Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14428 usuários registrados
O último usuário registrado atende pelo nome de RS_Computadores

Os nossos membros postaram um total de 35114 mensagens em 3558 assuntos
Últimos assuntos
» Pc reinicia ao desligar e vai pra BIOS
por joram Ontem à(s) 14:41

Quem está conectado
Não há nenhum usuário online :: Nenhum usuário registrado, Nenhum Invisível e nenhuma Visita :: 1 Motor de busca

Nenhum

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Setembro 2017
SegTerQuaQuiSexSabDom
    123
45678910
11121314151617
18192021222324
252627282930 

Calendário Calendário

Palavras chave


movie mode

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

movie mode

Mensagem por stel2014 em Dom 03 Ago 2014, 20:48

Ola, ja li e baixei tudo sobre a remoção do Movie Mode mas nada funciona, adwcleaner e malwarebytes remove mas volta. alguem pode ajudae?
avatar
stel2014
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 03/08/2014

Voltar ao Topo Ir em baixo

Re: movie mode

Mensagem por Power Max em Dom 03 Ago 2014, 21:08

Olá. Poste aqui no tópico, por gentileza, os relatórios dos programas que você usou para podermos analisar.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: movie mode

Mensagem por stel2014 em Seg 04 Ago 2014, 11:36

~ Relatório do ZHPDiag v2014.8.3.113 - Nicolas Coolman (03/08/2014)
~ Iniciado por d (04/08/2014 11:32:27)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Endereço do Webforum : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
MFIE: Mozilla Firefox 31.0
GCIE: Google Chrome v36.0.1985.125 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8.1 Single Language, 64-bit (Build 9600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
AVG 2014 v14.0.4744
Malwarebytes Anti-Malware version 2.0.2.1012
Windows Defender W8 (Deactivate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader X
Java 7 Update 65

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8077 MB (52% free)
System Restore: Activé (Enable)
System drive C: has 249 GB (43%) free of 579 GB

---\\ Modo de conexão ao sistema
~ Computer Name: D
~ User Name: d
~ All Users Names: HomeGroupUser$, d, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\d\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\d\AppData\Roaming\
~ %Desktop% : C:\Users\d\Desktop\
~ %Favorites% : C:\Users\d\Favorites\
~ %LocalAppData% : C:\Users\d\AppData\Local\
~ %StartMenu% : C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 249 Go of 579 Go)
D: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 18 Go of 98 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Windows Explorer.) (.04/03/2014 - 09:25:49.) -- C:\Windows\Explorer.exe [2373784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.22/08/2013 - 06:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:58:27.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.22/02/2014 - 06:45:48.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/12/2013 - 05:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 00:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 09:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 08:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 05:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 06:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.498288DD5CA42C2D36D125893E968C53] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.18/03/2014 - 05:19:14.) -- C:\Windows\system32\Drivers\HDAudBus.sys [77312]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Driver de porta i8042.) (.22/08/2013 - 08:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 09:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.0696F66E4D423793951A60562F794D14] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.02/04/2014 - 23:23:05.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402432]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 08:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/03/2014 - 00:41:24.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Driver de porta paralela.) (.22/08/2013 - 08:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 08:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.14/11/2013 - 04:15:38.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.4BB9BC49DEE1A319EC58274A7BBED663] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/03/2014 - 09:42:44.) -- C:\Windows\system32\Drivers\volsnap.sys [310616]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/7
~ Mes musiques (My Musics) : 1/1356
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 2/10616
~ Mon Bureau (My Desktop) : 2/18
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 05s



---\\ Processos lançados
[MD5.97432AB9F1B3B3E63E778C1E69E71E91] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [1124032] [PID.3432]
[MD5.A2791CF11D1ED52DBCD75D2FFD4D50E7] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [178848] [PID.6320]
[MD5.2D32F0EF950AED6AD007D042676FD39E] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328064] [PID.7876]
[MD5.A0012C1D9B8648C20C00202418B9D02F] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712] [PID.4812]
[MD5.B7BCA8A30CE13A283CDBDECEF5616C39] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192] [PID.7940]
[MD5.48C3EBD6D5E52AFCB1A0FA9B7F9802FA] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.7284]
[MD5.97202E9C0D86387888435470CCAF45BE] - (.ASUSTeK - ACEngSvr Module.) -- C:\Windows\SysWOW64\ACEngSvr.exe [192000] [PID.6384]
[MD5.449E6CD914920B84DDDF0F12880411EE] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224] [PID.2972]
[MD5.57A8250F3942BCB188E11D22CA42A249] - (.Postbox, Inc. - Postbox.) -- C:\Program Files (x86)\Postbox\postbox.exe [1081344] [PID.1280]
[MD5.099E24D4FE2ADA03F648B470830BD382] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\d\AppData\Roaming\Dropbox\bin\Dropbox.exe [35464216] [PID.9000]
[MD5.DB0C938BC311B31CF90C13821AE682B3] - (.ASUSTeK Computer Inc. - ASUS Live Update.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1559936] [PID.8768]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.3720]
[MD5.1DE859B82E381A645C44284A5044BC33] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896] [PID.6532]
[MD5.1425E5356CA84583CBE65B456A0AE97A] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088] [PID.6680]
[MD5.29769215DEB6E8418EF3656B0423776E] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352] [PID.3180]
[MD5.E177D510084CD9688A2B958AB765BF66] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [893312] [PID.7296]
[MD5.4D4A404F08012AD3C2F5753D37F5AE21] - (.Google - Hangouts Plugin.) -- C:\Users\d\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe [64384] [PID.7912]
[MD5.4FBC630768570E6AC35C3DE8F6EC79F5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6970168] [PID.6260]
[MD5.EE7C82B0D69F038245CECBCE9EC45A9A] - (.Microsoft Corporation - COM Surrogate.) -- C:\WINDOWS\SysWOW64\DllHost.exe [17760] [PID.6592]
[MD5.10F36FB8CD6218CD7F818268E0F3F9C6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.6492]
[MD5.02F8883595A2B3D7FFA11C71EAC68473] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.8360]
[MD5.192FFD3F99A0847740670AE711CB455A] - (.Adobe Systems, Inc. - Adobe Flash Player 14.0 r0.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe [1869488] [PID.6276]
[MD5.AAB9A24EC7199F18D588AA8BF705D345] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8084992] [PID.6464]
[MD5.A0EFD62D293126E60A56EA90AB9858E5] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [555048] [PID.1212]
[MD5.D01D1B40EEF27F64B45165CE0ACDE6CD] - (.ASUSTek Computer Inc. - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [106880] [PID.1788]
[MD5.DBC598E47E7A382E60E2A4745D41FEF9] - (.ASUS - GFNEXSrv.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896] [PID.1816]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1116]
[MD5.6B73E94F9FE82D45781B8C8A09483082] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1352]
[MD5.809201993B2CD679194915D8F2AAB37A] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328] [PID.2000]
[MD5.397D14958D6C9C2B365469A857B2AC4E] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe [230792] [PID.3032]
[MD5.E145E934392E7A49FDC6775AC3A347F8] - (.Intel Corporation - Intel(R) Rapid Start Technology Service.) -- C:\Windows\SysWOW64\irstrtsv.exe [193576] [PID.3692]
[MD5.78ABBE558F57144047F10A0F50FE4B2F] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720] [PID.3708]
[MD5.D84AEA3F3329D622DFC1297DDDF6163B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720] [PID.3728]
[MD5.4F45ED469906494F9BF754E476390DBD] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472] [PID.3860]
[MD5.903A40C958D471F9D30D29FA6D2800A4] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304] [PID.1364]
[MD5.BA443FEFCF0C7E0AE441E0F21CCBD715] - (.Beijing WatchData System Co., Ltd. - WatchSAFE Service 3.4.) -- C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe [75680] [PID.4108]
[MD5.03CD249A16CF815FFFD347DC61EF9E6D] - (.Atheros - Atheros Coex Service Application.) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584] [PID.4172]
[MD5.ABBECBCF1817D1158ED388460CCEE416] - (.GenTechnologies Apps, LLC - MovieMode Service.) -- C:\ProgramData\GRjPBCSHQ\JHKdiu.exe [2315632] [PID.4248] =>PUP.MovieMode
[MD5.9656F8E29F6C3161A3E99BCD3A472FF9] - (.Intel Corporation - Intel(R) ME Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856] [PID.7336]
[MD5.2C24DC448DBE8DB9BE1441B824C57E79] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277824] [PID.7340]
[MD5.E1A119AD21F5AFE22EB516C549306D3D] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [365376] [PID.3604]
[MD5.AC68B12E9B314F708730FE0399791D9C] - (.ASUSTek Computer Inc. - HControl.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe [184704] [PID.3608]
[MD5.4F870EF9292559AB9DE6F31527A1DCBF] - (.ASUSTek Computer Inc. - KBFiltr.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe [113312] [PID.6612]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [kgmpojlddncminmkddkpoegdjhojjipg] GBBD Guardião - Itaú 30 horas v.3.6.3 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [niloccemoadcdkdjlinkgdfekeahmflj] Save to Pocket v.1.9.1, (Désactivé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 21 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
M2 - MFEP: Extension [d - ne03hk7r.default] {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
M2 - MFEP: Extension [d - vayrsjux.default] {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
~ BHO: 6 Legitimates Filtered in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [d]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\d\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [DptfPolicyLpmServiceHelper] C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe (.not file.)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [BtTray] . (.Qualcomm Atheros - BtTray.) -- C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
O4 - HKLM\..\Run: [BtvStack] . (.Atheros Communications - Bluetooth Stack Server.) -- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
O4 - HKLM\..\Run: [ACMON] . (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\d\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [HP Deskjet 3510 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [HP Deskjet 3510 series (NET) #2] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [ASUSPRP] . (.ASUSTek Computer Inc. - ASUS Product Register Program.) -- C:\Program Files (x86)\ASUS\APRP\APRP.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [ATLauncher] C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [ATUninstallIcon] C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
O4 - HKLM\..\Wow6432Node\Run: [PDFPrint] . (.Geek Software GmbH - PDF24 Creator.) -- C:\Program Files (x86)\PDF24\pdf24.exe
O4 - HKLM\..\Wow6432Node\Run: [wdbraz_certm] . (. Beijing WatchData System Co., Ltd. - WatchSAFE Background v3.4.) -- C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\d\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [HP Deskjet 3510 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [HP Deskjet 3510 series (NET) #2] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Chave orfã
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{281FB0FA-BD51-488F-A294-721D7AE5B3C0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7CDD4FC-5476-4B0F-98C4-795E4394DBED}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F59224A7-91B8-4652-993F-8A26B001420B}: DhcpNameServer = 201.17.128.109 201.17.128.103
O17 - HKLM\System\CS1\Services\Tcpip\..\{281FB0FA-BD51-488F-A294-721D7AE5B3C0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D7CDD4FC-5476-4B0F-98C4-795E4394DBED}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F59224A7-91B8-4652-993F-8A26B001420B}: DhcpNameServer = 201.17.128.109 201.17.128.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.128.109 201.17.128.103
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 340.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: JHKdiu (JHKdiu) . (.GenTechnologies Apps, LLC - MovieMode Service.) - C:\ProgramData\GRjPBCSHQ\JHKdiu.exe =>PUP.MovieMode
O23 - Service: Watchdata CCID Moniter v3.4 (WDBrazMonitor34) . (.Beijing WatchData System Co., Ltd. - WatchSAFE Service 3.4.) - C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe
~ Services: 25 Legitimates Filtered in 00mn 08s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1072]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1076]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1409651353-3477744269-1817149778-1002Core [1028]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1409651353-3477744269-1817149778-1002UA [1080]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 03s



---\\ Software instalados (042)
O42 - Logiciel: BBAdminTool - (.Watchdata Technologies Pte., Ltd..) [HKLM][64Bits] -- {95A34656-CD4A-45A0-BAB8-AB950EFCBEBF}
O42 - Logiciel: Guardião - Itaú 30 horas - (...) [HKLM][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: Postbox (3.0.11) - (.Postbox, Inc..) [HKLM][64Bits] -- Postbox (3.0.11)
~ Logic: 28 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\Postbox]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Postbox]
~ Key Software: 271 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/07/2014 - 17:24:46 - [] ----D C:\Program Files (x86)\Baidu-Security-2014-4.4.4.77147
O43 - CFD: 22/07/2014 - 14:12:42 - [] ----D C:\Program Files (x86)\Brazil
O43 - CFD: 01/08/2014 - 12:40:53 - [] ----D C:\Program Files (x86)\nada
O43 - CFD: 04/06/2014 - 12:00:38 - [] ----D C:\Program Files (x86)\Postbox
O43 - CFD: 01/07/2014 - 18:25:24 - [] ----D C:\ProgramData\gbas
O43 - CFD: 22/07/2014 - 14:12:43 - [] ----D C:\ProgramData\GRjPBCSHQ
O43 - CFD: 03/08/2014 - 10:36:18 - [] ----D C:\Users\d\AppData\Roaming\FreeFixer
O43 - CFD: 12/11/2013 - 16:46:44 - [] ----D C:\Users\d\AppData\Roaming\Postbox
O43 - CFD: 03/08/2014 - 10:36:18 - [] ----D C:\Users\d\AppData\Local\FreeFixer
O43 - CFD: 04/08/2014 - 11:25:22 - [] ----D C:\Users\d\AppData\Local\MovieMode =>PUP.MovieMode
O43 - CFD: 01/02/2014 - 19:17:25 - [] ----D C:\Users\d\AppData\Local\Postbox
~ Program Folder: 186 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.53A6F942A2EAA86D1E494BDEAD968DE0] - 01/08/2014 - 13:55:00 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [161438]
O44 - LFC:[MD5.7ACC6202B48AC5BE5B1335AD0FD0DC78] - 01/08/2014 - 13:55:00 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [782326]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 03/08/2014 - 17:12:49 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.140E5D443072683B80E2DEBFD1E8D7B2] - 22/07/2014 - 15:57:57 ---A- . (...) -- C:\TDSSKiller.3.0.0.40_22.07.2014_15.56.19_log.txt [252132]
O44 - LFC:[MD5.93B21BC7C5FAE0FB68C5EBD1A91DA816] - 29/07/2014 - 09:38:28 ---A- . (...) -- C:\TDSSKiller.3.0.0.40_29.07.2014_09.37.28_log.txt [246658]
O44 - LFC:[MD5.592DE56E89F7BEA419E48C8AADD1FEE3] - 29/07/2014 - 11:19:51 ---A- . (...) -- C:\sc-cleaner.txt [1754]
~ Files: 32 Legitimates Filtered in 00mn 03s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:12/08/2013 - 20:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:02/08/2012 - 00:22:48 ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [14992]
O58 - SDL:22/08/2013 - 09:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:16/07/2014 - 10:05:55 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 76 Legitimates Filtered in 00mn 04s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.1C526C90611AFE2354D12F60FF3028D9] [SPRF][03/08/2014] (...) -- C:\ProgramData\1407074518.bdinstall.bin [213404]
[MD5.B299D1482CFCF54C702C43B7865A284E] [SPRF][03/08/2014] (...) -- C:\ProgramData\1407078107.bdinstall.bin [37689]
[MD5.284CFC184F64C135BDDA2A503BEF1697] [SPRF][03/08/2014] (...) -- C:\ProgramData\1407078109.bdinstall.bin [98609]
[MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (...) -- C:\ProgramData\SetStretch.exe [24576]
[MD5.3CF2C2F7FC07728536B532322AF61FF3] [SPRF][04/08/2014] (...) -- C:\Users\d\AppData\Roaming\sp_data.sys [408]
[MD5.405340FA354B90502508E8DAFF40E84D] [SPRF][31/07/2014] (...) -- C:\Users\d\AppData\Roaming\unins000.dat [48208]
[MD5.CA71C5755893DB3E394D3E9758BE56B3] [SPRF][03/08/2014] (...) -- C:\Users\d\Desktop\cc_20140803_113143.reg [12158]
~ Files: 7 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{966A4785-5028-453C-905F-367D78FBE471}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\d\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{780E8571-8A28-4340-AA2A-55BA872EFCFB}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\d\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 09/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/07/2014 3244048 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
SS - | Demand 01/10/2013 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 11/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 11/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 08/07/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 23/07/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 12/06/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 11/09/2012 106880 | (ASLDRService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 09/10/2012 219776 | (AtherosSvc) . (.Qualcomm Atheros Commnucations.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 10/07/2014 289328 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 26/06/2014 555048 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 30/07/2012 193576 | (irstrtsv) . (.Intel Corporation.) - C:\Windows\SysWOW64\irstrtsv.exe
SR - | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 13/07/2014 2315632 | (JHKdiu) . (.GenTechnologies Apps, LLC.) - C:\ProgramData\GRjPBCSHQ\JHKdiu.exe
SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 09/12/2013 1494304 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 09/12/2013 15129376 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 02/07/2014 935368 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe
SR - | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 24/03/2011 75680 | (WDBrazMonitor34) . (.Beijing WatchData System Co., Ltd..) - C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 09/10/2012 323584 | (ZAtheros Bt and Wlan Coex Agent) . (.Atheros.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
~ Services: Scanned in 00mn 06s



---\\ Scâner Aditional (088)
Database Version : 13026 - (03/08/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 1

[HKLM\SYSTEM\CurrentControlSet\Services\JHKdiu] =>PUP.MovieMode^
C:\Users\d\AppData\Local\MovieMode =>PUP.MovieMode^
C:\ProgramData\GRjPBCSHQ\JHKdiu.exe =>PUP.MovieMode^
~ Additionnel Scan: 301308 Items scanned in 00mn 20s



---\\ Informações complémentaires do módulos
~ [Você precisa estar registrado e conectado para ver este link.] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Browser Helper Objects do navegador (02)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s



~ 711 Legitimates filtered by white list
End of the scan (516 lines in 01mn 11s)(0)
avatar
stel2014
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 03/08/2014

Voltar ao Topo Ir em baixo

Re: movie mode

Mensagem por stel2014 em Seg 04 Ago 2014, 11:38

# AdwCleaner v3.302 - Relatório criado 04/08/2014 às 11:37:09
# Atualizado 30/07/2014 por Xplode
# Sistema Operacional : Windows 8.1 Single Language (64 bits)
# Usuário : d -
# Executando de : C:\Users\d\Downloads\AdwCleaner.exe
# Opção : Examinar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Encontrado : C:\Users\d\Appdata\Local\MovieMode

***** [ Tarefas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v31.0 (x86 pt-BR)

[ Arquivo : C:\Users\d\Appdata\Roaming\Mozilla\Firefox\Profiles\ne03hk7r.default\prefs.js ]


[ Arquivo : C:\Users\d\Appdata\Roaming\Mozilla\Firefox\Profiles\vayrsjux.default\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ Arquivo : C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1080 octets] - [03/08/2014 20:38:22]
AdwCleaner[R1].txt - [1201 octets] - [04/08/2014 11:26:06]
AdwCleaner[R2].txt - [1061 octets] - [04/08/2014 11:37:09]
AdwCleaner[S0].txt - [1136 octets] - [03/08/2014 20:39:03]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1181 octets] ##########
avatar
stel2014
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 03/08/2014

Voltar ao Topo Ir em baixo

Re: movie mode

Mensagem por Power Max em Seg 04 Ago 2014, 11:49

Poste o relatório do Adwcleaner que está em C:\AdwCleaner\AdwCleaner[S0].txt e também o relatório do Malwarebytes.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: movie mode

Mensagem por stel2014 em Seg 04 Ago 2014, 12:41

# AdwCleaner v3.302 - Relatório criado 03/08/2014 às 20:39:03
# Atualizado 30/07/2014 por Xplode
# Sistema Operacional : Windows 8.1 Single Language (64 bits)
# Usuário : d
# Executando de : C:\Users\d\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Users\d\Appdata\Local\MovieMode

***** [ Tarefas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v31.0 (x86 pt-BR)

[ Arquivo : C:\Users\d\Appdata\Roaming\Mozilla\Firefox\Profiles\ne03hk7r.default\prefs.js ]


[ Arquivo : C:\Users\d\Appdata\Roaming\Mozilla\Firefox\Profiles\vayrsjux.default\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ Arquivo : C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1080 octets] - [03/08/2014 20:38:22]
AdwCleaner[S0].txt - [997 octets] - [03/08/2014 20:39:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1056 octets] ##########
avatar
stel2014
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 03/08/2014

Voltar ao Topo Ir em baixo

Re: movie mode

Mensagem por stel2014 em Seg 04 Ago 2014, 12:42

Malwarebytes Anti-Malware
[Você precisa estar registrado e conectado para ver este link.]

Scan Date: 04/08/2014
Scan Time: 12:16:50
Logfile: 040814.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.04.05
Rootkit Database: v2014.08.01.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: d

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 305785
Time Elapsed: 12 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
Adware.MovieMode, C:\ProgramData\GRjPBCSHQ\dat\BqfOaCXaxg.exe, Delete-on-Reboot, [93d7caf787f4ec4a038ccaa2af52fb05],
Adware.MovieMode, C:\ProgramData\GRjPBCSHQ\dat\JjcDVuNEwTO.exe, Delete-on-Reboot, [b6b4eed397e495a1f6991b512ad74fb1],
PUP.Optional.MovieMode.A, C:\ProgramData\GRjPBCSHQ\dat\MTqKYrmSdS.dll, Delete-on-Reboot, [2644e7dab6c5ad89cc10109df60e6f91],

Physical Sectors: 0
(No malicious items detected)


(end)

é isso? obrigada
avatar
stel2014
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 03/08/2014

Voltar ao Topo Ir em baixo

Re: movie mode

Mensagem por Power Max em Seg 04 Ago 2014, 12:59

No Malwarebytes você usou só a verificação de ameaças, que não é tão completa. Siga as dicas abaixo para fazer a limpeza completa:

Alterando o idioma do Malwarebytes para o português:

Caso o idioma do seu Malwarebytes esteja em inglês é bem simples mudá-lo para nossa língua. Para isto abra o Malwarebytes e clique em Settings como mostra esta imagem:

[Você precisa estar registrado e conectado para ver esta imagem.]

Na próxima tela que surge, clique em Language e selecione a opção Portugueze (Brazil):

[Você precisa estar registrado e conectado para ver esta imagem.]
___________________________________________________________________________

Como executar uma verificação personalizada com o Malwarebytes:

- Abra o Malwarebytes > Clique em Verificar > clique em Verificação Personalizada > Clique em Verificar Agora:

[Você precisa estar registrado e conectado para ver esta imagem.]

Surgirá mais esta tela abaixo na qual você marcará todas as caixinhas do lado direito da tela para que todas as áreas de seu PC e mídias removíveis ligadas a ele possam ser escaneadas. E do lado esquerdo da tela deixe marcadas estas opções:

Verificar Objetos na Memória
Verificar as Configurações da Inicialização e do Registro
Verificar Arquivos Compactados


Quanto ao restante, deixe da forma já pré-configurada pelo Malwarebytes.

Depois disto clique no botão Iniciar Verificação como mostra a imagem abaixo:

[Você precisa estar registrado e conectado para ver esta imagem.]

Aguarde enquanto o escaneamento é realizado. Ele demora de acordo com a quantidade de arquivos que você possua em seu computador:

[Você precisa estar registrado e conectado para ver esta imagem.]

Assim que a verificação terminar, caso seja detectada alguma ameaça em seu PC surgirá uma mensagem como esta abaixo próximo ao relógio do Windows onde você clicará nela:

[Você precisa estar registrado e conectado para ver esta imagem.]

Neste momento aparecerá quais os malwares e itens potencialmente indesejáveis que foram detectados e os locais onde eles se encontram. Você notará que ele já mostra uma ação padrão para os itens (que normalmente é a de mover para a quarentena).

Para remover as infecções, deixe a opção Quarentena no menu Ação selecionada em todos os itens e clique no botão Aplicar Ações, como mostra esta imagem:

[Você precisa estar registrado e conectado para ver esta imagem.]

Alguns malwares são rebeldes e podem necessitar de uma reinicialização do PC para que sejam removidos. Caso isto seja solicitado pelo Malwarebytes, clique em Sim (ou Yes) como mostra esta imagem:

[Você precisa estar registrado e conectado para ver esta imagem.]

Depois disto é só postar o novo log de verificação que o Malwarebytes irá criar em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: movie mode

Mensagem por stel2014 em Seg 04 Ago 2014, 15:58

desculpe a demora

Malwarebytes Anti-Malware
[Você precisa estar registrado e conectado para ver este link.]

Data de Verificação: 04/08/2014
Hora da Verificação: 14:16:28
Logfile: mw.txt
Administrador: Sim

Versão: 2.00.2.1012
Malware Database: v2014.08.04.05
Rootkit Database: v2014.08.01.01
Licença: Trial
Proteção de Malware: Enabled
Proteção de Site Malicioso: Enabled
Self-protection: Desabilitado

OS: Windows 8.1
CPU: x64
Sistema de Arquivo: NTFS
Usuário: d

Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 500421
Tempo Decorrido: 1 hr, 29 min, 30 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 0
(No malicious items detected)

Valores de Registro: 0
(No malicious items detected)

Dados do Registro: 0
(No malicious items detected)

Pastas: 0
(No malicious items detected)

Arquivos: 3
Adware.MovieMode, C:\ProgramData\GRjPBCSHQ\dat\GZvkqloE.exe, Delete-on-Reboot, [6b2af3cf13688fa79af54824b051ae52],
PUP.Optional.MovieMode.A, C:\ProgramData\GRjPBCSHQ\dat\IvxjtLOx.dll, Delete-on-Reboot, [9df85072a6d578be35a7ffaeba4a50b0],
Adware.MovieMode, C:\ProgramData\GRjPBCSHQ\dat\OylwMU.exe, Delete-on-Reboot, [9203b50d5c1f77bf8d021d4f44bd47b9],

Physical Sectors: 0
(No malicious items detected)


(end)
avatar
stel2014
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 03/08/2014

Voltar ao Topo Ir em baixo

Re: movie mode

Mensagem por Power Max em Seg 04 Ago 2014, 16:01

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Você precisa estar registrado e conectado para ver este link.]

Para executá-lo corretamente siga as dicas deste tutorial:

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: movie mode

Mensagem por stel2014 em Seg 04 Ago 2014, 16:52


Zoek.exe v5.0.0.0 Updated 04-August-2014
Tool run by d on 04/08/2014 at 16:24:27,22.
Microsoft Windows 8.1 Single Language 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\d\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

04/08/2014 16:25:31 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\ne03hk7r.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\ne03hk7r.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\vayrsjux.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\vayrsjux.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\d\AppData\Roaming\Postbox\Profiles\b89x6irm.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\d\AppData\Roaming\Postbox\Profiles\b89x6irm.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\d\AppData\Roaming\Thunderbird\Profiles\edikt008.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\d\AppData\Roaming\Thunderbird\Profiles\edikt008.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\Users\d\Searches deleted

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E8873}"="C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\uni\xpi" [31/07/2014 16:24]

==== Firefox Extensions ======================

ProfilePath: C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\ne03hk7r.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\vayrsjux.default
- Firebug - %ProfilePath%\extensions\firebug@software.joehewitt.com.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\ne03hk7r.default
4390CCD3790F8D9C427C0C29590C62D7 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
FB5621842FDABF9F8359775573498FBC - C:\Users\d\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update
5CB01CF141E021DAAE96991A5BA57944 - C:\Users\d\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
DD31F0C436E4F5E6FA9783FF8A80ADC1 - C:\Users\d\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013

Profilepath: C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\vayrsjux.default
4390CCD3790F8D9C427C0C29590C62D7 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
FB5621842FDABF9F8359775573498FBC - C:\Users\d\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update
5CB01CF141E021DAAE96991A5BA57944 - C:\Users\d\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
DD31F0C436E4F5E6FA9783FF8A80ADC1 - C:\Users\d\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
B52EFEC8EEF9A7809376795ED3699826 - C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
BE77CDD303A624DA42094FB1AEFBEAFE - C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll - Guardião Itaú 30 horas
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
1528225A7126F04A5797471E4F20256D - C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll - Guardião Itaú 30 horas
7B448B2B45428218D0D87376A2FF9FC2 - C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil


==== Chrome Look ======================

Google Docs - d\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - d\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - d\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - d\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - d\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
GBBD Guardião - Itaú 30 horas - d\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg
Save to Pocket - d\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Google Wallet - d\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.bing.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.bing.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\d\Desktop\chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\d\Desktop\Dropbox.lnk - C:\Users\d\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\d\Desktop\firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\d\Desktop\Format Factory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\d\Desktop\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\Users\d\Desktop\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe
C:\Users\d\Desktop\µTorrent.lnk -

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Creative Cloud.lnk - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --appletID=HomePanel_BL --appletVersion=1.0
C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\ASUS Install.lnk - C:\eSupport\eDriver\AsInsWiz.exe
C:\Users\Public\Desktop\ASUS Instant Connect Installer.lnk - C:\windows\Installer\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}\_77CD0D17CE4BC69D3FCD39.exe
C:\Users\Public\Desktop\AVG 2014.lnk - C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Users\Public\Desktop\HP Deskjet 3510 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 3510 series\Bin\HP Deskjet 3510 series.exe -Start UDCDevicePage
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Postbox.lnk - C:\Program Files (x86)\Postbox\postbox.exe
C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
C:\Users\Public\Desktop\Skype.lnk - C:\WINDOWS\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\Public\Desktop\ASUS\Business tool\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\ASUS\Entertainment\LifeFrame.lnk - C:\Program Files (x86)\ASUS\ASUS LifeFrame3\LifeFrame.exe
C:\Users\Public\Desktop\ASUS\Multimedia\ASUSDVD.lnk - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe
C:\Users\Public\Desktop\ASUS\System tool\ASUS InstantOn.lnk - C:\Windows\Installer\{749F674B-2674-47E8-879C-5626A06B2A91}\_1571D74E05115953184676.exe
C:\Users\Public\Desktop\ASUS\System tool\ASUS On-Screen Display.lnk - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSDMgr.exe
C:\Users\Public\Desktop\ASUS\System tool\Power4Gear Hybrid.lnk - C:\Windows\Installer\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}\_A1AB703A028E391D0E1CDC.exe
C:\Users\Public\Desktop\ASUS\System tool\Splendid Utility.Lnk - C:\Program Files (x86)\ASUS\Splendid\Backbone.exe

==== shortcuts in Users Start Menu ======================

C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\d\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\d\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\FormatFactory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Help.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe /help
C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Uninstall.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\uninst.exe
C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\d\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2014.lnk - C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\FileZilla.lnk - C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\Uninstall.lnk - C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Sobre o iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\pt.lproj\About iTunes.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files (x86)\VideoLAN\VLC\Documentation.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache [Você precisa estar registrado e conectado para ver este link.]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -Iskins
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Postbox.lnk - C:\Program Files (x86)\Postbox\postbox.exe
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Excel 2013.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\EXCEL.EXE
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Postbox (2).lnk - C:\Program Files (x86)\Postbox\postbox.exe
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Postbox (3).lnk - C:\Program Files (x86)\Postbox\postbox.exe
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Postbox.lnk - C:\Program Files (x86)\Postbox\postbox.exe
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\WINDOWS\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
C:\Users\d\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2013.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\WINWORD.EXE
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\d\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\d\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\d\AppData\Local\Mozilla\Firefox\Profiles\vayrsjux.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=89 folders=13 71496541 bytes)

==== Empty Temp Folders ======================

C:\Users\d\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\d\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 04/08/2014 at 16:49:13,63 ======================
avatar
stel2014
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 03/08/2014

Voltar ao Topo Ir em baixo

Re: movie mode

Mensagem por Power Max em Seg 04 Ago 2014, 17:14

Baixe o programa Junkware Removal Tool no link abaixo:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: movie mode

Mensagem por stel2014 em Seg 04 Ago 2014, 17:24

olha o relatorio é esse, mas só de abrir o browser o Malwarebytes ja apontou movie mode

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 Single Language x64
Ran by d on 04/08/2014 at 17:16:05,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/08/2014 at 17:22:41,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
avatar
stel2014
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 03/08/2014

Voltar ao Topo Ir em baixo

Re: movie mode

Mensagem por Power Max em Seg 04 Ago 2014, 17:28

Execute novamente o ZHPDIAG e poste um novo relatório dele. Amanhã te passo o próximo procedimento, pois agora estou no celular.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: movie mode

Mensagem por stel2014 em Seg 04 Ago 2014, 17:32

obrigada, power max

~ Relatório do ZHPDiag v2014.8.3.113 - Nicolas Coolman (03/08/2014)
~ Iniciado por d (04/08/2014 17:29:46)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Endereço do Webforum : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
MFIE: Mozilla Firefox 31.0
GCIE: Google Chrome v36.0.1985.125 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8.1 Single Language, 64-bit (Build 9600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
AVG 2014 v14.0.4744
Malwarebytes Anti-Malware version 2.0.2.1012
Windows Defender W8 (Deactivate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader X
Java 7 Update 65

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8077 MB (69% free)
System Restore: Activé (Enable)
System drive C: has 249 GB (42%) free of 579 GB

---\\ Modo de conexão ao sistema
~ Computer Name: D
~ User Name: d
~ All Users Names: HomeGroupUser$, d, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\d\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\d\AppData\Roaming\
~ %Desktop% : C:\Users\d\Desktop\
~ %Favorites% : C:\Users\d\Favorites\
~ %LocalAppData% : C:\Users\d\AppData\Local\
~ %StartMenu% : C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 249 Go of 579 Go)
D: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 18 Go of 98 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Windows Explorer.) (.04/03/2014 - 09:25:49.) -- C:\Windows\Explorer.exe [2373784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.22/08/2013 - 06:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:58:27.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.22/02/2014 - 06:45:48.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/12/2013 - 05:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 00:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 09:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 08:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 05:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 06:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.498288DD5CA42C2D36D125893E968C53] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.18/03/2014 - 05:19:14.) -- C:\Windows\system32\Drivers\HDAudBus.sys [77312]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Driver de porta i8042.) (.22/08/2013 - 08:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 09:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.0696F66E4D423793951A60562F794D14] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.02/04/2014 - 23:23:05.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402432]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 08:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/03/2014 - 00:41:24.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Driver de porta paralela.) (.22/08/2013 - 08:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 08:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.14/11/2013 - 04:15:38.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.4BB9BC49DEE1A319EC58274A7BBED663] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/03/2014 - 09:42:44.) -- C:\Windows\system32\Drivers\volsnap.sys [310616]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/7
~ Mes musiques (My Musics) : 1/1356
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 2/10617
~ Mon Bureau (My Desktop) : 2/17
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 05s



---\\ Processos lançados
[MD5.4FBC630768570E6AC35C3DE8F6EC79F5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6970168] [PID.4432]
[MD5.A0EFD62D293126E60A56EA90AB9858E5] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [555048] [PID.1224]
[MD5.A2791CF11D1ED52DBCD75D2FFD4D50E7] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [178848] [PID.4556]
[MD5.2D32F0EF950AED6AD007D042676FD39E] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328064] [PID.4580]
[MD5.97432AB9F1B3B3E63E778C1E69E71E91] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [1124032] [PID.4956]
[MD5.A0012C1D9B8648C20C00202418B9D02F] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712] [PID.4484]
[MD5.29769215DEB6E8418EF3656B0423776E] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352] [PID.5204]
[MD5.B7BCA8A30CE13A283CDBDECEF5616C39] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192] [PID.6240]
[MD5.97202E9C0D86387888435470CCAF45BE] - (.ASUSTeK - ACEngSvr Module.) -- C:\Windows\SysWOW64\ACEngSvr.exe [192000] [PID.6640]
[MD5.48C3EBD6D5E52AFCB1A0FA9B7F9802FA] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.6160]
[MD5.449E6CD914920B84DDDF0F12880411EE] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224] [PID.6620]
[MD5.099E24D4FE2ADA03F648B470830BD382] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\d\AppData\Roaming\Dropbox\bin\Dropbox.exe [35464216] [PID.5928]
[MD5.1DE859B82E381A645C44284A5044BC33] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896] [PID.6736]
[MD5.1425E5356CA84583CBE65B456A0AE97A] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088] [PID.6400]
[MD5.DB0C938BC311B31CF90C13821AE682B3] - (.ASUSTeK Computer Inc. - ASUS Live Update.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1559936] [PID.3400]
[MD5.10F36FB8CD6218CD7F818268E0F3F9C6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.7132]
[MD5.02F8883595A2B3D7FFA11C71EAC68473] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.4036]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.6336]
[MD5.AAB9A24EC7199F18D588AA8BF705D345] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8084992] [PID.4972]
[MD5.D01D1B40EEF27F64B45165CE0ACDE6CD] - (.ASUSTek Computer Inc. - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [106880] [PID.1816]
[MD5.DBC598E47E7A382E60E2A4745D41FEF9] - (.ASUS - GFNEXSrv.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896] [PID.1848]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1672]
[MD5.6B73E94F9FE82D45781B8C8A09483082] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1772]
[MD5.809201993B2CD679194915D8F2AAB37A] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328] [PID.2064]
[MD5.E145E934392E7A49FDC6775AC3A347F8] - (.Intel Corporation - Intel(R) Rapid Start Technology Service.) -- C:\Windows\SysWOW64\irstrtsv.exe [193576] [PID.2244]
[MD5.78ABBE558F57144047F10A0F50FE4B2F] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720] [PID.2260]
[MD5.D84AEA3F3329D622DFC1297DDDF6163B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720] [PID.2280]
[MD5.4F45ED469906494F9BF754E476390DBD] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472] [PID.2468]
[MD5.903A40C958D471F9D30D29FA6D2800A4] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304] [PID.2512]
[MD5.BA443FEFCF0C7E0AE441E0F21CCBD715] - (.Beijing WatchData System Co., Ltd. - WatchSAFE Service 3.4.) -- C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe [75680] [PID.2704]
[MD5.03CD249A16CF815FFFD347DC61EF9E6D] - (.Atheros - Atheros Coex Service Application.) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584] [PID.2764]
[MD5.ABBECBCF1817D1158ED388460CCEE416] - (.GenTechnologies Apps, LLC - MovieMode Service.) -- C:\ProgramData\GRjPBCSHQ\JHKdiu.exe [2315632] [PID.2808] =>PUP.MovieMode
[MD5.AC68B12E9B314F708730FE0399791D9C] - (.ASUSTek Computer Inc. - HControl.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe [184704] [PID.4388]
[MD5.4F870EF9292559AB9DE6F31527A1DCBF] - (.ASUSTek Computer Inc. - KBFiltr.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe [113312] [PID.4896]
[MD5.397D14958D6C9C2B365469A857B2AC4E] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe [230792] [PID.6004]
[MD5.9656F8E29F6C3161A3E99BCD3A472FF9] - (.Intel Corporation - Intel(R) ME Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856] [PID.6968]
[MD5.2C24DC448DBE8DB9BE1441B824C57E79] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277824] [PID.4808]
[MD5.E1A119AD21F5AFE22EB516C549306D3D] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [365376] [PID.3380]
[MD5.35C4B10F6BE9D2A375F153895D046FC1] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048] [PID.6200]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
M2 - MFEP: Extension [d - ne03hk7r.default] {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
M2 - MFEP: Extension [d - vayrsjux.default] {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
~ BHO: 6 Legitimates Filtered in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [d]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\d\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 01s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [DptfPolicyLpmServiceHelper] C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe (.not file.)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [BtTray] . (.Qualcomm Atheros - BtTray.) -- C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
O4 - HKLM\..\Run: [BtvStack] . (.Atheros Communications - Bluetooth Stack Server.) -- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
O4 - HKLM\..\Run: [ACMON] . (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\d\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [HP Deskjet 3510 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [HP Deskjet 3510 series (NET) #2] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [ASUSPRP] . (.ASUSTek Computer Inc. - ASUS Product Register Program.) -- C:\Program Files (x86)\ASUS\APRP\APRP.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [ATLauncher] C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [ATUninstallIcon] C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
O4 - HKLM\..\Wow6432Node\Run: [PDFPrint] . (.Geek Software GmbH - PDF24 Creator.) -- C:\Program Files (x86)\PDF24\pdf24.exe
O4 - HKLM\..\Wow6432Node\Run: [wdbraz_certm] . (. Beijing WatchData System Co., Ltd. - WatchSAFE Background v3.4.) -- C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\d\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [HP Deskjet 3510 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [HP Deskjet 3510 series (NET) #2] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Chave orfã
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{281FB0FA-BD51-488F-A294-721D7AE5B3C0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7CDD4FC-5476-4B0F-98C4-795E4394DBED}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F59224A7-91B8-4652-993F-8A26B001420B}: DhcpNameServer = 201.17.128.109 201.17.128.103
O17 - HKLM\System\CS1\Services\Tcpip\..\{281FB0FA-BD51-488F-A294-721D7AE5B3C0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D7CDD4FC-5476-4B0F-98C4-795E4394DBED}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F59224A7-91B8-4652-993F-8A26B001420B}: DhcpNameServer = 201.17.128.109 201.17.128.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.128.109 201.17.128.103
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 340.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: JHKdiu (JHKdiu) . (.GenTechnologies Apps, LLC - MovieMode Service.) - C:\ProgramData\GRjPBCSHQ\JHKdiu.exe =>PUP.MovieMode
O23 - Service: Watchdata CCID Moniter v3.4 (WDBrazMonitor34) . (.Beijing WatchData System Co., Ltd. - WatchSAFE Service 3.4.) - C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe
~ Services: 25 Legitimates Filtered in 00mn 09s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1072]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1076]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1409651353-3477744269-1817149778-1002Core [1028]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1409651353-3477744269-1817149778-1002UA [1080]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 04s



---\\ Software instalados (042)
O42 - Logiciel: BBAdminTool - (.Watchdata Technologies Pte., Ltd..) [HKLM][64Bits] -- {95A34656-CD4A-45A0-BAB8-AB950EFCBEBF}
O42 - Logiciel: Guardião - Itaú 30 horas - (...) [HKLM][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: Postbox (3.0.11) - (.Postbox, Inc..) [HKLM][64Bits] -- Postbox (3.0.11)
~ Logic: 28 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\Postbox]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Postbox]
~ Key Software: 271 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/07/2014 - 17:24:46 - [] ----D C:\Program Files (x86)\Baidu-Security-2014-4.4.4.77147
O43 - CFD: 22/07/2014 - 14:12:42 - [] ----D C:\Program Files (x86)\Brazil
O43 - CFD: 01/08/2014 - 12:40:53 - [] ----D C:\Program Files (x86)\nada
O43 - CFD: 04/06/2014 - 12:00:38 - [] ----D C:\Program Files (x86)\Postbox
O43 - CFD: 01/07/2014 - 18:25:24 - [] ----D C:\ProgramData\gbas
O43 - CFD: 22/07/2014 - 14:12:43 - [] ----D C:\ProgramData\GRjPBCSHQ
O43 - CFD: 03/08/2014 - 10:36:18 - [] ----D C:\Users\d\AppData\Roaming\FreeFixer
O43 - CFD: 12/11/2013 - 16:46:44 - [] ----D C:\Users\d\AppData\Roaming\Postbox
O43 - CFD: 03/08/2014 - 10:36:18 - [] ----D C:\Users\d\AppData\Local\FreeFixer
O43 - CFD: 01/02/2014 - 19:17:25 - [] ----D C:\Users\d\AppData\Local\Postbox
~ Program Folder: 185 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.53A6F942A2EAA86D1E494BDEAD968DE0] - 01/08/2014 - 13:55:00 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [161438]
O44 - LFC:[MD5.7ACC6202B48AC5BE5B1335AD0FD0DC78] - 01/08/2014 - 13:55:00 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [782326]
O44 - LFC:[MD5.ED3FDFF34FA902AA174A4AA6F7C918E5] - 04/08/2014 - 12:31:14 ---A- . (...) -- C:\0408.txt [1324]
O44 - LFC:[MD5.092845FBDE00911AA5E56D32EDF9CA8C] - 04/08/2014 - 12:39:37 ---A- . (...) -- C:\040814.txt [1374]
O44 - LFC:[MD5.820C3E28E403333917EBD1353342557F] - 04/08/2014 - 15:48:18 ---A- . (...) -- C:\0408completo.txt [1424]
O44 - LFC:[MD5.F023145C721E0840D271052914C428ED] - 04/08/2014 - 15:57:01 ---A- . (...) -- C:\mw.txt [1462]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 04/08/2014 - 16:24:16 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.BDA9BFBEA21964B102022EBED4732A7C] - 04/08/2014 - 16:49:13 ---A- . (...) -- C:\zoek-results.log [24628]
O44 - LFC:[MD5.140E5D443072683B80E2DEBFD1E8D7B2] - 22/07/2014 - 15:57:57 ---A- . (...) -- C:\TDSSKiller.3.0.0.40_22.07.2014_15.56.19_log.txt [252132]
O44 - LFC:[MD5.93B21BC7C5FAE0FB68C5EBD1A91DA816] - 29/07/2014 - 09:38:28 ---A- . (...) -- C:\TDSSKiller.3.0.0.40_29.07.2014_09.37.28_log.txt [246658]
O44 - LFC:[MD5.592DE56E89F7BEA419E48C8AADD1FEE3] - 29/07/2014 - 11:19:51 ---A- . (...) -- C:\sc-cleaner.txt [1754]
~ Files: 37 Legitimates Filtered in 00mn 02s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:12/08/2013 - 20:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:02/08/2012 - 00:22:48 ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [14992]
O58 - SDL:22/08/2013 - 09:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:16/07/2014 - 10:05:55 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 76 Legitimates Filtered in 00mn 01s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.1C526C90611AFE2354D12F60FF3028D9] [SPRF][03/08/2014] (...) -- C:\ProgramData\1407074518.bdinstall.bin [213404]
[MD5.B299D1482CFCF54C702C43B7865A284E] [SPRF][03/08/2014] (...) -- C:\ProgramData\1407078107.bdinstall.bin [37689]
[MD5.284CFC184F64C135BDDA2A503BEF1697] [SPRF][03/08/2014] (...) -- C:\ProgramData\1407078109.bdinstall.bin [98609]
[MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (...) -- C:\ProgramData\SetStretch.exe [24576]
[MD5.3CF2C2F7FC07728536B532322AF61FF3] [SPRF][04/08/2014] (...) -- C:\Users\d\AppData\Roaming\sp_data.sys [408]
[MD5.405340FA354B90502508E8DAFF40E84D] [SPRF][31/07/2014] (...) -- C:\Users\d\AppData\Roaming\unins000.dat [48208]
[MD5.CA71C5755893DB3E394D3E9758BE56B3] [SPRF][03/08/2014] (...) -- C:\Users\d\Desktop\cc_20140803_113143.reg [12158]
~ Files: 7 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{966A4785-5028-453C-905F-367D78FBE471}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\d\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{780E8571-8A28-4340-AA2A-55BA872EFCFB}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\d\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 09/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 01/10/2013 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 11/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 11/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 08/07/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 23/07/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 12/06/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 11/09/2012 106880 | (ASLDRService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 09/10/2012 219776 | (AtherosSvc) . (.Qualcomm Atheros Commnucations.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 10/07/2014 3244048 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
SR - | Auto 10/07/2014 289328 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 26/06/2014 555048 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 30/07/2012 193576 | (irstrtsv) . (.Intel Corporation.) - C:\Windows\SysWOW64\irstrtsv.exe
SR - | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 13/07/2014 2315632 | (JHKdiu) . (.GenTechnologies Apps, LLC.) - C:\ProgramData\GRjPBCSHQ\JHKdiu.exe
SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 09/12/2013 1494304 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 09/12/2013 15129376 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 02/07/2014 935368 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe
SR - | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 24/03/2011 75680 | (WDBrazMonitor34) . (.Beijing WatchData System Co., Ltd..) - C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 09/10/2012 323584 | (ZAtheros Bt and Wlan Coex Agent) . (.Atheros.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
~ Services: Scanned in 00mn 06s



---\\ Scâner Aditional (088)
Database Version : 13026 - (03/08/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKLM\SYSTEM\CurrentControlSet\Services\JHKdiu] =>PUP.MovieMode^
C:\ProgramData\GRjPBCSHQ\JHKdiu.exe =>PUP.MovieMode^
~ Additionnel Scan: 301153 Items scanned in 00mn 26s



---\\ Informações complémentaires do módulos
~ [Você precisa estar registrado e conectado para ver este link.] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Browser Helper Objects do navegador (02)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s



~ 715 Legitimates filtered by white list
End of the scan (512 lines in 01mn 16s)(0)
avatar
stel2014
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 03/08/2014

Voltar ao Topo Ir em baixo

Re: movie mode

Mensagem por Power Max em Ter 05 Ago 2014, 09:03

 Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

Escolhendo Programas que Iniciam com o PC

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
______________________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.


Última edição por Power Max em Ter 05 Ago 2014, 12:34, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: movie mode

Mensagem por stel2014 em Ter 05 Ago 2014, 09:24

Run by d at 05/08/2014 09:23:19
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)

Reciclagem vazia (00mn 02s)
Reparação de atalhos do navegador

========== Processo memória ==========
ELIMINÉ: Memory Process: C:\ProgramData\GRjPBCSHQ\JHKdiu.exe

========== Chaves do Registo ==========
ELIMINÉ: Service: JHKdiu

========== Valores do Registo ==========
ELIMINÉ RunValue: DptfPolicyLpmServiceHelper
ELIMINÉ RunValue: ATLauncher
ELIMINÉ RunValue: ATUninstallIcon

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\programdata\grjpbcshq\jhkdiu.exe
ELIMINÉ:** c:\programdata\grjpbcshq\jhkdiu.exe
ELIMINÉ Temporários windows (144) (10.410.911 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Processo memória
1 : Chaves do Registo
3 : Valores do Registo
1 : Pastas
4 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 09s

========== Caminho do ficheiro do relatório ==========
C:\Users\d\AppData\Roaming\ZHP\ZHPFix[R1].txt - 05/08/2014 09:23:22 [1276]
avatar
stel2014
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 03/08/2014

Voltar ao Topo Ir em baixo

Re: movie mode

Mensagem por Power Max em Ter 05 Ago 2014, 09:27

Reinicie o PC para a limpeza ser completada.

Depois de reiniciar o computador, faça o seguinte:

Abra novamente o ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Você precisa estar registrado e conectado para ver esta imagem.]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: movie mode

Mensagem por stel2014 em Ter 05 Ago 2014, 09:40

~ Relatório do ZHPDiag v2014.8.3.113 - Nicolas Coolman (03/08/2014)
~ Iniciado por d (05/08/2014 09:36:47)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Endereço do Webforum : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
MFIE: Mozilla Firefox 31.0
GCIE: Google Chrome v36.0.1985.125 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8.1 Single Language, 64-bit (Build 9600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
AVG 2014 v14.0.4744
Malwarebytes Anti-Malware version 2.0.2.1012
Windows Defender W8 (Deactivate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader X
Java 7 Update 65

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8077 MB (65% free)
System Restore: Activé (Enable)
System drive C: has 249 GB (42%) free of 579 GB

---\\ Modo de conexão ao sistema
~ Computer Name: DANIAZZI
~ User Name: d
~ All Users Names: HomeGroupUser$, d, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\d\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\d\AppData\Roaming\
~ %Desktop% : C:\Users\d\Desktop\
~ %Favorites% : C:\Users\d\Favorites\
~ %LocalAppData% : C:\Users\d\AppData\Local\
~ %StartMenu% : C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 249 Go of 579 Go)
D: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 18 Go of 98 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Windows Explorer.) (.04/03/2014 - 09:25:49.) -- C:\Windows\Explorer.exe [2373784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.22/08/2013 - 06:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:58:27.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.22/02/2014 - 06:45:48.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/12/2013 - 05:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 00:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 09:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 08:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 05:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 06:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.498288DD5CA42C2D36D125893E968C53] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.18/03/2014 - 05:19:14.) -- C:\Windows\system32\Drivers\HDAudBus.sys [77312]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Driver de porta i8042.) (.22/08/2013 - 08:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 09:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.0696F66E4D423793951A60562F794D14] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.02/04/2014 - 23:23:05.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402432]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 08:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/03/2014 - 00:41:24.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Driver de porta paralela.) (.22/08/2013 - 08:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 08:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.14/11/2013 - 04:15:38.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.4BB9BC49DEE1A319EC58274A7BBED663] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/03/2014 - 09:42:44.) -- C:\Windows\system32\Drivers\volsnap.sys [310616]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/7
~ Mes musiques (My Musics) : 1/1356
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 2/10617
~ Mon Bureau (My Desktop) : 2/18
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 11s



---\\ Processos lançados
[MD5.4FBC630768570E6AC35C3DE8F6EC79F5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6970168] [PID.7648]
[MD5.29769215DEB6E8418EF3656B0423776E] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352] [PID.1984]
[MD5.2D32F0EF950AED6AD007D042676FD39E] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328064] [PID.7880]
[MD5.A2791CF11D1ED52DBCD75D2FFD4D50E7] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [178848] [PID.7332]
[MD5.97432AB9F1B3B3E63E778C1E69E71E91] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [1124032] [PID.4432]
[MD5.A0012C1D9B8648C20C00202418B9D02F] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712] [PID.5752]
[MD5.B7BCA8A30CE13A283CDBDECEF5616C39] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192] [PID.4668]
[MD5.48C3EBD6D5E52AFCB1A0FA9B7F9802FA] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.5732]
[MD5.97202E9C0D86387888435470CCAF45BE] - (.ASUSTeK - ACEngSvr Module.) -- C:\Windows\SysWOW64\ACEngSvr.exe [192000] [PID.8740]
[MD5.449E6CD914920B84DDDF0F12880411EE] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224] [PID.2892]
[MD5.099E24D4FE2ADA03F648B470830BD382] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\d\AppData\Roaming\Dropbox\bin\Dropbox.exe [35464216] [PID.1092]
[MD5.1DE859B82E381A645C44284A5044BC33] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896] [PID.1316]
[MD5.1425E5356CA84583CBE65B456A0AE97A] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088] [PID.5184]
[MD5.57A8250F3942BCB188E11D22CA42A249] - (.Postbox, Inc. - Postbox.) -- C:\Program Files (x86)\Postbox\postbox.exe [1081344] [PID.2912]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.5928]
[MD5.10F36FB8CD6218CD7F818268E0F3F9C6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.3952]
[MD5.02F8883595A2B3D7FFA11C71EAC68473] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.5596]
[MD5.DB0C938BC311B31CF90C13821AE682B3] - (.ASUSTeK Computer Inc. - ASUS Live Update.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1559936] [PID.600]
[MD5.AAB9A24EC7199F18D588AA8BF705D345] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8084992] [PID.7604]
[MD5.A0EFD62D293126E60A56EA90AB9858E5] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [555048] [PID.1224]
[MD5.D01D1B40EEF27F64B45165CE0ACDE6CD] - (.ASUSTek Computer Inc. - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [106880] [PID.1816]
[MD5.DBC598E47E7A382E60E2A4745D41FEF9] - (.ASUS - GFNEXSrv.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896] [PID.1848]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1672]
[MD5.6B73E94F9FE82D45781B8C8A09483082] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1772]
[MD5.809201993B2CD679194915D8F2AAB37A] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328] [PID.2064]
[MD5.E145E934392E7A49FDC6775AC3A347F8] - (.Intel Corporation - Intel(R) Rapid Start Technology Service.) -- C:\Windows\SysWOW64\irstrtsv.exe [193576] [PID.2244]
[MD5.78ABBE558F57144047F10A0F50FE4B2F] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720] [PID.2260]
[MD5.D84AEA3F3329D622DFC1297DDDF6163B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720] [PID.2280]
[MD5.4F45ED469906494F9BF754E476390DBD] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472] [PID.2468]
[MD5.903A40C958D471F9D30D29FA6D2800A4] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304] [PID.2512]
[MD5.BA443FEFCF0C7E0AE441E0F21CCBD715] - (.Beijing WatchData System Co., Ltd. - WatchSAFE Service 3.4.) -- C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe [75680] [PID.2704]
[MD5.03CD249A16CF815FFFD347DC61EF9E6D] - (.Atheros - Atheros Coex Service Application.) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584] [PID.2764]
[MD5.397D14958D6C9C2B365469A857B2AC4E] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe [230792] [PID.6004]
[MD5.9656F8E29F6C3161A3E99BCD3A472FF9] - (.Intel Corporation - Intel(R) ME Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856] [PID.6968]
[MD5.2C24DC448DBE8DB9BE1441B824C57E79] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277824] [PID.4808]
[MD5.E1A119AD21F5AFE22EB516C549306D3D] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [365376] [PID.3380]
[MD5.35C4B10F6BE9D2A375F153895D046FC1] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048] [PID.6200]
[MD5.AC68B12E9B314F708730FE0399791D9C] - (.ASUSTek Computer Inc. - HControl.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe [184704] [PID.7836]
[MD5.4F870EF9292559AB9DE6F31527A1DCBF] - (.ASUSTek Computer Inc. - KBFiltr.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe [113312] [PID.6904]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 17 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
M2 - MFEP: Extension [d - ne03hk7r.default] {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
M2 - MFEP: Extension [d - vayrsjux.default] {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
~ BHO: 6 Legitimates Filtered in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [d]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\d\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 02s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [BtTray] . (.Qualcomm Atheros - BtTray.) -- C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
O4 - HKLM\..\Run: [BtvStack] . (.Atheros Communications - Bluetooth Stack Server.) -- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
O4 - HKLM\..\Run: [ACMON] . (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\d\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [HP Deskjet 3510 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [HP Deskjet 3510 series (NET) #2] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [ASUSPRP] . (.ASUSTek Computer Inc. - ASUS Product Register Program.) -- C:\Program Files (x86)\ASUS\APRP\APRP.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
O4 - HKLM\..\Wow6432Node\Run: [PDFPrint] . (.Geek Software GmbH - PDF24 Creator.) -- C:\Program Files (x86)\PDF24\pdf24.exe
O4 - HKLM\..\Wow6432Node\Run: [wdbraz_certm] . (. Beijing WatchData System Co., Ltd. - WatchSAFE Background v3.4.) -- C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\d\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [HP Deskjet 3510 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1409651353-3477744269-1817149778-1002\..\Run: [HP Deskjet 3510 series (NET) #2] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Chave orfã
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{281FB0FA-BD51-488F-A294-721D7AE5B3C0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7CDD4FC-5476-4B0F-98C4-795E4394DBED}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F59224A7-91B8-4652-993F-8A26B001420B}: DhcpNameServer = 201.17.128.109 201.17.128.103
O17 - HKLM\System\CS1\Services\Tcpip\..\{281FB0FA-BD51-488F-A294-721D7AE5B3C0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D7CDD4FC-5476-4B0F-98C4-795E4394DBED}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F59224A7-91B8-4652-993F-8A26B001420B}: DhcpNameServer = 201.17.128.109 201.17.128.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.128.109 201.17.128.103
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 340.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: Watchdata CCID Moniter v3.4 (WDBrazMonitor34) . (.Beijing WatchData System Co., Ltd. - WatchSAFE Service 3.4.) - C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe
~ Services: 24 Legitimates Filtered in 00mn 09s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1072]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1076]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1409651353-3477744269-1817149778-1002Core [1028]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1409651353-3477744269-1817149778-1002UA [1080]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 04s



---\\ Software instalados (042)
O42 - Logiciel: BBAdminTool - (.Watchdata Technologies Pte., Ltd..) [HKLM][64Bits] -- {95A34656-CD4A-45A0-BAB8-AB950EFCBEBF}
O42 - Logiciel: Guardião - Itaú 30 horas - (...) [HKLM][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: Postbox (3.0.11) - (.Postbox, Inc..) [HKLM][64Bits] -- Postbox (3.0.11)
~ Logic: 28 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\Postbox]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Postbox]
~ Key Software: 272 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/07/2014 - 14:12:42 - [] ----D C:\Program Files (x86)\Brazil
O43 - CFD: 01/08/2014 - 12:40:53 - [] ----D C:\Program Files (x86)\nada
O43 - CFD: 04/06/2014 - 12:00:38 - [] ----D C:\Program Files (x86)\Postbox
O43 - CFD: 01/07/2014 - 18:25:24 - [] ----D C:\ProgramData\gbas
O43 - CFD: 05/08/2014 - 09:23:18 - [] ----D C:\ProgramData\GRjPBCSHQ
O43 - CFD: 03/08/2014 - 10:36:18 - [] ----D C:\Users\d\AppData\Roaming\FreeFixer
O43 - CFD: 12/11/2013 - 16:46:44 - [] ----D C:\Users\d\AppData\Roaming\Postbox
O43 - CFD: 03/08/2014 - 10:36:18 - [] ----D C:\Users\d\AppData\Local\FreeFixer
O43 - CFD: 05/08/2014 - 09:04:52 - [] ----D C:\Users\d\AppData\Local\MovieMode =>PUP.MovieMode
O43 - CFD: 01/02/2014 - 19:17:25 - [] ----D C:\Users\d\AppData\Local\Postbox
~ Program Folder: 187 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.53A6F942A2EAA86D1E494BDEAD968DE0] - 01/08/2014 - 13:55:00 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [161438]
O44 - LFC:[MD5.7ACC6202B48AC5BE5B1335AD0FD0DC78] - 01/08/2014 - 13:55:00 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [782326]
O44 - LFC:[MD5.ED3FDFF34FA902AA174A4AA6F7C918E5] - 04/08/2014 - 12:31:14 ---A- . (...) -- C:\0408.txt [1324]
O44 - LFC:[MD5.092845FBDE00911AA5E56D32EDF9CA8C] - 04/08/2014 - 12:39:37 ---A- . (...) -- C:\040814.txt [1374]
O44 - LFC:[MD5.820C3E28E403333917EBD1353342557F] - 04/08/2014 - 15:48:18 ---A- . (...) -- C:\0408completo.txt [1424]
O44 - LFC:[MD5.F023145C721E0840D271052914C428ED] - 04/08/2014 - 15:57:01 ---A- . (...) -- C:\mw.txt [1462]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 04/08/2014 - 16:24:16 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.BDA9BFBEA21964B102022EBED4732A7C] - 04/08/2014 - 16:49:13 ---A- . (...) -- C:\zoek-results.log [24628]
O44 - LFC:[MD5.140E5D443072683B80E2DEBFD1E8D7B2] - 22/07/2014 - 15:57:57 ---A- . (...) -- C:\TDSSKiller.3.0.0.40_22.07.2014_15.56.19_log.txt [252132]
O44 - LFC:[MD5.93B21BC7C5FAE0FB68C5EBD1A91DA816] - 29/07/2014 - 09:38:28 ---A- . (...) -- C:\TDSSKiller.3.0.0.40_29.07.2014_09.37.28_log.txt [246658]
O44 - LFC:[MD5.592DE56E89F7BEA419E48C8AADD1FEE3] - 29/07/2014 - 11:19:51 ---A- . (...) -- C:\sc-cleaner.txt [1754]
~ Files: 37 Legitimates Filtered in 00mn 12s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:12/08/2013 - 20:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:02/08/2012 - 00:22:48 ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [14992]
O58 - SDL:22/08/2013 - 09:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:16/07/2014 - 10:05:55 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 76 Legitimates Filtered in 00mn 05s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.1C526C90611AFE2354D12F60FF3028D9] [SPRF][03/08/2014] (...) -- C:\ProgramData\1407074518.bdinstall.bin [213404]
[MD5.B299D1482CFCF54C702C43B7865A284E] [SPRF][03/08/2014] (...) -- C:\ProgramData\1407078107.bdinstall.bin [37689]
[MD5.284CFC184F64C135BDDA2A503BEF1697] [SPRF][03/08/2014] (...) -- C:\ProgramData\1407078109.bdinstall.bin [98609]
[MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (...) -- C:\ProgramData\SetStretch.exe [24576]
[MD5.3CF2C2F7FC07728536B532322AF61FF3] [SPRF][05/08/2014] (...) -- C:\Users\d\AppData\Roaming\sp_data.sys [408]
[MD5.405340FA354B90502508E8DAFF40E84D] [SPRF][31/07/2014] (...) -- C:\Users\d\AppData\Roaming\unins000.dat [48208]
[MD5.CA71C5755893DB3E394D3E9758BE56B3] [SPRF][03/08/2014] (...) -- C:\Users\d\Desktop\cc_20140803_113143.reg [12158]
~ Files: 7 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{966A4785-5028-453C-905F-367D78FBE471}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\d\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{780E8571-8A28-4340-AA2A-55BA872EFCFB}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\d\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 09/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 01/10/2013 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 11/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 11/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 08/07/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 23/07/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 12/06/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 11/09/2012 106880 | (ASLDRService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 09/10/2012 219776 | (AtherosSvc) . (.Qualcomm Atheros Commnucations.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 10/07/2014 3244048 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
SR - | Auto 10/07/2014 289328 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 26/06/2014 555048 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 30/07/2012 193576 | (irstrtsv) . (.Intel Corporation.) - C:\Windows\SysWOW64\irstrtsv.exe
SR - | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 09/12/2013 1494304 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 09/12/2013 15129376 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 02/07/2014 935368 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe
SR - | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 24/03/2011 75680 | (WDBrazMonitor34) . (.Beijing WatchData System Co., Ltd..) - C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 09/10/2012 323584 | (ZAtheros Bt and Wlan Coex Agent) . (.Atheros.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
~ Services: Scanned in 00mn 06s



---\\ Scâner Aditional (088)
Database Version : 13026 - (03/08/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 0

[HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
C:\Users\d\AppData\Local\MovieMode =>PUP.MovieMode^
C:\ProgramData\AVG Secure Search =>Toolbar.AVGSearch
C:\ProgramData\AVG Security Toolbar =>Toolbar.AVGSearch
~ Additionnel Scan: 301256 Items scanned in 00mn 26s



---\\ Informações complémentaires do módulos
~ [Você precisa estar registrado e conectado para ver este link.] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Browser Helper Objects do navegador (02)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s



~ 717 Legitimates filtered by white list
End of the scan (509 lines in 01mn 36s)(0)
avatar
stel2014
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 03/08/2014

Voltar ao Topo Ir em baixo

Re: movie mode

Mensagem por stel2014 em Ter 05 Ago 2014, 09:48

acho que deu certo, power max
  :rindo_atoa: 
avatar
stel2014
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 03/08/2014

Voltar ao Topo Ir em baixo

Re: movie mode

Mensagem por Power Max em Ter 05 Ago 2014, 09:54

 Ainda há programas desnecessários iniciando junto com o Windows. Para corrigir isto, seria importante seguir aquele tutorial que te passei.
______________________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.


Última edição por Power Max em Ter 05 Ago 2014, 12:34, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: movie mode

Mensagem por stel2014 em Ter 05 Ago 2014, 09:57

Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by d at 05/08/2014 09:56:16
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)

Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (17) (98.880 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 05s

========== Caminho do ficheiro do relatório ==========
C:\Users\d\AppData\Roaming\ZHP\ZHPFix[R1].txt - 05/08/2014 09:23:22 [1352]
C:\Users\d\AppData\Roaming\ZHP\ZHPFix[R2].txt - 05/08/2014 09:56:20 [845]
avatar
stel2014
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 03/08/2014

Voltar ao Topo Ir em baixo

Re: movie mode

Mensagem por Power Max em Ter 05 Ago 2014, 09:59

Baixe o Farbar Recovery Scan Tool e salve-o no Desktop (Área de Trabalho)

Obs: Ao acessar o link acima, clique no botão Download Now 64-Bit Version

Execute o Farbar seguindo as dicas deste tutorial:

Analise importantes áreas do Windows com Farbar Recovery Scan Tool (versão 64 bits)

*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt

Poste estes dois relatórios em sua próxima resposta. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: movie mode

Mensagem por stel2014 em Ter 05 Ago 2014, 10:13

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by d (administrator) on D on 05-08-2014 10:06:38
Running from C:\Users\d\Downloads
Platform: Windows 8.1 Single Language (X64) OS Language: Português (Brasil)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: [Você precisa estar registrado e conectado para ver este link.]
Download link for 64-Bit Version: [Você precisa estar registrado e conectado para ver este link.]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Você precisa estar registrado e conectado para ver este link.]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Beijing WatchData System Co., Ltd.) C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(Dropbox, Inc.) C:\Users\d\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
(Nicolas Coolman) C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Postbox, Inc.) C:\Program Files (x86)\Postbox\postbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\d\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-10-09] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-09] (Atheros Communications)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-12-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2688920 2014-05-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH)
HKLM-x32\...\Run: [wdbraz_certm] => C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe [57488 2011-03-29] ( Beijing WatchData System Co., Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-07-10] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginBb-x32: C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
Winlogon\Notify\ GbPluginUni-x32: C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
HKU\S-1-5-21-1409651353-3477744269-1817149778-1002\...\Run: [Google Update] => C:\Users\d\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-18] (Google Inc.)
HKU\S-1-5-21-1409651353-3477744269-1817149778-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1409651353-3477744269-1817149778-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1409651353-3477744269-1817149778-1002\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1409651353-3477744269-1817149778-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1409651353-3477744269-1817149778-1002\...\Run: [HP Deskjet 3510 series (NET) #2] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\d\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk
ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\d\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\d\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\d\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\d\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\d\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\d\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\d\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\d\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\d\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\d\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\d\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\d\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\d\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Você precisa estar registrado e conectado para ver este link.]
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = [Você precisa estar registrado e conectado para ver este link.]
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = [Você precisa estar registrado e conectado para ver este link.]
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1746984 2014-06-26] (Banco do Brasil)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1586744 2014-05-05] (Banco Itaú Unibanco)
Tcpip\Parameters: [DhcpNameServer] 201.17.128.109 201.17.128.103

FireFox:
========
FF ProfilePath: C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\vayrsjux.default
FF NewTab: [Você precisa estar registrado e conectado para ver este link.]
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: [Você precisa estar registrado e conectado para ver este link.]
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\d\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\d\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\d\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\d\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: gastecnologia.com.br/sf/bb - C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
FF Plugin HKCU: gastecnologia.com.br/sf/uni - C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)
FF Plugin ProgramFiles/Appdata: C:\Users\d\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\d\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-br.xml
FF Extension: Firebug - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\vayrsjux.default\Extensions\firebug@software.joehewitt.com.xpi [2014-07-27]
FF Extension: Adblock Plus - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\vayrsjux.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-28]
FF HKCU\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
FF Extension: No Name - C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2014-05-21]
FF HKCU\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\uni\xpi
FF Extension: Guardião - Itaú 30 horas - C:\Users\d\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-07-31]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-11]
CHR Extension: (Google Drive) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-11]
CHR Extension: (YouTube) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-11]
CHR Extension: (Pesquisa do Google) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-11]
CHR Extension: (AdBlock) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-05]
CHR Extension: (Google Wallet) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-11]
CHR Extension: (Gmail) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-11]

continua
avatar
stel2014
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 03/08/2014

Voltar ao Topo Ir em baixo

Re: movie mode

Mensagem por stel2014 em Ter 05 Ago 2014, 10:14

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [219776 2012-10-09] (Qualcomm Atheros Commnucations)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-07-10] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-07-10] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [555048 2014-06-26] (GAS Tecnologia)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
R2 WDBrazMonitor34; C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe [75680 2011-03-24] (Beijing WatchData System Co., Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-09] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-09] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-05 10:06 - 2014-08-05 10:06 - 00029553 _____ () C:\Users\d\Downloads\FRST.txt
2014-08-05 10:06 - 2014-08-05 10:06 - 00000000 ___DC () C:\FRST
2014-08-05 10:05 - 2014-08-05 10:05 - 02094080 ____C (Farbar) C:\Users\d\Downloads\FRST64.exe
2014-08-05 10:05 - 2014-08-05 10:05 - 00038932 _____ () C:\Users\d\Desktop\ZHPDiag.txt
2014-08-05 09:23 - 2014-08-05 09:56 - 00000920 _____ () C:\Users\d\Desktop\ZHPFixReport.txt
2014-08-04 18:05 - 2014-08-05 09:07 - 00000000 ____D () C:\Users\Todos os Usuários\AVG Security Toolbar
2014-08-04 18:05 - 2014-08-05 09:07 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-08-04 18:04 - 2014-08-04 18:04 - 00000000 ____D () C:\Users\Todos os Usuários\AVG Secure Search
2014-08-04 18:04 - 2014-08-04 18:04 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-08-04 17:22 - 2014-08-04 17:22 - 00000626 _____ () C:\Users\d\Desktop\JRT.txt
2014-08-04 17:15 - 2014-08-04 17:15 - 01016261 ____C (Thisisu) C:\Users\d\Downloads\JRT(1).exe
2014-08-04 16:47 - 2014-08-04 16:24 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-08-04 16:25 - 2014-08-04 16:49 - 00024628 ____C () C:\zoek-results.log
2014-08-04 16:23 - 2014-08-04 16:23 - 01288704 ____C () C:\Users\d\Downloads\zoek.exe
2014-08-04 15:57 - 2014-08-04 15:57 - 00001462 ____C () C:\mw.txt
2014-08-04 15:48 - 2014-08-04 15:48 - 00001424 ____C () C:\0408completo.txt
2014-08-04 12:39 - 2014-08-04 12:39 - 00001374 ____C () C:\040814.txt
2014-08-04 12:31 - 2014-08-04 12:31 - 00001324 ____C () C:\0408.txt
2014-08-04 11:31 - 2014-08-04 11:31 - 00002009 _____ () C:\Users\d\Desktop\ZHPFix.lnk
2014-08-04 11:31 - 2014-08-04 11:31 - 00001878 _____ () C:\Users\d\Desktop\ZHPDiag.lnk
2014-08-04 11:31 - 2014-08-04 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-08-03 20:38 - 2014-08-04 12:13 - 00000000 ___DC () C:\AdwCleaner
2014-08-03 20:37 - 2014-08-03 20:38 - 01361309 _____ () C:\Users\d\Downloads\AdwCleaner.exe
2014-08-03 18:50 - 2014-08-03 18:50 - 00001220 _____ () C:\Users\d\Desktop\Format Factory.lnk
2014-08-03 18:50 - 2014-08-03 18:50 - 00000000 ____D () C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-08-03 18:31 - 2014-08-03 18:41 - 53580025 _____ () C:\Users\d\Downloads\FFSetup3.3.5.0.zip
2014-08-03 16:24 - 2014-08-04 11:31 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-08-03 16:23 - 2014-08-03 16:24 - 06858013 _____ (Nicolas Coolman ) C:\Users\d\Downloads\ZHPDiag2.exe
2014-08-03 16:13 - 2014-08-05 10:04 - 00000000 ____D () C:\Users\d\AppData\Roaming\ZHP
2014-08-03 16:13 - 2014-08-03 20:20 - 00000000 ____D () C:\Program Files (x86)\ZHPFix
2014-08-03 16:12 - 2014-08-03 16:12 - 03522039 _____ (Nicolas Coolman ) C:\Users\d\Downloads\ZHPFix.exe
2014-08-03 13:16 - 2014-08-05 10:02 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 13:15 - 2014-08-03 13:15 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-03 13:15 - 2014-08-03 13:15 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2014-08-03 13:15 - 2014-08-03 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-03 13:15 - 2014-08-03 13:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-03 13:15 - 2014-08-03 13:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-03 13:15 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-03 13:15 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-08-03 13:15 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-03 13:13 - 2014-08-03 13:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\d\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-03 12:54 - 2014-08-05 10:05 - 00163269 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-03 12:09 - 2014-08-03 12:09 - 00000000 ____D () C:\Users\d\AppData\Roaming\AVG2014
2014-08-03 12:08 - 2014-08-03 12:08 - 00001001 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-03 12:08 - 2014-08-03 12:08 - 00000000 ____D () C:\Users\d\AppData\Roaming\TuneUp Software
2014-08-03 12:08 - 2014-08-03 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-03 12:07 - 2014-08-03 12:26 - 00000000 ____D () C:\Users\Todos os Usuários\AVG2014
2014-08-03 12:07 - 2014-08-03 12:26 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-03 12:07 - 2014-08-03 12:07 - 00000000 __HDC () C:\$AVG
2014-08-03 12:07 - 2014-08-03 12:07 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-08-03 12:05 - 2014-08-05 09:08 - 00000000 ____D () C:\Users\Todos os Usuários\MFAData
2014-08-03 12:05 - 2014-08-05 09:08 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-03 12:05 - 2014-08-03 12:11 - 00000000 ____D () C:\Users\d\AppData\Local\Avg2014
2014-08-03 12:05 - 2014-08-03 12:05 - 00000000 ____D () C:\Users\d\AppData\Local\MFAData
2014-08-03 12:02 - 2014-08-03 12:02 - 00098609 _____ () C:\Users\Todos os Usuários\1407078109.bdinstall.bin
2014-08-03 12:02 - 2014-08-03 12:02 - 00098609 _____ () C:\ProgramData\1407078109.bdinstall.bin
2014-08-03 12:01 - 2014-08-03 12:01 - 04755832 _____ (AVG Technologies) C:\Users\d\Downloads\avg_free_stb_pb_2014_4744_free.exe
2014-08-03 12:01 - 2014-08-03 12:01 - 00037689 _____ () C:\Users\Todos os Usuários\1407078107.bdinstall.bin
2014-08-03 12:01 - 2014-08-03 12:01 - 00037689 _____ () C:\ProgramData\1407078107.bdinstall.bin
2014-08-03 11:43 - 2014-08-05 09:59 - 00172760 _____ () C:\WINDOWS\PFRO.log
2014-08-03 11:31 - 2014-08-03 11:32 - 00012158 _____ () C:\Users\d\Desktop\cc_20140803_113143.reg
2014-08-03 11:21 - 2014-08-03 11:21 - 04813544 _____ (Piriform Ltd) C:\Users\d\Downloads\ccsetup416.exe
2014-08-03 11:05 - 2014-08-03 11:05 - 00213404 _____ () C:\Users\Todos os Usuários\1407074518.bdinstall.bin
2014-08-03 11:05 - 2014-08-03 11:05 - 00213404 _____ () C:\ProgramData\1407074518.bdinstall.bin
2014-08-03 11:04 - 2014-08-03 11:04 - 00000000 ____D () C:\WINDOWS\LastGood
2014-08-03 11:01 - 2014-08-03 11:02 - 00000000 ____D () C:\Users\d\AppData\Roaming\QuickScan
2014-08-03 10:59 - 2014-01-19 04:38 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-08-03 10:36 - 2014-08-03 11:33 - 00000000 ____D () C:\Program Files\FreeFixer
2014-08-03 10:36 - 2014-08-03 10:36 - 00000000 ____D () C:\Users\d\AppData\Roaming\FreeFixer
2014-08-03 10:36 - 2014-08-03 10:36 - 00000000 ____D () C:\Users\d\AppData\Local\FreeFixer
2014-08-01 17:41 - 2014-08-01 17:41 - 00000174 ____C () C:\Users\d\Desktop\255598834._hide.mp4
2014-08-01 15:49 - 2014-08-01 17:25 - 00000174 ____C () C:\Users\d\Desktop\255598834.mp4
2014-07-31 14:51 - 2014-07-31 15:04 - 00048208 _____ () C:\Users\d\AppData\Roaming\unins000.dat
2014-07-30 13:59 - 2014-07-30 15:46 - 3251977696 _____ () C:\Users\d\Downloads\h264.mp4
2014-07-29 15:11 - 2014-07-29 15:11 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2014-07-29 15:11 - 2014-07-29 15:11 - 00000000 ____D () C:\WINDOWS\system32\NV
2014-07-29 15:09 - 2014-07-29 15:10 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-07-29 15:08 - 2014-07-02 17:48 - 31512520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 24196896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 22994208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 18626304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 17555104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 16122344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 15294296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 13922752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 13835208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 12866008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-07-29 15:08 - 2014-07-02 17:48 - 11283344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 11222048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 04247000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 03989960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 01890080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434052.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 01539928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434052.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 00944928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 00907096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 00903624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 00869152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 00354016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 00305600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2014-07-29 15:08 - 2014-07-02 17:48 - 00032544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2014-07-29 11:23 - 2014-08-03 17:37 - 00000000 ___DC () C:\zoek_backup
2014-07-29 11:22 - 2014-07-29 11:23 - 04102729 _____ () C:\Users\d\Downloads\zoek.zip
2014-07-29 11:19 - 2014-07-29 11:19 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\d\Downloads\sc-cleaner.exe
2014-07-29 11:19 - 2014-07-29 11:19 - 00001754 ____C () C:\sc-cleaner.txt
2014-07-29 11:11 - 2014-07-29 11:12 - 00025600 ___SH () C:\Users\d\AppData\Local\Thumbs.db
2014-07-29 10:02 - 2014-07-29 10:02 - 00001534 _____ () C:\Users\d\Desktop\firefox.lnk
2014-07-29 09:59 - 2014-07-29 10:00 - 00001836 _____ () C:\Users\d\Desktop\chrome.lnk
2014-07-28 11:31 - 2014-07-28 11:31 - 00179200 _____ () C:\Users\d\Desktop\LEIC - Captação 2014 - Relação dos projetos captados - detalhamento incentivador.xls
2014-07-27 19:10 - 2014-07-27 20:34 - 577460504 _____ () C:\Users\d\Desktop\239129619.mp4
2014-07-25 12:08 - 2014-07-25 12:08 - 00004239 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-25 12:08 - 2014-07-25 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-25 12:08 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-25 12:08 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-25 12:08 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-25 12:08 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-23 12:32 - 2014-07-23 12:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-22 15:54 - 2014-07-22 15:56 - 00005532 _____ () C:\Users\d\Desktop\Rkill.txt
2014-07-22 15:53 - 2014-07-22 15:53 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\d\Downloads\tdsskiller.exe
2014-07-22 15:52 - 2014-07-22 15:53 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\d\Downloads\rkill.exe
2014-07-22 15:36 - 2014-07-22 15:36 - 01016261 _____ (Thisisu) C:\Users\d\Downloads\JRT.exe
2014-07-19 16:22 - 2014-07-19 16:22 - 00000000 ____D () C:\Users\Public\Documents\Baidu
2014-07-19 16:18 - 2014-07-19 16:18 - 04161313 _____ () C:\Users\d\Downloads\tdsskiller.zip
2014-07-19 13:57 - 2014-07-19 13:57 - 00000000 ____D () C:\Users\d\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2014-07-19 11:57 - 2014-07-19 11:57 - 00000000 ____D () C:\Users\d\AppData\Roaming\LavasoftStatistics
2014-07-19 11:55 - 2014-07-19 11:55 - 00000000 ____D () C:\Program Files\Lavasoft
2014-07-19 11:52 - 2014-07-19 11:52 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-07-19 11:50 - 2014-07-19 11:50 - 00000000 ____D () C:\Users\Todos os Usuários\Lavasoft
2014-07-19 11:50 - 2014-07-19 11:50 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-07-18 13:05 - 2014-07-22 14:12 - 00000000 ____D () C:\Users\Todos os Usuários\HitmanPro
2014-07-18 13:05 - 2014-07-22 14:12 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-18 11:37 - 2014-07-18 11:37 - 00000680 ____C () C:\DelFix.txt
2014-07-16 10:09 - 2014-08-01 12:40 - 00000000 ____D () C:\Program Files (x86)\nada
2014-07-16 10:02 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-16 09:37 - 2014-07-16 09:37 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-16 09:37 - 2014-07-16 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-16 09:36 - 2014-07-16 09:37 - 00000000 ____D () C:\Users\Todos os Usuários\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-16 09:36 - 2014-07-16 09:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-16 09:36 - 2014-07-16 09:37 - 00000000 ____D () C:\Program Files\iTunes
2014-07-16 09:36 - 2014-07-16 09:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-16 09:36 - 2014-07-16 09:36 - 00000000 ____D () C:\Program Files\iPod
2014-07-10 10:21 - 2014-04-14 00:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-10 10:20 - 2014-07-10 10:20 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-10 10:16 - 2014-06-16 19:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-10 10:16 - 2014-06-16 19:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-10 10:16 - 2014-06-06 11:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-10 10:16 - 2014-05-30 00:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-10 10:15 - 2014-06-18 22:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-10 10:15 - 2014-06-18 21:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-10 10:15 - 2014-06-18 21:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-10 10:15 - 2014-06-18 21:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-10 10:15 - 2014-06-18 20:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-10 10:15 - 2014-06-18 20:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-10 10:15 - 2014-06-18 20:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-10 10:15 - 2014-06-18 20:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-10 10:15 - 2014-06-18 20:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-10 10:15 - 2014-06-18 20:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-10 10:15 - 2014-06-18 20:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-10 10:15 - 2014-06-18 20:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-10 10:15 - 2014-06-18 20:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-10 10:15 - 2014-06-18 19:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-10 10:15 - 2014-06-18 19:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-10 10:15 - 2014-06-18 19:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-10 10:15 - 2014-06-18 19:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-10 10:15 - 2014-06-18 19:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-10 10:15 - 2014-06-18 19:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-10 10:15 - 2014-06-18 19:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-10 10:15 - 2014-06-18 19:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-10 10:15 - 2014-06-18 19:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-10 10:15 - 2014-06-18 19:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-10 10:15 - 2014-06-18 19:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-10 10:15 - 2014-06-18 19:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-10 10:15 - 2014-06-18 19:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-10 10:15 - 2014-06-18 19:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-10 10:15 - 2014-05-29 09:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-10 10:15 - 2014-05-29 04:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-10 10:15 - 2014-05-29 03:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-10 10:15 - 2014-05-29 03:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-10 10:15 - 2014-05-29 02:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-10 10:15 - 2014-05-29 02:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-10 10:14 - 2014-06-30 19:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-10 10:14 - 2014-06-28 04:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-10 10:14 - 2014-06-28 04:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-10 10:14 - 2014-06-06 10:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-10 10:14 - 2014-06-06 09:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-10 10:13 - 2014-05-31 07:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-10 10:13 - 2014-05-31 07:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-10 10:13 - 2014-05-31 00:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-10 10:13 - 2014-05-31 00:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-10 10:13 - 2014-05-31 00:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 10:13 - 2014-05-31 00:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-10 10:13 - 2014-05-31 00:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-10 10:13 - 2014-05-31 00:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 10:13 - 2014-05-30 23:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-10 10:13 - 2014-05-30 23:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-10 10:13 - 2014-05-30 23:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-10 10:13 - 2014-05-30 23:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-10 10:13 - 2014-05-30 23:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-10 10:13 - 2014-05-30 23:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-10 10:13 - 2014-05-30 23:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-10 10:10 - 2014-07-10 10:10 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-05 10:06 - 2014-08-05 10:06 - 00029553 _____ () C:\Users\d\Downloads\FRST.txt
2014-08-05 10:06 - 2014-08-05 10:06 - 00000000 ___DC () C:\FRST
2014-08-05 10:05 - 2014-08-05 10:05 - 02094080 ____C (Farbar) C:\Users\d\Downloads\FRST64.exe
2014-08-05 10:05 - 2014-08-05 10:05 - 00038932 _____ () C:\Users\d\Desktop\ZHPDiag.txt
2014-08-05 10:05 - 2014-08-03 12:54 - 00163269 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-05 10:04 - 2014-08-03 16:13 - 00000000 ____D () C:\Users\d\AppData\Roaming\ZHP
2014-08-05 10:03 - 2014-03-11 16:40 - 00000000 ___RD () C:\Users\d\Dropbox
2014-08-05 10:03 - 2014-03-11 16:35 - 00000000 ____D () C:\Users\d\AppData\Roaming\Dropbox
2014-08-05 10:03 - 2013-11-12 17:19 - 00000000 ____D () C:\Users\d\AppData\Roaming\Skype
2014-08-05 10:02 - 2014-08-03 13:16 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-05 10:02 - 2014-01-31 14:48 - 00000000 __RDO () C:\Users\d\SkyDrive
2014-08-05 10:02 - 2013-11-11 18:55 - 00001072 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-05 10:02 - 2013-11-11 18:42 - 00000408 _____ () C:\Users\d\AppData\Roaming\sp_data.sys
2014-08-05 09:59 - 2014-08-03 11:43 - 00172760 _____ () C:\WINDOWS\PFRO.log
2014-08-05 09:59 - 2013-08-22 11:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-05 09:58 - 2013-11-18 09:25 - 00001080 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1409651353-3477744269-1817149778-1002UA.job
2014-08-05 09:58 - 2013-08-22 10:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-05 09:56 - 2014-08-05 09:23 - 00000920 _____ () C:\Users\d\Desktop\ZHPFixReport.txt
2014-08-05 09:54 - 2014-02-25 10:59 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0F28CCBE-EB7A-4169-974A-3EA2C294A702}
2014-08-05 09:52 - 2013-11-11 18:55 - 00001076 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-05 09:45 - 2013-11-11 18:49 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1409651353-3477744269-1817149778-1002
2014-08-05 09:41 - 2013-08-22 12:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-05 09:24 - 2013-11-19 10:23 - 00000000 ____D () C:\Users\Todos os Usuários\GAS Tecnologia
2014-08-05 09:24 - 2013-11-19 10:23 - 00000000 ____D () C:\ProgramData\GAS Tecnologia
2014-08-05 09:10 - 2013-11-19 10:42 - 00000902 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-05 09:08 - 2014-08-03 12:05 - 00000000 ____D () C:\Users\Todos os Usuários\MFAData
2014-08-05 09:08 - 2014-08-03 12:05 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-05 09:07 - 2014-08-04 18:05 - 00000000 ____D () C:\Users\Todos os Usuários\AVG Security Toolbar
2014-08-05 09:07 - 2014-08-04 18:05 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-08-05 09:02 - 2013-08-22 12:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-04 18:04 - 2014-08-04 18:04 - 00000000 ____D () C:\Users\Todos os Usuários\AVG Secure Search
2014-08-04 18:04 - 2014-08-04 18:04 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-08-04 17:22 - 2014-08-04 17:22 - 00000626 _____ () C:\Users\d\Desktop\JRT.txt
2014-08-04 17:15 - 2014-08-04 17:15 - 01016261 ____C (Thisisu) C:\Users\d\Downloads\JRT(1).exe
2014-08-04 16:49 - 2014-08-04 16:25 - 00024628 ____C () C:\zoek-results.log
2014-08-04 16:49 - 2014-01-31 14:20 - 00000000 ____D () C:\Users\d
2014-08-04 16:24 - 2014-08-04 16:47 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-08-04 16:23 - 2014-08-04 16:23 - 01288704 ____C () C:\Users\d\Downloads\zoek.exe
2014-08-04 15:58 - 2013-11-18 09:25 - 00001028 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1409651353-3477744269-1817149778-1002Core.job
2014-08-04 15:57 - 2014-08-04 15:57 - 00001462 ____C () C:\mw.txt
2014-08-04 15:52 - 2013-11-26 09:44 - 00262144 ___SH () C:\Users\d\Desktop\Thumbs.db
2014-08-04 15:50 - 2013-08-22 12:36 - 00000000 ____D () C:\WINDOWS\System
2014-08-04 15:48 - 2014-08-04 15:48 - 00001424 ____C () C:\0408completo.txt
2014-08-04 15:05 - 2013-11-19 09:48 - 00000000 ____D () C:\Users\d\AppData\Roaming\FileZilla
2014-08-04 14:39 - 2013-11-11 20:17 - 00000000 ____D () C:\Users\d\AppData\Roaming\vlc
2014-08-04 14:26 - 2014-01-07 13:46 - 00000000 ____D () C:\FFOutput
2014-08-04 12:39 - 2014-08-04 12:39 - 00001374 ____C () C:\040814.txt
2014-08-04 12:31 - 2014-08-04 12:31 - 00001324 ____C () C:\0408.txt
2014-08-04 12:13 - 2014-08-03 20:38 - 00000000 ___DC () C:\AdwCleaner
2014-08-04 11:31 - 2014-08-04 11:31 - 00002009 _____ () C:\Users\d\Desktop\ZHPFix.lnk
2014-08-04 11:31 - 2014-08-04 11:31 - 00001878 _____ () C:\Users\d\Desktop\ZHPDiag.lnk
2014-08-04 11:31 - 2014-08-04 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-08-04 11:31 - 2014-08-03 16:24 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-08-04 08:17 - 2014-06-20 10:10 - 00000000 ____D () C:\Users\d\AppData\Local\Adobe
2014-08-03 20:38 - 2014-08-03 20:37 - 01361309 _____ () C:\Users\d\Downloads\AdwCleaner.exe
2014-08-03 20:29 - 2013-08-22 12:36 - 00000000 ____D () C:\WINDOWS\schemas
2014-08-03 20:20 - 2014-08-03 16:13 - 00000000 ____D () C:\Program Files (x86)\ZHPFix
2014-08-03 18:50 - 2014-08-03 18:50 - 00001220 _____ () C:\Users\d\Desktop\Format Factory.lnk
2014-08-03 18:50 - 2014-08-03 18:50 - 00000000 ____D () C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-08-03 18:41 - 2014-08-03 18:31 - 53580025 _____ () C:\Users\d\Downloads\FFSetup3.3.5.0.zip
2014-08-03 17:37 - 2014-07-29 11:23 - 00000000 ___DC () C:\zoek_backup
2014-08-03 16:24 - 2014-08-03 16:23 - 06858013 _____ (Nicolas Coolman ) C:\Users\d\Downloads\ZHPDiag2.exe
2014-08-03 16:12 - 2014-08-03 16:12 - 03522039 _____ (Nicolas Coolman ) C:\Users\d\Downloads\ZHPFix.exe
2014-08-03 13:15 - 2014-08-03 13:15 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-03 13:15 - 2014-08-03 13:15 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2014-08-03 13:15 - 2014-08-03 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-03 13:15 - 2014-08-03 13:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-03 13:15 - 2014-08-03 13:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-03 13:14 - 2014-08-03 13:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\d\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-03 12:54 - 2013-08-22 10:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-08-03 12:26 - 2014-08-03 12:07 - 00000000 ____D () C:\Users\Todos os Usuários\AVG2014
2014-08-03 12:26 - 2014-08-03 12:07 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-03 12:11 - 2014-08-03 12:05 - 00000000 ____D () C:\Users\d\AppData\Local\Avg2014
2014-08-03 12:09 - 2014-08-03 12:09 - 00000000 ____D () C:\Users\d\AppData\Roaming\AVG2014
2014-08-03 12:08 - 2014-08-03 12:08 - 00001001 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-03 12:08 - 2014-08-03 12:08 - 00000000 ____D () C:\Users\d\AppData\Roaming\TuneUp Software
2014-08-03 12:08 - 2014-08-03 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-03 12:08 - 2012-07-26 05:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-08-03 12:07 - 2014-08-03 12:07 - 00000000 __HDC () C:\$AVG
2014-08-03 12:07 - 2014-08-03 12:07 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-08-03 12:05 - 2014-08-03 12:05 - 00000000 ____D () C:\Users\d\AppData\Local\MFAData
2014-08-03 12:02 - 2014-08-03 12:02 - 00098609 _____ () C:\Users\Todos os Usuários\1407078109.bdinstall.bin
2014-08-03 12:02 - 2014-08-03 12:02 - 00098609 _____ () C:\ProgramData\1407078109.bdinstall.bin
2014-08-03 12:01 - 2014-08-03 12:01 - 04755832 _____ (AVG Technologies) C:\Users\d\Downloads\avg_free_stb_pb_2014_4744_free.exe
2014-08-03 12:01 - 2014-08-03 12:01 - 00037689 _____ () C:\Users\Todos os Usuários\1407078107.bdinstall.bin
2014-08-03 12:01 - 2014-08-03 12:01 - 00037689 _____ () C:\ProgramData\1407078107.bdinstall.bin
2014-08-03 11:49 - 2013-11-11 19:28 - 00578560 ___SH () C:\Users\d\Downloads\Thumbs.db
2014-08-03 11:49 - 2013-11-11 18:40 - 00000000 ____D () C:\Users\d\AppData\Local\Packages
2014-08-03 11:33 - 2014-08-03 10:36 - 00000000 ____D () C:\Program Files\FreeFixer
2014-08-03 11:32 - 2014-08-03 11:31 - 00012158 _____ () C:\Users\d\Desktop\cc_20140803_113143.reg
2014-08-03 11:26 - 2014-04-01 10:39 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-03 11:26 - 2013-11-19 17:50 - 00000000 ____D () C:\Users\d\AppData\Roaming\uTorrent
2014-08-03 11:21 - 2014-08-03 11:21 - 04813544 _____ (Piriform Ltd) C:\Users\d\Downloads\ccsetup416.exe
2014-08-03 11:05 - 2014-08-03 11:05 - 00213404 _____ () C:\Users\Todos os Usuários\1407074518.bdinstall.bin
2014-08-03 11:05 - 2014-08-03 11:05 - 00213404 _____ () C:\ProgramData\1407074518.bdinstall.bin
2014-08-03 11:04 - 2014-08-03 11:04 - 00000000 ____D () C:\WINDOWS\LastGood
2014-08-03 11:02 - 2014-08-03 11:01 - 00000000 ____D () C:\Users\d\AppData\Roaming\QuickScan
2014-08-03 10:57 - 2013-11-19 10:23 - 00000000 ____D () C:\Users\Todos os Usuários\GbPlugin
2014-08-03 10:57 - 2013-11-19 10:23 - 00000000 ____D () C:\ProgramData\GbPlugin
2014-08-03 10:56 - 2013-11-19 09:48 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-03 10:56 - 2013-11-11 20:20 - 00000000 ____D () C:\Users\Todos os Usuários\AVAST Software
2014-08-03 10:56 - 2013-11-11 20:20 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-03 10:56 - 2013-08-22 11:44 - 05036328 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-03 10:36 - 2014-08-03 10:36 - 00000000 ____D () C:\Users\d\AppData\Roaming\FreeFixer
2014-08-03 10:36 - 2014-08-03 10:36 - 00000000 ____D () C:\Users\d\AppData\Local\FreeFixer
2014-08-01 17:41 - 2014-08-01 17:41 - 00000174 ____C () C:\Users\d\Desktop\255598834._hide.mp4
2014-08-01 17:25 - 2014-08-01 15:49 - 00000174 ____C () C:\Users\d\Desktop\255598834.mp4
2014-08-01 13:55 - 2013-11-14 04:26 - 01797166 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-01 13:55 - 2013-11-14 04:14 - 00782326 _____ () C:\WINDOWS\system32\prfh0416.dat
2014-08-01 13:55 - 2013-11-14 04:14 - 00161438 _____ () C:\WINDOWS\system32\prfc0416.dat
2014-08-01 12:40 - 2014-07-16 10:09 - 00000000 ____D () C:\Program Files (x86)\nada
2014-08-01 09:54 - 2013-11-19 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-07-31 17:51 - 2013-11-12 11:58 - 00000000 ____D () C:\Users\d\Documents\1.DISTRIBUIDORA
2014-07-31 15:04 - 2014-07-31 14:51 - 00048208 _____ () C:\Users\d\AppData\Roaming\unins000.dat
2014-07-31 14:49 - 2013-03-07 08:05 - 00000000 ____D () C:\Users\Todos os Usuários\Temp
2014-07-31 14:49 - 2013-03-07 08:05 - 00000000 ____D () C:\ProgramData\Temp
2014-07-30 15:46 - 2014-07-30 13:59 - 3251977696 _____ () C:\Users\d\Downloads\h264.mp4
2014-07-29 15:11 - 2014-07-29 15:11 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2014-07-29 15:11 - 2014-07-29 15:11 - 00000000 ____D () C:\WINDOWS\system32\NV
2014-07-29 15:11 - 2014-01-31 14:12 - 00000000 ____D () C:\Users\Todos os Usuários\NVIDIA
2014-07-29 15:11 - 2014-01-31 14:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-29 15:10 - 2014-07-29 15:09 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-07-29 15:09 - 2014-01-31 14:11 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-29 13:21 - 2012-12-19 12:11 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-29 11:23 - 2014-07-29 11:22 - 04102729 _____ () C:\Users\d\Downloads\zoek.zip
2014-07-29 11:19 - 2014-07-29 11:19 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\d\Downloads\sc-cleaner.exe
2014-07-29 11:19 - 2014-07-29 11:19 - 00001754 ____C () C:\sc-cleaner.txt
2014-07-29 11:12 - 2014-07-29 11:11 - 00025600 ___SH () C:\Users\d\AppData\Local\Thumbs.db
2014-07-29 10:44 - 2013-11-11 20:17 - 00001088 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-29 10:02 - 2014-07-29 10:02 - 00001534 _____ () C:\Users\d\Desktop\firefox.lnk
2014-07-29 10:00 - 2014-07-29 09:59 - 00001836 _____ () C:\Users\d\Desktop\chrome.lnk
2014-07-28 15:03 - 2013-11-21 18:44 - 00000000 ____D () C:\Users\d\Documents\4.DOCUMENTOS_ZETA
2014-07-28 11:31 - 2014-07-28 11:31 - 00179200 _____ () C:\Users\d\Desktop\LEIC - Captação 2014 - Relação dos projetos captados - detalhamento incentivador.xls
2014-07-27 20:34 - 2014-07-27 19:10 - 577460504 _____ () C:\Users\d\Desktop\239129619.mp4
2014-07-25 12:08 - 2014-07-25 12:08 - 00004239 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-25 12:08 - 2014-07-25 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-25 12:08 - 2013-11-12 11:44 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-25 11:55 - 2014-03-22 17:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 11:55 - 2014-03-22 17:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 11:55 - 2013-11-11 18:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-25 09:59 - 2014-03-11 16:40 - 00001059 _____ () C:\Users\d\Desktop\Dropbox.lnk
2014-07-25 09:59 - 2014-03-11 16:38 - 00000000 ____D () C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-24 17:34 - 2014-03-22 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 12:32 - 2014-07-23 12:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-22 16:03 - 2012-12-19 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-07-22 16:03 - 2012-12-19 12:12 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-07-22 15:56 - 2014-07-22 15:54 - 00005532 _____ () C:\Users\d\Desktop\Rkill.txt
2014-07-22 15:53 - 2014-07-22 15:53 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\d\Downloads\tdsskiller.exe
2014-07-22 15:53 - 2014-07-22 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\d\Downloads\rkill.exe
2014-07-22 15:36 - 2014-07-22 15:36 - 01016261 _____ (Thisisu) C:\Users\d\Downloads\JRT.exe
2014-07-22 14:13 - 2013-08-22 12:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-07-22 14:13 - 2013-08-22 12:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-22 14:12 - 2014-07-18 13:05 - 00000000 ____D () C:\Users\Todos os Usuários\HitmanPro
2014-07-22 14:12 - 2014-07-18 13:05 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-22 14:12 - 2014-01-24 18:05 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-22 14:12 - 2013-12-05 10:21 - 00000000 ____D () C:\WINDOWS\SysWOW64\Watchdata
2014-07-22 14:12 - 2013-12-05 10:21 - 00000000 ____D () C:\WINDOWS\system32\Watchdata
2014-07-22 14:12 - 2013-12-05 10:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BB USB token Tool
2014-07-22 14:12 - 2013-12-05 10:21 - 00000000 ____D () C:\Program Files\Brazil
2014-07-22 14:12 - 2013-12-05 10:21 - 00000000 ____D () C:\Program Files (x86)\Brazil
2014-07-22 14:12 - 2013-12-03 09:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2014-07-22 14:12 - 2013-12-03 09:57 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-07-22 14:12 - 2013-11-19 10:23 - 00000000 ____D () C:\Program Files (x86)\GbPlugin
2014-07-22 14:12 - 2013-11-11 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-22 14:12 - 2013-11-11 18:41 - 00000000 __RSD () C:\Users\Public\Desktop\ASUS
2014-07-22 14:12 - 2013-08-22 12:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-07-22 14:12 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-07-22 14:12 - 2013-03-07 08:10 - 00000000 ____D () C:\Users\Todos os Usuários\P4G
2014-07-22 14:12 - 2013-03-07 08:10 - 00000000 ____D () C:\ProgramData\P4G
2014-07-22 14:02 - 2013-08-22 12:36 - 00000000 ____D () C:\WINDOWS\registration
2014-07-22 14:01 - 2013-11-11 18:57 - 00000000 ____D () C:\Users\d\AppData\Roaming\Mozilla
2014-07-22 14:00 - 2014-02-26 09:56 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-22 14:00 - 2013-11-11 18:42 - 00000000 ____D () C:\Users\d\AppData\Roaming\Adobe
2014-07-22 13:59 - 2013-03-07 07:59 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
2014-07-19 17:33 - 2012-07-26 04:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-19 16:22 - 2014-07-19 16:22 - 00000000 ____D () C:\Users\Public\Documents\Baidu
2014-07-19 16:18 - 2014-07-19 16:18 - 04161313 _____ () C:\Users\d\Downloads\tdsskiller.zip
2014-07-19 16:06 - 2013-08-22 12:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-19 13:57 - 2014-07-19 13:57 - 00000000 ____D () C:\Users\d\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2014-07-19 11:57 - 2014-07-19 11:57 - 00000000 ____D () C:\Users\d\AppData\Roaming\LavasoftStatistics
2014-07-19 11:55 - 2014-07-19 11:55 - 00000000 ____D () C:\Program Files\Lavasoft
2014-07-19 11:52 - 2014-07-19 11:52 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-07-19 11:50 - 2014-07-19 11:50 - 00000000 ____D () C:\Users\Todos os Usuários\Lavasoft
2014-07-19 11:50 - 2014-07-19 11:50 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-07-18 11:37 - 2014-07-18 11:37 - 00000680 ____C () C:\DelFix.txt
2014-07-16 10:05 - 2013-11-19 10:24 - 00031088 _____ (GbPlugin NDIS Device Driver) C:\WINDOWS\SysWOW64\Drivers\gbpndisrd.sys
2014-07-16 10:05 - 2013-11-19 10:24 - 00010266 _____ () C:\WINDOWS\SysWOW64\Drivers\ndisrd.cat
2014-07-16 10:05 - 2013-11-19 10:24 - 00001402 _____ () C:\WINDOWS\SysWOW64\Drivers\gas.cer
2014-07-16 10:05 - 2013-08-22 10:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI(172)
2014-07-16 09:37 - 2014-07-16 09:37 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-16 09:37 - 2014-07-16 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-16 09:37 - 2014-07-16 09:36 - 00000000 ____D () C:\Users\Todos os Usuários\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-16 09:37 - 2014-07-16 09:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-16 09:37 - 2014-07-16 09:36 - 00000000 ____D () C:\Program Files\iTunes
2014-07-16 09:37 - 2014-07-16 09:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-16 09:36 - 2014-07-16 09:36 - 00000000 ____D () C:\Program Files\iPod
2014-07-14 09:21 - 2013-08-22 12:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-13 11:34 - 2013-11-11 18:40 - 00000000 ____D () C:\Users\d\AppData\Local\VirtualStore
2014-07-13 09:33 - 2013-08-22 12:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-13 09:33 - 2013-08-22 12:36 - 00000000 ___RD () C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-13 09:33 - 2013-08-22 12:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-13 09:33 - 2013-08-22 12:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 17:44 - 2013-11-13 11:04 - 00088064 ___SH () C:\Users\d\Documents\Thumbs.db
2014-07-11 10:30 - 2013-11-12 11:59 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-11 03:02 - 2014-07-25 12:08 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-25 12:08 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-25 12:08 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-25 12:08 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-10 10:23 - 2013-11-13 12:03 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-10 10:21 - 2013-11-13 12:03 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-10 10:20 - 2014-07-10 10:20 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-10 10:20 - 2013-11-14 04:15 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 10:10 - 2014-07-10 10:10 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-09 11:10 - 2013-11-19 10:42 - 00003790 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\Users\Todos os Usuários\SetStretch.exe


Some content of TEMP:
====================
C:\Users\d\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2vwod8.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-05 09:30

==================== End Of Log ============================
avatar
stel2014
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 03/08/2014

Voltar ao Topo Ir em baixo

Re: movie mode

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum