Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14412 usuários registrados
O último usuário registrado atende pelo nome de LucasDrBr

Os nossos membros postaram um total de 35074 mensagens em 3551 assuntos
Últimos assuntos
» Computador travando direto
por joram Ontem à(s) 16:50

Quem está conectado
3 usuários online :: Nenhum usuário registrado, Nenhum Invisível e 3 Visitantes

Nenhum

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Julho 2017
SegTerQuaQuiSexSabDom
     12
3456789
10111213141516
17181920212223
24252627282930
31      

Calendário Calendário

Palavras chave


Como remover o blueseek?

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

Como remover o blueseek?

Mensagem por Mariana7777 em Sab 30 Ago 2014, 16:58

Como remover o blueseek?
avatar
Mariana7777
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014

Voltar ao Topo Ir em baixo

Re: Como remover o blueseek?

Mensagem por joram em Sab 30 Ago 2014, 17:09

Mariana7777 escreveu:Como remover o blueseek?
Boa Tarde! Mariana

|- Bem Vinda ao Fórum PC Brasil!

|- Baixe: < [Você precisa estar registrado e conectado para ver esta imagem.] > ( ... par Xplode )

|- Ao acessar,clique em "Download Now".
|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!

< [Você precisa estar registrado e conectado para ver esta imagem.] >

|- Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Ps: Dê início ao scan,clicando em "Examinar".

< [Você precisa estar registrado e conectado para ver esta imagem.] >

|- Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
|- Copie o log ou clique "Relatório".
|- Poste: < C:\AdwCleaner\AdwCleaner[S0].txt >

|- Baixe: < ZHPDiag2.exe >  < [Você precisa estar registrado e conectado para ver esta imagem.] > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Execute o ícone do pergaminho. ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique "COMPLETA" e aguarde a conclusão!
|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Como o log será extenso,envie-o à Pjjoint.malekal.

|- Ou acesse: < [Você precisa estar registrado e conectado para ver esta imagem.] >

|- Maiores informações: < |Link| >

A+
avatar
joram
Administrador
Administrador

Mensagens : 3706
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Como remover o blueseek?

Mensagem por Mariana7777 em Sab 30 Ago 2014, 18:41

Mas como isso irá remover o blueseek?
Para que serve cada passo,e programa?
avatar
Mariana7777
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014

Voltar ao Topo Ir em baixo

Re: Como remover o blueseek?

Mensagem por joram em Sab 30 Ago 2014, 18:50

Mariana7777 escreveu:Mas como isso irá remover o blueseek?
Para que serve cada passo,e programa?
Olá! Mariana7777

|- Para evitar o árduo trabalho de um procedimento manual,nem sempre bem sucedido.

A+
avatar
joram
Administrador
Administrador

Mensagens : 3706
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: Como remover o blueseek?

Mensagem por Mariana7777 em Dom 31 Ago 2014, 00:08

# AdwCleaner v3.308 - Relatório criado 31/08/2014 às 00:00:34
# Atualizado 20/08/2014 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (64 bits)
# Usuário : Usuario - USUARIO-PC
# Executando de : C:\Users\Usuario\Downloads\adwcleaner_3.308.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : APNMCP
Serviço Deletada : TBSrv

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\AskPartnerNetwork
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\Program Files (x86)\AskPartnerNetwork
Pasta Deletada : C:\Program Files (x86)\Conduit
Pasta Deletada : C:\Program Files (x86)\NCH Software
Pasta Deletada : C:\Program Files (x86)\SiteLookup
Pasta Deletada : C:\Program Files (x86)\Tbccint
Pasta Deletada : C:\Program Files (x86)\NCH
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Usuario\AppData\Local\AskPartnerNetwork
Pasta Deletada : C:\Users\Usuario\AppData\Local\Conduit
Pasta Deletada : C:\Users\Usuario\AppData\Local\Temp\apn
Pasta Deletada : C:\Users\Usuario\AppData\Local\Temp\Iminent
Pasta Deletada : C:\Users\Usuario\AppData\Local\Temp\mt_ffx
Pasta Deletada : C:\Users\Usuario\AppData\Local\Temp\NCH
Pasta Deletada : C:\Users\Usuario\AppData\LocalLow\Conduit
Pasta Deletada : C:\Users\Usuario\AppData\LocalLow\IminentToolbar
Pasta Deletada : C:\Users\Usuario\AppData\LocalLow\NCH
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\IminentToolbar
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\SimilarAddon
Pasta Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Arquivo Deletada : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bpibb4g1.default\searchplugins\ask-search.xml
Arquivo Deletada : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bpibb4g1.default\user.js
Arquivo Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.iminent.com_0.localstorage
Arquivo Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.iminent.com_0.localstorage-journal

***** [ Tarefas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainerV2]
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Chave Deletedo : HKLM\SOFTWARE\Classes\Toolbar.CT3282502
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{529F0B15-96BB-4CA3-AB41-958E5C4E83B4}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{529F0B15-96BB-4CA3-AB41-958E5C4E83B4}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E9E61AC0-4EFE-4920-A492-14138D8E0A6C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F5DE9F5-AFA4-453B-8CE2-2F05276A4E75}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]
Chave Deletedo : HKCU\Software\APN PIP
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\IminentToolbar
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\Tbccint_HKLM
Chave Deletedo : HKCU\Software\AppDataLow\Toolbar
Chave Deletedo : HKCU\Software\AppDataLow\Software\Conduit
Chave Deletedo : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Chave Deletedo : HKCU\Software\AppDataLow\Software\SmartBar
Chave Deletedo : HKCU\Software\AppDataLow\Software\NCH
Chave Deletedo : HKLM\SOFTWARE\AskPartnerNetwork
Chave Deletedo : HKLM\SOFTWARE\Conduit
Chave Deletedo : HKLM\SOFTWARE\Iminent
Chave Deletedo : HKLM\SOFTWARE\PIP
Chave Deletedo : HKLM\SOFTWARE\NCH
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NCH Toolbar
Chave Deletedo : [x64] HKLM\SOFTWARE\Iminent
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v31.0 (x86 pt-BR)

[ Arquivo : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bpibb4g1.default\prefs.js ]

Linha deletada : user_pref("extensions.iminent.admin", false);
Linha deletada : user_pref("extensions.iminent.aflt", "orgnl");
Linha deletada : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Linha deletada : user_pref("extensions.iminent.autoRvrt", "false");
Linha deletada : user_pref("extensions.iminent.dfltLng", "");
Linha deletada : user_pref("extensions.iminent.excTlbr", false);
Linha deletada : user_pref("extensions.iminent.ffxUnstlRst", false);
Linha deletada : user_pref("extensions.iminent.id", "fee424f60000000000002aedb94abb2b");
Linha deletada : user_pref("extensions.iminent.instlDay", "16152");
Linha deletada : user_pref("extensions.iminent.instlRef", "");
Linha deletada : user_pref("extensions.iminent.newTab", false);
Linha deletada : user_pref("extensions.iminent.prdct", "iminent");
Linha deletada : user_pref("extensions.iminent.prtnrId", "iminent");
Linha deletada : user_pref("extensions.iminent.rvrt", "false");
Linha deletada : user_pref("extensions.iminent.smplGrp", "none");
Linha deletada : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
Linha deletada : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Linha deletada : user_pref("extensions.iminent.vrsn", "1.8.28.3");
Linha deletada : user_pref("extensions.iminent.vrsnTs", "1.8.28.315:51:30");
Linha deletada : user_pref("extensions.iminent.vrsni", "1.8.28.3");
Linha deletada : user_pref("iminent.ShowThankyouPixel", "0");
Linha deletada : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0.8900199601687155,\"s\":8,\"es\":2}");
Linha deletada : user_pref("iminent.enableToolbar", "false");
Linha deletada : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"10bb6277-6b2b-413e-8d82-ad9398543254\",\"name\":\"Dealply\",\"addonId\":1,\"url\":\"http://i.imitinjs.info/imitin/javascript.js\",\"querySt[...]
Linha deletada : user_pref("iminent.externalScripts.iRobinHood.IROBPKG", "{\"pkgid\":\"wrDCtMK5wrbCuMKzwrDCtcK5\",\"raw_pkgid\":\"158792148\"}");
Linha deletada : user_pref("iminent.externalScripts.iRobinHood.irobsettings", "[{\"TM\":\"61590.7\",\"IA\":\"1\",\"HU\":\"hxxp://iminent.donation-tools.org/home.aspx\",\"CC\":\"Fight Cancer\",\"CI\":\"5719\",\"AU\":\"[...]
Linha deletada : user_pref("iminent.externalScripts.iRobinHood.menuURL", "hxxp://iminent.donation-tools.org/home.aspx?pkgId=wrDCtMK5wrbCuMKzwrDCtcK5");
Linha deletada : user_pref("iminent.registerToolbarEvent100", "1407963426149");
Linha deletada : user_pref("iminent.registerToolbarEvent101", "1408828959060");
Linha deletada : user_pref("iminent.registerToolbarEvent102", "1408828141543");
Linha deletada : user_pref("iminent.registerToolbarEvent105", "1408135635516");
Linha deletada : user_pref("iminent.registerToolbarEvent109", "1408836753547");
Linha deletada : user_pref("iminent.registerToolbarEvent111", "1408836751821");
Linha deletada : user_pref("iminent.registerToolbarEvent112", "1408836760615");
Linha deletada : user_pref("iminent.registerToolbarEvent122", "1408836753849");
Linha deletada : user_pref("iminent.registerToolbarEvent136", "1395691269258");
Linha deletada : user_pref("iminent.registerToolbarEvent140", "1408831588617");
Linha deletada : user_pref("iminent.trackExternalScripts1", "1397259776283");
Linha deletada : user_pref("iminent.trackExternalScripts2", "1397259780065");
Linha deletada : user_pref("iminent.trackExternalScripts3", "1397261090351");
Linha deletada : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");

-\\ Google Chrome v36.0.1985.143

[ Arquivo : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Startup_urls] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Startup_urls] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Extension] : bopakagnckmlgajfccecajhnimjiiedh

*************************

AdwCleaner[R0].txt - [11291 octets] - [30/08/2014 23:02:16]
AdwCleaner[R1].txt - [11352 octets] - [30/08/2014 23:08:33]
AdwCleaner[R2].txt - [11413 octets] - [30/08/2014 23:58:33]
AdwCleaner[S0].txt - [10824 octets] - [31/08/2014 00:00:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10885 octets] ##########
avatar
Mariana7777
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014

Voltar ao Topo Ir em baixo

Re: Como remover o blueseek?

Mensagem por joram em Dom 31 Ago 2014, 03:09

Bom Dia! Mariana7777

|- Resta-lhe agora,o relatório da ferramenta ZHPDiag.
|- Como esse log possui tamanho que o Editor não suporta,procure anexá-lo ou envie-o a Cjoint.com.

< |Link| >

|- Leia o Tutorial,de como hospedar relatórios em Cjoint.com.

Abs!
avatar
joram
Administrador
Administrador

Mensagens : 3706
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )

Mensagem por Mariana7777 em Dom 31 Ago 2014, 07:11

~ Relatório do ZHPDiag v2014.8.28.125 - Nicolas Coolman  (28/08/2014)
~ Iniciado por Usuario (31/08/2014 07:05:49)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Endereço do Webforum : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~  Lista Branca : Desativado pelo Utilizador
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16521
MFIE: Mozilla Firefox 31.0 (Defaut)
GCIE: Google Chrome v36.0.1985.143

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! EasyPass v7-9-1-129
McAfee Security Scan Plus v3.8.150.1
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)
FrostWire 5.5.0 v5.5.0.0

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3932 MB (48% free)
System Restore: Activé (Enable)
System drive C: has 148 GB (76%) free of 195 GB

---\\ Modo de conexão ao sistema
~ Computer Name: USUARIO-PC
~ User Name: Usuario
~ All Users Names: Usuario, Convidado, Administrador,
~ Unselected Option: None
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Usuario\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Usuario\AppData\Roaming\
~ %Desktop% : C:\Users\Usuario\Desktop\
~ %Favorites% : C:\Users\Usuario\Favorites\
~ %LocalAppData% : C:\Users\Usuario\AppData\Local\
~ %StartMenu% : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 148 Go of 195 Go)
D: Hard drive, Flash drive, Thumb drive (Free 503 Go of 503 Go)
E: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 46 Scanned in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Internet Extensions para Win32.) (.01/03/2014 - 00:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 04:25:32.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 04:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 00:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 00:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 01:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 00:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 01:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 02:06:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 00:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 04:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/21
~ Mes musiques (My Musics) : 1/13
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/46
~ Mes Documents (My Documents) : 5/228
~ Mon Bureau (My Desktop) : 1/12
~ Menu demarrer (Programs) : 1/68
~ Hidden Files:  Scanned in 00mn 00s



---\\ Processos lançados
[MD5.9112B74937BFF9A785B35EC15A9763E1] - (.Dritek System Inc. - Launch Manager Worker.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe   [343632] [PID.2480]
[MD5.F0A034864DD865C624F0236DCB53B777] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe   [94208] [PID.2696]
[MD5.07322C7B12AF81F00AC248190BBF69BE] - (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe   [100200] [PID.2704]
[MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.exe   [97680] [PID.804]
[MD5.535B596FA46EA94D2E4B8FD887CEA58B] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe   [1106512] [PID.3692]
[MD5.048EA4B978851788E9F5E8E4F081DF7A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe   [959904] [PID.3716]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   [254336] [PID.3732]
[MD5.10F36FB8CD6218CD7F818268E0F3F9C6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe   [275568] [PID.4288]
[MD5.02F8883595A2B3D7FFA11C71EAC68473] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe   [18544] [PID.4336]
[MD5.2F777711F4A380AACADBB85A3E7EBFCB] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe   [1864368] [PID.4436]
[MD5.33BF80A2291C54DC7D7601CDEF63138E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [8099328] [PID.5016]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\SysWOW64\DllHost.exe   [7168] [PID.3828]
[MD5.2080DCEBE27D92F29AAB5FCFF77613A2] - (.AVAST Software - avast! Antivirus Installer.) -- C:\Program Files\AVAST Software\Avast\Setup\Instup.exe   [198200] [PID.4952]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe   [65432] [PID.1952]
[MD5.81669E35B7F87E03426A228290EB5776] - (.Dritek System Inc. - Dritek WMI Service.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe   [355920] [PID.2392]
[MD5.A0BC34A5EF2328F147CE658CDF97C0C8] - (.Dritek System Inc. - Launch Manager utility process.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe   [419408] [PID.2640]
[MD5.79BC44FF509C79D4E34DED3CD6EFD92B] - (.Atheros - Atheros Coex Service Application.) -- C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe   [72864] [PID.2896]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] [Você precisa estar registrado e conectado para ver este link.]
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Store v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] Google Docs v.0.7 (Activé)
G2 - GCE: Preference [User Data\Default] [eemcgdkfndhakfknompkggombfjjjeno] Bookmark Manager v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [ennkphjdgehloodpbhlhldgbnhmacadg] Settings v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [gomekmidlodglbbmalcneegieacbdmki] avast! Online Security v.9.0.2022.121, (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [mfehgcgbbipciphmccgaenjidiccnmng] Cloud Print v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [mgndgikekgjfcpckkfioiadnlibdjbkf] Chrome v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [oilipfekkmncanaajkapbpancpelijih] Auto Refresh Plus v.2.0.6, (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
G2 - EXT: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [Google Docs]
G2 - EXT: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [avast! Online Security]
G2 - EXT: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [Google Wallet]
G2 - EXT: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih [Auto Refresh Plus]
~ Google Lines Browser: 37 Scanned in 00mn 06s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bpibb4g1.default\prefs.js
M2 - MFEP: RegExtension {e4f94d1e-2f53-401e-8885-681602c0ddd8} . (...) -- C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
M0 - MFSP: prefs.js [Usuario - bpibb4g1.default] [Você precisa estar registrado e conectado para ver este link.]
M2 - MFEP: Extension [Usuario - bpibb4g1.default] {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}  =>.Adblock Plus Extension Mozilla Firefox
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll
~ Firefox Browser: 4 Scanned in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navegador da Internet.) (11.00.9600.16428 (winblue_gdr.131013-1700)) -- C:\Windows\SysWOW64\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
~ IE Browser: 18 Scanned in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File:  Scanned in 00mn 00s



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: MSS+ Identifier [64Bits] - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} . (.McAfee, Inc. - Quick Browser Identifier for MSS+ Tool.) -- C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: RoboForm BHO [64Bits] - {724d43a9-0d85-11d4-9908-00400523e39a} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper [64Bits] - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IESpeakDoc [64Bits] - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} . (.Atheros Commnucations - Bluetooth IE PlugIn.) -- C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Auxiliar de Conexão de Conta da Microsoft [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
~ BHO: 16 Scanned in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (...) --  (.not file.)
O3 - Toolbar: avast! EasyPass Toolbar - [HKLM]{724d43a0-0d85-11d4-9908-00400523e39a} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã
~ Toolbar:  Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [RtHDVBg_Dolby] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [AtherosBtStack] . (.Atheros Communications - Bluetooth Stack Server.) -- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
O4 - HKLM\..\Run: [AthBtTray] . (.Atheros Commnucations - Bluetooth Suite Common Rescource.) -- C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (.not file.)
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [RoboForm] . (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [Dolby Home Theater v4] . (.Dolby Laboratories Inc. - Dolby Profile Selector.) -- C:\Dolby PCEE4\pcee4.exe
O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Wow6432Node\Run: [NWEReboot] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Wow6432Node\Run: [NeroFilterCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:\Windows\SysWOW64\NeroCheck.exe
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe   =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2770183107-934580787-1828063163-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-2770183107-934580787-1828063163-1000\..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (.not file.)
O4 - HKUS\S-1-5-21-2770183107-934580787-1828063163-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-2770183107-934580787-1828063163-1000\..\Run: [RoboForm] . (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
~ Application:  Scanned in 00mn 00s



---\\ Icones das opções IE invisiveis no painel das configurações (05)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ IE Control Panel: 1 Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Preencher [64Bits] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Salvar Formulários [64Bits] - {320AF880-6646-11D3-ABEE-C5DBF3571F49} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show avast! EasyPass Toolbar [64Bits] - {724d43aa-0d85-11d4-9908-00400523e39a} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Provedor de Correção de Nomeação de Emails.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\system32\wshbth.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Provedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll  =>.Microsoft Corporation
O10 - WLSP:\000000000009\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll  =>.Microsoft Corporation
~ Winsock: 9 Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3784E67C-A510-4FB8-AB98-DD671670D024}: DhcpNameServer = 8.8.4.4 186.237.152.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{3784E67C-A510-4FB8-AB98-DD671670D024}: DhcpNameServer = 8.8.4.4 186.237.152.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{3784E67C-A510-4FB8-AB98-DD671670D024}: DhcpNameServer = 8.8.4.4 186.237.152.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.4.4 186.237.152.3
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ SSODL: 1 Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AtherosSvc (AtherosSvc) . (.Atheros Commnucations - AdminService Application.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Dritek WMI Service (DsiWMIService) . (.Dritek System Inc. - Dritek WMI Service.) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: ZAtheros Wlan Agent (ZAtheros Wlan Agent) . (.Atheros - Atheros Coex Service Application.) - C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
~ Services: 5 Scanned in 00mn 03s



---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Default MHTML Editor: Last - .(...) -  (.not file.)
~ Desktop Component: 4 Scanned in 00mn 00s



---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ BEX: 1 Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe   [116648]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe   [116648]
[MD5.07322C7B12AF81F00AC248190BBF69BE] [APT] [Run RoboForm TaskBar Icon] (.Siber Systems.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe   [100200]
[MD5.F6B7CAC71DC7D1224EC61CF409357021] [APT] [{CA840AAD-CFA1-4C07-BEA4-F7A14BEE624C}] (.Mozilla.) -- C:\Users\Usuario\Downloads\Firefox Setup 17.0.1.exe   [19248568]
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job   [1066]
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore   [1066]
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job   [1070]
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA   [1070]
~ Scheduled Task: 17 Scanned in 00mn 01s



---\\ Componentes instalados (ActiveSetup Installed Components) (040)
O40 - ASIC: Microsoft Windows Media Player [64Bits] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll  =>.Microsoft Corporation
O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\SysWOW64\wmpdxm.dll  =>.Microsoft Corporation
O40 - ASIC: Themes Setup [64Bits] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\Windows\System32\themeui.dll
O40 - ASIC: Internet Explorer [64Bits] - {2D46B6DC-2207-486B-B523-A557E6D54B47} . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\system32\cmd.exe
O40 - ASIC: Microsoft Windows [64Bits] - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe  =>.Microsoft Corporation
O40 - ASIC: Browsing Enhancements [64Bits] - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extensão shell da pasta FTP do Microsoft Internet Explorer.) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll  =>.Microsoft Corporation
O40 - ASIC: Windows Desktop Update [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\Windows\System32\shell32.dll
O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
~ Active Setup: 10 Scanned in 00mn 00s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys
O41 - Driver:  (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys
O41 - Driver: C:\Windows\System32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys
O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver:  (InCDPass) . (. - .) - C:\Windows\System32\drivers\InCDPass.sys (.not file.)
O41 - Driver:  (InCDRm) . (. - .) - C:\Windows\System32\drivers\InCDRm.sys (.not file.)
O41 - Driver:  (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys
O41 - Driver:  (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Agendador de pacotes de serviço.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Driver do Subsistema de Buffer da Unidade R.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver:  (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver:  (VWiFiFlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\System32\DRIVERS\vwififlt.sys
O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver:  (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys
O41 - Driver:  (aswRdr) . (. - .) - C:\Windows\system32\drivers\aswRdr2.sys (.not file.)
O41 - Driver:  (aswSnx) . (. - .) - C:\Windows\system32\drivers\aswSnx.sys (.not file.)
O41 - Driver:  (aswSP) . (. - .) - C:\Windows\system32\drivers\aswSP.sys (.not file.)
~ Drivers: 72 Scanned in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Adobe Flash Player 13 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 13 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader XI (11.0.07) - Português - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1046-7B44-AB0000000001}
O42 - Logiciel: Ask Shopping Toolbar - (.APN, LLC.) [HKLM][64Bits] -- {4F524A2D-5637-2D53-4154-A758B70C0F01}  =>Adware.Bandoo
O42 - Logiciel: Ask Toolbar - (.APN, LLC.) [HKLM][64Bits] -- {4F524A2D-5637-006A-76A7-A758B70C0F05}  =>Toolbar.Avira
O42 - Logiciel: Atheros Bluetooth Suite (64) - (.Atheros.) [HKLM][64Bits] -- {230D1595-57DA-4933-8C4E-375797EBB7E1}
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
O42 - Logiciel: Dolby Home Theater v4 - (.Dolby Laboratories Inc.) [HKLM][64Bits] -- {B26438B4-BF51-49C3-9567-7F14A5E40CB9}
O42 - Logiciel: Dropbox - (.Dropbox, Inc..) [HKCU][64Bits] -- Dropbox
O42 - Logiciel: FrostWire 5.5.0 - (.FrostWire Team.) [HKLM][64Bits] -- FrostWire 5
O42 - Logiciel: Galeria de Fotos - (.Microsoft Corporation.) [HKLM][64Bits] -- {9EE1AE8B-4872-41CA-8C9A-C33D899523E0}
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: Intel(R) OpenCL CPU Runtime - (.Intel Corporation.) [HKLM][64Bits] -- {FCB3772C-B7D0-4933-B1A9-3707EBACC573}
O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM][64Bits] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}
O42 - Logiciel: Java 7 Update 55 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83217051FF}
O42 - Logiciel: Launch Manager - (.Acer Inc..) [HKLM][64Bits] -- LManager
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
O42 - Logiciel: MSVCRT110 - (.Microsoft.) [HKLM][64Bits] -- {8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}
O42 - Logiciel: MSVCRT110_amd64 - (.Microsoft.) [HKLM][64Bits] -- {E9FA781F-3E80-4399-825A-AD3E11C28C77}
O42 - Logiciel: McAfee Security Scan Plus - (.McAfee, Inc..) [HKLM][64Bits] -- McAfee Security Scan
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Mozilla Firefox 31.0 (x86 pt-BR) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 31.0 (x86 pt-BR)
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService
O42 - Logiciel: Nero 7 Ultra Edition - (.Nero AG.) [HKLM][64Bits] -- {4781569D-5404-1F26-4B2B-6DF444441031}
O42 - Logiciel: Qualcomm Atheros WiFi Driver Installation - (.Qualcomm Atheros.) [HKLM][64Bits] -- {28006915-2739-4EBE-B5E8-49B25D32EB33}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: TempoPerfect Metronome Software - (.NCH Software.) [HKLM][64Bits] -- TempoPerfect
O42 - Logiciel: WinRAR 5.10 (32-bit) - (.win.rar GmbH.) [HKLM][64Bits] -- WinRAR archiver
O42 - Logiciel: aTube Catcher versão 3.8 - (.DsNET Corp.) [HKLM][64Bits] -- {D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1
O42 - Logiciel: avast! EasyPass v7-9-1-129 - (.AVAST Software.) [HKLM][64Bits] -- AI RoboForm
~ Logic: 43 Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Adobe]
[HKCU\Software\Ahead]
[HKCU\Software\AppDataLow\Software\BackgroundContainerV2]  =>PUP.Babylon
[HKCU\Software\AppDataLow\Software\JavaSoft]
[HKCU\Software\AppDataLow]
[HKCU\Software\Atheros]
[HKCU\Software\Avast Software]
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKCU\Software\Baixaki]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Dolby]
[HKCU\Software\Dritek]
[HKCU\Software\Google]
[HKCU\Software\IM Providers]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\MCAFEE]
[HKCU\Software\Macromedia]
[HKCU\Software\Magnet]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\NCH Software]
[HKCU\Software\NCH Swift Sound]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\Policies]
[HKCU\Software\Realtek]
[HKCU\Software\RegisteredApplications]
[HKCU\Software\Siber Systems]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Wow6432Node]
[HKCU\Software\ZebHelpProcess Helper]
[HKCU\Software\drpsu]
[HKLM\Software\ATHEROS]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Baidu Security]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\DTS]
[HKLM\Software\Dolby]
[HKLM\Software\Intel]
[HKLM\Software\Khronos]
[HKLM\Software\Macromedia]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\ODBC]
[HKLM\Software\Policies]
[HKLM\Software\Qualcomm Atheros Fast Reconnect]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SRS Labs]
[HKLM\Software\SonicFocus]
[HKLM\Software\Sonic]
[HKLM\Software\Synaptics]
[HKLM\Software\WIDCOMM_TEMP]
[HKLM\Software\Waves Audio]
[HKLM\Software\Wow6432Node\ATHEROS]
[HKLM\Software\Wow6432Node\Adobe]
[HKLM\Software\Wow6432Node\AdwCleaner]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu]
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]
[HKLM\Software\Wow6432Node\Classes]
[HKLM\Software\Wow6432Node\Clients]
[HKLM\Software\Wow6432Node\Dritek]
[HKLM\Software\Wow6432Node\Google]
[HKLM\Software\Wow6432Node\Intel]
[HKLM\Software\Wow6432Node\JavaSoft]
[HKLM\Software\Wow6432Node\JreMetrics]
[HKLM\Software\Wow6432Node\Khronos]
[HKLM\Software\Wow6432Node\Macromedia]
[HKLM\Software\Wow6432Node\MozillaPlugins]
[HKLM\Software\Wow6432Node\Mozilla]
[HKLM\Software\Wow6432Node\NCH Software]
[HKLM\Software\Wow6432Node\NCH Swift Sound]
[HKLM\Software\Wow6432Node\Nero]
[HKLM\Software\Wow6432Node\ODBC]
[HKLM\Software\Wow6432Node\Policies]
[HKLM\Software\Wow6432Node\Qualcomm Atheros WiFi Driver Installation]
[HKLM\Software\Wow6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\Wow6432Node\Realtek]
[HKLM\Software\Wow6432Node\RegisteredApplications]
[HKLM\Software\Wow6432Node\Siber Systems]
[HKLM\Software\Wow6432Node\SiteSee]
[HKLM\Software\Wow6432Node\Volatile]
[HKLM\Software\Wow6432Node\WinRAR]
[HKLM\Software\Wow6432Node\ahead]
[HKLM\Software\Wow6432Node\dotNetInstaller]
[HKLM\Software\Wow6432Node\mcafeeupdater]
[HKLM\Software\Wow6432Node\mozilla.org]
[HKLM\Software\Wow6432Node]
[HKLM\Software\mcafeeupdater]
~ Key Software: 175 Scanned in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 09/04/2013 - 20:54:49 - [] ----D C:\Program Files (x86)\Adobe
O43 - CFD: 04/12/2012 - 15:17:14 - [] ----D C:\Program Files (x86)\Atheros
O43 - CFD: 27/08/2014 - 16:41:21 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 25/08/2014 - 15:08:21 - [] ----D C:\Program Files (x86)\Baidu-Security-2014-4.4.4.80971
O43 - CFD: 14/06/2014 - 10:51:01 - [] ----D C:\Program Files (x86)\Bluetooth Suite
O43 - CFD: 24/08/2014 - 11:28:09 - [] ----D C:\Program Files (x86)\Common Files
O43 - CFD: 25/08/2014 - 15:07:44 - [] ----D C:\Program Files (x86)\DsNET Corp
O43 - CFD: 05/12/2012 - 11:24:22 - [] ----D C:\Program Files (x86)\FrostWire 5
O43 - CFD: 28/05/2013 - 12:49:45 - [] ----D C:\Program Files (x86)\Google
O43 - CFD: 04/12/2012 - 15:16:42 - [] --H-D C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 04/12/2012 - 15:05:27 - [] ----D C:\Program Files (x86)\Intel
O43 - CFD: 28/03/2014 - 16:33:32 - [] ----D C:\Program Files (x86)\Internet Explorer
O43 - CFD: 24/08/2014 - 13:43:24 - [] ----D C:\Program Files (x86)\Java
O43 - CFD: 04/12/2012 - 15:22:08 - [] ----D C:\Program Files (x86)\Launch Manager
O43 - CFD: 04/12/2012 - 10:34:40 - [] ----D C:\Program Files (x86)\Microsoft Office
O43 - CFD: 19/04/2014 - 13:31:08 - [] ----D C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 27/08/2014 - 16:29:06 - [] ----D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
O43 - CFD: 04/12/2012 - 10:34:28 - [] ----D C:\Program Files (x86)\Microsoft Visual Studio
O43 - CFD: 04/12/2012 - 10:32:38 - [] ----D C:\Program Files (x86)\Microsoft Visual Studio 8
O43 - CFD: 01/01/2013 - 08:30:24 - [] ----D C:\Program Files (x86)\Microsoft Works
O43 - CFD: 02/01/2013 - 07:42:11 - [] ----D C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 24/07/2014 - 11:41:42 - [] ----D C:\Program Files (x86)\Mozilla Firefox
O43 - CFD: 25/07/2014 - 12:02:16 - [] ----D C:\Program Files (x86)\Mozilla Maintenance Service
O43 - CFD: 04/12/2012 - 10:34:56 - [] ----D C:\Program Files (x86)\MSBuild
O43 - CFD: 15/07/2013 - 17:48:48 - [] ----D C:\Program Files (x86)\NCH Swift Sound
O43 - CFD: 05/12/2012 - 12:36:03 - [] ----D C:\Program Files (x86)\Nero
O43 - CFD: 04/12/2012 - 14:49:21 - [] ----D C:\Program Files (x86)\Realtek
O43 - CFD: 14/07/2009 - 02:32:38 - [] ----D C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 27/01/2014 - 10:19:57 - [] ----D C:\Program Files (x86)\Siber Systems
O43 - CFD: 04/12/2012 - 14:50:34 - [0] --H-D C:\Program Files (x86)\Temp
O43 - CFD: 14/07/2009 - 01:57:06 - [0] --H-D C:\Program Files (x86)\Uninstall Information
O43 - CFD: 11/01/2014 - 15:43:34 - [] ----D C:\Program Files (x86)\Windows Defender
O43 - CFD: 27/08/2014 - 16:28:41 - [] ----D C:\Program Files (x86)\Windows Live
O43 - CFD: 08/01/2014 - 18:54:57 - [] ----D C:\Program Files (x86)\Windows Mail  =>.Microsoft Corporation
O43 - CFD: 11/01/2014 - 15:43:51 - [] ----D C:\Program Files (x86)\Windows Media Player  =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - 02:32:38 - [] ----D C:\Program Files (x86)\Windows NT
O43 - CFD: 08/01/2014 - 18:54:55 - [] ----D C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 08/01/2014 - 18:54:56 - [] ----D C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 08/01/2014 - 18:54:58 - [] ----D C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 24/08/2014 - 11:13:16 - [] ----D C:\Program Files (x86)\WinRAR
O43 - CFD: 31/08/2014 - 06:54:59 - [] ----D C:\Program Files (x86)\ZHPDiag  =>.Nicolas Coolman
O43 - CFD: 09/04/2013 - 20:54:57 - [] ----D C:\Program Files (x86)\Common Files\Adobe
O43 - CFD: 05/12/2012 - 12:36:03 - [] ----D C:\Program Files (x86)\Common Files\Ahead
O43 - CFD: 04/12/2012 - 14:55:33 - [] ----D C:\Program Files (x86)\Common Files\Atheros
O43 - CFD: 04/12/2012 - 10:34:28 - [] ----D C:\Program Files (x86)\Common Files\DESIGNER
O43 - CFD: 04/12/2012 - 14:49:11 - [] ----D C:\Program Files (x86)\Common Files\InstallShield
O43 - CFD: 04/12/2012 - 15:05:10 - [] ----D C:\Program Files (x86)\Common Files\Intel
O43 - CFD: 23/11/2013 - 09:55:35 - [] ----D C:\Program Files (x86)\Common Files\Java
O43 - CFD: 27/08/2014 - 16:24:59 - [] ----D C:\Program Files (x86)\Common Files\microsoft shared
O43 - CFD: 14/07/2009 - 00:20:08 - [] ----D C:\Program Files (x86)\Common Files\Services
O43 - CFD: 14/07/2009 - 00:20:08 - [] ----D C:\Program Files (x86)\Common Files\SpeechEngines
O43 - CFD: 08/01/2014 - 18:54:53 - [] ----D C:\Program Files (x86)\Common Files\System
O43 - CFD: 04/12/2012 - 15:29:01 - [] ----D C:\Program Files (x86)\Common Files\Windows Live
O43 - CFD: 28/05/2013 - 11:43:25 - [] ----D C:\ProgramData\Adobe
O43 - CFD: 14/07/2009 - 02:08:56 - [] -SH-D C:\ProgramData\Application Data
O43 - CFD: 04/12/2012 - 15:17:08 - [] ----D C:\ProgramData\Atheros
O43 - CFD: 07/01/2014 - 18:57:16 - [] ----D C:\ProgramData\AVAST Software
O43 - CFD: 27/08/2014 - 16:41:21 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 04/12/2012 - 19:51:47 - [] -SH-D C:\ProgramData\Dados de aplicativos
O43 - CFD: 14/07/2009 - 02:08:56 - [] -SH-D C:\ProgramData\Desktop
O43 - CFD: 04/12/2012 - 19:51:47 - [] -SH-D C:\ProgramData\Documentos
O43 - CFD: 14/07/2009 - 02:08:56 - [] -SH-D C:\ProgramData\Documents
O43 - CFD: 14/07/2009 - 02:08:56 - [] -SH-D C:\ProgramData\Favorites
O43 - CFD: 04/12/2012 - 19:51:47 - [] -SH-D C:\ProgramData\Favoritos
O43 - CFD: 04/12/2012 - 15:11:50 - [0] ----D C:\ProgramData\Intel
O43 - CFD: 08/02/2013 - 16:00:21 - [] ----D C:\ProgramData\McAfee
O43 - CFD: 14/06/2014 - 17:32:32 - [] ----D C:\ProgramData\McAfee Security Scan
O43 - CFD: 04/12/2012 - 19:51:47 - [] -SH-D C:\ProgramData\Menu Iniciar
O43 - CFD: 27/08/2014 - 16:26:53 - [] -S--D C:\ProgramData\Microsoft
O43 - CFD: 10/01/2013 - 08:30:49 - [] ----D C:\ProgramData\Microsoft Help
O43 - CFD: 04/12/2012 - 19:51:47 - [] -SH-D C:\ProgramData\Modelos
O43 - CFD: 05/12/2012 - 11:16:05 - [] ----D C:\ProgramData\Mozilla
O43 - CFD: 15/07/2013 - 17:48:48 - [] ----D C:\ProgramData\NCH Swift Sound
O43 - CFD: 24/08/2014 - 13:48:47 - [0] ----D C:\ProgramData\Oracle
O43 - CFD: 04/12/2012 - 15:11:37 - [0] ----D C:\ProgramData\Roaming
O43 - CFD: 27/01/2014 - 10:20:23 - [] ----D C:\ProgramData\RoboForm
O43 - CFD: 14/07/2009 - 02:08:56 - [] -SH-D C:\ProgramData\Start Menu
O43 - CFD: 05/12/2012 - 11:23:50 - [] ----D C:\ProgramData\Sun
O43 - CFD: 14/07/2009 - 02:08:56 - [] -SH-D C:\ProgramData\Templates
O43 - CFD: 09/04/2013 - 21:04:34 - [] ----D C:\Users\Usuario\AppData\Roaming\Adobe
O43 - CFD: 05/12/2012 - 12:36:51 - [] ----D C:\Users\Usuario\AppData\Roaming\Ahead
O43 - CFD: 04/12/2012 - 14:56:43 - [] ----D C:\Users\Usuario\AppData\Roaming\Atheros
O43 - CFD: 27/01/2014 - 10:24:55 - [] ----D C:\Users\Usuario\AppData\Roaming\AVAST Software
O43 - CFD: 11/04/2013 - 12:59:25 - [] ----D C:\Users\Usuario\AppData\Roaming\Azureus  =>P2P.Azureus
O43 - CFD: 27/08/2014 - 16:41:08 - [] ----D C:\Users\Usuario\AppData\Roaming\Baidu Security
O43 - CFD: 09/08/2014 - 14:47:32 - [] ----D C:\Users\Usuario\AppData\Roaming\Dropbox
O43 - CFD: 09/08/2014 - 14:47:31 - [] ----D C:\Users\Usuario\AppData\Roaming\DropboxMaster
O43 - CFD: 04/12/2012 - 19:52:22 - [] ----D C:\Users\Usuario\AppData\Roaming\Identities
O43 - CFD: 04/12/2012 - 15:11:37 - [0] ----D C:\Users\Usuario\AppData\Roaming\Intel
O43 - CFD: 05/12/2012 - 11:14:29 - [] ----D C:\Users\Usuario\AppData\Roaming\Macromedia
O43 - CFD: 14/07/2009 - 15:12:00 - [0] ----D C:\Users\Usuario\AppData\Roaming\Media Center Programs
O43 - CFD: 21/06/2014 - 21:39:59 - [] -S--D C:\Users\Usuario\AppData\Roaming\Microsoft
O43 - CFD: 05/12/2012 - 11:19:56 - [] ----D C:\Users\Usuario\AppData\Roaming\Mozilla
O43 - CFD: 27/01/2014 - 10:22:00 - [] ----D C:\Users\Usuario\AppData\Roaming\RoboForm
O43 - CFD: 04/12/2012 - 10:09:38 - [] ----D C:\Users\Usuario\AppData\Roaming\WinRAR
O43 - CFD: 31/08/2014 - 07:06:11 - [] ----D C:\Users\Usuario\AppData\Roaming\ZHP  =>.Nicolas Coolman
O43 - CFD: 12/04/2014 - 18:10:22 - [] ----D C:\Users\Usuario\AppData\Local\Adobe
O43 - CFD: 01/01/2013 - 10:09:05 - [] ----D C:\Users\Usuario\AppData\Local\Ahead
O43 - CFD: 13/12/2012 - 15:39:38 - [] ----D C:\Users\Usuario\AppData\Local\Ares
O43 - CFD: 04/12/2012 - 15:00:52 - [] ----D C:\Users\Usuario\AppData\Local\BMExplorer
O43 - CFD: 24/08/2014 - 11:28:09 - [] ----D C:\Users\Usuario\AppData\Local\CrashDumps
O43 - CFD: 04/12/2012 - 19:51:59 - [] -SH-D C:\Users\Usuario\AppData\Local\Dados de aplicativos
O43 - CFD: 17/05/2014 - 17:18:25 - [] ----D C:\Users\Usuario\AppData\Local\Diagnostics
O43 - CFD: 28/05/2013 - 12:49:48 - [] ----D C:\Users\Usuario\AppData\Local\Google
O43 - CFD: 04/12/2012 - 19:51:59 - [] -SH-D C:\Users\Usuario\AppData\Local\Histórico
O43 - CFD: 07/12/2012 - 17:21:11 - [] ----D C:\Users\Usuario\AppData\Local\Macromedia
O43 - CFD: 27/08/2014 - 16:36:30 - [] ----D C:\Users\Usuario\AppData\Local\Microsoft
O43 - CFD: 23/05/2014 - 22:25:10 - [] ----D C:\Users\Usuario\AppData\Local\Microsoft Games
O43 - CFD: 08/01/2014 - 12:05:54 - [] ----D C:\Users\Usuario\AppData\Local\Microsoft Help
O43 - CFD: 01/10/2013 - 14:39:38 - [] ----D C:\Users\Usuario\AppData\Local\Mozilla
O43 - CFD: 23/03/2014 - 15:47:12 - [] ----D C:\Users\Usuario\AppData\Local\Programs
O43 - CFD: 31/08/2014 - 06:56:21 - [] ----D C:\Users\Usuario\AppData\Local\Temp
O43 - CFD: 04/12/2012 - 19:51:59 - [] -SH-D C:\Users\Usuario\AppData\Local\Temporary Internet Files
O43 - CFD: 13/12/2012 - 16:09:14 - [] ----D C:\Users\Usuario\AppData\Local\VirtualStore
O43 - CFD: 30/08/2014 - 23:55:17 - [] ----D C:\Users\Usuario\AppData\Local\Windows Live
O43 - CFD: 14/07/2009 - 01:54:32 - [] R---D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 11/01/2014 - 15:52:17 - [] R---D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 09/08/2014 - 14:47:02 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
O43 - CFD: 05/12/2012 - 11:24:22 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
O43 - CFD: 14/07/2009 - 01:49:38 - [] R---D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 11/01/2014 - 15:52:17 - [] R---D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 24/08/2014 - 10:29:26 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
~ Program Folder: 122 Scanned in 00mn 00s
avatar
Mariana7777
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014

Voltar ao Topo Ir em baixo

Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt ) 2

Mensagem por Mariana7777 em Dom 31 Ago 2014, 07:27

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.840FCC75E5CD9064B284A274FC914304] - 24/08/2014 - 11:21:15 ---A- . (...) -- C:\Windows\ntbtlog.txt   [436064]
O44 - LFC:[MD5.A4DDFE5DC4E73D1FED9B1B3A3D885612] - 27/08/2014 - 16:21:03 ---A- . (.Microsoft Corporation - No Comment.) -- C:\Windows\System32\d3dx9_32.dll   [4398360]
O44 - LFC:[MD5.6D9F600B1376A3D6BD87AC825FA68059] - 27/08/2014 - 16:21:07 ---A- . (...) -- C:\Windows\DirectX.log   [198]
O44 - LFC:[MD5.B739C423276AE62D7AC91773226EC13B] - 27/08/2014 - 16:22:19 ---A- . (.Microsoft Corporation - Direct3D 10.1 Extensions.) -- C:\Windows\System32\d3dx10_42.dll   [523088]
O44 - LFC:[MD5.9D6429F410597750B2DC2579B2347303] - 27/08/2014 - 16:23:51 ---A- . (.Microsoft Corporation - Direct3D 10.1 Extensions.) -- C:\Windows\System32\d3dx11_43.dll   [276832]
O44 - LFC:[MD5.ADA0C39D4EACDC81FD84163A95D62079] - 27/08/2014 - 16:23:58 ---A- . (.Microsoft Corporation - Direct3D HLSL Compiler.) -- C:\Windows\System32\D3DCompiler_43.dll   [2526056]
O44 - LFC:[MD5.E9739AE8B2FA28DCD6F2EF5525DA8827] - 27/08/2014 - 16:24:01 ---A- . (.Microsoft Corporation - Audio Effect Library.) -- C:\Windows\System32\XAPOFX1_5.dll   [77656]
O44 - LFC:[MD5.4F7513FF4DE6303088DB28DCBCEF372C] - 27/08/2014 - 16:24:01 ---A- . (.Microsoft Corporation - XAudio2 Game Audio API.) -- C:\Windows\System32\XAudio2_7.dll   [518488]
O44 - LFC:[MD5.9940ECED3E4A375988FBB126899FE5E7] - 31/08/2014 - 00:02:09 ---A- . (...) -- C:\Windows\PFRO.log   [292468]
O44 - LFC:[MD5.A07985D1663DCA35F75DDB08E144BC05] - 31/08/2014 - 00:02:17 ---A- . (...) -- C:\Windows\setupact.log   [70484]
O44 - LFC:[MD5.A424CB46A145E5AABF15621550976DF2] - 31/08/2014 - 00:03:13 ---A- . (.Broadcom Corporation - Broadcom xD Picture Card Bus Driver.) -- C:\Windows\System32\Drivers\b57xdbd.sys   [67624]
O44 - LFC:[MD5.82B0BA6564F0B2707C3247355B847B06] - 31/08/2014 - 06:48:04 -S-A- . (...) -- C:\Windows\bootstat.dat   [67584]
O44 - LFC:[MD5.8FBDD916D2B3ACF9E786D2A41EE48F0B] - 31/08/2014 - 06:58:36 ---A- . (...) -- C:\Windows\WindowsUpdate.log   [1419790]
O44 - LFC:[MD5.49DD2EE048E32A994E4BAB689278E363] - 31/08/2014 - 07:01:40 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin   [512]
~ Files: 14 Scanned in 00mn 03s



---\\ Negação do serviço (Local Security Authority) (048)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pacote de Segurança Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corp. - LiveSSP.) -- C:\Windows\System32\livessp.dll
~ LSA: 9 Scanned in 00mn 00s



---\\ Controlo do Modo de Segurança (CSB) (49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
~ CSB: 13 Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{97385fa4-3e3f-11e2-8a36-dc0ea1a7cf05}\AutoRun\command. (...) -- F:\Setupx.exe (.not file.)
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
~ TDSD: 2 Scanned in 00mn 00s



---\\ Enumeração das chaves do registo SecurityProviders (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
~ MSCP: 2 Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0
~ MWPE Keys: 8 Scanned in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 22:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys   [491088]
O58 - SDL:13/07/2009 - 22:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\Drivers\adpahci.sys   [339536]
O58 - SDL:13/07/2009 - 22:52:21 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\System32\Drivers\adpu320.sys   [182864]
O58 - SDL:13/07/2009 - 22:52:21 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\Drivers\aliide.sys   [15440]
O58 - SDL:11/03/2011 - 03:41:12 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\Drivers\amdsata.sys   [107904]
O58 - SDL:13/07/2009 - 22:52:20 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\Windows\System32\Drivers\amdsbs.sys   [194128]
O58 - SDL:11/03/2011 - 03:41:12 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\Drivers\amdxata.sys   [27008]
O58 - SDL:15/09/2011 - 08:48:24 ---A- . (.Windows (R) Win 7 DDK provider - Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual A.) -- C:\Windows\System32\Drivers\AmpPal.sys   [299008]
O58 - SDL:13/07/2009 - 22:52:21 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\Drivers\arc.sys   [87632]
O58 - SDL:13/07/2009 - 22:52:21 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\Drivers\arcsas.sys   [97856]
O58 - SDL:15/02/2012 - 00:41:34 ---A- . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driver.) -- C:\Windows\System32\Drivers\athrx.sys   [3538432]
O58 - SDL:10/06/2009 - 17:34:23 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\System32\Drivers\b57nd60a.sys   [270848]
O58 - SDL:20/01/2011 - 11:15:28 ---A- . (.Broadcom Corporation - Broadcom xD Picture Card Bus Driver.) -- C:\Windows\System32\Drivers\b57xdbd.sys   [67624]
O58 - SDL:20/01/2011 - 11:15:30 ---A- . (.Broadcom Corporation - Broadcom xD Picture Card Miniport Driver.) -- C:\Windows\System32\Drivers\b57xdmp.sys   [19496]
O58 - SDL:10/06/2009 - 17:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltLo.sys   [18432]
O58 - SDL:10/06/2009 - 17:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltUp.sys   [8704]
O58 - SDL:13/07/2009 - 22:19:07 ---A- . (.Brother Industries Ltd. - Brother Serial I/F Driver (WDM).) -- C:\Windows\System32\Drivers\BrSerId.sys   [286720]
O58 - SDL:10/06/2009 - 17:41:10 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\Drivers\BrSerWdm.sys   [47104]
O58 - SDL:10/06/2009 - 17:41:10 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\Drivers\BrUsbMdm.sys   [14976]
O58 - SDL:10/06/2009 - 17:41:10 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\Drivers\BrUsbSer.sys   [14720]
O58 - SDL:16/05/2011 - 07:57:32 ---A- . (.Broadcom Corporation - Broadcom Memory Stick Driver.) -- C:\Windows\System32\Drivers\bScsiMSa.sys   [51240]
O58 - SDL:20/02/2012 - 11:33:26 ---A- . (.Atheros - Atheros A2DP driver.) -- C:\Windows\System32\Drivers\btath_a2dp.sys   [339616]
O58 - SDL:20/02/2012 - 11:33:44 ---A- . (.Atheros - Atheros Bluetooth AVDT driver.) -- C:\Windows\System32\Drivers\btath_avdt.sys   [110752]
O58 - SDL:20/02/2012 - 11:33:56 ---A- . (.Atheros - Atheros BUS driver.) -- C:\Windows\System32\Drivers\btath_bus.sys   [30368]
O58 - SDL:20/02/2012 - 11:34:14 ---A- . (.Atheros - Atheros FILTER driver.) -- C:\Windows\System32\Drivers\btath_flt.sys   [36000]
O58 - SDL:20/02/2012 - 11:34:32 ---A- . (.Atheros - Atheros HCRP driver.) -- C:\Windows\System32\Drivers\btath_hcrp.sys   [167584]
O58 - SDL:20/02/2012 - 11:35:02 ---A- . (.Atheros - Atheros FILTER driver.) -- C:\Windows\System32\Drivers\btath_lwflt.sys   [68256]
O58 - SDL:20/02/2012 - 11:35:14 ---A- . (.Atheros - Atheros AVRCP driver.) -- C:\Windows\System32\Drivers\btath_rcp.sys   [280992]
O58 - SDL:20/02/2012 - 11:36:02 ---A- . (.Atheros - BtFilter Driver.) -- C:\Windows\System32\Drivers\btfilter.sys   [550560]
O58 - SDL:10/06/2009 - 17:34:28 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\Drivers\bxvbda.sys   [468480]
O58 - SDL:13/07/2009 - 22:52:31 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\cmdide.sys   [17488]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [530496]
O58 - SDL:10/06/2009 - 17:34:33 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\Drivers\evbda.sys   [3286016]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [31232]
O58 - SDL:17/07/2012 - 18:12:08 ---A- . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\Windows\System32\Drivers\HECIx64.sys   [62784]
O58 - SDL:20/11/2010 - 04:33:36 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\System32\Drivers\HpSAMD.sys   [78720]
O58 - SDL:11/03/2011 - 03:41:26 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\System32\Drivers\iaStorV.sys   [410496]
O58 - SDL:14/02/2012 - 15:47:38 ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\Drivers\igdkmd64.sys   [14692224]
O58 - SDL:13/07/2009 - 22:48:04 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\Drivers\iirsp.sys   [44112]
O58 - SDL:06/12/2011 - 08:23:10 ---A- . (.Intel(R) Corporation - Intel(R) Display Audio Driver.) -- C:\Windows\System32\Drivers\IntcDAud.sys   [331264]
O58 - SDL:27/01/2012 - 06:39:34 ---A- . (.Intel Corporation - Intel(R) USB 3.0 Hub Driver.) -- C:\Windows\System32\Drivers\iusb3hub.sys   [356120]
O58 - SDL:27/01/2012 - 06:39:34 ---A- . (.Intel Corporation - Intel(R) USB 3.0 eXtensible Host Controller Driver.) -- C:\Windows\System32\Drivers\iusb3xhc.sys   [787736]
O58 - SDL:14/03/2011 - 11:53:43 ---A- . (.Broadcom Corporation - Broadcom NetLink (TM) Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\System32\Drivers\k57nd60a.sys   [412712]
O58 - SDL:13/07/2009 - 22:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_fc.sys   [114752]
O58 - SDL:13/07/2009 - 22:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas.sys   [106560]
O58 - SDL:13/07/2009 - 22:48:04 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas2.sys   [65600]
O58 - SDL:13/07/2009 - 22:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_scsi.sys   [115776]
O58 - SDL:24/02/2009 - 17:35:44 ---A- . (.MagicISO, Inc. - MagicISO SCSI Host Controller.) -- C:\Windows\System32\Drivers\mcdbus.sys   [255552]
O58 - SDL:13/07/2009 - 22:48:04 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for.) -- C:\Windows\System32\Drivers\megasas.sys   [35392]
O58 - SDL:13/07/2009 - 22:48:04 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\Drivers\MegaSR.sys   [284736]
O58 - SDL:13/07/2009 - 22:48:26 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\Drivers\nfrd960.sys   [51264]
O58 - SDL:11/03/2011 - 03:41:34 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\Drivers\nvraid.sys   [148352]
O58 - SDL:11/03/2011 - 03:41:34 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\Drivers\nvstor.sys   [166272]
O58 - SDL:13/07/2009 - 22:45:46 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\Drivers\ql2300.sys   [1524816]
O58 - SDL:13/07/2009 - 22:45:45 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\Drivers\ql40xx.sys   [128592]
O58 - SDL:03/01/2012 - 07:55:54 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\RTKVHD64.sys   [4730344]
O58 - SDL:10/06/2009 - 17:37:19 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\System32\Drivers\secdrv.sys   [23040]
O58 - SDL:13/07/2009 - 22:45:45 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid2.sys   [43584]
O58 - SDL:13/07/2009 - 22:45:46 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid4.sys   [80464]
O58 - SDL:14/02/2012 - 01:33:02 ---A- . (.Synaptics Incorporated - Synaptics SMBus Driver.) -- C:\Windows\System32\Drivers\Smb_driver.sys   [22800]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [24656]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\viaide.sys   [17488]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\Drivers\vsmraid.sys   [161872]
~ Drivers: 63 Scanned in 00mn 01s



---\\ Últimos ficheiros alterados ou criados (Utilizador) (061)
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\n7458\wajam_2207-6c14163c.exe   [55363]  =>PUP.Wajam
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\nsl9F2D.tmp\System.dll   [11264]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\spark_install.exe   [44065600]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n6399\s6399.exe   [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n6478\s6478.exe   [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n6657\s6657.exe   [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n6889\s6889.exe   [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n7458\s7458.exe   [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Baidu Inc..) -- C:\Users\Usuario\AppData\Local\Temp\n7458\spark_1706-7a62f19d.exe   [1285312]
O61 - LFC: 24/08/2014 - 07:06:26 ---A- . (...) -- C:\Users\Usuario\Downloads\wrar510br.exe   [4443360]
O61 - LFC: 24/08/2014 - 07:06:26 ---A- . (.Firseria.-.Installer · sl.) -- C:\Users\Usuario\Downloads\WinRAR.exe   [577728]  =>PUP.Firseria
O61 - LFC: 24/08/2014 - 07:06:26 ---A- . (.Oracle Corporation.) -- C:\Users\Usuario\Downloads\jxpiinstall.exe   [918952]
O61 - LFC: 25/08/2014 - 07:06:26 ---A- . (...) -- C:\Users\Usuario\Downloads\atube-catcher-3-8-7973-32-bits.exe   [689200]
O61 - LFC: 25/08/2014 - 07:06:26 ---A- . (.DsNET Corp.) -- C:\Users\Usuario\Downloads\atube-catcher-3-8-7973-32-bits [1].exe   [16806776]
O61 - LFC: 27/08/2014 - 07:06:25 ---A- . (.Baidu, Inc..) -- C:\Users\Usuario\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.9.76886.exe   [22526848]
O61 - LFC: 27/08/2014 - 07:06:26 ---A- . (.Microsoft Corporation.) -- C:\Users\Usuario\Downloads\wlsetup-web.exe   [1242312]
O61 - LFC: 30/08/2014 - 07:06:25 ---A- . (.MSIL TECHNOLOGIES LLC.) -- C:\Users\Usuario\AppData\Local\Temp\TempProductLLC\220814_m.exe   [25032]
O61 - LFC: 30/08/2014 - 07:06:26 ---A- . (...) -- C:\Users\Usuario\Downloads\adwcleaner_3.308.exe   [1364531]
O61 - LFC: 31/08/2014 - 07:06:26 ---A- . (.Nicolas Coolman.) -- C:\Users\Usuario\Downloads\ZHPDiag2.exe   [6860008]  =>.Nicolas Coolman
~ 10102 Fichiers temporaires (Temporary files)
~ 278 Fichiers cookies (Cookies files)
~ Files: 19 Scanned in 00mn 01s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv)  .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 89 Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe  =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
~ FASS Keys: 11 Scanned in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {283BFDBE-7AF0-47CB-8573-30F9A295F356} - (NCH Customized Web Search) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys:  Scanned in 00mn 00s



---\\ Listagem dos serviços iniciados pelo Svchost (SSS) (O83)
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Serviço de Experiência com Aplicativo.) -- C:\Windows\System32\aelupsvc.dll   [72192]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll   [80384]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll   [80384]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll   [236032]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Cliente da Diretiva de Grupo.) -- C:\Windows\System32\gpsvc.dll   [777728]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\System32\ikeext.dll   [859648]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Serviço de Áudio do Windows.) -- C:\Windows\System32\Audiosrv.dll   [679424]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gerenciador de Discagem Automática de Acesso Remoto.) -- C:\Windows\System32\rasauto.dll   [99328]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\System32\rasmans.dll   [344064]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gerenciador de Interface Dinâmica.) -- C:\Windows\System32\mprdim.dll   [97792]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistema (SENS).) -- C:\Windows\System32\sens.dll   [64512]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\System32\ipnathlp.dll   [359424]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft(R) Windows(TM).) -- C:\Windows\System32\tapisrv.dll   [316928]
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gerenciador de Conexões Remotas do Servidor Host da Sessão da Área de.) -- C:\Windows\System32\termsrv.dll   [680960]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll   [2477536]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de plano de fundo.) -- C:\Windows\System32\qmgr.dll   [849920]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\System32\shsvcs.dll   [370688]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 em uma rede IPv4..) -- C:\Windows\System32\iphlpsvc.dll   [569344]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\Windows\system32\seclogon.dll   [30720]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações de Aplicativos.) -- C:\Windows\System32\appinfo.dll   [70144]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Descoberta iSCSI.) -- C:\Windows\System32\iscsiexe.dll   [156672]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Serviço Agendador de Classes de Multimídia.) -- C:\Windows\System32\mmcss.dll   [67584]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll   [242688]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração da Área de Trabalho Remota.) -- C:\Windows\System32\sessenv.dll   [121856]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\System32\browser.dll   [136704]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Serviço Microsoft EAPHost.) -- C:\Windows\System32\eapsvc.dll   [111104]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll   [1110016]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\Windows\System32\kmsvc.dll   [90624]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\System32\wercplsupport.dll   [84480]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll   [209920]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\System32\themeservice.dll   [44544]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Serviço BDE.) -- C:\Windows\System32\bdesvc.dll   [100864]
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Serviço de instalação do software.) -- C:\Windows\System32\appmgmts.dll   [193536]
~ Services: 33 Scanned in 00mn 00s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "D2A425F4736535D214457A857BC0F010" . (.Ask Shopping Toolbar.) -- C:\Windows\Installer\{4F524A2D-5637-2D53-4154-A758B70C0F01}\ToolbarIcon.exe  =>Adware.Bandoo
O90 - PUC: "D2A425F47365A600677A7A857BC0F050" . (.Ask Toolbar.) -- C:\Windows\Installer\{4F524A2D-5637-006A-76A7-A758B70C0F05}\ToolbarIcon.exe  =>Toolbar.Ask
~ Update Products: 2 Scanned in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.90BBC1FAB1C49A625160997038066353] [WIS][24/06/2014] (.APN, LLC - Ask Shopping Toolbar.) -- C:\Windows\Installer\158bb77.msi   [512000]  =>Toolbar.Avira
[MD5.7E7969FBEFB97E7AE2F8EA52DED9BADD] [WIS][05/08/2014] (.APN, LLC - Ask Toolbar.) -- C:\Windows\Installer\51dcc3d.msi   [507904]  =>Toolbar.Avira
~ WIS: 2 Scanned in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 20/02/2012 276248 |  (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 28/05/2013 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/05/2013 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/04/2014 289256 |  (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
SS - | Demand 24/07/2014 119408 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SR - | Auto 21/12/2013 65432 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 20/02/2012 106144 |  (AtherosSvc) . (.Atheros Commnucations.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 02/03/2012 355920 |  (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 19/02/2012 72864 |  (ZAtheros Wlan Agent) . (.Atheros.) - C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
~ Services:  Scanned in 00mn 08s



---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBR) (080)
Run by Usuario at 31/08/2014 07:06:52
~ OS 64 not supported by MBR tool
~ MBR: 0 Scanned in 00mn 00s



---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBRCheck) (080)
Written by ad13, [Você precisa estar registrado e conectado para ver este link.]
Run by Usuario at 31/08/2014 07:06:54
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR:  Scanned in 00mn 02s



---\\ Scâner Aditional (088)
Database Version : 13026 - (28/08/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 1
Fichiers trouvés  (Files found) : 5

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5637-2D53-4154-A758B70C0F01}]   =>Adware.Bandoo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5637-006A-76A7-A758B70C0F05}]   =>Toolbar.Avira^
C:\Users\Usuario\AppData\Roaming\Azureus   =>P2P.Azureus^
[HKCU\Software\AppDataLow\Software\BackgroundContainerV2]   =>PUP.Babylon^
C:\Windows\Installer\158bb77.msi   =>Toolbar.Avira^
C:\Windows\Installer\51dcc3d.msi   =>Toolbar.Avira^
C:\Users\Usuario\AppData\Local\Temp\ToolbarHelper.exe  =>Toolbar.Conduit
~ Additionnel Scan: 245395 Items scanned in 00mn 51s



---\\ Informações complémentaires do módulos
~ [Você precisa estar registrado e conectado para ver este link.] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Browser Helper Objects do navegador (02)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Barras do Internet Explorer (03))
~ [Você precisa estar registrado e conectado para ver este link.] =>.Aplicações iniciadas por registo & pastas (04)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 7 Scanned in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>Adware.Bandoo
[Você precisa estar registrado e conectado para ver este link.] =>PUP.Babylon
[Você precisa estar registrado e conectado para ver este link.] =>PUP.Wajam
[Você precisa estar registrado e conectado para ver este link.] =>PUP.Firseria
[Você precisa estar registrado e conectado para ver este link.] =>Toolbar.Ask
[Você precisa estar registrado e conectado para ver este link.] =>Toolbar.Conduit
~ MSI: 6 link(s) detected in 00mn 00s



End of the scan (1050 lines in 02mn 00s)(0)
avatar
Mariana7777
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014

Voltar ao Topo Ir em baixo

Re: Como remover o blueseek?

Mensagem por joram em Dom 31 Ago 2014, 08:10

Bom Dia! Mariana7777

####
---\\ Softwares de proteçao do sistema
avast! EasyPass v7-9-1-129
McAfee Security Scan Plus v3.8.150.1

Windows Defender W7 (Activate)
####

|- Aqui diz que vc está sem antivírus ou estão desabilitados. Confirmas esse fato?
|- Depois de sua resposta e log de SecurityCheck,postarei o script obtido de ZHPDiag.

-/-

|- Baixe: < Security Check > ( ... by screen317 )

>>> < Link - 2 >

|- Salve-o no desktop!
|- Duplo-clique em SecurityCheck.exe
|- Siga as instruções e poste o relatório. ( checkup.txt )

A+
avatar
joram
Administrador
Administrador

Mensagens : 3706
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: Como remover o blueseek?

Mensagem por Mariana7777 em Dom 31 Ago 2014, 20:27

Sim,desabilitei o antivírus,como você tinha pedido.
avatar
Mariana7777
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014

Voltar ao Topo Ir em baixo

Re: Como remover o blueseek?

Mensagem por Mariana7777 em Dom 31 Ago 2014, 20:33

Results of screen317's Security Check version 0.99.87 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 55 
 Java version out of Date!
  Adobe Flash Player 13.0.0.182 Flash Player out of Date! 
 Adobe Reader XI 
 Mozilla Firefox (31.0)
 Google Chrome 36.0.1985.125 
 Google Chrome 36.0.1985.143 
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast Setup Instup.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: =
````````````````````End of Log``````````````````````
avatar
Mariana7777
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014

Voltar ao Topo Ir em baixo

Re: Como remover o blueseek?

Mensagem por joram em Dom 31 Ago 2014, 20:41

Boa Noite! Mariana7777

|- Execute este script na ferramenta ZHPFix. < [Você precisa estar registrado e conectado para ver esta imagem.] >

|- Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
|- À seguir,minimize o Bloco de Notas.

Script ZHPFix
Emptyprefetch
Emptytemp
ifeofix
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (...) --  (.not file.)
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã   
O42 - Logiciel: Ask Shopping Toolbar - (.APN, LLC.) [HKLM][64Bits] -- {4F524A2D-5637-2D53-4154-A758B70C0F01}  =>Adware.Bandoo
O43 - CFD: 27/08/2014 - 16:41:21 - [] ----D C:\Program Files (x86)\Baidu Security   
O43 - CFD: 27/08/2014 - 16:41:21 - [] ----D C:\ProgramData\Baidu Security   
O43 - CFD: 27/08/2014 - 16:41:08 - [] ----D C:\Users\Usuario\AppData\Roaming\Baidu Security
O44 - LFC:[MD5.6D9F600B1376A3D6BD87AC825FA68059] - 27/08/2014 - 16:21:07 ---A- . (...) -- C:\Windows\DirectX.log   [198]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\n7458\wajam_2207-6c14163c.exe   [55363]  =>PUP.Wajam
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\nsl9F2D.tmp\System.dll   [11264]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\spark_install.exe   [44065600]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n6399\s6399.exe   [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n6478\s6478.exe   [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n6657\s6657.exe   [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n6889\s6889.exe   [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n7458\s7458.exe   [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Baidu Inc..) -- C:\Users\Usuario\AppData\Local\Temp\n7458\spark_1706-7a62f19d.exe   [1285312]
O61 - LFC: 27/08/2014 - 07:06:25 ---A- . (.Baidu, Inc..) -- C:\Users\Usuario\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.9.76886.exe   [22526848]
O61 - LFC: 30/08/2014 - 07:06:25 ---A- . (.MSIL TECHNOLOGIES LLC.) -- C:\Users\Usuario\AppData\Local\Temp\TempProductLLC\220814_m.exe   [25032]
O69 - SBI: SearchScopes [HKCU] {283BFDBE-7AF0-47CB-8573-30F9A295F356} - (NCH Customized Web Search) - [Você precisa estar registrado e conectado para ver este link.]
O90 - PUC: "D2A425F47365A600677A7A857BC0F050" . (.Ask Toolbar.) -- C:\Windows\Installer\{4F524A2D-5637-006A-76A7-A758B70C0F05}\ToolbarIcon.exe  =>Toolbar.Ask
O90 - PUC: "D2A425F4736535D214457A857BC0F010" . (.Ask Shopping Toolbar.) -- C:\Windows\Installer\{4F524A2D-5637-2D53-4154-A758B70C0F01}\ToolbarIcon.exe  =>Adware.Bandoo
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKCU\Software\AppDataLow\Software\BackgroundContainerV2]  =>PUP.Babylon
[HKCU\Software\Baidu Security]   
[HKCU\Software\Baidu]   
[HKLM\Software\Baidu Security]   
[HKLM\Software\Wow6432Node\Baidu Security]   
[HKLM\Software\Wow6432Node\Baidu]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5637-2D53-4154-A758B70C0F01}]   =>Adware.Bandoo^
[HKCU\Software\AppDataLow\Software\BackgroundContainerV2]   =>PUP.Babylon^
C:\Users\Usuario\AppData\Roaming\Baidu Security
C:\Program Files (x86)\Baidu Security
C:\ProgramData\Baidu Security 
C:\Users\Usuario\AppData\Local\Temp\ToolbarHelper.exe  =>Toolbar.Conduit
Firewallraz
Emptyclsid


|- Abra a ferramenta ZHPFix. < [Você precisa estar registrado e conectado para ver esta imagem.] >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!

A+
avatar
joram
Administrador
Administrador

Mensagens : 3706
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: Como remover o blueseek?

Mensagem por Mariana7777 em Seg 01 Set 2014, 12:47

Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by Usuario at 01/09/2014 12:45:33
High Elevated Privileges : OK
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 06s)
Prefetcher vazio

========== Softwares ==========
ELIMINÉ: Ask Shopping Toolbar

========== Chaves do Registo ==========
Ramo Base de Registos IFEO não infetado !
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
ELIMINÉ: SearchScopes :{283BFDBE-7AF0-47CB-8573-30F9A295F356}
ELIMINÉ: [HKLM\Software\Classes\Installer\Products\\D2A425F47365A600677A7A857BC0F050]
ELIMINÉ: [HKLM\Software\Classes\Installer\Features\D2A425F47365A600677A7A857BC0F050]
ELIMINÉ: HKCU\Software\AppDataLow\Software\BackgroundContainerV2
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baidu
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
ELIMINÉ: Toolbar: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (None) : {04121A2B-5A7E-4234-B994-44A7E2402CF8}
ELIMINÉ: FirewallRaz (Public) : TCP Query User{DA3FD9BF-73DF-4428-AD71-8A6E4F068B3E}C:\program files (x86)\ares\ares.exe
ELIMINÉ: FirewallRaz (Public) : UDP Query User{92A595E2-07C9-47B3-8842-3E92D4DDF9FD}C:\program files (x86)\ares\ares.exe
ELIMINÉ: FirewallRaz (Public) : TCP Query User{FD5D9BA5-6390-4C81-8D11-E599450FBEC4}C:\program files (x86)\ares\chatserver.exe
ELIMINÉ: FirewallRaz (Public) : UDP Query User{306E4028-0B89-4A6A-B0E1-19F9F40F270D}C:\program files (x86)\ares\chatserver.exe
ELIMINÉ: FirewallRaz (Public) : {5C887B78-5311-46BA-9DF5-FD9E627CB262}
ELIMINÉ: FirewallRaz (Public) : {3A55A04E-98F2-45BD-868F-BC5439C5780D}
ELIMINÉ: FirewallRaz (Public) : {0326AF06-F75B-4D50-A57F-14A079D6DC79}
ELIMINÉ: FirewallRaz (Public) : {431E3ADF-C6A8-4D12-BB1A-A13804DA2F93}
ELIMINÉ: FirewallRaz (Public) : {0BA76CEE-548C-4628-91AD-2CD995FCF741}
ELIMINÉ: FirewallRaz (Public) : {D9146784-A4EB-469F-8A4A-46F605753DA4}
ELIMINÉ: FirewallRaz (Public) : {BB7C1A58-5045-4258-B63C-0B21C07E13C7}
ELIMINÉ: FirewallRaz (Public) : {25AE2D39-6309-4835-8C2C-8DD8CE75EBD1}

========== Elementos dos dados do Registo ==========
SUBSTITUI Value NoActiveDesktopChanges :   Good (0) - Bad (1)
SUBSTITUI Value Start_ShowMyGames :   Good (1) - Bad (0)

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (5179) (979.362.387 octets)
ELIMINÉ: c:\windows\directx.log


========== Recapitulativo ==========
10 : Chaves do Registo
17 : Valores do Registo
2 : Elementos dos dados do Registo
1 : Pastas
2 : Ficheiros
1 : Softwares


End of clean in 01mn 07s

========== Caminho do ficheiro do relatório ==========
C:\Users\Usuario\AppData\Roaming\ZHP\ZHPFix[R1].txt - 01/09/2014 12:45:40 [3000]
avatar
Mariana7777
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014

Voltar ao Topo Ir em baixo

Re: Como remover o blueseek?

Mensagem por joram em Seg 01 Set 2014, 13:00

Boa Tarde! Mariana7777

|- Pelo volume de detecções em sua máquina,vc terá que rodar o Malwarebytes.
|- Primeiramente,desinstale o AdwCleaner.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Abra a ferramenta AdwCleaner e clique em "Desinstalar".
|- Confirme a solicitação!

< MBAM > << Link!

|- Baixe o Malwarebytes. (MBAM)

< Tutorial do Malwarebytes Anti-Malware > << Link!

|- Vá a este endereço,e obtenha informações de instalação,atualização e configuração do MBAM.
|- Escolha o "Tipo da Verificação": Verificação Personalizada
|- Poste o relatório,ao concluir!

A+
avatar
joram
Administrador
Administrador

Mensagens : 3706
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: Como remover o blueseek?

Mensagem por Mariana7777 em Seg 01 Set 2014, 15:04

Apareceu que não encontrou nenhum malware,mas achou 14 ameaças em potencial.
avatar
Mariana7777
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014

Voltar ao Topo Ir em baixo

Re: Como remover o blueseek?

Mensagem por Mariana7777 em Seg 01 Set 2014, 20:28

o que tenho que fazer agora?
avatar
Mariana7777
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014

Voltar ao Topo Ir em baixo

Re: Como remover o blueseek?

Mensagem por joram em Seg 01 Set 2014, 23:02

Mariana7777 escreveu:o que tenho que fazer agora?
Olá!

|- Poste o relatório do Malwarebytes!

A+
avatar
joram
Administrador
Administrador

Mensagens : 3706
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: Como remover o blueseek?

Mensagem por Mariana7777 em Ter 02 Set 2014, 12:32

Mas ele não me forneceu nenhum relatório,ou é esse com as ameaças?
avatar
Mariana7777
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014

Voltar ao Topo Ir em baixo

Re: Como remover o blueseek?

Mensagem por joram em Ter 02 Set 2014, 12:43

Mariana7777 escreveu:Apareceu que não encontrou nenhum malware,mas achou 14 ameaças em potencial.
Boa Tarde! Mariana7777

< Como acessar o Log (relatório) do Malwarebytes > << Link!

|- Vá ao Tutorial..role a página e leia!

A+
avatar
joram
Administrador
Administrador

Mensagens : 3706
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: Como remover o blueseek?

Mensagem por Mariana7777 em Ter 02 Set 2014, 12:59

Obrigado pela paciência Smile


Malwarebytes Anti-Malware
[Você precisa estar registrado e conectado para ver este link.]

Data de Verificação: 01/09/2014
Hora da Verificação: 13:31:20
Logfile: log 2.txt
Administrador: Sim

Versão: 2.00.2.1012
Malware Database: v2014.09.01.05
Rootkit Database: v2014.08.21.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Self-protection: Desabilitado

OS: Windows 7 Service Pack 1
CPU: x64
Sistema de Arquivo: NTFS
Usuário: Usuario

Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 418293
Tempo Decorrido: 1 hr, 28 min, 59 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 0
(No malicious items detected)

Valores de Registro: 0
(No malicious items detected)

Dados do Registro: 0
(No malicious items detected)

Pastas: 0
(No malicious items detected)

Arquivos: 14
PUP.Optional.OpenCandy, C:\Users\Usuario\.frostwire5\updates\frostwire-5.7.5.windows.coc.premium.exe, Quarantined, [6c0dedfbed8ebc7a611f12fbe322fa06],
PUP.Optional.Iminent.A, C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LLIYB2EY\IminentMinibarIE[1].exe, Quarantined, [b5c475733c3fc1758dba1afcdc2504fc],
PUP.Optional.Iminent.A, C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LLIYB2EY\MinibarFirefox[1].exe, Quarantined, [5d1c6a7ef78446f061e6eb2bd130b947],
PUP.Optional.Iminent, C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RV40PVKS\metro[1].exe, Quarantined, [f287e602f487c274ab87f52058a9a858],
PUP.Optional.Wajam, C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RV40PVKS\WIE_2.12.2.5[1].exe, Quarantined, [a0d9a741dc9fc67049d2218a56aba25e],
PUP.Optional.Midia, C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN0X0E1H\220814_m[1].exe, Quarantined, [f28700e86e0d8bab80697f32659c1be5],
PUP.Optional.GenericExt.A, C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN0X0E1H\MinibarChrome[1].exe, Quarantined, [73061eca8cef5dd9224496a719e7dd23],
PUP.Optional.InstallCore, C:\Users\Usuario\Downloads\harry-potter-mega-theme-for-windows-7-10-32-bits.exe, Quarantined, [65140bdd027958de0b5a08ba07fdbe42],
PUP.Optional.InstallCore, C:\Users\Usuario\Downloads\atube-catcher-3-8-7973-32-bits.exe, Quarantined, [40391ccc85f661d550bb92d47e862ed2],
PUP.Optional.Firseria, C:\Users\Usuario\Downloads\WinRAR.exe, Quarantined, [84f5a741cbb0cc6a7d67858941c42ad6],
PUP.Optional.Iminent.A, C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_start.iminent.com_0.localstorage, Quarantined, [3b3e4c9cc8b35cdaeb8a91c371932cd4],
PUP.Optional.Iminent.A, C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_start.iminent.com_0.localstorage-journal, Quarantined, [7aff697fe695bd799ed7e86c31d359a7],
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633, Quarantined, [8dec37b1512a3ff7a0e780d836ce4db3],
PUP.Optional.Iminent.A, C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://www.google.com", "http://start.iminent.com/?appId=CF0DF3DB-53EF-4692-B380-2DEAA120D8DC", "http://search.iminent.com/?appId=CF0DF3DB-53EF-4692-B380-2DEAA120D8DC" ],), Replaced,[eb8eebfde2994beb539ce1397b8a59a7]

Physical Sectors: 0
(No malicious items detected)


(end)
avatar
Mariana7777
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014

Voltar ao Topo Ir em baixo

Re: Como remover o blueseek?

Mensagem por joram em Ter 02 Set 2014, 13:11

Boa Tarde! Mariana7777

|- O log foi postado corretamente!  isso aí!

|- Ps: Já atualizou o Java e Flash Player?
|- Remova as ferramentas envolvidas na desinfecção ou resquícios das mesmas,com o DelFix.

-/-

|- Baixe: |DelFix| ( ... de Xplode )

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Estando na página,clique em Download Now.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Com as caixinhas marcadas,clique Executar!
|- Tudo OK?

Abs!
avatar
joram
Administrador
Administrador

Mensagens : 3706
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: Como remover o blueseek?

Mensagem por Mariana7777 em Ter 02 Set 2014, 13:30

# DelFix v10.8 - Relatório criado 02/09/2014 às 13:25:46
# Atualizado 29/07/2014 por Xplode
# Usuário : Usuario - USUARIO-PC
# Sistema Operacional : Windows 7 Professional Service Pack 1 (64 bits)

~ Ativando UAC ... OK

~ Removendo ferramentas de desinfecção ...

Removido : C:\AdwCleaner
Removido : C:\Users\Usuario\AppData\Roaming\ZHP
Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Removido : C:\Program Files (x86)\ZHPDiag
Removido : C:\PhysicalDisk0_MBR.bin
Removido : C:\Users\Usuario\Desktop\ZHPDiag.lnk
Removido : C:\Users\Usuario\Desktop\ZHPDiag.txt
Removido : C:\Users\Usuario\Desktop\ZHPFix.lnk
Removido : C:\Users\Usuario\Desktop\ZHPFixReport.txt
Removido : C:\Users\Usuario\Downloads\adwcleaner_3.308 - Atalho.lnk
Removido : C:\Users\Usuario\Downloads\SecurityCheck.exe
Removido : C:\Users\Usuario\Downloads\ZHPDiag2.exe
Removido : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~ Criando backup do registro ... OK

~ Limpando pontos da restauração do sistema ...

Removido : RP #56 [Instalador de Módulos do Windows | 05/24/2014 01:20:01]
Removido : RP #57 [Windows Update | 08/04/2014 01:07:28]
Removido : RP #58 [avast! antivirus system restore point | 08/06/2014 15:25:45]
Removido : RP #59 [Installed Java 7 Update 67 | 08/24/2014 16:42:24]
Removido : RP #61 [Windows Live Essentials | 08/27/2014 19:12:48]
Removido : RP #62 [Windows Live Essentials | 08/27/2014 19:18:10]
Removido : RP #63 [DirectX instalado | 08/27/2014 19:20:05]
Removido : RP #64 [DirectX instalado | 08/27/2014 19:21:33]
Removido : RP #65 [DirectX instalado | 08/27/2014 19:23:02]
Removido : RP #66 [WLSetup | 08/27/2014 19:26:06]
Removido : RP #67 [avast! antivirus system restore point | 08/31/2014 10:00:43]

Novo ponto de restauração criado !

~ Redefinindo configurações do sistema ... OK

########## - EOF - ##########
avatar
Mariana7777
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014

Voltar ao Topo Ir em baixo

Re: Como remover o blueseek?

Mensagem por joram em Ter 02 Set 2014, 13:49

Olá! Mariana7777

|- Tudo Ok?

A+

_________________
Fórum PC Brasil >> O que há de melhor,para desinfectar seu computador!
Fórum SecSecurity >> Não deixem de conhecer!
Fórum iMasters >> Tradição em informática!
avatar
joram
Administrador
Administrador

Mensagens : 3706
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: Como remover o blueseek?

Mensagem por Mariana7777 em Ter 02 Set 2014, 14:01

Na verdade está do mesmo jeito,as propagandas continuam,sabe?
avatar
Mariana7777
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014

Voltar ao Topo Ir em baixo

Re: Como remover o blueseek?

Mensagem por joram em Ter 02 Set 2014, 14:07

Mariana7777 escreveu:Na verdade está do mesmo jeito,as propagandas continuam,sabe?
Olá! Mariana7777

|- Vc já redefiniu os navegadores? Ou ocorre,especificamente,em um dos navegadores?


|- Baixe: < [Você precisa estar registrado e conectado para ver esta imagem.] > ( ... de Nicolas Coolman )

|- Estando na página,clique [Você precisa estar registrado e conectado para ver esta imagem.]
|- Salve-a no desktop!

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Para correções mais abrangentes,marque todas as opções disponíveis.
|- Clique Réparer.
|- Clique Rapport.
|- Poste o relatório!

A+
avatar
joram
Administrador
Administrador

Mensagens : 3706
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: Como remover o blueseek?

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum