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by plinio.seitsi on 09/04/2014 at 14:49:18,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/04/2014 at 14:51:52,83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NB1: Samsung CORE I3 2310/2GB DDR3/320GB
NB2: T4300/2GB DDR2 800/GF 8200M/350GB
PC1:E8400/GA EP45 UD3L/4GB DDR2 Kingston / HD6850/Corsair CX430/Virtua 30MB
PC2:E7500/GA 945GCM/ST 350BKV/HD 5670/2GB
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#8 Por Power Max
09/04/2014 - 15:52
veja.png Faça o download do < ZHPDiag2.exe > < Imagem> ( ... de Nicolas Coolman )

|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.

|- Execute o ícone do pergaminho. ( ZHPDiag )

Imagem

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!

Imagem

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

Imagem
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
wonderwall
wonderwall Highlander Registrado
28.4K Mensagens 174 Curtidas
#9 Por wonderwall
09/04/2014 - 16:01
Power aqui o link está quebrado, teria um outro?

Apenas para reportar, aparentemente o problema foi resolvido o Chrome está abrindo normalmente sem o Jollywallet.

Obrigado pela ajuda amigo. boa.gif
NB1: Samsung CORE I3 2310/2GB DDR3/320GB
NB2: T4300/2GB DDR2 800/GF 8200M/350GB
PC1:E8400/GA EP45 UD3L/4GB DDR2 Kingston / HD6850/Corsair CX430/Virtua 30MB
PC2:E7500/GA 945GCM/ST 350BKV/HD 5670/2GB
wonderwall
wonderwall Highlander Registrado
28.4K Mensagens 174 Curtidas
#11 Por wonderwall
09/04/2014 - 16:15
Segue o log


~ Relatório do ZHPDiag v2014.4.9.15 - Nicolas Coolman (09/04/2014)
~ Iniciado por plinio.seitsi (09/04/2014 16:12:08)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : http://nicolascoolman.webs.com/apps/links/
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 16.0.2
GCIE: Google Chrome v33.0.1750.154 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 32-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Avira Free Antivirus v14.0.3.350
McAfee Security Scan Plus v2.0.181.2
Spybot - Search & Destroy v2.2.25
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.03 =>.Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3315 MB (35% free)
System Restore: Activé (Enable)
System drive C: has 168 GB (56%) free of 298 GB

---\\ Modo de conexão ao sistema
~ Computer Name: MICRO36
~ User Name: plinio.seitsi
~ All Users Names: Convidado, ANTONIO, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\plinio.seitsi\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\plinio.seitsi\AppData\Roaming\
~ %Desktop% : C:\Users\plinio.seitsi\Desktop\
~ %Favorites% : C:\Users\plinio.seitsi\Favorites\
~ %LocalAppData% : C:\Users\plinio.seitsi\AppData\Local\
~ %StartMenu% : C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 168 Go of 298 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Windows Explorer.) (.26/02/2011 - 02:33:07.) -- C:\Windows\Explorer.exe [2614784]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.C8ADAA6948993D839D14524847EA5B75] - (.Microsoft Corporation - Internet Extensions para Win32.) (.30/10/2013 - 16:12:16.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft%2¬¨ùporation - Ancillary Function Driver for WinSock.) (.24/04/2011 - 23:35:40.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/04/2011 - 23:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03/05/2011 - 23:43:41.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.187002CE05693C306F43C873F821381F] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.11/03/2011 - 02:44:01.) -- C:\Windows\system32\Drivers\ntfs.sys [1210240]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/07/2009 - 21:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.59F06B4968E58BC83DFC56CA4517960E] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/09/2012 - 13:48:29.) -- C:\Windows\system32\Drivers\volsnap.sys [245616]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/3
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 2/2266
~ Mon Bureau (My Desktop) : 1/46
~ Menu demarrer (Programs) : 1/46
~ Hidden Files: Scanned in 00mn 04s



---\\ Processos lançados
[MD5.ED5501CBCA525947FF6985B38253B872] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe [520520] [PID.732]
[MD5.4D282B9C5BB05DF92C9F3977DFB9F916] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400] [PID.1544]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1724]
[MD5.65AF41A7A2C5B6693E1B4164E7632C3E] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400] [PID.1744]
[MD5.15C160D8419F9FE74161B88B6A8EB799] - (.BlueStack Systems, Inc. - BlueStacks Log Rotator Service.) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384888] [PID.1804]
[MD5.B1BEC2B656BB534339491A0070E68607] - (.Microsoft Corporation - SQL Server Integration Services Service.) -- C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [224208] [PID.1920]
[MD5.6E17AA8C7760BEC86BAD5E3A1235C22F] - (.Microsoft Corporation - SQL Server Windows NT.) -- C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [43042256] [PID.112]
[MD5.2C442B211DE3D16C099ADAA019D80D6E] - (.Microsoft Corporation - Microsoft SQL Server Analysis Services.) -- C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe [22012776] [PID.304]
[MD5.EC86DA8917C79951450BCEA3DF233B33] - (.Microsoft Corporation - Reporting Services Service.) -- C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [1118056] [PID.1532]
[MD5.8DFB239D15B1455B271A75CE7DE64E33] - (.TOTVS S.A. - No Comment.) -- C:\totvs\CorporeRM\RM.Net\RM.Host.Service.exe [14336] [PID.2128]
[MD5.D6019CC62254ABEE4A8ECDE99C057EC5] - (.SafeNet, Inc. - SafeNet Authentication Client Service.) -- C:\Program Files\SafeNet\Authentication\SAC\x32\SACSrv.exe [10200] [PID.2352]
[MD5.98EF79CC2B07398AC525F9EA1AE0366F] - (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880] [PID.2392]
[MD5.FCC305DFA511C096EECAA3F42C2804A7] - (.Microsoft Corporation - SQLAGENT - SQL Server Agent.) -- C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.exe [379344] [PID.2528]
[MD5.135CDCCC167EF0C250125BBD3ABE18D5] - (.Microsoft Corporation - SQL Server VSS Writer.) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [97640] [PID.2568]
[MD5.CC907C2FB839D3F92690A25FF8E463BE] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [4972864] [PID.2644]
[MD5.14BF6B3AB327D519ED007CDDC56F6900] - (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272] [PID.2828]
[MD5.820EBE67AB99F033FDE25B2692157991] - (.Safer-Networking Ltd. - Windows Security Center integration..) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416] [PID.3124]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [116648] [PID.3512]
[MD5.6F1E9AB820B3DD8BD38C0190A206205D] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [431672] [PID.3936]
[MD5.3D15C6EDBF84D792ACEBD2289546DBAF] - (.Avira Operations GmbH & Co. KG - AntiVir WebGuard Service.) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe [1017424] [PID.3612]
[MD5.5B0080D6830BC1E7E4592791DD40F35D] - (.Microsoft Corporation - SQL Full-text Filter Daemon Launch Service.) -- C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [31256] [PID.3316]
[MD5.E80F220A13C55FEB92E77FE6084C2A52] - (.Microsoft Corporation - SQL Full Text host.) -- c:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe [68632] [PID.2364]
[MD5.7E27BA11C41A05436DF334C604724E5D] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files\TeamViewer\Version9\TeamViewer.exe [12877632] [PID.688]
[MD5.F08DFD11B13931C608AD2D00DE7054E5] - (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\Windows\System32\aetcrss1.exe [204800] [PID.3140]
[MD5.90A3525C7399B7784D28F99EA1A51C4C] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe [673616] [PID.2056]
[MD5.048EA4B978851788E9F5E8E4F081DF7A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904] [PID.2500]
[MD5.6F3DAA6FFF04DFC12D5269453C47E9BF] - (.SafeNet, Inc. - SafeNet Authentication Client.) -- C:\Program Files\SafeNet\Authentication\SAC\x32\SACMonitor.exe [1923032] [PID.1212]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040] [PID.316]
[MD5.241B07FF7F5943B9C1BF3235F49AC1E1] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744] [PID.2812]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.2732]
[MD5.68239842340DDFF8993DFD9127553EDA] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.4112]
[MD5.004763BDF8E48244DBB9FDFDE3065EBC] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.4128]
[MD5.CD1102E5D340216138C7F56FA8D26998] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.4136]
[MD5.AF49D1C79EA49A7833017F290EE63B82] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784] [PID.4176]
[MD5.1D35A47798F2A17A3C4010DEC372839D] - (.Google - Google Drive.) -- C:\Program Files\Google\Drive\googledrivesync.exe [20203904] [PID.4232]
[MD5.D9C51528488EA0D98D3C4D02ABD16759] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.4336]
[MD5.58FC1B36032F03342E4C02813F80DAC1] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\plinio.seitsi\AppData\Roaming\Dropbox\bin\Dropbox.exe [30714328] [PID.4404]
[MD5.904B78DD60B85A6A5145FAB3876FF285] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files\TeamViewer\Version9\tv_w32.exe [238400] [PID.4732]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.4600]
[MD5.0E5398084278E4CD84DDB0A2B646548D] - (.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.exe [12997488] [PID.1440]
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [859976] [PID.5148]
[MD5.E4C0EFE1C507F405D7B5DD169B842825] - (...) -- C:\Users\plinio.seitsi\Google Drive\U1304.exe [2016992] [PID.5300]
[MD5.0E5733F5EECA2BD7822128190B823718] - (.TOTVS S.A - No Comment.) -- C:\totvs\CorporeRM\RMLabore\RMLabore.exe [21226496] [PID.3452]
[MD5.909FF075A7415E346642B4F4B074265C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8208896] [PID.2880]
[MD5.4C287F9069FEDBD791178876EE9DE536] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.5564]
~ Processes Running: Scanned in 00mn 04s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\plinio.seitsi\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome

~ Google Lines Browser: 16 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
M3 - MFPP: Plugins - [plinio.seitsi] -- C:\Program Files\Mozilla FireFox\searchplugins\buscape.xml
M3 - MFPP: Plugins - [plinio.seitsi] -- C:\Program Files\Mozilla FireFox\searchplugins\mercadolivre.xml
M3 - MFPP: Plugins - [plinio.seitsi] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-br.xml
M3 - MFPP: Plugins - [plinio.seitsi] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-br.xml
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\plinio.seitsi\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\plinio.seitsi\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\PROGRAM FILES\GBPLUGIN\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehUni.dll
~ BHO: 8 Legitimates Filtered in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Able2Extract Professional.lnk . (.Investintech.com Inc. - Able2Extract Professional.) -- C:\Program Files\Investintech.com Inc\Able2Extract Professional 7.0\Able2ExtractPro.exe
O4 - GS\Desktop [Public]: CAGEDNet.lnk . (...) -- C:\Program Files\CAGED\CAGEDNet\CAGEDNet.exe
O4 - GS\Desktop [Public]: GGP - DANFE.lnk . (...) -- C:\Windows\Installer\{3C42212D-6D41-4B57-B7A3-301093B0157B}\_818FCEA07BF5C8E38A0815.exe
O4 - GS\Desktop [Public]: GPS.lnk . (.SRP / Dataprev - Impressor de GPS.) -- C:\Program Files\SRP\GPS.exe
O4 - GS\Desktop [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\QuickLaunch [ANTONIO]: EssentialPIM.lnk . (...) -- C:\Program Files\EssentialPIM\EssentialPIM.exe
O4 - GS\QuickLaunch [ANTONIO]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [ANTONIO]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [ANTONIO]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [ANTONIO]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [ANTONIO]: CNPJ 3.3.lnk . (...) -- C:\Program Files\CNPJ2011\CNPJ.exe (.not file.)
O4 - GS\Desktop [ANTONIO]: Conectividade Social.lnk . (.CAIXA ECONÔMICA FEDERAL - No Comment.) -- C:\Program Files\CAIXA\CNS\cnsini.exe
O4 - GS\Desktop [ANTONIO]: DIPJ 2010.lnk . (.SERPRO - No Comment.) -- C:\Arquivos de Programas RFB\DIPJ2010\DIPJ2010.exe
O4 - GS\Desktop [ANTONIO]: Dirf 2009.LNK . (...) -- C:\Program Files\Programas RFB\Dirf2009\Dirf2009.exe
O4 - GS\Desktop [ANTONIO]: Dirf 2010.LNK . (...) -- C:\Program Files\Programas RFB\Dirf2010\Dirf2010.exe
O4 - GS\Desktop [ANTONIO]: Dirf 2011.LNK . (...) -- C:\Arquivos de Programas RFB\Dirf2011\Dirf2011.exe
O4 - GS\Desktop [ANTONIO]: Dirf 2012.LNK . (...) -- C:\Arquivos de Programas RFB\Dirf2012\Dirf2012.exe
O4 - GS\Desktop [ANTONIO]: Dirf 2013.LNK . (...) -- C:\Arquivos de Programas RFB\Dirf2013\Dirf2013.exe
O4 - GS\Desktop [ANTONIO]: Dirf 2014.LNK . (...) -- C:\Arquivos de Programas RFB\Dirf2014\Dirf2014.exe
O4 - GS\Desktop [ANTONIO]: EVEREST Home Edition.lnk . (...) -- C:\Program Files\Lavalys\EVEREST Home Edition\everest.exe (.not file.)
O4 - GS\Desktop [ANTONIO]: Folha Phoenix.lnk . (...) -- C:\phoenix\folha.exe (.not file.)
O4 - GS\Desktop [ANTONIO]: GDRais2009.lnk . (...) -- C:\GDRais2009\GDRais2009.exe
O4 - GS\Desktop [ANTONIO]: GDRais2010.lnk . (...) -- C:\GDRais2010\GDRais2010.exe (.not file.)
O4 - GS\Desktop [ANTONIO]: GDRaisGenérico76_08.lnk . (...) -- C:\GDRaisGenerico76_08\GDRaisGenerico76_08.exe
O4 - GS\Desktop [ANTONIO]: GDRaisGenérico76_09.lnk . (...) -- C:\GDRaisGenerico76_09\GDRaisGenerico76_09.exe
O4 - GS\Desktop [ANTONIO]: GDRaisGenérico76_10.lnk . (...) -- C:\GDRaisGenerico76_10\GDRaisGenerico76_10.exe
O4 - GS\Desktop [ANTONIO]: IRPF2007 - Declaração de Ajuste Anual.lnk . (...) -- C:\Program Files\Programas SRF\IRPF2007\IRPF2007.exe
O4 - GS\Desktop [ANTONIO]: IRPF2008 Windows - Declaração de Ajuste Anual.lnk . (...) -- C:\Program Files\Programas RFB\IRPF2008windows\IRPF2008.exe
O4 - GS\Desktop [ANTONIO]: IRPF2009 - Declaração de Ajuste Anual e Final de Espólio.lnk . (...) -- C:\Arquivos de Programas RFB\IRPF2009\IRPF2009.exe
O4 - GS\Desktop [ANTONIO]: IRPF2010 - Declaração de Ajuste Anual e Final de Espólio.lnk . (...) -- C:\Arquivos de Programas RFB\IRPF2010\IRPF2010.exe
O4 - GS\Desktop [ANTONIO]: Receitanet 2010.lnk . (...) -- C:\Recnet\Receitanet.exe (.not file.)
O4 - GS\QuickLaunch [Administrador]: EssentialPIM.lnk . (...) -- C:\Program Files\EssentialPIM\EssentialPIM.exe
O4 - GS\QuickLaunch [Administrador]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Administrador]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Administrador]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Administrador]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Administrador]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Administrador]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Administrador]: CNPJ 3.3.lnk . (...) -- C:\Program Files\CNPJ2011\CNPJ.exe (.not file.)
O4 - GS\Desktop [Administrador]: Conectividade Social.lnk . (.CAIXA ECONÔMICA FEDERAL - No Comment.) -- C:\Program Files\CAIXA\CNS\cnsini.exe
O4 - GS\Desktop [Administrador]: Contábil Phoenix.lnk . (...) -- \10.1.10.199\Phoenix\PgwC.exe (.not file.)
O4 - GS\Desktop [Administrador]: DIPJ 2010.lnk . (.SERPRO - No Comment.) -- C:\Arquivos de Programas RFB\DIPJ2010\DIPJ2010.exe
O4 - GS\Desktop [Administrador]: Dirf 2009.LNK . (...) -- C:\Program Files\Programas RFB\Dirf2009\Dirf2009.exe
O4 - GS\Desktop [Administrador]: Dirf 2010.LNK . (...) -- C:\Program Files\Programas RFB\Dirf2010\Dirf2010.exe
O4 - GS\Desktop [Administrador]: Dirf 2011.LNK . (...) -- C:\Arquivos de Programas RFB\Dirf2011\Dirf2011.exe
O4 - GS\Desktop [Administrador]: Dirf 2012.LNK . (...) -- C:\Arquivos de Programas RFB\Dirf2012\Dirf2012.exe
O4 - GS\Desktop [Administrador]: Dirf 2013.LNK . (...) -- C:\Arquivos de Programas RFB\Dirf2013\Dirf2013.exe
O4 - GS\Desktop [Administrador]: Dirf 2014.LNK . (...) -- C:\Arquivos de Programas RFB\Dirf2014\Dirf2014.exe
O4 - GS\Desktop [Administrador]: EVEREST Home Edition.lnk . (...) -- C:\Program Files\Lavalys\EVEREST Home Edition\everest.exe (.not file.)
O4 - GS\Desktop [Administrador]: Folha Phoenix.lnk . (...) -- \10.1.10.199\Phoenix\Folha.exe (.not file.)
O4 - GS\Desktop [Administrador]: G5 Phoenix.lnk . (...) -- \10.1.10.199\Phoenix\PgwF.exe (.not file.)
O4 - GS\Desktop [Administrador]: GDRais2009.lnk . (...) -- C:\GDRais2009\GDRais2009.exe
O4 - GS\Desktop [Administrador]: GDRaisGenérico76_08.lnk . (...) -- C:\GDRaisGenerico76_08\GDRaisGenerico76_08.exe
O4 - GS\Desktop [Administrador]: GDRaisGenérico76_09.lnk . (...) -- C:\GDRaisGenerico76_09\GDRaisGenerico76_09.exe
O4 - GS\Desktop [Administrador]: GDRaisGenérico76_10.lnk . (...) -- C:\GDRaisGenerico76_10\GDRaisGenerico76_10.exe
O4 - GS\Desktop [Administrador]: IRPF2007 - Declaração de Ajuste Anual.lnk . (...) -- C:\Program Files\Programas SRF\IRPF2007\IRPF2007.exe
O4 - GS\Desktop [Administrador]: IRPF2008 Windows - Declaração de Ajuste Anual.lnk . (...) -- C:\Program Files\Programas RFB\IRPF2008windows\IRPF2008.exe
O4 - GS\Desktop [Administrador]: IRPF2009 - Declaração de Ajuste Anual e Final de Espólio.lnk . (...) -- C:\Arquivos de Programas RFB\IRPF2009\IRPF2009.exe
O4 - GS\Desktop [Administrador]: IRPF2010 - Declaração de Ajuste Anual e Final de Espólio.lnk . (...) -- C:\Arquivos de Programas RFB\IRPF2010\IRPF2010.exe
O4 - GS\Desktop [Administrador]: Jr Phoenix.lnk . (...) -- \10.1.10.199\Phoenix\PgwJr.exe (.not file.)
O4 - GS\Desktop [Administrador]: Receitanet 2010.lnk . (...) -- C:\Recnet\Receitanet.exe (.not file.)
~ Global Startup: 114 Legitimates Filtered in 00mn 06s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [CertificateRegistration] . (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\Windows\System32\aetcrss1.exe
O4 - HKLM\..\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [SafeNetCertMngr] . (.SafeNet, Inc. - SafeNet Authentication Client.) -- C:\Program Files\SafeNet\Authentication\SAC\x32\SACMonitor.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
O4 - HKCU\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files\Google\Drive\googledrivesync.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1792104979-1389409550-1474320754-1837\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files\Google\Drive\googledrivesync.exe
O4 - HKUS\S-1-5-21-1792104979-1389409550-1474320754-1837\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 01s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: Microsoft XML Parser for Java - (Microsoft XML Parser for Java) - (.not file.) - C:\Windows\Java\classes\xmldso.cab
O16 - DPF: {08F04139-8DFC-11D2-80E9-006008B066EE} ((no name)) - https://digitalid.certisign.com.br/classe1/vscnfchk.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} ((no name)) - https://clickbanking.itau.com.br/itau/GbPlugin/cab/GbPluginUni.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F73151DF-A855-4447-83C9-7250D39B42A4}: DhcpNameServer = 10.1.10.199 10.1.10.254 10.1.10.199
O17 - HKLM\System\CCS\Services\Tcpip\..\{F73151DF-A855-4447-83C9-7250D39B42A4}: DhcpDomain = ggp
O17 - HKLM\System\CS1\Services\Tcpip\..\{F73151DF-A855-4447-83C9-7250D39B42A4}: DhcpNameServer = 10.1.10.199 10.1.10.254 10.1.10.199
O17 - HKLM\System\CS1\Services\Tcpip\..\{F73151DF-A855-4447-83C9-7250D39B42A4}: DhcpDomain = ggp
O17 - HKLM\System\CS2\Services\Tcpip\..\{F73151DF-A855-4447-83C9-7250D39B42A4}: DhcpNameServer = 10.1.10.199 10.1.10.254 10.1.10.199
O17 - HKLM\System\CS2\Services\Tcpip\..\{F73151DF-A855-4447-83C9-7250D39B42A4}: DhcpDomain = ggp
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ggp
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.199 10.1.10.254 10.1.10.199
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: GbPluginUni . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehUni.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
O23 - Service: RM.Host.Service (RM.Host.Service) . (.TOTVS S.A. - No Comment.) - C:\totvs\CorporeRM\RM.Net\RM.Host.Service.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
~ Services: 15 Legitimates Filtered in 00mn 05s



---\\ Tarefas planificadas automaticamente (039)
[MD5.F5DA29DC6D2576331D59B88A9E60FCC8] [APT] [{2CCC5B78-36FC-48E4-BEA7-CF0BDA58C042}] (...) -- C:\Users\plinio.seitsi\Downloads\Dirf2011v1.3.exe [5787999]
[MD5.00000000000000000000000000000000] [APT] [{4BF97985-D27A-45E3-9CDC-F04A7CB3998E}] (...) -- C:\Users\plinio.seitsi\Downloads\GdRaisJava-3.2-Setup.exe (.not file.) [0]
[MD5.D98CCA18659B67052DFD5ED9F9EA9397] [APT] [{64F0D60B-E69B-483B-9B69-7DE10FB261C5}] (...) -- C:\caixa\Kitsefipwin82\GerSefip82.exe [132054]
[MD5.00000000000000000000000000000000] [APT] [{6D2DAF00-33EF-4FBF-AC83-6C66897F62DC}] (...) -- C:\Users\plinio.seitsi\Downloads\GdRaisJava-3.3-Setup(1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{82D67213-12AC-44B0-A984-6D24B345E0C5}] (...) -- C:\Users\plinio.seitsi\Downloads\Receitanet-1.01(1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{86048455-062B-48A6-9180-BD267A61F75A}] (...) -- C:\Users\plinio.seitsi\Downloads\ACI-Install(1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{88D5662B-3789-4C90-BE4A-BF1EDDCC635C}] (...) -- C:\Users\plinio.seitsi\Downloads\IRPF2011win32v1.0.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{94030496-942C-4CF4-A935-F0178C767853}] (...) -- C:\Users\plinio.seitsi\Desktop\GdRaisJava-3.4-Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A5AA8EA5-052A-4776-A817-64DF94833E7C}] (...) -- C:\Users\plinio.seitsi\Downloads\RAISNet2010(1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B1016A61-FCE5-460C-88BA-FF9D125FDDE4}] (...) -- C:\Users\plinio.seitsi\Downloads\Dirf2011v1.1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B695C04E-3CBE-49A0-B479-53D778840E39}] (...) -- C:\Users\plinio.seitsi\Downloads\Dirf2011v1.2.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C2B066C3-326D-4F06-9E6C-925B1968C99C}] (...) -- C:\Users\plinio.seitsi\Downloads\Receitanet2010_02c.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{EBA4DF9D-5FAA-4ECD-BA1B-DFF6D039F610}] (...) -- C:\Users\plinio.seitsi\Downloads\Dirf2012v1.1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{EEE7E589-55FF-4EAF-AD9F-0B005C9E138F}] (...) -- C:\Users\plinio.seitsi\Downloads\GdRaisJava-3.2-Setup(2).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FB0D4F7E-4DFD-4EA9-A46D-000643E96A50}] (...) -- C:\Users\plinio.seitsi\Downloads\Dirf2010v1.1.exe (.not file.) [0]
~ Scheduled Task: 24 Legitimates Filtered in 00mn 06s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 75 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: ACI - (.Dataprev.) [HKLM] -- EBB7DDC5-F8A7-4C1A-8BDB-C64456D342A5
O42 - Logiciel: Assistente do certificado digital - (.Serasa Experian.) [HKLM] -- {BE72FB31-7A89-44FA-9E32-56E17F3114BD}
O42 - Logiciel: BibliotecaRM - 11.52.60.150 - (.TOTVS.) [HKLM] -- {C6FAC36F-6A87-443F-B9DB-568678FF8C5C}
O42 - Logiciel: CAGEDNet - (.Dataprev.) [HKLM] -- 4999919A-61DF-2230-AF39-F4BCF13A809A
O42 - Logiciel: CAT - (...) [HKLM] -- CAT
O42 - Logiciel: CAT Mpact - (.DATAPREV.) [HKLM] -- {9EB4BF60-7941-48BF-8070-59F709F507D2}_is1
O42 - Logiciel: Conectividade Social - (...) [HKLM] -- Conectividade Social
O42 - Logiciel: Contmatic Phoenix - Folha - (...) [HKLM] -- Contmatic Phoenix - Folha
O42 - Logiciel: Dirf 2009 - (...) [HKLM] -- Dirf 2009
O42 - Logiciel: Dirf 2011 - (...) [HKLM] -- Dirf 2011
O42 - Logiciel: Dirf 2012 - (...) [HKLM] -- Dirf 2012
O42 - Logiciel: Dirf 2013 - (...) [HKLM] -- Dirf 2013
O42 - Logiciel: Dirf 2014 - (...) [HKLM] -- Dirf 2014
O42 - Logiciel: Ferramentas Buddywin - (.Glan Data Sistemas.) [HKLM] -- {2EE695CE-BFAF-4578-A3F4-FDB0FE0365B0}
O42 - Logiciel: GGP - DANFE - (.Global Partners.) [HKLM] -- {3C42212D-6D41-4B57-B7A3-301093B0157B}
O42 - Logiciel: GPS - (...) [HKLM] -- GPS
O42 - Logiciel: GRRF Eletrônica - (...) [HKLM] -- GRRF Eletrônica
O42 - Logiciel: GdRaisJava - (.SERPRO.) [HKLM] -- 2A5B6D9D-DEDE-4EAC-808C-A34BDF603029
O42 - Logiciel: Gerador da Rais Genérico - GDRais Genérico76_08 [Versão 2008.01.00] - (...) [HKLM] -- Gerador da Rais Genérico - GDRais Genérico76_08 [Versão 2008.01.00]
O42 - Logiciel: Gerador da Rais Genérico - GDRais Genérico76_09 [Versão 2009.01.00] - (...) [HKLM] -- Gerador da Rais Genérico - GDRais Genérico76_09 [Versão 2009.01.00]
O42 - Logiciel: Gerador da Rais Genérico - GDRais Genérico76_10 [Versão 2010.01.00] - (...) [HKLM] -- Gerador da Rais Genérico - GDRais Genérico76_10 [Versão 2010.01.00]
O42 - Logiciel: Gerador de Declaração RAIS - GDRAIS 2009 ( Versão 2009.01.01 ) - (...) [HKLM] -- Gerador de Declaração RAIS - GDRAIS 2009 ( Versão 2009.01.01 )
O42 - Logiciel: Gerador de Declaração RAIS - GDRAIS 2010 ( Versão 2010.01.00 ) - (...) [HKLM] -- Gerador de Declaração RAIS - GDRAIS 2010 ( Versão 2010.01.00 )
O42 - Logiciel: Guardião Banco Itaú - (...) [HKCU] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: IRPF2007 - Declaração de Ajuste Anual - (...) [HKLM] -- IRPF2007 - Declaração de Ajuste Anual
O42 - Logiciel: IRPF2008 Windows - Declaração de Ajuste Anual - (...) [HKLM] -- IRPF2008 Windows - Declaração de Ajuste Anual
O42 - Logiciel: IRPF2009 - Declaração de Ajuste Anual e Final de Espólio - (...) [HKLM] -- IRPF2009 - Declaração de Ajuste Anual e Final de Espólio
O42 - Logiciel: IRPF2010 - Declaração de Ajuste Anual e Final de Espólio - (...) [HKLM] -- IRPF2010 - Declaração de Ajuste Anual e Final de Espólio
O42 - Logiciel: IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2011
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: Instalador da Dirf 2010 - (...) [HKLM] -- Instalador da Dirf 2010
O42 - Logiciel: Módulo de Proteção Banco Santander (Brasil) S.A. - (...) [HKLM] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1
O42 - Logiciel: Pacote de Driver do Windows - Perto S.A. Perifericos para Automacao (PERTO3 - (.Perto S.A. Perifericos para Automacao.) [HKLM] -- 608D1FA1C8C461081A6695F228B2DC54B0BFD5E8
O42 - Logiciel: Perto Smart (remove only) - (...) [HKLM] -- PertoSmart
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: SEFIP 8.40 - (...) [HKLM] -- SEFIP 8.40
O42 - Logiciel: SKTimeStamp - (.Stefans Tools.) [HKLM] -- {8CFD0DBA-1D16-48A8-B3B1-426D4140CBCD}
O42 - Logiciel: SVA 3.1 - (.COFIS - RFB.) [HKLM] -- Sistema de Validação e Autenticação de Arquivos Digitais_is1
O42 - Logiciel: SXPIS - Sistema CAIXA - PIS Empresa - Ambiente Empresa - (...) [HKLM] -- SXPIS - Sistema CAIXA - PIS Empresa - Ambiente Empresa
O42 - Logiciel: SafeSign - (.A.E.T. Europe B.V..) [HKLM] -- {6347401C-C260-4B30-9816-8F5A1419CC49}
O42 - Logiciel: Sicalc Auto Atendimento - (.Receita Federal do Brasil.) [HKLM] -- Sicalc Auto Atendimento
O42 - Logiciel: Sispag Itaú - (...) [HKLM] -- {A58632C8-B144-4CF1-A23D-23AE518D5AAE}
O42 - Logiciel: TOTVS Automação de Ponto - 11.52.59 - (.TOTVS.) [HKLM] -- {3C118AA7-D384-4FF9-AD8D-3D42684E5A4C}
O42 - Logiciel: TOTVS Folha de Pagamento - 11.52.60 - (.TOTVS.) [HKLM] -- {29CF395A-C123-4572-9D8D-12488C7B0200}
O42 - Logiciel: TOTVS Gestão Contábil - 11.52.59 - (.TOTVS.) [HKLM] -- {59BD501A-127F-42E9-B774-678475CD1301}
O42 - Logiciel: TOTVS Gestão de Estoques, Compras e Faturamento - 11.52.59 - (.TOTVS.) [HKLM] -- {555ED5E2-F203-4968-A575-FE7CC405F068}
O42 - Logiciel: TOTVS Gestão de Pessoas - 11.52.59 - (.TOTVS.) [HKLM] -- {9DC76BEA-E73E-4878-9130-6351FE948459}
~ Logic: 51 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\ARL]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\GbAs]
[HKCU\Software\Global Partners]
[HKCU\Software\RM Sistemas]
[HKCU\Software\WCA]
[HKLM\Software\A.E.T. Europe B.V.]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\Banco Itaú S.A.]
[HKLM\Software\Caixa]
[HKLM\Software\Perto]
[HKLM\Software\Programas RFB]
[HKLM\Software\RM Sistemas]
[HKLM\Software\SXPIS]
[HKLM\Software\TOTVS]
~ Key Software: 303 Legitimates Filtered in 00mn 01s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 24/09/2010 - 14:04:53 - [8,634] ----D C:\Program Files\A.E.T. Europe B.V
O43 - CFD: 07/02/2012 - 15:13:24 - [21,901] ----D C:\Program Files\ACI
O43 - CFD: 22/11/2013 - 11:26:58 - [0] ----D C:\Program Files\Baidu Security =>Adware.BDSearch
O43 - CFD: 05/02/2014 - 17:51:40 - [34,124] ----D C:\Program Files\CAGED
O43 - CFD: 21/01/2011 - 16:23:25 - [11,604] ----D C:\Program Files\CAGEDNet
O43 - CFD: 04/04/2014 - 10:36:53 - [1931,825] ----D C:\Program Files\CAIXA
O43 - CFD: 12/07/2010 - 19:47:45 - [3,853] ----D C:\Program Files\DCTF20
O43 - CFD: 12/07/2010 - 19:47:45 - [4,159] ----D C:\Program Files\DCTF21
O43 - CFD: 25/07/2012 - 11:06:13 - [47,944] ----D C:\Program Files\GdRaisJava
O43 - CFD: 13/09/2012 - 14:07:51 - [26,787] ----D C:\Program Files\GdRaisJava1
O43 - CFD: 13/02/2014 - 17:33:25 - [4,678] ----D C:\Program Files\Global Partners
O43 - CFD: 03/05/2011 - 17:59:09 - [24,883] ----D C:\Program Files\GRRF
O43 - CFD: 12/07/2010 - 19:47:15 - [2,886] ----D C:\Program Files\IRPF2000
O43 - CFD: 16/08/2010 - 18:31:02 - [3,650] ----D C:\Program Files\IRPF2001
O43 - CFD: 12/07/2010 - 19:47:15 - [3,550] ----D C:\Program Files\ITR2003
O43 - CFD: 28/07/2011 - 09:52:56 - [12,772] ----D C:\Program Files\PDF reDirect
O43 - CFD: 20/04/2011 - 12:27:49 - [0,103] ----D C:\Program Files\PertoSmart
O43 - CFD: 20/04/2011 - 11:51:43 - [0] ----D C:\Program Files\PertoSmart USB Smartcard Reader
O43 - CFD: 03/02/2014 - 15:12:33 - [1900,862] ----D C:\Program Files\Programas RFB
O43 - CFD: 12/07/2010 - 19:44:37 - [584,508] ----D C:\Program Files\Programas SRF
O43 - CFD: 12/07/2010 - 19:43:13 - [10,882] ----D C:\Program Files\RFB
O43 - CFD: 17/05/2012 - 14:24:34 - [117,560] ----D C:\Program Files\Serasa Experian
O43 - CFD: 17/12/2013 - 12:56:01 - [0,186] ----D C:\Program Files\SKTimeStamp
O43 - CFD: 28/02/2014 - 15:43:26 - [1,145] ----D C:\Program Files\SRP
O43 - CFD: 14/03/2014 - 11:10:12 - [1,284] ----D C:\ProgramData\Ad-Aware Browsing Protection
O43 - CFD: 22/11/2013 - 11:27:23 - [79,997] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 14/03/2014 - 13:55:08 - [0,007] ----D C:\ProgramData\FiNddBessttDeAAla =>PUP.FindBestDeal
O43 - CFD: 22/09/2011 - 10:51:33 - [0,157] ----D C:\ProgramData\OPPU
O43 - CFD: 22/11/2013 - 11:27:28 - [2,773] ----D C:\Users\plinio.seitsi\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 04/04/2014 - 17:10:52 - [3,356] ----D C:\Users\plinio.seitsi\AppData\Local\Popcorn-Time
O43 - CFD: 11/02/2014 - 10:40:40 - [0,014] ----D C:\Users\plinio.seitsi\AppData\Local\RM.NET
O43 - CFD: 06/01/2014 - 14:47:54 - [0,002] ----D C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ACI
O43 - CFD: 05/02/2014 - 17:51:43 - [0,002] ----D C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CAGEDNet
O43 - CFD: 22/01/2014 - 14:21:10 - [0,003] ----D C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GdRaisJava
O43 - CFD: 17/12/2013 - 11:24:58 - [0] ----D C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB
O43 - CFD: 13/03/2014 - 10:34:05 - [0] ----D C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2011
O43 - CFD: 03/01/2014 - 08:29:43 - [0] ----D C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 27/02/2014 - 16:22:06 - [0,004] ----D C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 210 Legitimates Filtered in 00mn 43s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.7F0FFB4B9EF575B31AE5F3D8F95E4492] - 02/04/2014 - 12:38:47 ---A- . (...) -- C:\Windows\RegisterCorpore.txt [914]
O44 - LFC:[MD5.B140770D995ED07BC2FDA23DA9B1333F] - 04/04/2014 - 10:44:56 ---A- . (...) -- C:\GRRF.RE [1448]
O44 - LFC:[MD5.6C9B49E11AFF71393279999E877EF062] - 08/04/2014 - 12:07:18 ---A- . (...) -- C:\prox.log [20169953]
O44 - LFC:[MD5.88B788E7C2E27C06751FEDD6416320A8] - 09/04/2014 - 11:14:10 ---A- . (...) -- C:\Windows\MKDEMSG.LOG [1108]
O44 - LFC:[MD5.47D9D09B4EF195B143D99C36ED7E3856] - 09/04/2014 - 12:05:38 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [189520]
O44 - LFC:[MD5.EE8E5034B900973E413AF3BF546381C5] - 09/04/2014 - 12:05:38 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [812198]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 09/04/2014 - 13:59:44 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.9E07357934A8C55287432F73F9C55AE1] - 09/04/2014 - 14:28:29 ---A- . (...) -- C:\zoek-results.log [58673]
O44 - LFC:[MD5.A2CB40CDD8BA0B3617F167538DDAE8CA] - 27/03/2014 - 16:19:13 ---A- . (...) -- C:\Windows\Filzip.ini [41]
~ Files: 19 Legitimates Filtered in 01mn 01s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRA~1\GbPlugin\gbiehUni.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\PROGRAM FILES\GBPLUGIN\gbiehcef.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKCU\...\Policies\System] - "Wallpaper"=
O55 - MWPS:[HKCU\...\Policies\System] - "WallpaperStyle"=
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.E31BA3DC84CAE33ED6ED98201913EC1C] - 03/09/2013 - 08:59:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [47456]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.677BDD6FBB8559BC462AFF028AB0F795] - 24/02/2014 - 15:37:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\GbpKm.sys [46392]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 20/03/2014 - 08:04:55 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\gbpndisrd.sys [31088]
O58 - SDL:[MD5.A5C914C5CBCFF645434535234BFCEACA] - 13/03/2014 - 10:08:57 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.4CB5D3A5902A92606408A36865A04D53] - 06/09/2010 - 09:39:50 ---A- . (.UVNC BVBA - UltraVnc miniport driver2.) -- C:\Windows\System32\Drivers\mv2.sys [12096]
O58 - SDL:[MD5.C17CF56286DDAA0456006512FF0AFDB6] - 27/09/2007 - 18:58:32 ---A- . (.Perto S.A. Perifericos para Automacao - PC/SC Driver for PertoSmart.) -- C:\Windows\System32\Drivers\perto38u.sys [35840]
O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 01/11/2013 - 08:43:52 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\System32\Drivers\ssmdrv.sys [28520]
O58 - SDL:[MD5.EDF7F8387C2072205ABCF105F14B13B4] - 28/10/2013 - 00:12:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [87064]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 20 Legitimates Filtered in 00mn 21s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 03/09/2013 - C:\Windows\System32\drivers\Bhbase.sys (Bhbase) .(.Baidu, Inc. - Baidu Antivirus Hook Base.) - LEGACY_BHBASE
O64 - Services: CurCS - 24/02/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 107 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.782D31AC476917BBC203058EB2ADF4D9] [SPRF][12/11/2013] (...) -- C:\Users\plinio.seitsi\AppData\Roaming\unins000.dat [16508]
[MD5.61906656CEA25B31D087A86E8B43BAD1] [SPRF][21/03/2014] (...) -- C:\Users\plinio.seitsi\AppData\Roaming\unins001.dat [16902]
[MD5.1A40647188A4F2A21A5F460301F8D267] [SPRF][08/06/2010] (.No owner - GbpDist Module.) -- C:\Windows\Downloaded Program Files\gbpdist.dll [113096]
[MD5.37C3CF3391C6000A4C9388876152FADB] [SPRF][03/01/2007] (.No owner - ConfigChk Module.) -- C:\Windows\Downloaded Program Files\vscnfchk.dll [98304]
~ Files: 8 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{A4AE60CA-A576-4B92-B6AC-F5DBE455F0B8}" |In - Domain - P6 - TRUE | .(...) -- C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe (.not file.)
O87 - FAEL: "{A44BA1CE-467C-420F-9B03-72033ADCBFB3}" |In - Domain - P17 - TRUE | .(...) -- C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe (.not file.)
~ Firewall: 200 Legitimates Filtered in 00mn 01s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "13BF27EB98A7AF44E923651EF71341DB" . (.Assistente do certificado digital.) -- C:\Windows\Installer\{BE72FB31-7A89-44FA-9E32-56E17F3114BD}\_853F67D554F05449430E7E.exe
O90 - PUC: "2E5DE555302F86945A57EFC74C500F86" . (.TOTVS Gestão de Estoques, Compras e Faturamento - 11.52.59.) -- C:\Windows\Installer\{555ED5E2-F203-4968-A575-FE7CC405F068}\ARPPRODUCTICON.exe
O90 - PUC: "7AA811C3483D9FF4DAD8D32486E4A5C4" . (.TOTVS Automação de Ponto - 11.52.59.) -- C:\Windows\Installer\{3C118AA7-D384-4FF9-AD8D-3D42684E5A4C}\ARPPRODUCTICON.exe
O90 - PUC: "A105DB95F7219E247B47764857DC3110" . (.TOTVS Gestão Contábil - 11.52.59.) -- C:\Windows\Installer\{59BD501A-127F-42E9-B774-678475CD1301}\ARPPRODUCTICON.exe
O90 - PUC: "A593FC92321C2754D9D82184C8B72000" . (.TOTVS Folha de Pagamento - 11.52.60.) -- C:\Windows\Installer\{29CF395A-C123-4572-9D8D-12488C7B0200}\ARPPRODUCTICON.exe
O90 - PUC: "AEB67CD9E37E878419033615EF494895" . (.TOTVS Gestão de Pessoas - 11.52.59.) -- C:\Windows\Installer\{9DC76BEA-E73E-4878-9130-6351FE948459}\ARPPRODUCTICON.exe
O90 - PUC: "C1047436062C03B48961F8A54191CC94" . (.SafeSign.) -- C:\Windows\Installer\{6347401C-C260-4B30-9816-8F5A1419CC49}\ARPPRODUCTICON.exe
~ Update Products: 95 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.054EAE0F0242A5D1A668BF572929869C] [WIS][17/08/2005] (.Glan Data Sistemas - Blank Project Template.) -- C:\Windows\Installer\19037805.msi [37895300]
[MD5.36BBC8B2A7B8B98C2F7AB45227E16D12] [WIS][27/01/2014] (.TOTVS - BibliotecaRM.) -- C:\Windows\Installer\1b501a5.msi [295739448]
[MD5.46D82FF729D66F8A4B2B07ACE9878E7B] [WIS][27/01/2014] (.TOTVS - TOTVS Gestão de Estoques, Compras e Faturamento.) -- C:\Windows\Installer\1b501f8.msi [46330368]
[MD5.DB3CC8723C0E085B10CA71224F5ED708] [WIS][27/01/2014] (.TOTVS - TOTVS Automação de Ponto.) -- C:\Windows\Installer\1b501fd.msi [17182720]
[MD5.AFD55DF63FD944CE977D0AD165DBD743] [WIS][27/01/2014] (.TOTVS - TOTVS Gestão Contábil.) -- C:\Windows\Installer\1b50209.msi [18452480]
[MD5.5282B3E47A8E855AC2C61F682B763BCB] [WIS][27/01/2014] (.TOTVS - TOTVS Gestão de Pessoas.) -- C:\Windows\Installer\1b5020e.msi [30231040]
[MD5.7413DEC2EDC324C4D112410A5F0973C4] [WIS][17/12/2013] (.Stefans Tools - File/Folder Time Stamp Changer.) -- C:\Windows\Installer\245b35d7.msi [241664]
[MD5.5C6DB57CEB6995BF44E1D273EA266AB1] [WIS][13/12/2007] (.Business Objects - CR.NETClickOnce.) -- C:\Windows\Installer\28a116d4.msi [17960448]
[MD5.38C4DAF3EACE73F30BA2C2D6AD92FC2D] [WIS][20/02/2014] (.TOTVS - TOTVS Folha de Pagamento.) -- C:\Windows\Installer\4f08a5fd.msi [28438528]
[MD5.9A85279B28B6108DF1DE3C10E2B78754] [WIS][24/09/2010] (.A.E.T. Europe B.V. - SafeSign.) -- C:\Windows\Installer\8601ab.msi [5460992]
~ WIS: 96 Legitimates Filtered in 00mn 37s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASAPI32 =>Adware.MyWebSearch
HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASMANCS =>Adware.MyWebSearch
~ BTK: 300 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}] (Groove WorkspaceManagerApplication) =>PUP.Manager
~ BCK: 7865 Legitimates Filtered in 00mn 09s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 06/08/2012 250056 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 16/08/2012 397176 | (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files\BlueStacks\HD-Service.exe
SS - | Auto 06/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 06/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 15/01/2010 227232 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
SS - | Demand 29/10/2012 115168 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 03/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 15/03/2014 440400 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 15/03/2014 440400 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 15/03/2014 1017424 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe
SR - | Auto 16/08/2012 384888 | (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
SR - | Auto 26/02/2014 520520 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 12/02/2014 14336 | (RM.Host.Service) . (.TOTVS S.A..) - C:\totvs\CorporeRM\RM.Net\RM.Host.Service.exe
SR - | Auto 02/10/2011 10200 | (SACSrv) . (.SafeNet, Inc..) - C:\Program Files\SafeNet\Authentication\SAC\x32\SACSrv.exe
SR - | Auto 15/10/2013 3921880 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
SR - | Auto 20/09/2013 1042272 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
SR - | Auto 13/09/2013 171416 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
SR - | Auto 02/04/2014 4972864 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 11s



---\\ Scâner Aditional (088)
Database Version : 13044 - (09/04/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 3

[HKLM\Software\Classes\setup.player] =>Spyware.MarketScore
[HKLM\Software\Classes\setup.player.2k2] =>Spyware.MarketScore
C:\Program Files\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\ProgramData\FiNddBessttDeAAla =>PUP.FindBestDeal^
C:\Users\plinio.seitsi\AppData\Roaming\Baidu Security =>Adware.BDSearch^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch^
[HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}] (Groove WorkspaceManagerApplication) =>PUP.Manager^
~ Additionnel Scan: 387382 Items scanned in 00mn 21s



---\\ Sumário das deteções encontradas na sua estação
http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy =>Hijacker.Proxy
http://nicolascoolman.webs.com/apps/blog/show/28158343-adware-bdsearch =>Adware.BDSearch
http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
http://nicolascoolman.webs.com/apps/blog/show/34213529-pup-manager =>PUP.Manager
~ MSI: 4 link(s) detected in 00mn 00s



~ 1158 Legitimates filtered by white list
End of the scan (734 lines in 04mn 11s)(0)
NB1: Samsung CORE I3 2310/2GB DDR3/320GB
NB2: T4300/2GB DDR2 800/GF 8200M/350GB
PC1:E8400/GA EP45 UD3L/4GB DDR2 Kingston / HD6850/Corsair CX430/Virtua 30MB
PC2:E7500/GA 945GCM/ST 350BKV/HD 5670/2GB
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#12 Por Power Max
09/04/2014 - 20:23
veja.png *Selecione e copie todo o texto destacado em vermelho abaixo (começando em script zhpfix e indo até emptyclsid)

script zhpfix
SysRestore
O4 - GS\Desktop [ANTONIO]: EVEREST Home Edition.lnk . (...) -- C:\Program Files\Lavalys\EVEREST Home Edition\everest.exe (.not file.)
O4 - GS\Desktop [ANTONIO]: Folha Phoenix.lnk . (...) -- C:\phoenix\folha.exe (.not file.)
O4 - GS\Desktop [Administrador]: Contábil Phoenix.lnk . (...) -- \10.1.10.199\Phoenix\PgwC.exe (.not file.)
O4 - GS\Desktop [Administrador]: Folha Phoenix.lnk . (...) -- \10.1.10.199\Phoenix\Folha.exe (.not file.)
O4 - GS\Desktop [Administrador]: G5 Phoenix.lnk . (...) -- \10.1.10.199\Phoenix\PgwF.exe (.not file.)
O4 - GS\Desktop [Administrador]: Jr Phoenix.lnk . (...) -- \10.1.10.199\Phoenix\PgwJr.exe (.not file.)
O4 - GS\Desktop [Administrador]: Receitanet 2010.lnk . (...) -- C:\Recnet\Receitanet.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{86048455-062B-48A6-9180-BD267A61F75A}] (...) -- C:\Users\plinio.seitsi\Downloads\ACI-Install(1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{88D5662B-3789-4C90-BE4A-BF1EDDCC635C}] (...) -- C:\Users\plinio.seitsi\Downloads\IRPF2011win32v1.0 .exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4BF97985-D27A-45E3-9CDC-F04A7CB3998E}] (...) -- C:\Users\plinio.seitsi\Downloads\GdRaisJava-3.2-Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6D2DAF00-33EF-4FBF-AC83-6C66897F62DC}] (...) -- C:\Users\plinio.seitsi\Downloads\GdRaisJava-3.3-Setup(1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{82D67213-12AC-44B0-A984-6D24B345E0C5}] (...) -- C:\Users\plinio.seitsi\Downloads\Receitanet-1.01(1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{86048455-062B-48A6-9180-BD267A61F75A}] (...) -- C:\Users\plinio.seitsi\Downloads\ACI-Install(1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{88D5662B-3789-4C90-BE4A-BF1EDDCC635C}] (...) -- C:\Users\plinio.seitsi\Downloads\IRPF2011win32v1.0 .exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{94030496-942C-4CF4-A935-F0178C767853}] (...) -- C:\Users\plinio.seitsi\Desktop\GdRaisJava-3.4-Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A5AA8EA5-052A-4776-A817-64DF94833E7C}] (...) -- C:\Users\plinio.seitsi\Downloads\RAISNet2010(1).ex e (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B1016A61-FCE5-460C-88BA-FF9D125FDDE4}] (...) -- C:\Users\plinio.seitsi\Downloads\Dirf2011v1.1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B695C04E-3CBE-49A0-B479-53D778840E39}] (...) -- C:\Users\plinio.seitsi\Downloads\Dirf2011v1.2.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C2B066C3-326D-4F06-9E6C-925B1968C99C}] (...) -- C:\Users\plinio.seitsi\Downloads\Receitanet2010_02 c.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{EBA4DF9D-5FAA-4ECD-BA1B-DFF6D039F610}] (...) -- C:\Users\plinio.seitsi\Downloads\Dirf2012v1.1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{EEE7E589-55FF-4EAF-AD9F-0B005C9E138F}] (...) -- C:\Users\plinio.seitsi\Downloads\GdRaisJava-3.2-Setup(2).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FB0D4F7E-4DFD-4EA9-A46D-000643E96A50}] (...) -- C:\Users\plinio.seitsi\Downloads\Dirf2010v1.1.exe (.not file.) [0]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch
O43 - CFD: 22/11/2013 - 11:26:58 - [0] ----D C:\Program Files\Baidu Security =>Adware.BDSearch
O43 - CFD: 22/11/2013 - 11:27:23 - [79,997] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 14/03/2014 - 13:55:08 - [0,007] ----D C:\ProgramData\FiNddBessttDeAAla =>PUP.FindBestDeal
O43 - CFD: 22/11/2013 - 11:27:28 - [2,773] ----D C:\Users\plinio.seitsi\AppData\Roaming\Baidu Security =>Adware.BDSearch
O58 - SDL:[MD5.E31BA3DC84CAE33ED6ED98201913EC1C] - 03/09/2013 - 08:59:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [47456]
O64 - Services: CurCS - 03/09/2013 - C:\Windows\System32\drivers\Bhbase.sys (Bhbase) .(.Baidu, Inc. - Baidu Antivirus Hook Base.) - LEGACY_BHBASE
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
O87 - FAEL: "{A4AE60CA-A576-4B92-B6AC-F5DBE455F0B8}" |In - Domain - P6 - TRUE | .(...) -- C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe (.not file.)
O87 - FAEL: "{A44BA1CE-467C-420F-9B03-72033ADCBFB3}" |In - Domain - P17 - TRUE | .(...) -- C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe (.not file.)
HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASAP I32 =>Adware.MyWebSearch
HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASMA NCS =>Adware.MyWebSearch
[HKLM\Software\Classes\setup.player] =>Spyware.MarketScore
[HKLM\Software\Classes\setup.player.2k2] =>Spyware.MarketScore
C:\Program Files\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\ProgramData\FiNddBessttDeAAla =>PUP.FindBestDeal^
C:\Users\plinio.seitsi\AppData\Roaming\Baidu Security =>Adware.BDSearch^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch^
FirewallRaz
ShortcutFix
ProxyFix
EmptyTemp
EmptyFlash
emptyclsid
_____________________________________________________________________________________________________________

veja.png *Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
wonderwall
wonderwall Highlander Registrado
28.4K Mensagens 174 Curtidas
#13 Por wonderwall
10/04/2014 - 13:47
Power, segue o log:

Rapport de ZHPFix 2014.4.7.2 par Nicolas Coolman, Update du 07/04/2014
Fichier d'export Registre :
Run by plinio.seitsi at 10/04/2014 12:52:21
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit (Build 7600)

Reciclagem vazia (51mn 50s)
Reparação de atalhos do navegador

========== Estado dos serviços ==========
BHBASE Parado

========== Chaves do Registo ==========
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\Classes\setup.player
ELIMINÉ: HKLM\Software\Classes\setup.player.2k2

========== Valores do Registo ==========
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (None) : {378928A6-BC2C-4004-AD15-265BF6574BC9}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\users\plinio.seitsi\desktop\folha phoenix.lnk
ELIMINÉ: c:\users\plinio.seitsi\desktop\contábil phoenix.lnk
ELIMINÉ: c:\windows\system32\drivers\bhbase.sys
ELIMINÉ Temporários windows (4797) (129.119.688 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {86048455-062B-48A6-9180-BD267A61F75A}
ELIMINÉ: {88D5662B-3789-4C90-BE4A-BF1EDDCC635C}
ELIMINÉ: {4BF97985-D27A-45E3-9CDC-F04A7CB3998E}
ELIMINÉ: {6D2DAF00-33EF-4FBF-AC83-6C66897F62DC}
ELIMINÉ: {82D67213-12AC-44B0-A984-6D24B345E0C5}
ELIMINÉ: {94030496-942C-4CF4-A935-F0178C767853}
ELIMINÉ: {A5AA8EA5-052A-4776-A817-64DF94833E7C}
ELIMINÉ: {B1016A61-FCE5-460C-88BA-FF9D125FDDE4}
ELIMINÉ: {B695C04E-3CBE-49A0-B479-53D778840E39}
ELIMINÉ: {C2B066C3-326D-4F06-9E6C-925B1968C99C}
ELIMINÉ: {EBA4DF9D-5FAA-4ECD-BA1B-DFF6D039F610}
ELIMINÉ: {EEE7E589-55FF-4EAF-AD9F-0B005C9E138F}
ELIMINÉ: {FB0D4F7E-4DFD-4EA9-A46D-000643E96A50}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
4 : Chaves do Registo
8 : Valores do Registo
1 : Pastas
5 : Ficheiros
1 : Estado dos serviços
13 : Tarefa planificada
1 : Restauração Sistema


End of clean in 52mn 37s

========== Caminho do ficheiro do relatório ==========
C:\Users\plinio.seitsi\AppData\Roaming\ZHP\ZHPFix[R1].txt - 10/04/2014 13:44:12 [2349]
NB1: Samsung CORE I3 2310/2GB DDR3/320GB
NB2: T4300/2GB DDR2 800/GF 8200M/350GB
PC1:E8400/GA EP45 UD3L/4GB DDR2 Kingston / HD6850/Corsair CX430/Virtua 30MB
PC2:E7500/GA 945GCM/ST 350BKV/HD 5670/2GB
wonderwall
wonderwall Highlander Registrado
28.4K Mensagens 174 Curtidas
#15 Por wonderwall
10/04/2014 - 14:28
Segue:

~ Relatório do ZHPDiag v2014.4.9.15 - Nicolas Coolman (09/04/2014)
~ Iniciado por plinio.seitsi (10/04/2014 14:21:42)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : http://nicolascoolman.webs.com/apps/links/
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 16.0.2
GCIE: Google Chrome v33.0.1750.154 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 32-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Avira Free Antivirus v14.0.3.350
McAfee Security Scan Plus v2.0.181.2
Spybot - Search & Destroy v2.2.25
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.03 =>.Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3315 MB (31% free)
System Restore: Activé (Enable)
System drive C: has 168 GB (56%) free of 298 GB

---\\ Modo de conexão ao sistema
~ Computer Name: MICRO36
~ User Name: plinio.seitsi
~ All Users Names: Convidado, ANTONIO, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\plinio.seitsi\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\plinio.seitsi\AppData\Roaming\
~ %Desktop% : C:\Users\plinio.seitsi\Desktop\
~ %Favorites% : C:\Users\plinio.seitsi\Favorites\
~ %LocalAppData% : C:\Users\plinio.seitsi\AppData\Local\
~ %StartMenu% : C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 168 Go of 298 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Windows Explorer.) (.26/02/2011 - 02:33:07.) -- C:\Windows\Explorer.exe [2614784]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.C8ADAA6948993D839D14524847EA5B75] - (.Microsoft Corporation - Internet Extensions para Win32.) (.30/10/2013 - 16:12:16.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/04/2011 - 23:35:40.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/04/2011 - 23:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03/05/2011 - 23:43:41.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.187002CE05693C306F43C873F821381F] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.11/03/2011 - 02:44:01.) -- C:\Windows\system32\Drivers\ntfs.sys [1210240]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/07/2009 - 21:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.59F06B4968E58BC83DFC56CA4517960E] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/09/2012 - 13:48:29.) -- C:\Windows\system32\Drivers\volsnap.sys [245616]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/3
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 2/2266
~ Mon Bureau (My Desktop) : 1/139
~ Menu demarrer (Programs) : 1/46
~ Hidden Files: Scanned in 00mn 04s



---\\ Processos lançados
[MD5.ED5501CBCA525947FF6985B38253B872] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe [520520] [PID.744]
[MD5.4D282B9C5BB05DF92C9F3977DFB9F916] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400] [PID.1600]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1776]
[MD5.65AF41A7A2C5B6693E1B4164E7632C3E] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400] [PID.1800]
[MD5.15C160D8419F9FE74161B88B6A8EB799] - (.BlueStack Systems, Inc. - BlueStacks Log Rotator Service.) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384888] [PID.1840]
[MD5.B1BEC2B656BB534339491A0070E68607] - (.Microsoft Corporation - SQL Server Integration Services Service.) -- C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [224208] [PID.1972]
[MD5.6E17AA8C7760BEC86BAD5E3A1235C22F] - (.Microsoft Corporation - SQL Server Windows NT.) -- C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [43042256] [PID.364]
[MD5.2C442B211DE3D16C099ADAA019D80D6E] - (.Microsoft Corporation - Microsoft SQL Server Analysis Services.) -- C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe [22012776] [PID.588]
[MD5.EC86DA8917C79951450BCEA3DF233B33] - (.Microsoft Corporation - Reporting Services Service.) -- C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [1118056] [PID.1576]
[MD5.8DFB239D15B1455B271A75CE7DE64E33] - (.TOTVS S.A. - No Comment.) -- C:\totvs\CorporeRM\RM.Net\RM.Host.Service.exe [14336] [PID.2160]
[MD5.D6019CC62254ABEE4A8ECDE99C057EC5] - (.SafeNet, Inc. - SafeNet Authentication Client Service.) -- C:\Program Files\SafeNet\Authentication\SAC\x32\SACSrv.exe [10200] [PID.2356]
[MD5.98EF79CC2B07398AC525F9EA1AE0366F] - (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880] [PID.2384]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [116648] [PID.2560]
[MD5.FCC305DFA511C096EECAA3F42C2804A7] - (.Microsoft Corporation - SQLAGENT - SQL Server Agent.) -- C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.exe [379344] [PID.3252]
[MD5.135CDCCC167EF0C250125BBD3ABE18D5] - (.Microsoft Corporation - SQL Server VSS Writer.) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [97640] [PID.3300]
[MD5.CC907C2FB839D3F92690A25FF8E463BE] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [4972864] [PID.3372]
[MD5.6F1E9AB820B3DD8BD38C0190A206205D] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [431672] [PID.3764]
[MD5.F08DFD11B13931C608AD2D00DE7054E5] - (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\Windows\System32\aetcrss1.exe [204800] [PID.3928]
[MD5.90A3525C7399B7784D28F99EA1A51C4C] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe [673616] [PID.3964]
[MD5.14BF6B3AB327D519ED007CDDC56F6900] - (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272] [PID.2456]
[MD5.048EA4B978851788E9F5E8E4F081DF7A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904] [PID.2528]
[MD5.6F3DAA6FFF04DFC12D5269453C47E9BF] - (.SafeNet, Inc. - SafeNet Authentication Client.) -- C:\Program Files\SafeNet\Authentication\SAC\x32\SACMonitor.exe [1923032] [PID.2736]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040] [PID.2816]
[MD5.241B07FF7F5943B9C1BF3235F49AC1E1] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744] [PID.2804]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.2848]
[MD5.68239842340DDFF8993DFD9127553EDA] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.2916]
[MD5.004763BDF8E48244DBB9FDFDE3065EBC] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.2424]
[MD5.CD1102E5D340216138C7F56FA8D26998] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.2876]
[MD5.D9C51528488EA0D98D3C4D02ABD16759] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.3120]
[MD5.AF49D1C79EA49A7833017F290EE63B82] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784] [PID.2124]
[MD5.820EBE67AB99F033FDE25B2692157991] - (.Safer-Networking Ltd. - Windows Security Center integration..) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416] [PID.2320]
[MD5.3D15C6EDBF84D792ACEBD2289546DBAF] - (.Avira Operations GmbH & Co. KG - AntiVir WebGuard Service.) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe [1017424] [PID.3012]
[MD5.58FC1B36032F03342E4C02813F80DAC1] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\plinio.seitsi\AppData\Roaming\Dropbox\bin\Dropbox.exe [30714328] [PID.3660]
[MD5.5B0080D6830BC1E7E4592791DD40F35D] - (.Microsoft Corporation - SQL Full-text Filter Daemon Launch Service.) -- C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [31256] [PID.4716]
[MD5.E80F220A13C55FEB92E77FE6084C2A52] - (.Microsoft Corporation - SQL Full Text host.) -- c:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe [68632] [PID.5044]
[MD5.7E27BA11C41A05436DF334C604724E5D] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files\TeamViewer\Version9\TeamViewer.exe [12877632] [PID.5700]
[MD5.904B78DD60B85A6A5145FAB3876FF285] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files\TeamViewer\Version9\tv_w32.exe [238400] [PID.5828]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.4660]
[MD5.0E5398084278E4CD84DDB0A2B646548D] - (.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.exe [12997488] [PID.2708]
[MD5.0E5733F5EECA2BD7822128190B823718] - (.TOTVS S.A - No Comment.) -- C:\totvs\CorporeRM\RMLabore\RMLabore.exe [21226496] [PID.5676]
[MD5.24F550155BE440C899DA926CD499E6CD] - (.Microsoft Corporation - Microsoft Office Excel.) -- C:\Program Files\Microsoft Office\Office12\EXCEL.exe [18367336] [PID.2132]
[MD5.DD7823A9C82B58748F7BC1B1F98BDCC6] - (.Stephen Hewitt - Windows Enabler UI.) -- C:\Users\plinio.seitsi\Desktop\DIS\KDZ_FW_UPD_EN\Windows Enabler.exe [40960] [PID.4300]
[MD5.8DB97FD343D7F95BE8821DD712F06545] - (.LG Electronics - LGUserCSTool LGMobile Application.) -- C:\ProgramData\LGMOBILEAX\B2C_Client\LGUserCSTool.exe [1405784] [PID.4088]
[MD5.A4C657C0F75D9A7152527B2D8DB6D652] - (.LG Electronics - InstallScript Setup Launcher.) -- C:\Users\plinio.seitsi\Downloads\LGUnitedMobileDriver_S50MAN310AP22_ML_WHQL_Ver_3.10.1.exe [11412680] [PID.6744]
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [859976] [PID.6440]
[MD5.909FF075A7415E346642B4F4B074265C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8208896] [PID.2544]
[MD5.4C287F9069FEDBD791178876EE9DE536] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.7324]
~ Processes Running: Scanned in 00mn 06s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\plinio.seitsi\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://start.funmoods.com =>PUP.Funmoods
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome

~ Google Lines Browser: 24 Legitimates Filtered in 00mn 02s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
M3 - MFPP: Plugins - [plinio.seitsi] -- C:\Program Files\Mozilla FireFox\searchplugins\buscape.xml
M3 - MFPP: Plugins - [plinio.seitsi] -- C:\Program Files\Mozilla FireFox\searchplugins\mercadolivre.xml
M3 - MFPP: Plugins - [plinio.seitsi] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-br.xml
M3 - MFPP: Plugins - [plinio.seitsi] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-br.xml
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\plinio.seitsi\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\plinio.seitsi\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\PROGRAM FILES\GBPLUGIN\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehUni.dll
~ BHO: 8 Legitimates Filtered in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Able2Extract Professional.lnk . (.Investintech.com Inc. - Able2Extract Professional.) -- C:\Program Files\Investintech.com Inc\Able2Extract Professional 7.0\Able2ExtractPro.exe
O4 - GS\Desktop [Public]: CAGEDNet.lnk . (...) -- C:\Program Files\CAGED\CAGEDNet\CAGEDNet.exe
O4 - GS\Desktop [Public]: GGP - DANFE.lnk . (...) -- C:\Windows\Installer\{3C42212D-6D41-4B57-B7A3-301093B0157B}\_818FCEA07BF5C8E38A0815.exe
O4 - GS\Desktop [Public]: GPS.lnk . (.SRP / Dataprev - Impressor de GPS.) -- C:\Program Files\SRP\GPS.exe
O4 - GS\Desktop [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\QuickLaunch [ANTONIO]: EssentialPIM.lnk . (...) -- C:\Program Files\EssentialPIM\EssentialPIM.exe
O4 - GS\QuickLaunch [ANTONIO]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [ANTONIO]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [ANTONIO]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [ANTONIO]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [ANTONIO]: CNPJ 3.3.lnk . (...) -- C:\Program Files\CNPJ2011\CNPJ.exe (.not file.)
O4 - GS\Desktop [ANTONIO]: Conectividade Social.lnk . (.CAIXA ECONÔMICA FEDERAL - No Comment.) -- C:\Program Files\CAIXA\CNS\cnsini.exe
O4 - GS\Desktop [ANTONIO]: DIPJ 2010.lnk . (.SERPRO - No Comment.) -- C:\Arquivos de Programas RFB\DIPJ2010\DIPJ2010.exe
O4 - GS\Desktop [ANTONIO]: Dirf 2009.LNK . (...) -- C:\Program Files\Programas RFB\Dirf2009\Dirf2009.exe
O4 - GS\Desktop [ANTONIO]: Dirf 2010.LNK . (...) -- C:\Program Files\Programas RFB\Dirf2010\Dirf2010.exe
O4 - GS\Desktop [ANTONIO]: Dirf 2011.LNK . (...) -- C:\Arquivos de Programas RFB\Dirf2011\Dirf2011.exe
O4 - GS\Desktop [ANTONIO]: Dirf 2012.LNK . (...) -- C:\Arquivos de Programas RFB\Dirf2012\Dirf2012.exe
O4 - GS\Desktop [ANTONIO]: Dirf 2013.LNK . (...) -- C:\Arquivos de Programas RFB\Dirf2013\Dirf2013.exe
O4 - GS\Desktop [ANTONIO]: Dirf 2014.LNK . (...) -- C:\Arquivos de Programas RFB\Dirf2014\Dirf2014.exe
O4 - GS\Desktop [ANTONIO]: EVEREST Home Edition.lnk . (...) -- C:\Program Files\Lavalys\EVEREST Home Edition\everest.exe (.not file.)
O4 - GS\Desktop [ANTONIO]: Folha Phoenix.lnk . (...) -- C:\phoenix\folha.exe (.not file.)
O4 - GS\Desktop [ANTONIO]: GDRais2009.lnk . (...) -- C:\GDRais2009\GDRais2009.exe
O4 - GS\Desktop [ANTONIO]: GDRais2010.lnk . (...) -- C:\GDRais2010\GDRais2010.exe (.not file.)
O4 - GS\Desktop [ANTONIO]: GDRaisGenérico76_08.lnk . (...) -- C:\GDRaisGenerico76_08\GDRaisGenerico76_08.exe
O4 - GS\Desktop [ANTONIO]: GDRaisGenérico76_09.lnk . (...) -- C:\GDRaisGenerico76_09\GDRaisGenerico76_09.exe
O4 - GS\Desktop [ANTONIO]: GDRaisGenérico76_10.lnk . (...) -- C:\GDRaisGenerico76_10\GDRaisGenerico76_10.exe
O4 - GS\Desktop [ANTONIO]: IRPF2007 - Declaração de Ajuste Anual.lnk . (...) -- C:\Program Files\Programas SRF\IRPF2007\IRPF2007.exe
O4 - GS\Desktop [ANTONIO]: IRPF2008 Windows - Declaração de Ajuste Anual.lnk . (...) -- C:\Program Files\Programas RFB\IRPF2008windows\IRPF2008.exe
O4 - GS\Desktop [ANTONIO]: IRPF2009 - Declaração de Ajuste Anual e Final de Espólio.lnk . (...) -- C:\Arquivos de Programas RFB\IRPF2009\IRPF2009.exe
O4 - GS\Desktop [ANTONIO]: IRPF2010 - Declaração de Ajuste Anual e Final de Espólio.lnk . (...) -- C:\Arquivos de Programas RFB\IRPF2010\IRPF2010.exe
O4 - GS\Desktop [ANTONIO]: Receitanet 2010.lnk . (...) -- C:\Recnet\Receitanet.exe (.not file.)
O4 - GS\QuickLaunch [Administrador]: EssentialPIM.lnk . (...) -- C:\Program Files\EssentialPIM\EssentialPIM.exe
O4 - GS\QuickLaunch [Administrador]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Administrador]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Administrador]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Administrador]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Administrador]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Administrador]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Administrador]: CNPJ 3.3.lnk . (...) -- C:\Program Files\CNPJ2011\CNPJ.exe (.not file.)
O4 - GS\Desktop [Administrador]: Conectividade Social.lnk . (.CAIXA ECONÔMICA FEDERAL - No Comment.) -- C:\Program Files\CAIXA\CNS\cnsini.exe
O4 - GS\Desktop [Administrador]: Contábil Phoenix.lnk . (...) -- \10.1.10.199\Phoenix\PgwC.exe (.not file.)
O4 - GS\Desktop [Administrador]: DIPJ 2010.lnk . (.SERPRO - No Comment.) -- C:\Arquivos de Programas RFB\DIPJ2010\DIPJ2010.exe
O4 - GS\Desktop [Administrador]: Dirf 2009.LNK . (...) -- C:\Program Files\Programas RFB\Dirf2009\Dirf2009.exe
O4 - GS\Desktop [Administrador]: Dirf 2010.LNK . (...) -- C:\Program Files\Programas RFB\Dirf2010\Dirf2010.exe
O4 - GS\Desktop [Administrador]: Dirf 2011.LNK . (...) -- C:\Arquivos de Programas RFB\Dirf2011\Dirf2011.exe
O4 - GS\Desktop [Administrador]: Dirf 2012.LNK . (...) -- C:\Arquivos de Programas RFB\Dirf2012\Dirf2012.exe
O4 - GS\Desktop [Administrador]: Dirf 2013.LNK . (...) -- C:\Arquivos de Programas RFB\Dirf2013\Dirf2013.exe
O4 - GS\Desktop [Administrador]: Dirf 2014.LNK . (...) -- C:\Arquivos de Programas RFB\Dirf2014\Dirf2014.exe
O4 - GS\Desktop [Administrador]: EVEREST Home Edition.lnk . (...) -- C:\Program Files\Lavalys\EVEREST Home Edition\everest.exe (.not file.)
O4 - GS\Desktop [Administrador]: Folha Phoenix.lnk . (...) -- \10.1.10.199\Phoenix\Folha.exe (.not file.)
O4 - GS\Desktop [Administrador]: G5 Phoenix.lnk . (...) -- \10.1.10.199\Phoenix\PgwF.exe (.not file.)
O4 - GS\Desktop [Administrador]: GDRais2009.lnk . (...) -- C:\GDRais2009\GDRais2009.exe
O4 - GS\Desktop [Administrador]: GDRaisGenérico76_08.lnk . (...) -- C:\GDRaisGenerico76_08\GDRaisGenerico76_08.exe
O4 - GS\Desktop [Administrador]: GDRaisGenérico76_09.lnk . (...) -- C:\GDRaisGenerico76_09\GDRaisGenerico76_09.exe
O4 - GS\Desktop [Administrador]: GDRaisGenérico76_10.lnk . (...) -- C:\GDRaisGenerico76_10\GDRaisGenerico76_10.exe
O4 - GS\Desktop [Administrador]: IRPF2007 - Declaração de Ajuste Anual.lnk . (...) -- C:\Program Files\Programas SRF\IRPF2007\IRPF2007.exe
O4 - GS\Desktop [Administrador]: IRPF2008 Windows - Declaração de Ajuste Anual.lnk . (...) -- C:\Program Files\Programas RFB\IRPF2008windows\IRPF2008.exe
O4 - GS\Desktop [Administrador]: IRPF2009 - Declaração de Ajuste Anual e Final de Espólio.lnk . (...) -- C:\Arquivos de Programas RFB\IRPF2009\IRPF2009.exe
O4 - GS\Desktop [Administrador]: IRPF2010 - Declaração de Ajuste Anual e Final de Espólio.lnk . (...) -- C:\Arquivos de Programas RFB\IRPF2010\IRPF2010.exe
O4 - GS\Desktop [Administrador]: Jr Phoenix.lnk . (...) -- \10.1.10.199\Phoenix\PgwJr.exe (.not file.)
O4 - GS\Desktop [Administrador]: Receitanet 2010.lnk . (...) -- C:\Recnet\Receitanet.exe (.not file.)
~ Global Startup: 114 Legitimates Filtered in 00mn 05s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [CertificateRegistration] . (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\Windows\System32\aetcrss1.exe
O4 - HKLM\..\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [SafeNetCertMngr] . (.SafeNet, Inc. - SafeNet Authentication Client.) -- C:\Program Files\SafeNet\Authentication\SAC\x32\SACMonitor.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
O4 - HKCU\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files\Google\Drive\googledrivesync.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1792104979-1389409550-1474320754-1837\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files\Google\Drive\googledrivesync.exe
O4 - HKUS\S-1-5-21-1792104979-1389409550-1474320754-1837\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 02s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: Microsoft XML Parser for Java - (Microsoft XML Parser for Java) - (.not file.) - C:\Windows\Java\classes\xmldso.cab
O16 - DPF: {08F04139-8DFC-11D2-80E9-006008B066EE} ((no name)) - https://digitalid.certisign.com.br/classe1/vscnfchk.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} ((no name)) - https://clickbanking.itau.com.br/itau/GbPlugin/cab/GbPluginUni.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F73151DF-A855-4447-83C9-7250D39B42A4}: DhcpNameServer = 10.1.10.199 10.1.10.254 10.1.10.199
O17 - HKLM\System\CCS\Services\Tcpip\..\{F73151DF-A855-4447-83C9-7250D39B42A4}: DhcpDomain = ggp
O17 - HKLM\System\CS1\Services\Tcpip\..\{F73151DF-A855-4447-83C9-7250D39B42A4}: DhcpNameServer = 10.1.10.199 10.1.10.254 10.1.10.199
O17 - HKLM\System\CS1\Services\Tcpip\..\{F73151DF-A855-4447-83C9-7250D39B42A4}: DhcpDomain = ggp
O17 - HKLM\System\CS2\Services\Tcpip\..\{F73151DF-A855-4447-83C9-7250D39B42A4}: DhcpNameServer = 10.1.10.199 10.1.10.254 10.1.10.199
O17 - HKLM\System\CS2\Services\Tcpip\..\{F73151DF-A855-4447-83C9-7250D39B42A4}: DhcpDomain = ggp
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ggp
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.199 10.1.10.254 10.1.10.199
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: GbPluginUni . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehUni.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
O23 - Service: RM.Host.Service (RM.Host.Service) . (.TOTVS S.A. - No Comment.) - C:\totvs\CorporeRM\RM.Net\RM.Host.Service.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
~ Services: 15 Legitimates Filtered in 00mn 08s



---\\ Tarefas planificadas automaticamente (039)
[MD5.F5DA29DC6D2576331D59B88A9E60FCC8] [APT] [{2CCC5B78-36FC-48E4-BEA7-CF0BDA58C042}] (...) -- C:\Users\plinio.seitsi\Downloads\Dirf2011v1.3.exe [5787999]
[MD5.D98CCA18659B67052DFD5ED9F9EA9397] [APT] [{64F0D60B-E69B-483B-9B69-7DE10FB261C5}] (...) -- C:\caixa\Kitsefipwin82\GerSefip82.exe [132054]
[MD5.00000000000000000000000000000000] [APT] [{6732EC33-B31E-4E8D-B237-324895237E67}] (...) -- C:\Users\plinio.seitsi\Downloads\B2CAppSetup.exe (.not file.) [0]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 06s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 75 Legitimates Filtered in 00mn 02s



---\\ Software instalados (042)
O42 - Logiciel: ACI - (.Dataprev.) [HKLM] -- EBB7DDC5-F8A7-4C1A-8BDB-C64456D342A5
O42 - Logiciel: Assistente do certificado digital - (.Serasa Experian.) [HKLM] -- {BE72FB31-7A89-44FA-9E32-56E17F3114BD}
O42 - Logiciel: BibliotecaRM - 11.52.60.150 - (.TOTVS.) [HKLM] -- {C6FAC36F-6A87-443F-B9DB-568678FF8C5C}
O42 - Logiciel: CAGEDNet - (.Dataprev.) [HKLM] -- 4999919A-61DF-2230-AF39-F4BCF13A809A
O42 - Logiciel: CAT - (...) [HKLM] -- CAT
O42 - Logiciel: CAT Mpact - (.DATAPREV.) [HKLM] -- {9EB4BF60-7941-48BF-8070-59F709F507D2}_is1
O42 - Logiciel: Conectividade Social - (...) [HKLM] -- Conectividade Social
O42 - Logiciel: Contmatic Phoenix - Folha - (...) [HKLM] -- Contmatic Phoenix - Folha
O42 - Logiciel: Dirf 2009 - (...) [HKLM] -- Dirf 2009
O42 - Logiciel: Dirf 2011 - (...) [HKLM] -- Dirf 2011
O42 - Logiciel: Dirf 2012 - (...) [HKLM] -- Dirf 2012
O42 - Logiciel: Dirf 2013 - (...) [HKLM] -- Dirf 2013
O42 - Logiciel: Dirf 2014 - (...) [HKLM] -- Dirf 2014
O42 - Logiciel: Ferramentas Buddywin - (.Glan Data Sistemas.) [HKLM] -- {2EE695CE-BFAF-4578-A3F4-FDB0FE0365B0}
O42 - Logiciel: GGP - DANFE - (.Global Partners.) [HKLM] -- {3C42212D-6D41-4B57-B7A3-301093B0157B}
O42 - Logiciel: GPS - (...) [HKLM] -- GPS
O42 - Logiciel: GRRF Eletrônica - (...) [HKLM] -- GRRF Eletrônica
O42 - Logiciel: GdRaisJava - (.SERPRO.) [HKLM] -- 2A5B6D9D-DEDE-4EAC-808C-A34BDF603029
O42 - Logiciel: Gerador da Rais Genérico - GDRais Genérico76_08 [Versão 2008.01.00] - (...) [HKLM] -- Gerador da Rais Genérico - GDRais Genérico76_08 [Versão 2008.01.00]
O42 - Logiciel: Gerador da Rais Genérico - GDRais Genérico76_09 [Versão 2009.01.00] - (...) [HKLM] -- Gerador da Rais Genérico - GDRais Genérico76_09 [Versão 2009.01.00]
O42 - Logiciel: Gerador da Rais Genérico - GDRais Genérico76_10 [Versão 2010.01.00] - (...) [HKLM] -- Gerador da Rais Genérico - GDRais Genérico76_10 [Versão 2010.01.00]
O42 - Logiciel: Gerador de Declaração RAIS - GDRAIS 2009 ( Versão 2009.01.01 ) - (...) [HKLM] -- Gerador de Declaração RAIS - GDRAIS 2009 ( Versão 2009.01.01 )
O42 - Logiciel: Gerador de Declaração RAIS - GDRAIS 2010 ( Versão 2010.01.00 ) - (...) [HKLM] -- Gerador de Declaração RAIS - GDRAIS 2010 ( Versão 2010.01.00 )
O42 - Logiciel: Guardião Banco Itaú - (...) [HKCU] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: IRPF2007 - Declaração de Ajuste Anual - (...) [HKLM] -- IRPF2007 - Declaração de Ajuste Anual
O42 - Logiciel: IRPF2008 Windows - Declaração de Ajuste Anual - (...) [HKLM] -- IRPF2008 Windows - Declaração de Ajuste Anual
O42 - Logiciel: IRPF2009 - Declaração de Ajuste Anual e Final de Espólio - (...) [HKLM] -- IRPF2009 - Declaração de Ajuste Anual e Final de Espólio
O42 - Logiciel: IRPF2010 - Declaração de Ajuste Anual e Final de Espólio - (...) [HKLM] -- IRPF2010 - Declaração de Ajuste Anual e Final de Espólio
O42 - Logiciel: IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2011
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: Instalador da Dirf 2010 - (...) [HKLM] -- Instalador da Dirf 2010
O42 - Logiciel: Pacote de Driver do Windows - Perto S.A. Perifericos para Automacao (PERTO3 - (.Perto S.A. Perifericos para Automacao.) [HKLM] -- 608D1FA1C8C461081A6695F228B2DC54B0BFD5E8
O42 - Logiciel: Perto Smart (remove only) - (...) [HKLM] -- PertoSmart
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: SEFIP 8.40 - (...) [HKLM] -- SEFIP 8.40
O42 - Logiciel: SKTimeStamp - (.Stefans Tools.) [HKLM] -- {8CFD0DBA-1D16-48A8-B3B1-426D4140CBCD}
O42 - Logiciel: SVA 3.1 - (.COFIS - RFB.) [HKLM] -- Sistema de Validação e Autenticação de Arquivos Digitais_is1
O42 - Logiciel: SXPIS - Sistema CAIXA - PIS Empresa - Ambiente Empresa - (...) [HKLM] -- SXPIS - Sistema CAIXA - PIS Empresa - Ambiente Empresa
O42 - Logiciel: SafeSign - (.A.E.T. Europe B.V..) [HKLM] -- {6347401C-C260-4B30-9816-8F5A1419CC49}
O42 - Logiciel: Sicalc Auto Atendimento - (.Receita Federal do Brasil.) [HKLM] -- Sicalc Auto Atendimento
O42 - Logiciel: Sispag Itaú - (...) [HKLM] -- {A58632C8-B144-4CF1-A23D-23AE518D5AAE}
O42 - Logiciel: TOTVS Automação de Ponto - 11.52.59 - (.TOTVS.) [HKLM] -- {3C118AA7-D384-4FF9-AD8D-3D42684E5A4C}
O42 - Logiciel: TOTVS Folha de Pagamento - 11.52.60 - (.TOTVS.) [HKLM] -- {29CF395A-C123-4572-9D8D-12488C7B0200}
O42 - Logiciel: TOTVS Gestão Contábil - 11.52.59 - (.TOTVS.) [HKLM] -- {59BD501A-127F-42E9-B774-678475CD1301}
O42 - Logiciel: TOTVS Gestão de Estoques, Compras e Faturamento - 11.52.59 - (.TOTVS.) [HKLM] -- {555ED5E2-F203-4968-A575-FE7CC405F068}
O42 - Logiciel: TOTVS Gestão de Pessoas - 11.52.59 - (.TOTVS.) [HKLM] -- {9DC76BEA-E73E-4878-9130-6351FE948459}
~ Logic: 51 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\ARL]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\Global Partners]
[HKCU\Software\RM Sistemas]
[HKCU\Software\WCA]
[HKLM\Software\A.E.T. Europe B.V.]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Banco Itaú S.A.]
[HKLM\Software\Caixa]
[HKLM\Software\Perto]
[HKLM\Software\Programas RFB]
[HKLM\Software\RM Sistemas]
[HKLM\Software\SXPIS]
[HKLM\Software\TOTVS]
~ Key Software: 304 Legitimates Filtered in 00mn 01s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 24/09/2010 - 14:04:53 - [8,634] ----D C:\Program Files\A.E.T. Europe B.V
O43 - CFD: 07/02/2012 - 15:13:24 - [21,901] ----D C:\Program Files\ACI
O43 - CFD: 05/02/2014 - 17:51:40 - [34,124] ----D C:\Program Files\CAGED
O43 - CFD: 21/01/2011 - 16:23:25 - [11,604] ----D C:\Program Files\CAGEDNet
O43 - CFD: 04/04/2014 - 10:36:53 - [1931,825] ----D C:\Program Files\CAIXA
O43 - CFD: 12/07/2010 - 19:47:45 - [3,853] ----D C:\Program Files\DCTF20
O43 - CFD: 12/07/2010 - 19:47:45 - [4,159] ----D C:\Program Files\DCTF21
O43 - CFD: 25/07/2012 - 11:06:13 - [47,944] ----D C:\Program Files\GdRaisJava
O43 - CFD: 13/09/2012 - 14:07:51 - [26,787] ----D C:\Program Files\GdRaisJava1
O43 - CFD: 13/02/2014 - 17:33:25 - [4,678] ----D C:\Program Files\Global Partners
O43 - CFD: 03/05/2011 - 17:59:09 - [24,883] ----D C:\Program Files\GRRF
O43 - CFD: 12/07/2010 - 19:47:15 - [2,886] ----D C:\Program Files\IRPF2000
O43 - CFD: 16/08/2010 - 18:31:02 - [3,650] ----D C:\Program Files\IRPF2001
O43 - CFD: 12/07/2010 - 19:47:15 - [3,550] ----D C:\Program Files\ITR2003
O43 - CFD: 28/07/2011 - 09:52:56 - [12,772] ----D C:\Program Files\PDF reDirect
O43 - CFD: 20/04/2011 - 12:27:49 - [0,103] ----D C:\Program Files\PertoSmart
O43 - CFD: 20/04/2011 - 11:51:43 - [0] ----D C:\Program Files\PertoSmart USB Smartcard Reader
O43 - CFD: 03/02/2014 - 15:12:33 - [1900,862] ----D C:\Program Files\Programas RFB
O43 - CFD: 12/07/2010 - 19:44:37 - [584,508] ----D C:\Program Files\Programas SRF
O43 - CFD: 12/07/2010 - 19:43:13 - [10,882] ----D C:\Program Files\RFB
O43 - CFD: 17/05/2012 - 14:24:34 - [117,560] ----D C:\Program Files\Serasa Experian
O43 - CFD: 17/12/2013 - 12:56:01 - [0,186] ----D C:\Program Files\SKTimeStamp
O43 - CFD: 28/02/2014 - 15:43:26 - [1,145] ----D C:\Program Files\SRP
O43 - CFD: 14/03/2014 - 11:10:12 - [1,284] ----D C:\ProgramData\Ad-Aware Browsing Protection
O43 - CFD: 22/09/2011 - 10:51:33 - [0,157] ----D C:\ProgramData\OPPU
O43 - CFD: 04/04/2014 - 17:10:52 - [3,356] ----D C:\Users\plinio.seitsi\AppData\Local\Popcorn-Time
O43 - CFD: 11/02/2014 - 10:40:40 - [0,014] ----D C:\Users\plinio.seitsi\AppData\Local\RM.NET
O43 - CFD: 06/01/2014 - 14:47:54 - [0,002] ----D C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ACI
O43 - CFD: 05/02/2014 - 17:51:43 - [0,002] ----D C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CAGEDNet
O43 - CFD: 22/01/2014 - 14:21:10 - [0,003] ----D C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GdRaisJava
O43 - CFD: 17/12/2013 - 11:24:58 - [0] ----D C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB
O43 - CFD: 13/03/2014 - 10:34:05 - [0] ----D C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2011
O43 - CFD: 03/01/2014 - 08:29:43 - [0] ----D C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 27/02/2014 - 16:22:06 - [0,004] ----D C:\Users\plinio.seitsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 209 Legitimates Filtered in 01mn 05s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.7F0FFB4B9EF575B31AE5F3D8F95E4492] - 02/04/2014 - 12:38:47 ---A- . (...) -- C:\Windows\RegisterCorpore.txt [914]
O44 - LFC:[MD5.B140770D995ED07BC2FDA23DA9B1333F] - 04/04/2014 - 10:44:56 ---A- . (...) -- C:\GRRF.RE [1448]
O44 - LFC:[MD5.6C9B49E11AFF71393279999E877EF062] - 08/04/2014 - 12:07:18 ---A- . (...) -- C:\prox.log [20169953]
O44 - LFC:[MD5.88B788E7C2E27C06751FEDD6416320A8] - 09/04/2014 - 11:14:10 ---A- . (...) -- C:\Windows\MKDEMSG.LOG [1108]
O44 - LFC:[MD5.47D9D09B4EF195B143D99C36ED7E3856] - 09/04/2014 - 12:05:38 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [189520]
O44 - LFC:[MD5.EE8E5034B900973E413AF3BF546381C5] - 09/04/2014 - 12:05:38 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [812198]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 09/04/2014 - 13:59:44 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.9E07357934A8C55287432F73F9C55AE1] - 09/04/2014 - 14:28:29 ---A- . (...) -- C:\zoek-results.log [58673]
O44 - LFC:[MD5.2FCEAD2D1E295834D9B0FAF8D0AB5439] - 10/04/2014 - 08:28:56 ---A- . (.No owner - CommonDL DLL.) -- C:\Windows\System32\CommonDL.dll [53248]
O44 - LFC:[MD5.B20B3714C0FA2BAB644FB6DF375CBCF0] - 10/04/2014 - 12:05:50 ---A- . (...) -- C:\Windows\System32\lgAxconfig.ini [2412]
O44 - LFC:[MD5.A2CB40CDD8BA0B3617F167538DDAE8CA] - 27/03/2014 - 16:19:13 ---A- . (...) -- C:\Windows\Filzip.ini [41]
~ Files: 27 Legitimates Filtered in 00mn 06s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRA~1\GbPlugin\gbiehUni.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\PROGRAM FILES\GBPLUGIN\gbiehcef.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKCU\...\Policies\System] - "Wallpaper"=
O55 - MWPS:[HKCU\...\Policies\System] - "WallpaperStyle"=
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.677BDD6FBB8559BC462AFF028AB0F795] - 24/02/2014 - 15:37:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\GbpKm.sys [46392]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 20/03/2014 - 08:04:55 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\gbpndisrd.sys [31088]
O58 - SDL:[MD5.A5C914C5CBCFF645434535234BFCEACA] - 13/03/2014 - 10:08:57 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.4CB5D3A5902A92606408A36865A04D53] - 06/09/2010 - 09:39:50 ---A- . (.UVNC BVBA - UltraVnc miniport driver2.) -- C:\Windows\System32\Drivers\mv2.sys [12096]
O58 - SDL:[MD5.C17CF56286DDAA0456006512FF0AFDB6] - 27/09/2007 - 18:58:32 ---A- . (.Perto S.A. Perifericos para Automacao - PC/SC Driver for PertoSmart.) -- C:\Windows\System32\Drivers\perto38u.sys [35840]
O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 01/11/2013 - 08:43:52 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\System32\Drivers\ssmdrv.sys [28520]
O58 - SDL:[MD5.EDF7F8387C2072205ABCF105F14B13B4] - 28/10/2013 - 00:12:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [87064]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 20 Legitimates Filtered in 00mn 04s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 01/01/1601 - C:\Windows\System32\drivers\Bhbase.sys (Bhbase) .(...) - LEGACY_BHBASE
O64 - Services: CurCS - 24/02/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 107 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.782D31AC476917BBC203058EB2ADF4D9] [SPRF][12/11/2013] (...) -- C:\Users\plinio.seitsi\AppData\Roaming\unins000.dat [16508]
[MD5.61906656CEA25B31D087A86E8B43BAD1] [SPRF][21/03/2014] (...) -- C:\Users\plinio.seitsi\AppData\Roaming\unins001.dat [16902]
[MD5.1A40647188A4F2A21A5F460301F8D267] [SPRF][08/06/2010] (.No owner - GbpDist Module.) -- C:\Windows\Downloaded Program Files\gbpdist.dll [113096]
[MD5.37C3CF3391C6000A4C9388876152FADB] [SPRF][03/01/2007] (.No owner - ConfigChk Module.) -- C:\Windows\Downloaded Program Files\vscnfchk.dll [98304]
~ Files: 8 Legitimates Filtered in 00mn 00s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "13BF27EB98A7AF44E923651EF71341DB" . (.Assistente do certificado digital.) -- C:\Windows\Installer\{BE72FB31-7A89-44FA-9E32-56E17F3114BD}\_853F67D554F05449430E7E.exe
O90 - PUC: "2E5DE555302F86945A57EFC74C500F86" . (.TOTVS Gestão de Estoques, Compras e Faturamento - 11.52.59.) -- C:\Windows\Installer\{555ED5E2-F203-4968-A575-FE7CC405F068}\ARPPRODUCTICON.exe
O90 - PUC: "7AA811C3483D9FF4DAD8D32486E4A5C4" . (.TOTVS Automação de Ponto - 11.52.59.) -- C:\Windows\Installer\{3C118AA7-D384-4FF9-AD8D-3D42684E5A4C}\ARPPRODUCTICON.exe
O90 - PUC: "A105DB95F7219E247B47764857DC3110" . (.TOTVS Gestão Contábil - 11.52.59.) -- C:\Windows\Installer\{59BD501A-127F-42E9-B774-678475CD1301}\ARPPRODUCTICON.exe
O90 - PUC: "A593FC92321C2754D9D82184C8B72000" . (.TOTVS Folha de Pagamento - 11.52.60.) -- C:\Windows\Installer\{29CF395A-C123-4572-9D8D-12488C7B0200}\ARPPRODUCTICON.exe
O90 - PUC: "AEB67CD9E37E878419033615EF494895" . (.TOTVS Gestão de Pessoas - 11.52.59.) -- C:\Windows\Installer\{9DC76BEA-E73E-4878-9130-6351FE948459}\ARPPRODUCTICON.exe
O90 - PUC: "C1047436062C03B48961F8A54191CC94" . (.SafeSign.) -- C:\Windows\Installer\{6347401C-C260-4B30-9816-8F5A1419CC49}\ARPPRODUCTICON.exe
~ Update Products: 96 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.054EAE0F0242A5D1A668BF572929869C] [WIS][17/08/2005] (.Glan Data Sistemas - Blank Project Template.) -- C:\Windows\Installer\19037805.msi [37895300]
[MD5.36BBC8B2A7B8B98C2F7AB45227E16D12] [WIS][27/01/2014] (.TOTVS - BibliotecaRM.) -- C:\Windows\Installer\1b501a5.msi [295739448]
[MD5.46D82FF729D66F8A4B2B07ACE9878E7B] [WIS][27/01/2014] (.TOTVS - TOTVS Gestão de Estoques, Compras e Faturamento.) -- C:\Windows\Installer\1b501f8.msi [46330368]
[MD5.DB3CC8723C0E085B10CA71224F5ED708] [WIS][27/01/2014] (.TOTVS - TOTVS Automação de Ponto.) -- C:\Windows\Installer\1b501fd.msi [17182720]
[MD5.AFD55DF63FD944CE977D0AD165DBD743] [WIS][27/01/2014] (.TOTVS - TOTVS Gestão Contábil.) -- C:\Windows\Installer\1b50209.msi [18452480]
[MD5.5282B3E47A8E855AC2C61F682B763BCB] [WIS][27/01/2014] (.TOTVS - TOTVS Gestão de Pessoas.) -- C:\Windows\Installer\1b5020e.msi [30231040]
[MD5.7413DEC2EDC324C4D112410A5F0973C4] [WIS][17/12/2013] (.Stefans Tools - File/Folder Time Stamp Changer.) -- C:\Windows\Installer\245b35d7.msi [241664]
[MD5.5C6DB57CEB6995BF44E1D273EA266AB1] [WIS][13/12/2007] (.Business Objects - CR.NETClickOnce.) -- C:\Windows\Installer\28a116d4.msi [17960448]
[MD5.38C4DAF3EACE73F30BA2C2D6AD92FC2D] [WIS][20/02/2014] (.TOTVS - TOTVS Folha de Pagamento.) -- C:\Windows\Installer\4f08a5fd.msi [28438528]
[MD5.9A85279B28B6108DF1DE3C10E2B78754] [WIS][24/09/2010] (.A.E.T. Europe B.V. - SafeSign.) -- C:\Windows\Installer\8601ab.msi [5460992]
~ WIS: 97 Legitimates Filtered in 00mn 35s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASAPI32 =>Adware.MyWebSearch
HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASMANCS =>Adware.MyWebSearch
~ BTK: 314 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}] (Groove WorkspaceManagerApplication) =>PUP.Manager
~ BCK: 7878 Legitimates Filtered in 00mn 08s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 06/08/2012 250056 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 16/08/2012 397176 | (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files\BlueStacks\HD-Service.exe
SS - | Auto 06/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 06/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 15/01/2010 227232 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
SS - | Demand 29/10/2012 115168 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 03/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 15/03/2014 440400 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 15/03/2014 440400 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 15/03/2014 1017424 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe
SR - | Auto 16/08/2012 384888 | (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
SR - | Auto 26/02/2014 520520 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 12/02/2014 14336 | (RM.Host.Service) . (.TOTVS S.A..) - C:\totvs\CorporeRM\RM.Net\RM.Host.Service.exe
SR - | Auto 02/10/2011 10200 | (SACSrv) . (.SafeNet, Inc..) - C:\Program Files\SafeNet\Authentication\SAC\x32\SACSrv.exe
SR - | Auto 15/10/2013 3921880 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
SR - | Auto 20/09/2013 1042272 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
SR - | Auto 13/09/2013 171416 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
SR - | Auto 02/04/2014 4972864 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 10s



---\\ Scâner Aditional (088)
Database Version : 13044 - (09/04/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}] (Groove WorkspaceManagerApplication) =>PUP.Manager^
~ Additionnel Scan: 387785 Items scanned in 00mn 22s



---\\ Sumário das deteções encontradas na sua estação
http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods
http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
http://nicolascoolman.webs.com/apps/blog/show/34213529-pup-manager =>PUP.Manager
~ MSI: 3 link(s) detected in 00mn 00s



~ 1152 Legitimates filtered by white list
End of the scan (702 lines in 03mn 21s)(0)
NB1: Samsung CORE I3 2310/2GB DDR3/320GB
NB2: T4300/2GB DDR2 800/GF 8200M/350GB
PC1:E8400/GA EP45 UD3L/4GB DDR2 Kingston / HD6850/Corsair CX430/Virtua 30MB
PC2:E7500/GA 945GCM/ST 350BKV/HD 5670/2GB
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal