Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14412 usuários registrados
O último usuário registrado atende pelo nome de LucasDrBr

Os nossos membros postaram um total de 35075 mensagens em 3551 assuntos
Quem está conectado
3 usuários online :: Nenhum usuário registrado, Nenhum Invisível e 3 Visitantes :: 1 Motor de busca

Nenhum

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Julho 2017
SegTerQuaQuiSexSabDom
     12
3456789
10111213141516
17181920212223
24252627282930
31      

Calendário Calendário

Palavras chave


BlueScreen (win32k.sys, cdd.dll)

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

BlueScreen (win32k.sys, cdd.dll)

Mensagem por extremee-br em Sex 02 Maio 2014, 19:30

Olá, estou precisando de orientação para descobrir qual origem desses erros, não tenho certeza da onde vem (talvez do HDD ou sistema mesmo)

Tenho SSD (C) sistema e um HDD (D) disco local.

Filtrei e tirei print do log de windows:

[Você precisa estar registrado e conectado para ver este link.]

E vou deixar o log HijackThis (deu dois erros ao analisar)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:20:42, on 02/05/2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
D:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
D:\Arquivos de Programas (x86)\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
D:\Usuários\Micro\Downloads\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Arquivos de Programas (x86)\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Arquivos de Programas (x86)\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [avast] "D:\Arquivos de Programas (x86)\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
O4 - HKCU\..\Run: [Steam] "D:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Você precisa estar registrado e conectado para ver este link.]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F596C7F-4A00-4AD2-B069-2451943C1B44}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{7F596C7F-4A00-4AD2-B069-2451943C1B44}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{7F596C7F-4A00-4AD2-B069-2451943C1B44}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - D:\Arquivos de Programas (x86)\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESL Wire Helper Service (EslWireHelper) - Unknown owner - D:\Program Files\EslWire\service\WireHelperSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark - C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Razer Surround Audio Service (RzMaelstromVADStreamingService) - Unknown owner - C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: xmkysecqun64 - Unknown owner - C:\Program Files\003\xmkysecqun64.exe

--
End of file - 11059 bytes
avatar
extremee-br
Iniciante
Iniciante

Mensagens : 14
Reputação : 0
Data de inscrição : 02/05/2014

Voltar ao Topo Ir em baixo

Re: BlueScreen (win32k.sys, cdd.dll)

Mensagem por Power Max em Sex 02 Maio 2014, 20:17

Faça o download do < ZHPDiag2.exe > < [Você precisa estar registrado e conectado para ver esta imagem.]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

Tutorial de instalação e execução do aplicativo ZHPDiag

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: BlueScreen (win32k.sys, cdd.dll)

Mensagem por extremee-br em Sex 02 Maio 2014, 20:25

~ Relatório do ZHPDiag v2014.5.1.49 - Nicolas Coolman (01/05/2014)
~ Iniciado por Micro (02/05/2014 20:22:49)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Fóruns de suporte gratuito para desinfecção : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v34.0.1847.131 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v8.0.1489.0
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.09

---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.2.1.28086 =>P2P.µTorrent

---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 21
Java 7 Update 45

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8139 MB (74% free)
System Restore: Activé (Enable)
System drive C: has 50 GB (42%) free of 119 GB

---\\ Modo de conexão ao sistema
~ Computer Name: GUILHERME-PC
~ User Name: Micro
~ All Users Names: Micro, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Micro\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Micro\AppData\Roaming\
~ %Desktop% : D:\Usuários\Micro\Área de Trabalho\
~ %Favorites% : C:\Users\Micro\Favorites\
~ %LocalAppData% : C:\Users\Micro\AppData\Local\
~ %StartMenu% : C:\Users\Micro\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 50 Go of 119 Go)
D: Hard drive, Flash drive, Thumb drive (Free 137 Go of 416 Go)
E: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 6 Go of 50 Go)
G: CD-ROM drive (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Free 4 Go of 7 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 40 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.C235A51CB740E45FFA0EBFB9BAFCDA64] - (.Microsoft Corporation - Windows Explorer.) (.13/07/2009 - 22:39:10.) -- C:\Windows\Explorer.exe [2868224]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.A4F6142CABA82FB7293ECE5FF864B440] - (.Microsoft Corporation - Internet Extensions para Win32.) (.14/05/2013 - 11:55:01.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.132328DF455B0028F13BF0ABEE51A63A] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Winlogon.exe [389120]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.B9384E03479D2506BC924C16A3DB87BC] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 20:21:42.) -- C:\Windows\system32\Drivers\AFD.sys [500224]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.3F1DC527070ACB87E40AFE46EF6DA749] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 20:23:44.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 21:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.CFDCD8CA87C2A657DEBC150AC35B5E08] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/07/2009 - 20:24:00.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157184]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.356698A13C4630D5B31C37378D469196] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.13/07/2009 - 22:48:27.) -- C:\Windows\system32\Drivers\ntfs.sys [1659984]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 21:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/07/2009 - 21:18:02.) -- C:\Windows\system32\Drivers\rdpdr.sys [165376]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.58F82EED8CA24B461441F9C3E4F0BF5C] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:45:55.) -- C:\Windows\system32\Drivers\volsnap.sys [294992]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/2330
~ Mes Videos (My Videos) : 1/28
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/5217
~ Mon Bureau (My Desktop) : 1/993
~ Menu demarrer (Programs) : 1/51
~ Hidden Files: Scanned in 00mn 08s



---\\ Processos lançados
[MD5.DF2FCA0CC92944F85193967116326AEB] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840] [PID.1944]
[MD5.AB53A70C1B627DC3A64C21B0748F72D6] - (.Valve Corporation - Steam Client Bootstrapper.) -- D:\Program Files (x86)\Steam\Steam.exe [1825984] [PID.1380]
[MD5.6BA8D86746935498D64CB5CF6286F2EB] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.2448]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- D:\Arquivos de Programas (x86)\AVAST Software\Avast\AvastUI.exe [4858968] [PID.2552]
[MD5.07D60094203DD52E292B2095FFB2B898] - (.Razer Inc. - Razer Synapse.) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [444760] [PID.2588]
[MD5.72A7D54EB3626CFCBC8B550385CEF97A] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.4608]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032] [PID.4264]
[MD5.C6FD6C175276637C5D6F6EA293137F5E] - (.Nicolas Coolman - ZHPDiag.) -- D:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7867904] [PID.3668]
[MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- D:\Arquivos de Programas (x86)\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1560]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.2308]
[MD5.166FC0B36842135BC2D3C32DF70ED0D6] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560] [PID.2660]
[MD5.27482C655F6FF3FB0C339F600F78EE15] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617352] [PID.2704]
[MD5.205E1B699FD3F2F9B036EEA2EC30C620] - (...) -- C:\Windows\system32\PnkBstrA.exe [76888] [PID.2824]
[MD5.BD517C7FB119997EFFBE39D5E4B37B05] - (.No owner - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [167936] [PID.2848]
[MD5.05D708ED589BF5EE6402AEC873214061] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277784] [PID.3464]
[MD5.23031090B158FA3CECE899485BCBA96F] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [363800] [PID.3924]
[MD5.545462D0DBE24AF379BA869B7C185CCD] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.988]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Micro\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [faklkmlkcleeoibffcbligohmkciloif] PutLocker Downloader v.4.1 (Désactivé) =>Spyware.PutLocker
G2 - GCE: Preference [User Data\Default] [lfmhcpmkbdkbgbmkjoiopeeegenkdikp] FVD Downloader v.5.7.9, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 12 Legitimates Filtered in 00mn 06s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
~ IE Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- D:\Arquivos de Programas (x86)\AVAST Software\Avast\aswWebRepIE64.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Micro]: Hao123.lnk . (...) -- C:\Users\Micro\AppData\Roaming\baidu\hao123-br\hao123.1.0.0.1108.exe (.not file.) =>Adware.BDSearch
~ Global Startup: 1 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- D:\Program Files (x86)\Steam\steam.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [IMSS] . (.Intel Corporation - PIcon startup utility.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- D:\Arquivos de Programas (x86)\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [Razer Synapse] . (.Razer Inc. - Razer Synapse.) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-622757554-1295329940-1793671186-1000\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- D:\Program Files (x86)\Steam\steam.exe
O4 - HKUS\S-1-5-21-622757554-1295329940-1793671186-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
~ Application: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F596C7F-4A00-4AD2-B069-2451943C1B44}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{B66FB662-5098-482B-9362-9196ECABAF90}: DhcpNameServer = 201.10.120.4 201.10.128.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{7F596C7F-4A00-4AD2-B069-2451943C1B44}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{B66FB662-5098-482B-9362-9196ECABAF90}: DhcpNameServer = 201.10.120.4 201.10.128.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{7F596C7F-4A00-4AD2-B069-2451943C1B44}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{B66FB662-5098-482B-9362-9196ECABAF90}: DhcpNameServer = 201.10.120.4 201.10.128.3
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Razer Surround Audio Service (RzMaelstromVADStreamingService) . (.A-Volute - Maelstrom VAD Streaming Service.) - C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
O23 - Service: xmkysecqun64 (xmkysecqun64) . (...) - C:\Program Files\003\xmkysecqun64.exe =>PUP.AdPeak
~ Services: 17 Legitimates Filtered in 00mn 02s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{29806BE5-2AF7-4654-AFB6-D4DA8CD9B7E9}] (...) -- D:\Usu rios\Micro\Downloads\jxpiinstall.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-622757554-1295329940-1793671186-1000Core [906]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-622757554-1295329940-1793671186-1000UA [928]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1062]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1066]
~ Scheduled Task: 15 Legitimates Filtered in 00mn 00s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys =>Adware.BDSearch
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys
~ Drivers: 81 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Banished - (.Shining Rock Software LLC.) [HKLM][64Bits] -- Steam App 242920
~ Logic: 26 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\BI]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Baidu] =>Adware.BDSearch
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\SupraSavings] =>PUP.SupraSavings
[HKLM\Software\Wow6432Node\baidu] =>Adware.BDSearch
[HKLM\Software\suprasavings] =>PUP.SupraSavings
~ Key Software: 376 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/04/2014 - 22:55:10 - [] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 17/07/2013 - 23:18:59 - [] ----D C:\Program Files (x86)\PutLockerDownloader =>Spyware.PutLocker
O43 - CFD: 23/12/2013 - 23:44:25 - [] ----D C:\Program Files (x86)\Tribo Gamer
O43 - CFD: 05/01/2014 - 22:07:11 - [] ----D C:\ProgramData\APN
O43 - CFD: 05/12/2013 - 15:19:16 - [] ----D C:\ProgramData\baidu =>Adware.BDSearch
O43 - CFD: 14/04/2014 - 22:56:49 - [] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 05/12/2013 - 15:22:08 - [] ----D C:\Users\Micro\AppData\Roaming\baidu =>Adware.BDSearch
O43 - CFD: 05/12/2013 - 15:18:03 - [] ----D C:\Users\Micro\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 28/10/2013 - 09:07:29 - [0] ----D C:\Users\Micro\AppData\Local\Lollipop =>Adware.Lollipop
~ Program Folder: 211 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/05/2014 - 19:32:01 ---A- . (...) -- C:\Windows\System32\RzMaelstromVADAudioDeviceManager_log.txt [0]
O44 - LFC:[MD5.54502B8AD109FC2BF82800ADFF229421] - 02/05/2014 - 20:19:42 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [145890]
O44 - LFC:[MD5.67FDAD20D397277670C9787F6F2CC883] - 02/05/2014 - 20:19:42 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [703104]
~ Files: 11 Legitimates Filtered in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{5b362f73-f3a4-11e2-b8a3-902b341ca520}\AutoRun\command. (...) -- H:\iLinker.exe (.not file.)
O51 - MPSK:{82bcac7a-bd12-11e2-939c-902b341ca520}\AutoRun\command. (...) -- G:\setup.exe (.not file.)
O51 - MPSK:{b48f1ec9-bbfb-11e2-b7f4-806e6f6e6963}\AutoRun\command. (...) -- D:\Run.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:09/05/2013 - 05:59:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65336] =>.ALWIL Software
O58 - SDL:27/06/2013 - 19:02:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:27/06/2013 - 19:02:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:27/06/2013 - 19:02:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [189936] =>.ALWIL Software
O58 - SDL:27/06/2013 - 19:02:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175] =>.ALWIL Software
O58 - SDL:12/08/2013 - 16:17:22 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [50496]
O58 - SDL:12/08/2013 - 16:17:22 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [32576] =>Adware.BDSearch
O58 - SDL:20/08/2013 - 03:10:52 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [106624]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:06/03/2014 - 06:37:30 ---A- . (.Windows (R) Win 7 DDK provider - Maelstrom VAD Audio driver.) -- C:\Windows\System32\Drivers\RzMaelstromVAD.sys [40696]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 69 Legitimates Filtered in 00mn 00s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 12/08/2013 - C:\Windows\system32\drivers\Bfilter.sys (Bfilter) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BFILTER
O64 - Services: CurCS - 12/08/2013 - C:\Windows\system32\drivers\Bfmon.sys (Bfmon) .(.Baidu, Inc. - Baidu FS Monitor Driver.) - LEGACY_BFMON =>Adware.BDSearch
O64 - Services: CurCS - 20/08/2013 - C:\Windows\system32\drivers\Bprotect.sys (Bprotect) .(.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - LEGACY_BPROTECT
~ Legacy: 92 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {5381EDA7-76CF-4A25-9F6B-B47EC65DAEBF} - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.23B961E1466AD64AA615761B303EA475] [SPRF][22/10/2013] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [170344]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{95080536-1F63-40B2-B50D-2B21D7CC9E87}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- D:\Arquivos de programas (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{899D0052-2A1E-4552-AB02-8899D19A9F5B}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- D:\Arquivos de programas (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\PutLockerDownloader_RASAPI32 =>Spyware.PutLocker
HKLM\SOFTWARE\Microsoft\Tracing\PutLockerDownloader_RASMANCS =>Spyware.PutLocker
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32 =>Toolbar.Ask
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS =>Toolbar.Ask
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biclient_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biclient_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\bi_client_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\bi_client_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Mobogenie_RASAPI32 =>PUP.Mobogenie
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Mobogenie_RASMANCS =>PUP.Mobogenie
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Plus-HD-2_RASAPI32 =>Adware.PlusHD
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Plus-HD-2_RASMANCS =>Adware.PlusHD
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PutLockerDownloader V3_RASAPI32 =>Spyware.PutLocker
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PutLockerDownloader V3_RASMANCS =>Spyware.PutLocker
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateWebSparkle_RASAPI32 =>Adware.WebSparkle
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateWebSparkle_RASMANCS =>Adware.WebSparkle
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdaterV3_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdaterV3_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_download_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_download_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_install_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_install_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebSparkle_Setup_RASAPI32 =>Adware.WebSparkle
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebSparkle_Setup_RASMANCS =>Adware.WebSparkle
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebSparkle_w3_RASAPI32 =>Adware.WebSparkle
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebSparkle_w3_RASMANCS =>Adware.WebSparkle
~ BTK: 353 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 28/01/2014 520416 | (Futuremark SystemInfo Service) . (.Futuremark.) - C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe
SS - | Auto 23/07/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 23/07/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/04/2007 792112 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 08/05/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 06/06/2013 543656 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Disabled 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - D:\Arquivos de Programas (x86)\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 29/01/2014 663056 | (EslWireHelper) . (...) - D:\Program Files\EslWire\service\WireHelperSvc.exe
SR - | Auto 01/02/2012 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 08/12/2011 607456 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 16/12/2011 161560 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 16/12/2011 277784 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 02/04/2014 1617352 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 02/04/2014 20542408 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 08/02/2014 923936 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 26/12/2013 76888 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 08/08/2005 167936 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
SR - | Auto 06/03/2014 4249088 | (RzMaelstromVADStreamingService) . (.A-Volute.) - C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
SR - | Auto 16/12/2011 363800 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/04/2014 706560 | (xmkysecqun64) . (...) - C:\Program Files\003\xmkysecqun64.exe =>PUP.AdPeak
~ Services: Scanned in 00mn 03s



---\\ Scâner Aditional (088)
Database Version : 13045 - (01/05/2014)
Clés trouvées (Keys found) : 15
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 8
Fichiers trouvés (Files found) : 10

[HKLM\Software\Google\Chrome\Extensions\faklkmlkcleeoibffcbligohmkciloif] =>Spyware.PutLocker^
[HKLM\SYSTEM\CurrentControlSet\Services\xmkysecqun64] =>PUP.AdPeak^
[HKLM\Software\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}] =>Toolbar.Wajam
[HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam
[HKLM\Software\Wow6432Node\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller] =>Adware.MegaSearch
[HKLM\Software\Classes\PutLockerDownloader] =>Spyware.PutLocker
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\BI] =>Adware.MegaSearch
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASAPI32] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASMANCS] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Mobogenie_RASAPI32] =>PUP.Mobogenie
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Mobogenie_RASMANCS] =>PUP.Mobogenie
C:\Users\Micro\AppData\Local\Google\Chrome\User Data\Default\Extensions\faklkmlkcleeoibffcbligohmkciloif =>Spyware.PutLocker^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\Program Files (x86)\PutLockerDownloader =>Spyware.PutLocker^
C:\ProgramData\baidu =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\Micro\AppData\Roaming\baidu =>Adware.BDSearch^
C:\Users\Micro\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\Users\Micro\AppData\Local\Lollipop =>Adware.Lollipop^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\Baidu] =>Adware.BDSearch^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\SupraSavings] =>PUP.SupraSavings^
[HKLM\Software\Wow6432Node\baidu] =>Adware.BDSearch^
[HKLM\Software\suprasavings] =>PUP.SupraSavings^
~ Additionnel Scan: 205086 Items scanned in 00mn 12s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>Spyware.PutLocker
[Você precisa estar registrado e conectado para ver este link.] =>Adware.BDSearch
[Você precisa estar registrado e conectado para ver este link.] =>PUP.AdPeak
[Você precisa estar registrado e conectado para ver este link.] =>PUP.1ClickDownloader
[Você precisa estar registrado e conectado para ver este link.] =>Toolbar.Conduit
[Você precisa estar registrado e conectado para ver este link.] =>Adware.Lollipop
[Você precisa estar registrado e conectado para ver este link.] =>PUP.SupraSavings
[Você precisa estar registrado e conectado para ver este link.] =>Toolbar.Ask
[Você precisa estar registrado e conectado para ver este link.] =>Adware.MegaSearch
[Você precisa estar registrado e conectado para ver este link.] =>PUP.Mobogenie
[Você precisa estar registrado e conectado para ver este link.] =>Adware.PlusHD
[Você precisa estar registrado e conectado para ver este link.] =>Adware.WebSparkle
[Você precisa estar registrado e conectado para ver este link.] =>PUP.Wajam
[Você precisa estar registrado e conectado para ver este link.] =>PUP.CrossRider
~ MSI: 14 link(s) detected in 00mn 00s



~ 897 Legitimates filtered by white list
End of the scan (527 lines in 00mn 44s)(0)
avatar
extremee-br
Iniciante
Iniciante

Mensagens : 14
Reputação : 0
Data de inscrição : 02/05/2014

Voltar ao Topo Ir em baixo

Re: BlueScreen (win32k.sys, cdd.dll)

Mensagem por Power Max em Sex 02 Maio 2014, 20:28

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: BlueScreen (win32k.sys, cdd.dll)

Mensagem por extremee-br em Seg 05 Maio 2014, 12:13

Desculpe a demora:

# AdwCleaner v3.207 - Relatório criado 05/05/2014 às 11:54:46
# Atualizado 05/05/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate (64 bits)
# Usuário : Micro - GUILHERME-PC
# Executando de : D:\Usuários\Micro\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : xmkysecqun64

***** [ Arquivos / Pastas ] *****

[!] Pasta Deletada : C:\ProgramData\apn
[!] Pasta Deletada : C:\ProgramData\baidu
[!] Pasta Deletada : C:\Program Files (x86)\Mobogenie
[!] Pasta Deletada : C:\Program Files (x86)\PutLockerDownloader
[!] Pasta Deletada : C:\Windows\SysWOW64\AI_RecycleBin
[!] Pasta Deletada : C:\Program Files\003
[!] Pasta Deletada : C:\Users\Micro\AppData\Local\cool_mirage
[!] Pasta Deletada : C:\Users\Micro\AppData\Local\lollipop
[!] Pasta Deletada : C:\Users\Micro\AppData\Local\Mobogenie
[!] Pasta Deletada : C:\Users\Micro\AppData\Roaming\baidu
[!] Pasta Deletada : D:\Usuários\Micro\Documentos\Mobogenie
Arquivo Deletada : C:\Windows\SysWOW64\SecureAssist.dll
Arquivo Deletada : C:\Windows\System32\SecureAssist64.dll
Arquivo Deletada : C:\Users\Micro\daemonprocess.txt

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Classes\PutLockerDownloader
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\plus-hd-2_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\plus-hd-2_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updateWebSparkle_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updateWebSparkle_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Valor Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]
Chave Deletedo : HKCU\Software\1ClickDownload
Chave Deletedo : HKCU\Software\BI
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKCU\Software\AppDataLow\Software\Rr Savings
Chave Deletedo : HKCU\Software\AppDataLow\Software\Supra Savings
Chave Deletedo : HKLM\Software\suprasavings
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Chave Deletedo : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Chave Deletedo : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Chave Deletedo : [x64] HKLM\SOFTWARE\suprasavings

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16476


-\\ Google Chrome v34.0.1847.131

[ Arquivo : C:\Users\Micro\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4901 octets] - [05/05/2014 11:52:10]
AdwCleaner[R1].txt - [4961 octets] - [05/05/2014 11:53:08]
AdwCleaner[S0].txt - [4586 octets] - [05/05/2014 11:54:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4646 octets] ##########
avatar
extremee-br
Iniciante
Iniciante

Mensagens : 14
Reputação : 0
Data de inscrição : 02/05/2014

Voltar ao Topo Ir em baixo

Re: BlueScreen (win32k.sys, cdd.dll)

Mensagem por Power Max em Seg 05 Maio 2014, 12:15

* Faça o download do Malwarebytes em um destes links abaixo:
[Você precisa estar registrado e conectado para ver este link.]
[Você precisa estar registrado e conectado para ver este link.]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

Tutorial do Malwarebytes Anti-Malware

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: BlueScreen (win32k.sys, cdd.dll)

Mensagem por extremee-br em Ter 06 Maio 2014, 00:01

Malwarebytes Anti-Malware
[Você precisa estar registrado e conectado para ver este link.]

Data de Verificação: 05/05/2014
Hora da Verificação: 23:56:51
Logfile: logMalwareBytes.txt
Administrador: Sim

Versão: 2.00.1.1004
Malware Database: v2014.05.05.10
Rootkit Database: v2014.03.27.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Chameleon: Desabilitado

OS: Windows 7
CPU: x64
Sistema de Arquivo: NTFS
Usuário: Micro

Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 609698
Tempo Decorrido: 7 hr, 40 min, 44 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 0
(No malicious items detected)

Valores de Registro: 0
(No malicious items detected)

Dados do Registro: 0
(No malicious items detected)

Pastas: 0
(No malicious items detected)

Arquivos: 12
PUP.Optional.Somoto.A, C:\Users\Micro\Local Settings\Application Data\Bundled software uninstaller\bi_client.exe, Quarantined, [8d41e568562549ed9e9329ec06fb758b],
Adware.Adpeak, C:\AdwCleaner\Quarantine\C\Program Files\003\xmkysecqun64.exe.vir, Quarantined, [9f2f4805dd9e2313904470bdaa5ad42c],
PUP.Optional.CrossRider, C:\AdwCleaner\Quarantine\C\Program Files (x86)\PutLockerDownloader\PutLockerDownloaderIE.exe.vir, Quarantined, [6965143992e973c3cec01c032bd6b848],
PUP.Optional.AdPeak.A, C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\SecureAssist.dll.vir, Quarantined, [f0dec588136874c2057283ba31cf6997],
PUP.Optional.AdPeak.A, C:\Temp\InstallFilter64.msi, Quarantined, [408e54f9502bc76fcfa898a5659b847c],
PUP.Optional.SupraSavings.A, C:\Temp\t.msi, Quarantined, [3d9196b7b8c31620ff87f23afc083fc1],
PUP.Optional.InstallIQ, D:\Usuários\Micro\Downloads\671-coretemp_1236.exe, Quarantined, [cd0174d94338f93d1eba0f084cb5e818],
PUP.Optional.OpenCandy, D:\Usuários\Micro\Downloads\PhotoScape_V3.6.5.exe, Quarantined, [d9f565e80378ba7c1c034e10867e44bc],
PUP.Optional.DealPly.A, F:\Users\Micro\AppData\Local\Temp\is701137889\dp.exe, Quarantined, [9539311c3a4156e09342352b14f0dc24],
PUP.Optional.Babylon.A, F:\Users\Micro\AppData\Local\Temp\is701137889\MyBabylonTB.exe, Quarantined, [587667e65b2038feaa1440de7a86d828],
PUP.Optional.Conduit.A, F:\Users\Micro\AppData\Roaming\BitTorrent\ism.exe, Quarantined, [626c0647710a82b4181edb44f907c739],
PUP.Optional.OpenCandy, F:\Users\Micro\Downloads\DaemonTools.exe, Quarantined, [626c54f999e271c5c55a9ac4f113e31d],

Physical Sectors: 0
(No malicious items detected)


(end)
avatar
extremee-br
Iniciante
Iniciante

Mensagens : 14
Reputação : 0
Data de inscrição : 02/05/2014

Voltar ao Topo Ir em baixo

Re: BlueScreen (win32k.sys, cdd.dll)

Mensagem por Power Max em Ter 06 Maio 2014, 00:25

Desative temporariamente seu antivírus para evitar conflitos.

 Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Você precisa estar registrado e conectado para ver este link.]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Ter 06 Maio 2014, 01:23, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: BlueScreen (win32k.sys, cdd.dll)

Mensagem por extremee-br em Ter 06 Maio 2014, 01:11


Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Micro on 06/05/2014 at 0:59:25,38.
Microsoft Windows 7 Ultimate 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Usuários\Micro\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

06/05/2014 00:59:57 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\WebSparkle deleted
C:\Users\Micro\AppData\Roaming\All CPU MeterV3_Settings.ini deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Micro\AppData\Local\cache deleted
C:\Users\Micro\Desktop\Hao123.lnk deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="D:\Arquivos de Programas (x86)\AVAST Software\Avast\WebRep\FF" [17/05/2013 00:50]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
faklkmlkcleeoibffcbligohmkciloif - C:\Program Files (x86)\PutLockerDownloader\PutLockerDownloader10.crx[]

Downloader - Micro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp
Google Wallet - Micro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{5381EDA7-76CF-4A25-9F6B-B47EC65DAEBF} Google Url="https://www.google.com/search?q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Micro\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Micro\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Micro\Desktop\OCCT.lnk - D:\Program Files (x86)\OCCTPT\OCCT.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Micro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\PowerDVD\Ajuda do PowerDVD.lnk - C:\Program Files (x86)\CyberLink\PowerDVD\Language\Ptg\PowerDVD.CHM
C:\Users\Micro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\PowerDVD\CyberLink PowerDVD.lnk - C:\Program Files (x86)\CyberLink\PowerDVD\PowerDVD.exe
C:\Users\Micro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\PowerDVD\Desinstalar o PowerDVD.lnk - C:\Windows\system32\RunDll32.exe C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
C:\Users\Micro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\PowerDVD\Leia-me.lnk - C:\Program Files (x86)\CyberLink\PowerDVD\Language\Ptg\Readme.htm

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CM STORM\Recon Software\Recon Firmware Updates.lnk - D:\Program Files (x86)\CM STORM\Recon Software\FirmwareUpdate\Recon_updater.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CM STORM\Recon Software\Recon Software.lnk - D:\Program Files (x86)\CM STORM\Recon Software\Recon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CM STORM\Recon Software\Uninstall Recon Software.lnk - C:\Windows\SysWOW64\msiexec.exe /x {52E335F8-0177-4999-8ABA-06F2A319F748}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\CPU-Z.lnk - D:\Program Files\CPUID\CPU-Z\cpuz.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Edit CPU-Z Config File.lnk - D:\Program Files\CPUID\CPU-Z\cpuz.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Uninstall CPU-Z.lnk - D:\Program Files\CPUID\CPU-Z\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire\ESL Wire.lnk - D:\Program Files\EslWire\wire.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire\Uninstall ESL Wire.lnk - D:\Program Files\EslWire\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - D:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - D:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue 3D Explosions for Vegas\Help.lnk - D:\Program Files (x86)\NewBlue\3D Explosions for Vegas\D3DExplosionsVegas.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue 3D Explosions for Vegas\Manage Activation.lnk - D:\Program Files (x86)\NewBlue\3D Explosions for Vegas\Activate3DExplosions.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue 3D Explosions for Vegas\Uninstall NewBlue 3D Explosions for Vegas.lnk - D:\Program Files (x86)\NewBlue\3D Explosions for Vegas\Uninstal.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue 3D Transformations for Vegas\Help.lnk - D:\Program Files (x86)\NewBlue\3D Transformations for Vegas\D3DTransformationsVegas.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue 3D Transformations for Vegas\Manage Activation.lnk - D:\Program Files (x86)\NewBlue\3D Transformations for Vegas\Activate3dTransformationsVegas.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue 3D Transformations for Vegas\Uninstall NewBlue 3D Transformations for Vegas.lnk - D:\Program Files (x86)\NewBlue\3D Transformations for Vegas\Uninstal.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue Art Blends 2.0 for Vegas\Manage Activation.lnk - D:\Program Files (x86)\NewBlue\Art Blends for Vegas\ActivateArtBlends.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue Art Blends 2.0 for Vegas\NewBlue Art Blends 2.0 for Vegas.lnk - D:\Program Files (x86)\NewBlue\Art Blends for Vegas\ArtBlendsVegas.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue Art Blends 2.0 for Vegas\Uninstall NewBlue Art Blends 2.0 for Vegas.lnk - D:\Program Files (x86)\NewBlue\Art Blends for Vegas\Uninstal.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue Art Effects 2.0 for Vegas\Manage Activation.lnk - D:\Program Files (x86)\NewBlue\Art Effects for Vegas\ActivateArtEffects.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue Art Effects 2.0 for Vegas\NewBlue Art Effects 2.0 for Vegas.lnk - D:\Program Files (x86)\NewBlue\Art Effects for Vegas\ArtEffectsVegas.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue Art Effects 2.0 for Vegas\Uninstall NewBlue Art Effects 2.0 for Vegas.lnk - D:\Program Files (x86)\NewBlue\Art Effects for Vegas\Uninstal.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue Film Effects for Vegas\Help.lnk - D:\Program Files (x86)\NewBlue\Film Effects for Vegas\FilmEffectsVegas.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue Film Effects for Vegas\Manage Activation.lnk - D:\Program Files (x86)\NewBlue\Film Effects for Vegas\ActivateFilmEffectsVegas.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue Film Effects for Vegas\Uninstall NewBlue Film Effects for Vegas.lnk - D:\Program Files (x86)\NewBlue\Film Effects for Vegas\Uninstal.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue Motion Blends 2.0 for Vegas\Manage Activation.lnk - D:\Program Files (x86)\NewBlue\Motion Blends for Vegas\ActivateMotionBlends.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue Motion Blends 2.0 for Vegas\NewBlue Motion Blends 2.0 for Vegas.lnk - D:\Program Files (x86)\NewBlue\Motion Blends for Vegas\MotionBlendsVegas.dll
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue Motion Blends 2.0 for Vegas\Uninstall NewBlue Motion Blends 2.0 for Vegas.lnk - D:\Program Files (x86)\NewBlue\Motion Blends for Vegas\Uninstal.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue Motion Blends for Windows\Manage Activation.lnk - D:\Program Files (x86)\NewBlue\Motion Blends for Windows\ManageActivation64.exe MotionBlends64.dll
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue Motion Blends for Windows\Sony Vegas.lnk - D:\Program Files (x86)\NewBlue\Motion Blends for Windows\Help\MotionBlendsVegas.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue Motion Blends for Windows\Uninstall for Sony Vegas.lnk - D:\Program Files (x86)\NewBlue\Motion Blends for Windows\UninstalVegas.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue Motion Effects 2.0 for Vegas\Manage Activation.lnk - D:\Program Files (x86)\NewBlue\Motion Effects for Vegas\ActivateMotionEffects.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue Motion Effects 2.0 for Vegas\NewBlue Motion Effects 2.0 for Vegas.lnk - D:\Program Files (x86)\NewBlue\Motion Effects for Vegas\MotionEffectsVegas.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue\NewBlue Motion Effects 2.0 for Vegas\Uninstall NewBlue Motion Effects 2.0 for Vegas.lnk - D:\Program Files (x86)\NewBlue\Motion Effects for Vegas\Uninstal.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer\Razer Synapse 2.0\Razer Synapse 2.0.lnk - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe -launch
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 12.0\Vegas Pro 12.0 (64-bit).lnk - D:\Program Files\Sony\Vegas Pro 12.0\vegas120.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 12.0\Vegas Pro 12.0 Readme.lnk - D:\Program Files\Sony\Vegas Pro 12.0\Readme\Vegas_readme.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 12.0\Video Capture 6.0 Readme.lnk - D:\Program Files\Sony\Vegas Pro 12.0\Readme\Videocapture_readme.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - D:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - D:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Micro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Micro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Micro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\Micro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Micro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Micro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\XSplit Broadcaster.lnk - D:\Program Files (x86)\SplitMediaLabs\XSplit\XSplit.Core.exe
C:\Users\Micro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\Micro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Steam.lnk - D:\Program Files (x86)\Steam\Steam.exe
C:\Users\Micro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Micro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TeamSpeak 3 Client.lnk - D:\Arquivos de Programas (x86)\TeamSpeak 3 Client\ts3client_win64.exe
C:\Users\Micro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Micro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\faklkmlkcleeoibffcbligohmkciloif deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Micro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Micro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Micro\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=157 folders=35 19667702 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Micro\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Micro\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Micro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on 06/05/2014 at 1:07:12,58 ======================
avatar
extremee-br
Iniciante
Iniciante

Mensagens : 14
Reputação : 0
Data de inscrição : 02/05/2014

Voltar ao Topo Ir em baixo

Re: BlueScreen (win32k.sys, cdd.dll)

Mensagem por Power Max em Ter 06 Maio 2014, 01:12

Baixe o programa Junkware Removal Tool no link abaixo:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: BlueScreen (win32k.sys, cdd.dll)

Mensagem por extremee-br em Ter 06 Maio 2014, 01:21

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Micro on 06/05/2014 at 1:15:55,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/05/2014 at 1:20:20,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Maldito baidu, minha namorada foi instalar o photoscap e veio essa coisa junto.
avatar
extremee-br
Iniciante
Iniciante

Mensagens : 14
Reputação : 0
Data de inscrição : 02/05/2014

Voltar ao Topo Ir em baixo

Re: BlueScreen (win32k.sys, cdd.dll)

Mensagem por Power Max em Ter 06 Maio 2014, 01:22

Abra novamente o ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Você precisa estar registrado e conectado para ver esta imagem.]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: BlueScreen (win32k.sys, cdd.dll)

Mensagem por extremee-br em Ter 06 Maio 2014, 01:26

~ Relatório do ZHPDiag v2014.5.5.55 - Nicolas Coolman (05/05/2014)
~ Iniciado por Micro (06/05/2014 01:25:43)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Fóruns de suporte gratuito para desinfecção : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v34.0.1847.131 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v8.0.1489.0
Malwarebytes Anti-Malware versão 2.0.1.1004
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.09

---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.2.1.28086 =>P2P.µTorrent

---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 21
Java 7 Update 45

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8139 MB (76% free)
System Restore: Activé (Enable)
System drive C: has 50 GB (42%) free of 119 GB

---\\ Modo de conexão ao sistema
~ Computer Name: GUILHERME-PC
~ User Name: Micro
~ All Users Names: Micro, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Micro\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Micro\AppData\Roaming\
~ %Desktop% : D:\Usuários\Micro\Área de Trabalho\
~ %Favorites% : C:\Users\Micro\Favorites\
~ %LocalAppData% : C:\Users\Micro\AppData\Local\
~ %StartMenu% : C:\Users\Micro\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 50 Go of 119 Go)
D: Hard drive, Flash drive, Thumb drive (Free 115 Go of 416 Go)
E: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 6 Go of 50 Go)
G: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 43 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.C235A51CB740E45FFA0EBFB9BAFCDA64] - (.Microsoft Corporation - Windows Explorer.) (.13/07/2009 - 22:39:10.) -- C:\Windows\Explorer.exe [2868224]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.A4F6142CABA82FB7293ECE5FF864B440] - (.Microsoft Corporation - Internet Extensions para Win32.) (.14/05/2013 - 11:55:01.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.132328DF455B0028F13BF0ABEE51A63A] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Winlogon.exe [389120]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.B9384E03479D2506BC924C16A3DB87BC] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 20:21:42.) -- C:\Windows\system32\Drivers\AFD.sys [500224]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.3F1DC527070ACB87E40AFE46EF6DA749] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 20:23:44.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 21:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.CFDCD8CA87C2A657DEBC150AC35B5E08] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/07/2009 - 20:24:00.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157184]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.356698A13C4630D5B31C37378D469196] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.13/07/2009 - 22:48:27.) -- C:\Windows\system32\Drivers\ntfs.sys [1659984]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 21:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/07/2009 - 21:18:02.) -- C:\Windows\system32\Drivers\rdpdr.sys [165376]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.58F82EED8CA24B461441F9C3E4F0BF5C] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:45:55.) -- C:\Windows\system32\Drivers\volsnap.sys [294992]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/2330
~ Mes Videos (My Videos) : 1/39
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/5220
~ Mon Bureau (My Desktop) : 1/994
~ Menu demarrer (Programs) : 1/51
~ Hidden Files: Scanned in 00mn 09s



---\\ Processos lançados
[MD5.DF2FCA0CC92944F85193967116326AEB] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840] [PID.2688]
[MD5.AB53A70C1B627DC3A64C21B0748F72D6] - (.Valve Corporation - Steam Client Bootstrapper.) -- D:\Program Files (x86)\Steam\Steam.exe [1825984] [PID.3240]
[MD5.6BA8D86746935498D64CB5CF6286F2EB] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.3564]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- D:\Arquivos de Programas (x86)\AVAST Software\Avast\AvastUI.exe [4858968] [PID.3648]
[MD5.07D60094203DD52E292B2095FFB2B898] - (.Razer Inc. - Razer Synapse.) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [444760] [PID.3664]
[MD5.72A7D54EB3626CFCBC8B550385CEF97A] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.5892]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032] [PID.2832]
[MD5.C77194C94AA796FD237FDDC3A0E420E5] - (.Nicolas Coolman - ZHPDiag.) -- D:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7871488] [PID.4220]
[MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- D:\Arquivos de Programas (x86)\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1560]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1948]
[MD5.166FC0B36842135BC2D3C32DF70ED0D6] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560] [PID.2152]
[MD5.27482C655F6FF3FB0C339F600F78EE15] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617352] [PID.2188]
[MD5.205E1B699FD3F2F9B036EEA2EC30C620] - (...) -- C:\Windows\system32\PnkBstrA.exe [76888] [PID.2292]
[MD5.BD517C7FB119997EFFBE39D5E4B37B05] - (.No owner - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [167936] [PID.2316]
[MD5.545462D0DBE24AF379BA869B7C185CCD] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.1544]
[MD5.05D708ED589BF5EE6402AEC873214061] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277784] [PID.2456]
[MD5.23031090B158FA3CECE899485BCBA96F] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [363800] [PID.3364]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Micro\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
~ IE Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- D:\Program Files (x86)\Steam\steam.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [IMSS] . (.Intel Corporation - PIcon startup utility.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- D:\Arquivos de Programas (x86)\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [Razer Synapse] . (.Razer Inc. - Razer Synapse.) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-622757554-1295329940-1793671186-1000\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- D:\Program Files (x86)\Steam\steam.exe
O4 - HKUS\S-1-5-21-622757554-1295329940-1793671186-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
~ Application: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F596C7F-4A00-4AD2-B069-2451943C1B44}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{B66FB662-5098-482B-9362-9196ECABAF90}: DhcpNameServer = 201.10.120.4 201.10.128.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{7F596C7F-4A00-4AD2-B069-2451943C1B44}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{B66FB662-5098-482B-9362-9196ECABAF90}: DhcpNameServer = 201.10.120.4 201.10.128.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{7F596C7F-4A00-4AD2-B069-2451943C1B44}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{B66FB662-5098-482B-9362-9196ECABAF90}: DhcpNameServer = 201.10.120.4 201.10.128.3
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Razer Surround Audio Service (RzMaelstromVADStreamingService) . (.A-Volute - Maelstrom VAD Streaming Service.) - C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
~ Services: 16 Legitimates Filtered in 00mn 03s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{29806BE5-2AF7-4654-AFB6-D4DA8CD9B7E9}] (...) -- D:\Usu rios\Micro\Downloads\jxpiinstall.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-622757554-1295329940-1793671186-1000Core [906]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-622757554-1295329940-1793671186-1000UA [928]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1062]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1066]
~ Scheduled Task: 15 Legitimates Filtered in 00mn 00s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys =>Adware.BDSearch
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys
~ Drivers: 81 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Banished - (.Shining Rock Software LLC.) [HKLM][64Bits] -- Steam App 242920
~ Logic: 25 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch
~ Key Software: 366 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/04/2014 - 22:55:10 - [] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 23/12/2013 - 23:44:25 - [] ----D C:\Program Files (x86)\Tribo Gamer
O43 - CFD: 14/04/2014 - 22:56:49 - [] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 05/12/2013 - 15:18:03 - [] ----D C:\Users\Micro\AppData\Roaming\Baidu Security =>Adware.BDSearch
~ Program Folder: 201 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0E80CECD02BC54CE10361F921FD08337] - 03/05/2014 - 15:10:23 ---A- . (. - EslWireACD.) -- C:\Windows\System32\Drivers\ESLWireACD.sys [184968]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 06/05/2014 - 00:59:11 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.041C63F13A38980AF8C02B5AD6653277] - 06/05/2014 - 01:07:12 ---A- . (...) -- C:\zoek-results.log [18734]
O44 - LFC:[MD5.54502B8AD109FC2BF82800ADFF229421] - 06/05/2014 - 01:13:06 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [145890]
O44 - LFC:[MD5.67FDAD20D397277670C9787F6F2CC883] - 06/05/2014 - 01:13:06 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [703104]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 06/05/2014 - 01:14:20 ---A- . (...) -- C:\Windows\System32\RzMaelstromVADAudioDeviceManager_log.txt [0]
~ Files: 20 Legitimates Filtered in 00mn 01s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{5b362f73-f3a4-11e2-b8a3-902b341ca520}\AutoRun\command. (...) -- H:\iLinker.exe (.not file.)
O51 - MPSK:{82bcac7a-bd12-11e2-939c-902b341ca520}\AutoRun\command. (...) -- G:\setup.exe (.not file.)
O51 - MPSK:{b48f1ec9-bbfb-11e2-b7f4-806e6f6e6963}\AutoRun\command. (...) -- D:\Run.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:09/05/2013 - 05:59:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65336] =>.ALWIL Software
O58 - SDL:27/06/2013 - 19:02:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:27/06/2013 - 19:02:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:27/06/2013 - 19:02:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [189936] =>.ALWIL Software
O58 - SDL:27/06/2013 - 19:02:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175] =>.ALWIL Software
O58 - SDL:12/08/2013 - 16:17:22 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [50496]
O58 - SDL:12/08/2013 - 16:17:22 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [32576] =>Adware.BDSearch
O58 - SDL:20/08/2013 - 03:10:52 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [106624]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:03/05/2014 - 15:10:23 ---A- . (. - EslWireACD.) -- C:\Windows\System32\Drivers\ESLWireACD.sys [184968]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:06/03/2014 - 06:37:30 ---A- . (.Windows (R) Win 7 DDK provider - Maelstrom VAD Audio driver.) -- C:\Windows\System32\Drivers\RzMaelstromVAD.sys [40696]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 74 Legitimates Filtered in 00mn 00s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 12/08/2013 - C:\Windows\system32\drivers\Bfilter.sys (Bfilter) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BFILTER
O64 - Services: CurCS - 12/08/2013 - C:\Windows\system32\drivers\Bfmon.sys (Bfmon) .(.Baidu, Inc. - Baidu FS Monitor Driver.) - LEGACY_BFMON =>Adware.BDSearch
O64 - Services: CurCS - 20/08/2013 - C:\Windows\system32\drivers\Bprotect.sys (Bprotect) .(.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - LEGACY_BPROTECT
~ Legacy: 94 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {5381EDA7-76CF-4A25-9F6B-B47EC65DAEBF} - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{95080536-1F63-40B2-B50D-2B21D7CC9E87}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- D:\Arquivos de programas (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{899D0052-2A1E-4552-AB02-8899D19A9F5B}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- D:\Arquivos de programas (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\PutLockerDownloader_RASAPI32 =>Spyware.PutLocker
HKLM\SOFTWARE\Microsoft\Tracing\PutLockerDownloader_RASMANCS =>Spyware.PutLocker
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biclient_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biclient_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\bi_client_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\bi_client_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PutLockerDownloader V3_RASAPI32 =>Spyware.PutLocker
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PutLockerDownloader V3_RASMANCS =>Spyware.PutLocker
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdaterV3_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdaterV3_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebSparkle_Setup_RASAPI32 =>Adware.WebSparkle
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebSparkle_Setup_RASMANCS =>Adware.WebSparkle
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebSparkle_w3_RASAPI32 =>Adware.WebSparkle
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebSparkle_w3_RASMANCS =>Adware.WebSparkle
~ BTK: 337 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 28/01/2014 520416 | (Futuremark SystemInfo Service) . (.Futuremark.) - C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe
SS - | Auto 23/07/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 23/07/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/04/2007 792112 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 08/05/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 06/06/2013 543656 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Disabled 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - D:\Arquivos de Programas (x86)\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 29/01/2014 663056 | (EslWireHelper) . (...) - D:\Program Files\EslWire\service\WireHelperSvc.exe
SR - | Auto 01/02/2012 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 08/12/2011 607456 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 16/12/2011 161560 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 16/12/2011 277784 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 02/04/2014 1617352 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 02/04/2014 20542408 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 08/02/2014 923936 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 26/12/2013 76888 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 08/08/2005 167936 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
SR - | Auto 06/03/2014 4249088 | (RzMaelstromVADStreamingService) . (.A-Volute.) - C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
SR - | Auto 16/12/2011 363800 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
~ Services: Scanned in 00mn 03s



---\\ Scâner Aditional (088)
Database Version : 13045 - (05/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 4

C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\Micro\AppData\Roaming\Baidu Security =>Adware.BDSearch^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch^
~ Additionnel Scan: 203554 Items scanned in 00mn 11s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>Adware.BDSearch
[Você precisa estar registrado e conectado para ver este link.] =>Spyware.PutLocker
[Você precisa estar registrado e conectado para ver este link.] =>Adware.MegaSearch
[Você precisa estar registrado e conectado para ver este link.] =>PUP.Wajam
[Você precisa estar registrado e conectado para ver este link.] =>Adware.WebSparkle
~ MSI: 5 link(s) detected in 00mn 00s



~ 891 Legitimates filtered by white list
End of the scan (447 lines in 00mn 40s)(0)
avatar
extremee-br
Iniciante
Iniciante

Mensagens : 14
Reputação : 0
Data de inscrição : 02/05/2014

Voltar ao Topo Ir em baixo

Re: BlueScreen (win32k.sys, cdd.dll)

Mensagem por Power Max em Ter 06 Maio 2014, 01:39

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.


Última edição por Power Max em Ter 06 Maio 2014, 16:52, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: BlueScreen (win32k.sys, cdd.dll)

Mensagem por extremee-br em Ter 06 Maio 2014, 01:42

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Micro at 06/05/2014 01:41:57
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit (Build 7600)

Reciclagem vazia (00mn 13s)
Reparação de atalhos do navegador

========== Estado dos serviços ==========
BFILTER Parado
BFMON Parado
BPROTECT Parado

========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
ELIMINÉ CLSID MPSK: {5b362f73-f3a4-11e2-b8a3-902b341ca520}
ELIMINÉ CLSID MPSK: {82bcac7a-bd12-11e2-939c-902b341ca520}
ELIMINÉ CLSID MPSK: {b48f1ec9-bbfb-11e2-b7f4-806e6f6e6963}
ELIMINÉ: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
ELIMINÉ: SearchScopes :{5381EDA7-76CF-4A25-9F6B-B47EC65DAEBF}
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\PutLockerDownloader_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\PutLockerDownloader_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biclient_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biclient_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\bi_client_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\bi_client_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PutLockerDownloader V3_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PutLockerDownloader V3_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdaterV3_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdaterV3_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebSparkle_Setup_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebSparkle_Setup_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebSparkle_w3_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebSparkle_w3_RASMANCS

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (115) (1.790.942 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {29806BE5-2AF7-4654-AFB6-D4DA8CD9B7E9}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
25 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
5 : Ficheiros
3 : Estado dos serviços
1 : Tarefa planificada
1 : Restauração Sistema


End of clean in 00mn 20s

========== Caminho do ficheiro do relatório ==========
C:\Users\Micro\AppData\Roaming\ZHP\ZHPFix[R1].txt - 06/05/2014 01:42:11 [3103]
avatar
extremee-br
Iniciante
Iniciante

Mensagens : 14
Reputação : 0
Data de inscrição : 02/05/2014

Voltar ao Topo Ir em baixo

Re: BlueScreen (win32k.sys, cdd.dll)

Mensagem por Power Max em Ter 06 Maio 2014, 01:46

 Reinicie o computador para completar a remoção dos problemas. Depois disto abra novamente o ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Você precisa estar registrado e conectado para ver esta imagem.]
_______________________________________________________________

Faça também o seguinte:

Baixe o Farbar Recovery Scan Tool e salve-o no Desktop (Área de Trabalho)

Obs: Ao acessar o link acima, clique no botão Download Now 64-Bit Version

Execute o Farbar seguindo as dicas deste tutorial:

Analise importantes áreas do Windows com Farbar Recovery Scan Tool (versão 64 bits)

*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt

Poste estes dois relatórios em sua próxima resposta. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).

OBS: E aí como já está bem tarde, amanhã analiso os logs e te passo os scripts para remover os problemas encontrados.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: BlueScreen (win32k.sys, cdd.dll)

Mensagem por extremee-br em Ter 06 Maio 2014, 01:52

Ok fera, eu tambem já estou dormindo aqui rsrs (fazer duas respostas)
________________________________________________________

~ Relatório do ZHPDiag v2014.5.5.55 - Nicolas Coolman (05/05/2014)
~ Iniciado por Micro (06/05/2014 01:48:12)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Fóruns de suporte gratuito para desinfecção : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v34.0.1847.131 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v8.0.1489.0
Malwarebytes Anti-Malware versão 2.0.1.1004
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.09

---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.2.1.28086 =>P2P.µTorrent

---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 21
Java 7 Update 45

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8139 MB (79% free)
System Restore: Activé (Enable)
System drive C: has 50 GB (42%) free of 119 GB

---\\ Modo de conexão ao sistema
~ Computer Name: GUILHERME-PC
~ User Name: Micro
~ All Users Names: Micro, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Micro\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Micro\AppData\Roaming\
~ %Desktop% : D:\Usuários\Micro\Área de Trabalho\
~ %Favorites% : C:\Users\Micro\Favorites\
~ %LocalAppData% : C:\Users\Micro\AppData\Local\
~ %StartMenu% : C:\Users\Micro\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 50 Go of 119 Go)
D: Hard drive, Flash drive, Thumb drive (Free 115 Go of 416 Go)
E: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 6 Go of 50 Go)
G: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 43 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.C235A51CB740E45FFA0EBFB9BAFCDA64] - (.Microsoft Corporation - Windows Explorer.) (.13/07/2009 - 22:39:10.) -- C:\Windows\Explorer.exe [2868224]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.A4F6142CABA82FB7293ECE5FF864B440] - (.Microsoft Corporation - Internet Extensions para Win32.) (.14/05/2013 - 11:55:01.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.132328DF455B0028F13BF0ABEE51A63A] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Winlogon.exe [389120]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.B9384E03479D2506BC924C16A3DB87BC] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 20:21:42.) -- C:\Windows\system32\Drivers\AFD.sys [500224]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.3F1DC527070ACB87E40AFE46EF6DA749] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 20:23:44.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 21:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.CFDCD8CA87C2A657DEBC150AC35B5E08] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/07/2009 - 20:24:00.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157184]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.356698A13C4630D5B31C37378D469196] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.13/07/2009 - 22:48:27.) -- C:\Windows\system32\Drivers\ntfs.sys [1659984]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 21:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/07/2009 - 21:18:02.) -- C:\Windows\system32\Drivers\rdpdr.sys [165376]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.58F82EED8CA24B461441F9C3E4F0BF5C] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:45:55.) -- C:\Windows\system32\Drivers\volsnap.sys [294992]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/2330
~ Mes Videos (My Videos) : 1/39
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/5220
~ Mon Bureau (My Desktop) : 1/995
~ Menu demarrer (Programs) : 1/51
~ Hidden Files: Scanned in 00mn 23s



---\\ Processos lançados
[MD5.DF2FCA0CC92944F85193967116326AEB] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840] [PID.1936]
[MD5.AB53A70C1B627DC3A64C21B0748F72D6] - (.Valve Corporation - Steam Client Bootstrapper.) -- D:\Program Files (x86)\Steam\Steam.exe [1825984] [PID.1344]
[MD5.380371967911670B1C11EC09639602C2] - (.Intel Corporation - PIcon startup utility.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400] [PID.2076]
[MD5.6BA8D86746935498D64CB5CF6286F2EB] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.2108]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- D:\Arquivos de Programas (x86)\AVAST Software\Avast\AvastUI.exe [4858968] [PID.2132]
[MD5.07D60094203DD52E292B2095FFB2B898] - (.Razer Inc. - Razer Synapse.) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [444760] [PID.2148]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032] [PID.5080]
[MD5.C77194C94AA796FD237FDDC3A0E420E5] - (.Nicolas Coolman - ZHPDiag.) -- D:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7871488] [PID.3928]
[MD5.72A7D54EB3626CFCBC8B550385CEF97A] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.4804]
[MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- D:\Arquivos de Programas (x86)\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1628]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.2452]
[MD5.166FC0B36842135BC2D3C32DF70ED0D6] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560] [PID.2700]
[MD5.27482C655F6FF3FB0C339F600F78EE15] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617352] [PID.2740]
[MD5.205E1B699FD3F2F9B036EEA2EC30C620] - (...) -- C:\Windows\system32\PnkBstrA.exe [76888] [PID.2852]
[MD5.BD517C7FB119997EFFBE39D5E4B37B05] - (.No owner - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [167936] [PID.2888]
[MD5.7C15061CD0372487903B07B9BB03AFAD] - (.Skype Technologies - Skype Updater Service.) -- C:\Program Files (x86)\Skype\Updater\Updater.exe [161384] [PID.2968]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Micro\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
~ IE Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- D:\Program Files (x86)\Steam\steam.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [IMSS] . (.Intel Corporation - PIcon startup utility.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- D:\Arquivos de Programas (x86)\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [Razer Synapse] . (.Razer Inc. - Razer Synapse.) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-622757554-1295329940-1793671186-1000\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- D:\Program Files (x86)\Steam\steam.exe
O4 - HKUS\S-1-5-21-622757554-1295329940-1793671186-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
~ Application: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F596C7F-4A00-4AD2-B069-2451943C1B44}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{B66FB662-5098-482B-9362-9196ECABAF90}: DhcpNameServer = 201.10.120.4 201.10.128.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{7F596C7F-4A00-4AD2-B069-2451943C1B44}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{B66FB662-5098-482B-9362-9196ECABAF90}: DhcpNameServer = 201.10.120.4 201.10.128.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{7F596C7F-4A00-4AD2-B069-2451943C1B44}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{B66FB662-5098-482B-9362-9196ECABAF90}: DhcpNameServer = 201.10.120.4 201.10.128.3
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Razer Surround Audio Service (RzMaelstromVADStreamingService) . (.A-Volute - Maelstrom VAD Streaming Service.) - C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
~ Services: 16 Legitimates Filtered in 00mn 02s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-622757554-1295329940-1793671186-1000Core [906]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-622757554-1295329940-1793671186-1000UA [928]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1062]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1066]
~ Scheduled Task: 14 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Banished - (.Shining Rock Software LLC.) [HKLM][64Bits] -- Steam App 242920
~ Logic: 25 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 23/12/2013 - 23:44:25 - [] ----D C:\Program Files (x86)\Tribo Gamer
~ Program Folder: 198 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0E80CECD02BC54CE10361F921FD08337] - 03/05/2014 - 15:10:23 ---A- . (. - EslWireACD.) -- C:\Windows\System32\Drivers\ESLWireACD.sys [184968]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 06/05/2014 - 00:59:11 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.041C63F13A38980AF8C02B5AD6653277] - 06/05/2014 - 01:07:12 ---A- . (...) -- C:\zoek-results.log [18734]
O44 - LFC:[MD5.54502B8AD109FC2BF82800ADFF229421] - 06/05/2014 - 01:13:06 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [145890]
O44 - LFC:[MD5.67FDAD20D397277670C9787F6F2CC883] - 06/05/2014 - 01:13:06 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [703104]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 06/05/2014 - 01:48:17 ---A- . (...) -- C:\Windows\System32\RzMaelstromVADAudioDeviceManager_log.txt [0]
~ Files: 20 Legitimates Filtered in 00mn 01s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:09/05/2013 - 05:59:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65336] =>.ALWIL Software
O58 - SDL:27/06/2013 - 19:02:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:27/06/2013 - 19:02:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:27/06/2013 - 19:02:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [189936] =>.ALWIL Software
O58 - SDL:27/06/2013 - 19:02:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175] =>.ALWIL Software
O58 - SDL:12/08/2013 - 16:17:22 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [50496]
O58 - SDL:12/08/2013 - 16:17:22 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [32576] =>Adware.BDSearch
O58 - SDL:20/08/2013 - 03:10:52 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [106624]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:03/05/2014 - 15:10:23 ---A- . (. - EslWireACD.) -- C:\Windows\System32\Drivers\ESLWireACD.sys [184968]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:06/03/2014 - 06:37:30 ---A- . (.Windows (R) Win 7 DDK provider - Maelstrom VAD Audio driver.) -- C:\Windows\System32\Drivers\RzMaelstromVAD.sys [40696]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 74 Legitimates Filtered in 00mn 00s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{95080536-1F63-40B2-B50D-2B21D7CC9E87}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- D:\Arquivos de programas (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{899D0052-2A1E-4552-AB02-8899D19A9F5B}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- D:\Arquivos de programas (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 323 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 28/01/2014 520416 | (Futuremark SystemInfo Service) . (.Futuremark.) - C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe
SS - | Auto 23/07/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 23/07/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 01/02/2012 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SS - | Auto 16/12/2011 277784 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Demand 13/04/2007 792112 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 08/05/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Demand 06/06/2013 543656 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Auto 16/12/2011 363800 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Disabled 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - D:\Arquivos de Programas (x86)\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 29/01/2014 663056 | (EslWireHelper) . (...) - D:\Program Files\EslWire\service\WireHelperSvc.exe
SR - | Auto 08/12/2011 607456 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 16/12/2011 161560 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 02/04/2014 1617352 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 02/04/2014 20542408 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 08/02/2014 923936 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 26/12/2013 76888 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 08/08/2005 167936 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
SR - | Auto 06/03/2014 4249088 | (RzMaelstromVADStreamingService) . (.A-Volute.) - C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
SR - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
~ Services: Scanned in 00mn 03s



---\\ Scâner Aditional (088)
Database Version : 13045 - (05/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 203445 Items scanned in 00mn 12s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>Adware.BDSearch
~ MSI: 1 link(s) detected in 00mn 00s



~ 874 Legitimates filtered by white list
End of the scan (382 lines in 00mn 55s)(0)
avatar
extremee-br
Iniciante
Iniciante

Mensagens : 14
Reputação : 0
Data de inscrição : 02/05/2014

Voltar ao Topo Ir em baixo

Re: BlueScreen (win32k.sys, cdd.dll)

Mensagem por extremee-br em Ter 06 Maio 2014, 01:53

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2014
Ran by Micro (administrator) on GUILHERME-PC on 06-05-2014 01:51:42
Running from D:\Usuários\Micro\Área de Trabalho
Windows 7 Ultimate (X64) OS Language: Portuguese Brazilian
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: [Você precisa estar registrado e conectado para ver este link.]
Download link for 64-Bit Version: [Você precisa estar registrado e conectado para ver este link.]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Você precisa estar registrado e conectado para ver este link.]

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) D:\Arquivos de Programas (x86)\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) D:\Arquivos de Programas (x86)\AVAST Software\Avast\AvastUI.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() D:\Program Files\EslWire\service\WireHelperSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nicolas Coolman) D:\Program Files (x86)\ZHPDiag\ZHPDiag.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-16] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2011-12-16] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [avast] => D:\Arquivos de Programas (x86)\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [444760 2014-03-07] (Razer Inc.)
HKU\S-1-5-21-622757554-1295329940-1793671186-1000\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [1825984 2014-04-23] (Valve Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Você precisa estar registrado e conectado para ver este link.]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1CF9927C68ECCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Você precisa estar registrado e conectado para ver este link.]
SearchScopes: HKCU - Web URL = [Você precisa estar registrado e conectado para ver este link.]
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Você precisa estar registrado e conectado para ver este link.]
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Arquivos de Programas (x86)\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Arquivos de Programas (x86)\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{7F596C7F-4A00-4AD2-B069-2451943C1B44}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - D:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2571 - C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1739 - C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Micro\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Arquivos de Programas (x86)\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - D:\Arquivos de Programas (x86)\AVAST Software\Avast\WebRep\FF [2013-05-15]

Chrome:
=======
CHR DefaultSearchKeyword: google.com.br
CHR Extension: (Google Docs) - C:\Users\Micro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-06]
CHR Extension: (Google Drive) - C:\Users\Micro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-06]
CHR Extension: (YouTube) - C:\Users\Micro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-06]
CHR Extension: (Pesquisa do Google) - C:\Users\Micro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-06]
CHR Extension: (Google Wallet) - C:\Users\Micro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Micro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-06]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; D:\Arquivos de Programas (x86)\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 EslWireHelper; D:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2014-01-29] ()
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-01-28] (Futuremark)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-05-08] (Nero AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617352 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20542408 2014-04-02] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-12-26] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-12-25] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] ()
R2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4249088 2014-03-06] (A-Volute)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-28] (Disc Soft Ltd)
R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [184968 2014-05-03] ()
R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2014-04-08] (Nicomsoft Ltd.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2011-04-08] (Realtek Semiconductor Corporation )
R3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [40696 2014-03-06] (Windows (R) Win 7 DDK provider)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\PCFApiUtil64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-06 01:51 - 2014-05-06 01:51 - 00000000 ____D () C:\FRST
2014-05-06 01:15 - 2014-05-06 01:15 - 00000000 ____D () C:\Windows\ERUNT
2014-05-06 01:06 - 2014-05-06 01:06 - 00001096 _____ () C:\Windows\WindowsUpdate.log
2014-05-06 01:05 - 2014-05-06 00:59 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-06 00:59 - 2014-05-06 01:07 - 00018734 _____ () C:\zoek-results.log
2014-05-06 00:58 - 2014-05-06 01:04 - 00000000 ____D () C:\zoek_backup
2014-05-05 16:13 - 2014-05-06 00:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-05 16:13 - 2014-05-05 16:13 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2014-05-05 16:13 - 2014-05-05 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-05 16:13 - 2014-05-05 16:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-05 16:13 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-05 16:13 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-05 16:13 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-05 11:55 - 2014-05-06 01:47 - 00005330 _____ () C:\Windows\PFRO.log
2014-05-05 11:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-05 11:51 - 2014-05-05 11:55 - 00000000 ____D () C:\AdwCleaner
2014-05-05 11:45 - 2014-05-05 11:45 - 00292832 _____ () C:\Windows\Minidump\050514-22573-01.dmp
2014-05-03 15:10 - 2014-05-03 15:10 - 00184968 _____ () C:\Windows\system32\Drivers\ESLWireACD.sys
2014-05-02 23:49 - 2014-05-02 23:49 - 00292832 _____ () C:\Windows\Minidump\050214-24133-01.dmp
2014-05-02 20:22 - 2014-05-06 01:48 - 00000000 ____D () C:\Users\Micro\AppData\Roaming\ZHP
2014-05-02 20:22 - 2014-05-06 01:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-05-02 12:18 - 2014-05-02 12:18 - 00000000 ____D () C:\Windows\System32\Tasks\Tarefas de Visualizador de Eventos
2014-05-02 01:24 - 2014-05-02 01:24 - 00292832 _____ () C:\Windows\Minidump\050214-23774-01.dmp
2014-05-01 20:38 - 2014-05-01 20:38 - 00292832 _____ () C:\Windows\Minidump\050114-23914-01.dmp
2014-05-01 01:26 - 2014-05-01 01:26 - 00292832 _____ () C:\Windows\Minidump\050114-23758-01.dmp
2014-04-29 23:34 - 2014-05-03 16:03 - 00000000 ____D () C:\Users\Micro\AppData\Local\ESL Wire Game Client
2014-04-29 23:34 - 2014-04-29 23:34 - 00000000 ____D () C:\Users\Todos os Usuários\ESL Wire
2014-04-29 23:34 - 2014-04-29 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire
2014-04-29 23:34 - 2014-04-29 23:34 - 00000000 ____D () C:\ProgramData\ESL Wire
2014-04-29 12:44 - 2014-05-05 11:44 - 621715574 ____N () C:\Windows\MEMORY.DMP
2014-04-29 12:44 - 2014-04-29 12:44 - 00292832 _____ () C:\Windows\Minidump\042914-24226-01.dmp
2014-04-29 00:30 - 2014-04-29 00:30 - 00000000 ____D () C:\Users\Todos os Usuários\RzMaelstromVAD_1.1.52.1675
2014-04-29 00:30 - 2014-04-29 00:30 - 00000000 ____D () C:\ProgramData\RzMaelstromVAD_1.1.52.1675
2014-04-29 00:28 - 2014-04-29 00:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-04-29 00:28 - 2014-04-29 00:28 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-04-29 00:26 - 2014-04-29 00:26 - 00000000 ____D () C:\Users\Todos os Usuários\Razer
2014-04-29 00:26 - 2014-04-29 00:26 - 00000000 ____D () C:\Users\Micro\AppData\Local\Razer
2014-04-29 00:26 - 2014-04-29 00:26 - 00000000 ____D () C:\ProgramData\Razer
2014-04-28 11:16 - 2014-05-06 01:47 - 00010015 _____ () C:\Windows\setupact.log
2014-04-28 11:16 - 2014-04-28 11:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-26 14:24 - 2014-04-26 14:24 - 00000014 _____ () C:\Users\Micro\padre.txt
2014-04-24 02:24 - 2014-04-24 02:24 - 00000000 ____D () C:\Users\Todos os Usuários\eSellerate
2014-04-24 02:24 - 2014-04-24 02:24 - 00000000 ____D () C:\ProgramData\eSellerate
2014-04-24 02:02 - 2014-04-24 02:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue
2014-04-23 12:31 - 2014-04-23 12:32 - 00000171 _____ () C:\Users\Micro\faturaOiCasa23.04.14.txt
2014-04-21 14:11 - 2014-04-21 14:11 - 00000000 ____D () C:\Users\Micro\AppData\Roaming\Publish Providers
2014-04-21 14:02 - 2014-04-21 14:07 - 00000000 ____D () C:\Users\Micro\AppData\Local\Sony
2014-04-21 14:02 - 2014-04-21 14:02 - 00000000 ____D () C:\Users\Todos os Usuários\Sony
2014-04-21 14:02 - 2014-04-21 14:02 - 00000000 ____D () C:\ProgramData\Sony
2014-04-21 14:02 - 2014-04-21 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-04-21 14:02 - 2014-04-21 14:02 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-04-21 13:53 - 2014-04-28 01:36 - 00000000 ____D () C:\Users\Micro\AppData\Roaming\Sony
2014-04-20 02:30 - 2014-04-20 02:30 - 00000030 _____ () C:\Users\Micro\srsrs.txt
2014-04-15 09:53 - 2014-04-15 09:53 - 00000812 _____ () C:\Windows\system32\aniversario greyce. chero coloca essa foto na pagina do grupo meia noite e coloca a mesma frase q eu coloco nos outros so q ali em cima... dai vc marca as pessoas do grupo c o seu face mesmo, olha pel.lnk
2014-04-14 22:56 - 2014-04-14 23:08 - 00000000 ____D () C:\Users\Micro\AppData\Roaming\PhotoScape
2014-04-14 22:56 - 2014-04-14 22:56 - 00000000 ____D () C:\Users\Todos os Usuários\Log
2014-04-14 22:56 - 2014-04-14 22:56 - 00000000 ____D () C:\ProgramData\Log
2014-04-11 11:43 - 2014-04-11 11:43 - 00000000 ____D () C:\Users\Micro\AppData\Local\Downloaded Installations
2014-04-11 11:43 - 2014-04-11 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CM STORM
2014-04-09 20:02 - 2014-04-09 21:50 - 00000000 ____D () C:\Users\Micro\AppData\Roaming\NVIDIA
2014-04-09 19:22 - 2014-04-09 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-04-08 12:29 - 2014-04-08 12:30 - 00000000 ____D () C:\Users\Micro\AppData\Local\NVIDIA Corporation
2014-04-08 12:29 - 2014-04-08 12:30 - 00000000 ____D () C:\Users\Micro\AppData\Local\NVIDIA
2014-04-08 12:29 - 2014-04-02 10:28 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-04-08 12:29 - 2014-04-02 10:28 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-04-08 12:29 - 2014-03-21 16:43 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-04-08 12:29 - 2014-03-21 16:43 - 00037320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-04-08 12:29 - 2014-03-21 16:43 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-04-08 11:34 - 2014-04-08 11:34 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-04-08 11:33 - 2014-04-09 15:54 - 00000000 ____D () C:\Users\Todos os Usuários\NVIDIA
2014-04-08 11:33 - 2014-04-09 15:54 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-08 11:33 - 2014-04-09 15:53 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-08 11:33 - 2014-04-08 12:30 - 00000000 ____D () C:\Users\Todos os Usuários\NVIDIA Corporation
2014-04-08 11:33 - 2014-04-08 12:30 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-08 11:33 - 2014-02-08 15:34 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-04-08 11:33 - 2014-02-08 15:34 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-04-08 11:33 - 2014-02-08 14:42 - 06712608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-04-08 11:33 - 2014-02-08 14:42 - 03498272 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-04-08 11:33 - 2014-02-08 14:42 - 00923936 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-04-08 11:33 - 2014-02-08 14:42 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-04-08 11:33 - 2014-02-08 14:42 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 31432480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 18257576 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 17715784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 15740232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 14669032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-04-08 11:32 - 2014-02-08 15:34 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 03090184 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 02713728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 00947296 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 00875296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 00832424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 00483104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 00408352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 00378656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 00148528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-04-08 11:32 - 2014-02-08 15:34 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-04-08 11:32 - 2013-11-28 10:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-04-08 11:32 - 2013-11-28 10:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-04-08 11:20 - 2014-04-08 11:20 - 00000000 ____D () C:\Users\Micro\AppData\Local\WindowsApplication1

==================== One Month Modified Files and Folders =======

2014-05-06 01:51 - 2014-05-06 01:51 - 00000000 ____D () C:\FRST
2014-05-06 01:48 - 2014-05-02 20:22 - 00000000 ____D () C:\Users\Micro\AppData\Roaming\ZHP
2014-05-06 01:47 - 2014-05-05 11:55 - 00005330 _____ () C:\Windows\PFRO.log
2014-05-06 01:47 - 2014-04-28 11:16 - 00010015 _____ () C:\Windows\setupact.log
2014-05-06 01:47 - 2013-07-23 12:16 - 00001062 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-06 01:47 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-06 01:30 - 2009-07-14 01:45 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-06 01:30 - 2009-07-14 01:45 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-06 01:25 - 2014-05-02 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-05-06 01:15 - 2014-05-06 01:15 - 00000000 ____D () C:\Windows\ERUNT
2014-05-06 01:13 - 2009-07-14 14:55 - 00703104 _____ () C:\Windows\system32\prfh0416.dat
2014-05-06 01:13 - 2009-07-14 14:55 - 00145890 _____ () C:\Windows\system32\prfc0416.dat
2014-05-06 01:13 - 2009-07-14 02:13 - 01627136 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-06 01:07 - 2014-05-06 00:59 - 00018734 _____ () C:\zoek-results.log
2014-05-06 01:06 - 2014-05-06 01:06 - 00001096 _____ () C:\Windows\WindowsUpdate.log
2014-05-06 01:06 - 2013-05-19 13:07 - 00000000 ____D () C:\Users\Micro\AppData\Roaming\TS3Client
2014-05-06 01:04 - 2014-05-06 00:58 - 00000000 ____D () C:\zoek_backup
2014-05-06 00:59 - 2014-05-06 01:05 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-06 00:47 - 2013-07-23 12:16 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-06 00:04 - 2013-05-18 11:49 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-05-06 00:03 - 2013-05-16 14:32 - 00000000 ____D () C:\Users\Todos os Usuários\Origin
2014-05-06 00:03 - 2013-05-16 14:32 - 00000000 ____D () C:\ProgramData\Origin
2014-05-06 00:00 - 2014-05-05 16:13 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-05 23:57 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\Registration
2014-05-05 16:13 - 2014-05-05 16:13 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2014-05-05 16:13 - 2014-05-05 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-05 16:13 - 2014-05-05 16:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-05 12:15 - 2013-05-18 11:49 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-05-05 11:55 - 2014-05-05 11:51 - 00000000 ____D () C:\AdwCleaner
2014-05-05 11:54 - 2013-05-13 15:42 - 00000000 ____D () C:\Users\Micro
2014-05-05 11:45 - 2014-05-05 11:45 - 00292832 _____ () C:\Windows\Minidump\050514-22573-01.dmp
2014-05-05 11:45 - 2014-01-19 23:48 - 00000000 ____D () C:\Windows\Minidump
2014-05-05 11:44 - 2014-04-29 12:44 - 621715574 ____N () C:\Windows\MEMORY.DMP
2014-05-04 11:58 - 2013-05-15 19:12 - 00004210 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-03 16:03 - 2014-04-29 23:34 - 00000000 ____D () C:\Users\Micro\AppData\Local\ESL Wire Game Client
2014-05-03 15:10 - 2014-05-03 15:10 - 00184968 _____ () C:\Windows\system32\Drivers\ESLWireACD.sys
2014-05-02 23:49 - 2014-05-02 23:49 - 00292832 _____ () C:\Windows\Minidump\050214-24133-01.dmp
2014-05-02 12:18 - 2014-05-02 12:18 - 00000000 ____D () C:\Windows\System32\Tasks\Tarefas de Visualizador de Eventos
2014-05-02 01:24 - 2014-05-02 01:24 - 00292832 _____ () C:\Windows\Minidump\050214-23774-01.dmp
2014-05-01 20:38 - 2014-05-01 20:38 - 00292832 _____ () C:\Windows\Minidump\050114-23914-01.dmp
2014-05-01 13:42 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-01 13:40 - 2009-07-14 02:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-01 01:26 - 2014-05-01 01:26 - 00292832 _____ () C:\Windows\Minidump\050114-23758-01.dmp
2014-04-29 23:34 - 2014-04-29 23:34 - 00000000 ____D () C:\Users\Todos os Usuários\ESL Wire
2014-04-29 23:34 - 2014-04-29 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire
2014-04-29 23:34 - 2014-04-29 23:34 - 00000000 ____D () C:\ProgramData\ESL Wire
2014-04-29 12:44 - 2014-04-29 12:44 - 00292832 _____ () C:\Windows\Minidump\042914-24226-01.dmp
2014-04-29 11:32 - 2013-06-12 11:38 - 00000000 ____D () C:\Users\Micro\AppData\Local\Eclipse
2014-04-29 11:24 - 2013-05-14 09:03 - 00119416 _____ () C:\Users\Micro\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-29 11:24 - 2009-07-14 01:45 - 00480744 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-29 00:30 - 2014-04-29 00:30 - 00000000 ____D () C:\Users\Todos os Usuários\RzMaelstromVAD_1.1.52.1675
2014-04-29 00:30 - 2014-04-29 00:30 - 00000000 ____D () C:\ProgramData\RzMaelstromVAD_1.1.52.1675
2014-04-29 00:28 - 2014-04-29 00:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-04-29 00:28 - 2014-04-29 00:28 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-04-29 00:26 - 2014-04-29 00:26 - 00000000 ____D () C:\Users\Todos os Usuários\Razer
2014-04-29 00:26 - 2014-04-29 00:26 - 00000000 ____D () C:\Users\Micro\AppData\Local\Razer
2014-04-29 00:26 - 2014-04-29 00:26 - 00000000 ____D () C:\ProgramData\Razer
2014-04-28 11:16 - 2014-04-28 11:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-28 01:36 - 2014-04-21 13:53 - 00000000 ____D () C:\Users\Micro\AppData\Roaming\Sony
2014-04-28 01:36 - 2013-05-17 00:53 - 00000000 ____D () C:\Users\Micro\AppData\Roaming\uTorrent
2014-04-26 14:24 - 2014-04-26 14:24 - 00000014 _____ () C:\Users\Micro\padre.txt
2014-04-24 02:51 - 2014-04-24 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue
2014-04-24 02:24 - 2014-04-24 02:24 - 00000000 ____D () C:\Users\Todos os Usuários\eSellerate
2014-04-24 02:24 - 2014-04-24 02:24 - 00000000 ____D () C:\ProgramData\eSellerate
2014-04-23 12:32 - 2014-04-23 12:31 - 00000171 _____ () C:\Users\Micro\faturaOiCasa23.04.14.txt
2014-04-21 14:11 - 2014-04-21 14:11 - 00000000 ____D () C:\Users\Micro\AppData\Roaming\Publish Providers
2014-04-21 14:07 - 2014-04-21 14:02 - 00000000 ____D () C:\Users\Micro\AppData\Local\Sony
2014-04-21 14:02 - 2014-04-21 14:02 - 00000000 ____D () C:\Users\Todos os Usuários\Sony
2014-04-21 14:02 - 2014-04-21 14:02 - 00000000 ____D () C:\ProgramData\Sony
2014-04-21 14:02 - 2014-04-21 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-04-21 14:02 - 2014-04-21 14:02 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-04-20 02:30 - 2014-04-20 02:30 - 00000030 _____ () C:\Users\Micro\srsrs.txt
2014-04-15 14:05 - 2013-06-16 16:19 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-622757554-1295329940-1793671186-1000UA.job
2014-04-15 14:05 - 2013-06-16 16:19 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-622757554-1295329940-1793671186-1000Core.job
2014-04-15 11:22 - 2013-06-16 16:19 - 00003916 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-622757554-1295329940-1793671186-1000UA
2014-04-15 11:22 - 2013-06-16 16:19 - 00003548 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-622757554-1295329940-1793671186-1000Core
2014-04-15 10:56 - 2013-05-14 11:44 - 00000000 ____D () C:\Users\Micro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-04-15 09:53 - 2014-04-15 09:53 - 00000812 _____ () C:\Windows\system32\aniversario greyce. chero coloca essa foto na pagina do grupo meia noite e coloca a mesma frase q eu coloco nos outros so q ali em cima... dai vc marca as pessoas do grupo c o seu face mesmo, olha pel.lnk
2014-04-14 23:08 - 2014-04-14 22:56 - 00000000 ____D () C:\Users\Micro\AppData\Roaming\PhotoScape
2014-04-14 23:06 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-14 22:56 - 2014-04-14 22:56 - 00000000 ____D () C:\Users\Todos os Usuários\Log
2014-04-14 22:56 - 2014-04-14 22:56 - 00000000 ____D () C:\ProgramData\Log
2014-04-13 16:57 - 2014-03-30 15:47 - 00000000 ____D () C:\Users\Micro\AppData\Roaming\Project Kryptonite
2014-04-11 11:43 - 2014-04-11 11:43 - 00000000 ____D () C:\Users\Micro\AppData\Local\Downloaded Installations
2014-04-11 11:43 - 2014-04-11 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CM STORM
2014-04-09 21:50 - 2014-04-09 20:02 - 00000000 ____D () C:\Users\Micro\AppData\Roaming\NVIDIA
2014-04-09 21:47 - 2009-07-14 02:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-04-09 19:41 - 2013-12-12 17:22 - 00000022 _____ () C:\Windows\GPU-Z.INI
2014-04-09 19:39 - 2014-04-09 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-04-09 15:54 - 2014-04-08 11:33 - 00000000 ____D () C:\Users\Todos os Usuários\NVIDIA
2014-04-09 15:54 - 2014-04-08 11:33 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-09 15:53 - 2014-04-08 11:33 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-09 15:53 - 2013-05-14 11:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-04-08 12:30 - 2014-04-08 12:29 - 00000000 ____D () C:\Users\Micro\AppData\Local\NVIDIA Corporation
2014-04-08 12:30 - 2014-04-08 12:29 - 00000000 ____D () C:\Users\Micro\AppData\Local\NVIDIA
2014-04-08 12:30 - 2014-04-08 11:33 - 00000000 ____D () C:\Users\Todos os Usuários\NVIDIA Corporation
2014-04-08 12:30 - 2014-04-08 11:33 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-08 12:29 - 2013-05-14 11:36 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-04-08 11:41 - 2013-12-13 06:54 - 00020784 _____ (Nicomsoft Ltd.) C:\Windows\system32\Drivers\mi2c.sys
2014-04-08 11:34 - 2014-04-08 11:34 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-04-08 11:33 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\Help
2014-04-08 11:20 - 2014-04-08 11:20 - 00000000 ____D () C:\Users\Micro\AppData\Local\WindowsApplication1

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-29 21:28

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2014
Ran by Micro at 2014-05-06 01:51:53
Running from D:\Usuários\Micro\Área de Trabalho
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.1.28086 - BitTorrent Inc.)
3DMark 11 Demo (HKLM-x32\...\Steam App 221870) (Version: - Futuremark)
A Heart of Darkness (HKLM-x32\...\Victoria II - A Heart of Darkness_is1) (Version: 3.0.1 - Paradox Interactive)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.169 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Assassins Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version: - Ubisoft)
Atualizações da NVIDIA 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.4 - Auslogics Software Pty Ltd)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 8.0.1489.0 - AVAST Software)
Banished (HKLM-x32\...\Steam App 242920) (Version: - Shining Rock Software LLC)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
Call of Juarez Gunslinger (c) Ubisoft version 1 (HKLM-x32\...\Q2FsbG9mSnVhcmV6R3Vuc2xpbmdlcg==_is1) (Version: 1 - )
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version: - )
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID CPU-Z 1.69 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd)
DiRT Showdown (HKLM-x32\...\Steam App 201700) (Version: - Codemasters Racing Studio)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
DVD Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1319 - CyberLink Corporation)
ESL Wire 1.17.3 (HKLM\...\ESL Wire_is1) (Version: - Turtle Entertainment GmbH)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
EVGA Precision X 4.2.1 (HKLM-x32\...\PrecisionX) (Version: 4.2.1 - EVGA Corporation)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.4 - Electronic Arts)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{032DC00A-51D1-4D28-BFB7-1D0E85291E11}) (Version: 4.25.366 - Futuremark)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
i-Menu version 4.0.8 (HKLM-x32\...\{0121C0BD-363C-4B1D-8B64-FE7681A37D0A}_is1) (Version: 4.0.8 - AOC)
Infestation: Survivor Stories (HKLM-x32\...\Steam App 226700) (Version: - Hammerpoint Interactive)
Instalação do DivX (HKLM-x32\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 21 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170210}) (Version: 1.7.0.210 - Oracle)
K-Lite Mega Codec Pack 1.67 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 1.67 - )
Mafia II (HKLM-x32\...\Steam App 50130) (Version: - 2K Czech)
Malwarebytes Anti-Malware versão 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Office Access MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Miniaurélio (HKLM-x32\...\{01A373F1-B268-43CA-A8F1-45708A62F50A}) (Version: 5.12 - Positivo Informática.)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\TkFSVVRPU0hJUFBVREVOVWx0aW1hdGVOaW5qYVNUT1JNM0Z1~D4302771_is1) (Version: 1 - )
NBA 2K13 (HKLM-x32\...\Steam App 219600) (Version: - 2K Sports)
Need for Speed: Hot Pursuit (HKLM-x32\...\Steam App 47870) (Version: - Criterion Games)
Nero 7 Essentials (HKLM-x32\...\{9B4E6CB9-E54D-47F7-A414-E2D5740E1046}) (Version: 7.02.8507 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NewBlue 3D Explosions for Vegas (HKLM-x32\...\NewBlue 3D Explosions for Vegas) (Version: - )
NewBlue 3D Transformations for Vegas (HKLM-x32\...\NewBlue 3D Transformations for Vegas) (Version: - )
NewBlue Art Blends 2.0 for Vegas (HKLM-x32\...\NewBlue Art Blends 2.0 for Vegas) (Version: - )
NewBlue Art Effects 2.0 for Vegas (HKLM-x32\...\NewBlue Art Effects 2.0 for Vegas) (Version: - )
NewBlue Film Effects for Vegas (HKLM-x32\...\NewBlue Film Effects for Vegas) (Version: - )
NewBlue Motion Blends 2.0 for Vegas (HKLM-x32\...\NewBlue Motion Blends 2.0 for Vegas) (Version: - )
NewBlue Motion Blends for Windows (HKLM-x32\...\NewBlue Motion Blends for Windows) (Version: - )
NewBlue Motion Effects 2.0 for Vegas (HKLM-x32\...\NewBlue Motion Effects 2.0 for Vegas) (Version: - )
NVIDIA Driver de controle do 3D Vision 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 334.89 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Software do sistema PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22 - NVIDIA Corporation) Hidden
OCCT 4.4.0 (HKLM-x32\...\OCCT) (Version: 4.4.0 - Ocbase.com)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Extended PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Painel de controle da NVIDIA 334.89 (Version: 334.89 - NVIDIA Corporation) Hidden
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation)
Project Kryptonite version 1.0.0 (HKLM-x32\...\{2C0DDC2F-29FF-4FCC-8B3A-A935287D078C}_is1) (Version: 1.0.0 - Rohrbacher Development)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.03 - Razer Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.17.22 - Nome de sua empresa:)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6554 - Realtek Semiconductor Corp.)
Recon Software (HKLM-x32\...\{52E335F8-0177-4999-8ABA-06F2A319F748}) (Version: 1.22 - Cooler Master)
RivaTuner Statistics Server 5.2.0 (HKLM-x32\...\RTSS) (Version: 5.2.0 - Unwinder)
Rome: Total War (HKLM-x32\...\Steam App 4760) (Version: - The Creative Assembly)
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{E362724E-9320-4946-AF34-874E7B6B2927}) (Version: 6.0.7.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.00.1000 - Ubisoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.2 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)
Victoria 2 (HKLM-x32\...\{9C3B7F54-C6E2-4A74-9937-9C6EBA10C4A2}) (Version: - )
Victoria II A House Divided 2.1 (HKLM-x32\...\Victoria II A House Divided 2.1) (Version: - )
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VisuAlg 2.0.0.12 (20/09/06) (HKLM-x32\...\VisuAlg_is1) (Version: 2.0 - Apoio Informática Ltda.)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
XSplit Broadcaster (HKLM-x32\...\{4BC33FAB-4249-44D7-88A3-22682C577EE3}) (Version: 1.3.1310.1103 - SplitMediaLabs)
ZHPDiag 2014 (HKLM-x32\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)

==================== Restore Points =========================

08-04-2014 15:29:39 DirectX instalado
11-04-2014 14:43:31 Installed Recon Software.
26-04-2014 17:22:20 Ponto de Verificação Agendado
29-04-2014 03:30:02 Instalação de Pacote de Driver de Dispositivo: Razer Controladores de som, vídeo e jogos
06-05-2014 03:59:53 zoek.exe restore point
06-05-2014 04:41:51 ZHPFix Restore System Point

==================== Hosts content: ==========================

2009-07-13 23:34 - 2014-05-06 01:00 - 00000840 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0BA835CD-3080-424D-A716-88E2F8C23FE6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-622757554-1295329940-1793671186-1000UA => C:\Users\Micro\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-16] (Facebook Inc.)
Task: {20426303-818B-4363-ADC4-E582F66ED526} - System32\Tasks\avast! Emergency Update => D:\Arquivos de Programas (x86)\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {2CA0FFCF-87A4-4040-B808-3572925821B7} - System32\Tasks\Core Temp Autostart Micro => C:\Program Files\Core Temp\Core Temp.exe [2013-10-08] ()
Task: {38B639AC-D750-4F1A-B5DF-1C7DDBA65DB9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-23] (Google Inc.)
Task: {54D6DBCB-71EB-4190-AEE2-44A1759DB8CF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-23] (Google Inc.)
Task: {77193265-2F5B-4900-B126-F43111CBC857} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-622757554-1295329940-1793671186-1000Core => C:\Users\Micro\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-16] (Facebook Inc.)
Task: {BC2B410A-B001-47B3-869C-9581B1A6A6DD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-622757554-1295329940-1793671186-1000Core.job => C:\Users\Micro\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-622757554-1295329940-1793671186-1000UA.job => C:\Users\Micro\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-08 11:33 - 2014-02-08 14:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-05-14 13:34 - 2009-06-02 01:15 - 00051200 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-04-29 23:34 - 2014-01-29 19:14 - 00663056 _____ () D:\Program Files\EslWire\service\WireHelperSvc.exe
2014-04-29 23:34 - 2014-02-06 16:38 - 00214016 _____ () D:\Program Files\EslWire\service\NocIPC64.dll
2013-12-26 23:06 - 2013-12-26 23:06 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2013-05-14 11:44 - 2005-08-08 01:54 - 00167936 _____ () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2014-04-08 12:29 - 2014-04-02 10:30 - 00096200 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2014-04-08 12:29 - 2014-04-02 10:30 - 00872904 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2014-05-05 16:09 - 2014-05-05 14:33 - 02292736 _____ () D:\Arquivos de Programas (x86)\AVAST Software\Avast\defs\14050501\algo.dll
2014-01-09 07:01 - 2014-04-21 19:55 - 00340480 _____ () D:\Program Files (x86)\Steam\libavresample-1.dll
2014-04-23 11:30 - 2014-04-21 19:55 - 00471552 _____ () D:\Program Files (x86)\Steam\libavutil-53.dll
2013-04-23 18:30 - 2014-03-31 19:09 - 00754688 _____ () D:\Program Files (x86)\Steam\SDL2.dll
2013-05-03 15:35 - 2014-04-23 19:01 - 01092288 _____ () D:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-03-26 16:16 - 2014-03-03 16:15 - 20626624 _____ () D:\Program Files (x86)\Steam\bin\libcef.dll
2012-12-11 09:51 - 2013-06-14 20:49 - 01100800 _____ () D:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-12-11 09:51 - 2013-06-14 20:49 - 00124416 _____ () D:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-12-11 09:51 - 2013-06-14 20:49 - 00192000 _____ () D:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-04-28 23:48 - 2014-04-23 21:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-04-28 23:48 - 2014-04-23 21:33 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
2014-04-28 23:48 - 2014-04-23 21:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
2014-04-28 23:48 - 2014-04-23 21:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-28 23:48 - 2014-04-23 21:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-28 23:48 - 2014-04-23 21:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
2013-05-14 11:02 - 2011-12-16 10:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-05-14 11:27 - 2013-05-14 11:27 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c1ef8189e658c07001049b7e7d83a2aa\IsdiInterop.ni.dll
2013-05-14 11:27 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: DivXMediaServer => D:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\Micro\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: RemoteControl => "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 8139.27 MB
Available physical RAM: 6132.38 MB
Total Pagefile: 16276.7 MB
Available Pagefile: 13979.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (SSD - Sistema) (Fixed) (Total:119.14 GB) (Free:50.07 GB) NTFS
Drive d: (Disco Local) (Fixed) (Total:415.69 GB) (Free:115.36 GB) NTFS
Drive f: (Backup) (Fixed) (Total:49.97 GB) (Free:6.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Cool (Size: 119 GB) (Disk ID: 9F27DC01)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Cool (Size: 466 GB) (Disk ID: 0F03C480)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=416 GB) - (Type=07 NTFS)

==================== End Of Log ============================
avatar
extremee-br
Iniciante
Iniciante

Mensagens : 14
Reputação : 0
Data de inscrição : 02/05/2014

Voltar ao Topo Ir em baixo

Re: BlueScreen (win32k.sys, cdd.dll)

Mensagem por Power Max em Ter 06 Maio 2014, 12:20

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o relatório do Farbar pedido na minha outra resposta abaixo.


Última edição por Power Max em Ter 06 Maio 2014, 16:53, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: BlueScreen (win32k.sys, cdd.dll)

Mensagem por Power Max em Ter 06 Maio 2014, 12:23

Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o no desktop (área de trabalho).

Execute o FRST64. Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta juntamente com o relatório do ZHPFix pedido na resposta anterior.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: BlueScreen (win32k.sys, cdd.dll)

Mensagem por extremee-br em Ter 06 Maio 2014, 15:57

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Micro at 06/05/2014 15:49:16
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit (Build 7600)

Reciclagem vazia (00mn 05s)
Reparação de atalhos do navegador

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (4) (49.152 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Pastas
5 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 09s

========== Caminho do ficheiro do relatório ==========
C:\Users\Micro\AppData\Roaming\ZHP\ZHPFix[R1].txt - 06/05/2014 01:42:11 [3183]
C:\Users\Micro\AppData\Roaming\ZHP\ZHPFix[R2].txt - 06/05/2014 15:49:22 [1020]

_________________________________________________________________________

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2014
Ran by Micro at 2014-05-06 15:56:47 Run:1
Running from D:\Usuários\Micro\Área de Trabalho
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
SearchScopes: HKCU - Web URL = [Você precisa estar registrado e conectado para ver este link.]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\PCFApiUtil64.sys [X]
end
*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Web => Key deleted successfully.
HKCR\CLSID\Web => Key not found.
BprotectEx => Service deleted successfully.
PCFApiUtil => Service deleted successfully.

==== End of Fixlog ====
avatar
extremee-br
Iniciante
Iniciante

Mensagens : 14
Reputação : 0
Data de inscrição : 02/05/2014

Voltar ao Topo Ir em baixo

Re: BlueScreen (win32k.sys, cdd.dll)

Mensagem por Power Max em Ter 06 Maio 2014, 16:09

Como está o PC depois destes procedimentos?

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: BlueScreen (win32k.sys, cdd.dll)

Mensagem por extremee-br em Ter 06 Maio 2014, 16:22

Só aconteceu dia 02/05 01:23 AM bluscreen que o erro era win32k.sys , porém foi antes de eu fazer todos esses procedimentos. É dificil aparecer, e quando eu fecho algum jogo ou algum programa, não é bem definido.

Os erros são esses: (img) [Você precisa estar registrado e conectado para ver este link.]
avatar
extremee-br
Iniciante
Iniciante

Mensagens : 14
Reputação : 0
Data de inscrição : 02/05/2014

Voltar ao Topo Ir em baixo

Re: BlueScreen (win32k.sys, cdd.dll)

Mensagem por Power Max em Ter 06 Maio 2014, 16:54

Os seus logs estão limpos. Vamos torcer para que os erros não voltem.

Só para finalizar siga estes tutoriais abaixo, por gentileza:

Excluindo erros e otimizando seu PC com o CCleaner

Elimine arquivos inúteis de seu PC com o PureRa
_______________________________________________________________________________________________________________________

Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas deste tutorial.
_______________________________________________________________________________________________________________________

Foi um prazer ajudar. Conte sempre conosco!

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: BlueScreen (win32k.sys, cdd.dll)

Mensagem por Danii em Ter 06 Maio 2014, 18:32

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da Equipe da Moderação solicitando o desbloqueio.
avatar
Danii
Membro Pleno
Membro Pleno

Mensagens : 562
Reputação : 77
Data de inscrição : 04/04/2014
Localização : Brasil

Voltar ao Topo Ir em baixo

Re: BlueScreen (win32k.sys, cdd.dll)

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum