Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 11 usuários online :: 0 registrados, 0 invisíveis e 11 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
Power Max | ||||
joram | ||||
Wings [In Memoriam] | ||||
caedurodrigues | ||||
Amigo Brasileiro | ||||
luizvilarinho | ||||
Danii | ||||
Admin | ||||
Danilo Marsaro | ||||
Andreata |
Problemas com windows
2 participantes
Página 1 de 1
Problemas com windows
Olá gente, meu computador depois de um tempinho que eu estive aqui e me indicaram procurar um tecnico, pois bem, não procurei, kkk, mas apareceu uma mensagem. Será que eu mesma não posso resolver, com a ajuda de você. Olha só!
Mensg.
Assinatura do problema:
Nome do Evento de Problema: BlueScreen
Versão do sistema operacional: 6.1.7601.2.1.0.768.3
Identificação da Localidade: 1046
Informações adicionais sobre o problema:
BCCode: 3b
BCP1: 00000000C0000005
BCP2: FFFFF8800450CAD1
BCP3: FFFFF8800B33E020
BCP4: 0000000000000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1
Arquivos que ajudam a descrever o problema:
C:\Windows\Minidump\021814-19609-01.dmp
C:\Users\User\AppData\Local\Temp\WER-109590-0.sysdata.xml
Leia nossa declaração de privacidade online:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Se a declaração de privacidade online não estiver disponível, leia nossa declaração de privacidade offline:
C:\windows\system32\pt-BR\erofflps.txt
Mensg.
Assinatura do problema:
Nome do Evento de Problema: BlueScreen
Versão do sistema operacional: 6.1.7601.2.1.0.768.3
Identificação da Localidade: 1046
Informações adicionais sobre o problema:
BCCode: 3b
BCP1: 00000000C0000005
BCP2: FFFFF8800450CAD1
BCP3: FFFFF8800B33E020
BCP4: 0000000000000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1
Arquivos que ajudam a descrever o problema:
C:\Windows\Minidump\021814-19609-01.dmp
C:\Users\User\AppData\Local\Temp\WER-109590-0.sysdata.xml
Leia nossa declaração de privacidade online:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Se a declaração de privacidade online não estiver disponível, leia nossa declaração de privacidade offline:
C:\windows\system32\pt-BR\erofflps.txt
Giselle82- Iniciante
- Mensagens : 39
Reputação : 0
Data de inscrição : 01/02/2014
Re: Problemas com windows
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )
|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
|- Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Última edição por Power Max em Sáb 08 Mar 2014, 23:24, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Problemas com windows
Aqui o relatória.
~ Relatório do ZHPDiag v2014.2.17.15 - Nicolas Coolman (17/02/2014)
~ Iniciado por User (18/02/2014 15:21:53)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16518
GCIE: Google Chrome v32.0.1700.107 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2013
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.10 =>Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4009 MB (49% free)
System Restore: Activé (Enable)
System drive C: has 101 GB (56%) free of 178 GB
---\\ Modo de conexão ao sistema
~ Computer Name: GISELLEUSER-PC
~ User Name: User
~ All Users Names: User, UpdatusUser, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\User\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\User\AppData\Roaming\
~ %Desktop% : C:\Users\User\Desktop\
~ %Favorites% : C:\Users\User\Favorites\
~ %LocalAppData% : C:\Users\User\AppData\Local\
~ %StartMenu% : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 101 Go of 178 Go)
D: Hard drive, Flash drive, Thumb drive (Free 235 Go of 265 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Free 0 Go of 0 Go)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 21:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.263B6E451526A90FF8B1CEC759F22956] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/02/2014 - 05:24:52.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 23:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 23:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 21:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 21:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 19:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 23:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 23:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 23:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 19:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 22:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 23:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 23:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 23:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.25/02/2011 - 02:25:38.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/2077
~ Mes musiques (My Musics) : 1/62
~ Mes Videos (My Videos) : 1/112
~ Mes Favoris (My Favorites) : 1/14
~ Mes Documents (My Documents) : 2/107
~ Mon Bureau (My Desktop) : 1/76
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 09s
---\\ Processos lançados
[MD5.20B52B09283E8A18B22319BF971A8C37] - (.Trusteer Ltd. - RapportService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [2484504] [PID.2068]
[MD5.4D6D3F1A6F8247B8C310249BD1A26810] - (.Samsung Electronics CO., LTD. - SW Update Agent.) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2877560] [PID.2224]
[MD5.D7750818347E82680987AE0C0F2E2384] - (.Samsung Electronics - Easy Speed Up Manager.) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [5458312] [PID.2800]
[MD5.B00F98FF6FE8682FF941BEB2559BF191] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.312]
[MD5.3DF7F0845798D46E9991D0E01BEE32DD] - (.Samsung Electronics Co., Ltd. - MovieColorEnhancer.exe.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [784976] [PID.2796]
[MD5.A8FD8550DB68767204EE4616BBD4871A] - (.Samsung Electronics Co., Ltd. - Easy Display Manager.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [1087056] [PID.3084]
[MD5.B87140DD34BCB9E4D3BCB9119C1BA7A8] - (.Samsung Electronics Co., Ltd. - Smart Setting Program.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2275408] [PID.3092]
[MD5.FA10D5FBD2BF7B90CDC08CCBE3593881] - (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe [3211776] [PID.4388]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.4436] =>Toolbar.Google
[MD5.4D83DC461F8F4370274CF6E9AC9A34F4] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.4848]
[MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096] [PID.4884]
[MD5.57B4D34232852BFE4453BE571DF90D21] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.3532]
[MD5.2C7CF4D4A17B5765E23F6B82C16AF4EB] - (.CyberLink Corp. - Media+Player RC Service.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe [87336] [PID.5012]
[MD5.F44D81108907554134B8661F5EEADD7B] - (.No owner - UIMain.) -- C:\Program Files (x86)\Claro 3G\UIMain.exe [10778968] [PID.2340]
[MD5.D3A1D2987051118159D4DE38E3027CEA] - (.SEC - Samsung Recovery Solution 5.) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [4403280] [PID.3892]
[MD5.1C2981CB3E52E48372AE37C7481C7B31] - (...) -- C:\Program Files (x86)\Claro 3G\CMUpdater.exe [677712] [PID.3428]
[MD5.5640B4C10682FBC39C86C8C7A8392B5E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866632] [PID.5928]
[MD5.F289B31D23BB3DC8E6640A6D09E4BF51] - (.SAMSUNG Electronics - SSCKbdHk.) -- C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [3395664] [PID.1944]
[MD5.E433210DD9F9EF43D4D170E52FFFF116] - (.Microsoft Corporation - Microsoft Word.) -- C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.exe [1423008] [PID.3252]
[MD5.AB44884BC129FC04D75A4649E0710203] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8338432] [PID.3164]
[MD5.DAAA237C34A506EF56D44A56EA039CC0] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [452968] [PID.128]
[MD5.B22ACB059BD52A7091C54F16AEE8F040] - (.Trusteer Ltd. - RapportMgmtService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120] [PID.596]
[MD5.CC42F104172B4A62793083D380867317] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1580]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.932]
[MD5.650F111D5CDA64C10AE4B9D1BA9D4FFF] - (.Atheros - Atheros Coex Service Application.) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592] [PID.2076]
[MD5.F12A68ED55053940CADD59CA5E3468DD] - (.No owner - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904] [PID.2356]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2668]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2788]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3380]
[MD5.F4A17DCAB576267C85663E64F3ACE5A4] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326424] [PID.5812]
[MD5.D96DDEA6C699A99832E0186057801971] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1997416] [PID.5964]
[MD5.DB641944F7E4B14C13C3FEFC89843F69] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656536] [PID.1588]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nnjbodopomfddehlalfilheomcahbpei] GBBD Caixa Economica Federal v.3.5.0 (Désactivé)
~ Google Browser: 17 Legitimates Filtered in 00mn 14s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\User\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\User\AppData\Local\GAS Tecnologia\GBBD\npsf_CEF.dll
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll
~ BHO: 17 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Ares.lnk . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Central Folhamatic.LNK . (...) -- C:\folhawin\central\centralf.exe
O4 - GS\Desktop [Public]: Claro 3G.lnk . (...) -- C:\Program Files (x86)\Claro 3G\UIMain.exe
O4 - GS\Desktop [Public]: CrazyTalk Cam Suite.lnk . (.Reallusion Inc. - Cam Suite.) -- C:\Program Files\Reallusion\CrazyTalk Cam Suite\CTCamSuite.exe
O4 - GS\Desktop [Public]: Easy Settings.lnk . (.Samsung Electronics Co., Ltd. - Easy Settings.) -- C:\Program Files (x86)\Samsung\Easy Settings\ControlCenter.exe
O4 - GS\Desktop [Public]: Multimedia POP.lnk . (.TODO: - TODO: .) -- C:\Program Files\Samsung\MultimediaPOP\MultimediaPOP.exe
O4 - GS\Desktop [Public]: SpywareBlaster.lnk . (...) -- C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe
O4 - GS\Desktop [Public]: SW Update.lnk . (.Samsung Electronics CO., LTD. - SW Update Client.) -- C:\Program Files (x86)\Samsung\SW Update\sManager.exe
O4 - GS\Desktop [Public]: Video Search.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Program [Public]: Dicionário Aurélio.lnk . (.Positivo - No Comment.) -- C:\Program Files (x86)\Positivo\Aurelio\aurelio.exe
O4 - GS\QuickLaunch [User]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [User]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\TaskBar [User]: Claro 3G.lnk . (...) -- C:\Program Files (x86)\Claro 3G\UIMain.exe
O4 - GS\TaskBar [User]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [User]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [User]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [User]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [User]: Dic Português - Novo Acordo Ortográfico - DCL.lnk . (.ABC WebHouse Tecnologia Ltda. - No Comment.) -- C:\Program Files (x86)\Dic de Portugues\dicionário.exe
O4 - GS\Desktop [User]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [User]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\Desktop [User]: Redação.lnk . (.Adobe Systems, Inc. - Adobe Flash Player 9.0 r45.) -- C:\Program Files (x86)\Redacao\Redacao.exe
~ Global Startup: 79 Legitimates Filtered in 00mn 03s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [AtherosBtStack] . (.Atheros Communications - Bluetooth Stack Server.) -- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
O4 - HKLM\..\Run: [AthBtTray] . (.Atheros Commnucations - Bluetooth Suite Common Rescource.) -- C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.)
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-580441236-439076865-2119370448-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-580441236-439076865-2119370448-1000\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
~ IE Zone Confiance: Scanned in 00mn 01s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FD8D09F-CCAA-4D41-A91F-BFF898F5145C}: NameServer = 200.169.117.221 200.169.117.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{004CE12D-2E4D-4669-BDA8-B64F9DBEF8A0}: DhcpNameServer = 200.189.88.12 200.189.88.39
O17 - HKLM\System\CCS\Services\Tcpip\..\{C95AAC79-8DF5-4C67-AA08-FB73A8739DAC}: DhcpNameServer = 200.189.88.12 200.189.88.39
O17 - HKLM\System\CS1\Services\Tcpip\..\{2FD8D09F-CCAA-4D41-A91F-BFF898F5145C}: NameServer = 200.169.117.221 200.169.117.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{004CE12D-2E4D-4669-BDA8-B64F9DBEF8A0}: DhcpNameServer = 200.189.88.12 200.189.88.39
O17 - HKLM\System\CS1\Services\Tcpip\..\{C95AAC79-8DF5-4C67-AA08-FB73A8739DAC}: DhcpNameServer = 200.189.88.12 200.189.88.39
O17 - HKLM\System\CS2\Services\Tcpip\..\{2FD8D09F-CCAA-4D41-A91F-BFF898F5145C}: NameServer = 200.169.117.221 200.169.117.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{004CE12D-2E4D-4669-BDA8-B64F9DBEF8A0}: DhcpNameServer = 200.189.88.12 200.189.88.39
O17 - HKLM\System\CS2\Services\Tcpip\..\{C95AAC79-8DF5-4C67-AA08-FB73A8739DAC}: DhcpNameServer = 200.189.88.12 200.189.88.39
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA Compatible NVIDIA shim initializatio.) - C:\windows\system32\nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: Intel(R) Management and Security Application User Notificat (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
~ Services: 12 Legitimates Filtered in 00mn 39s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\windows\AutoKMS.exe (.not file.) [0] =>Trojan.Trojan.Keygen
[MD5.00000000000000000000000000000000] [APT] [{8DD3F590-DDF0-4CC4-B924-B528736691F7}] (...) -- C:\Users\User\Downloads\iGBPCEFsf (4).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B3CC5D96-2E34-4B31-957E-F1D4A19A2268}] (...) -- C:\Users\User\Downloads\iGBPCEFsf (3).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F002299B-1E57-4179-84BC-A769DE2A7F99}] (...) -- C:\Users\User\Downloads\iGBPCEFsf (1).exe (.not file.) [0]
~ Scheduled Task: 29 Legitimates Filtered in 00mn 14s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\windows\system32\drivers\Bfilter.sys =>Adware.BDSearch
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\windows\system32\drivers\Bfmon.sys =>Adware.BDSearch
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\windows\system32\drivers\Bprotect.sys =>Adware.BDSearch
~ Drivers: 90 Legitimates Filtered in 00mn 01s
---\\ Software instalados (042)
O42 - Logiciel: Ares 2.1.9 - (.Ares Development Group.) [HKLM][64Bits] -- Ares
O42 - Logiciel: Claro 3G - (...) [HKLM][64Bits] -- {93D34EE3-99B3-4DB1-8B0A-0A657466F90D}
O42 - Logiciel: Dic de Portugues - (...) [HKLM][64Bits] -- Dic de Portugues
O42 - Logiciel: Klavaro-1.9.7 - (...) [HKLM][64Bits] -- Klavaro_is1
O42 - Logiciel: Redacao - (...) [HKLM][64Bits] -- Redacao
~ Logic: 42 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\GbAs]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Claro 3G]
[HKLM\Software\Wow6432Node\baidu] =>Adware.BDSearch
~ Key Software: 313 Legitimates Filtered in 00mn 02s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 02/01/2013 - 22:40:55 - [6,891] ----D C:\Program Files (x86)\Ares
O43 - CFD: 14/02/2014 - 01:38:22 - [0] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 18/02/2014 - 14:06:22 - [26,612] ----D C:\Program Files (x86)\Claro 3G
O43 - CFD: 29/08/2013 - 12:38:05 - [25,266] ----D C:\Program Files (x86)\Dic de Portugues
O43 - CFD: 14/02/2014 - 01:35:54 - [25,375] ----D C:\Program Files (x86)\Klavaro-1.9.7
O43 - CFD: 04/02/2014 - 21:05:11 - [234,443] ----D C:\Program Files (x86)\Redacao
O43 - CFD: 24/02/2013 - 18:05:59 - [2,807] ----D C:\Program Files (x86)\SupportInfo
O43 - CFD: 14/02/2014 - 01:38:50 - [1,316] ----D C:\ProgramData\baidu =>Adware.BDSearch
O43 - CFD: 14/02/2014 - 01:38:55 - [0] ----D C:\Users\User\AppData\Roaming\Baidu =>Adware.BDSearch
O43 - CFD: 14/02/2014 - 02:41:12 - [0,002] ----D C:\Users\User\AppData\Roaming\klavaro
O43 - CFD: 02/01/2013 - 22:40:58 - [0,097] ----D C:\Users\User\AppData\Local\Ares
O43 - CFD: 29/08/2013 - 12:38:02 - [0,001] ----D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dic de Portugues
O43 - CFD: 29/08/2013 - 12:33:41 - [0,001] ----D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Redacao
~ 26 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 233 Legitimates Filtered in 01mn 18s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.02940D6C7722E91342A32CFF5C60F4E4] - 04/02/2014 - 18:08:33 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.DB0874EB205AF4699DFE1146E6880026] - 04/02/2014 - 21:08:47 ---A- . (...) -- C:\PureRa.txt [40668]
O44 - LFC:[MD5.2465EBC8CD6E412CDC1AB9FEF40BCAE6] - 12/02/2014 - 17:22:42 ---A- . (...) -- C:\Windows\win.ini [478]
O44 - LFC:[MD5.8E3CFF5D1D5360AC8DF6B2A20D7DA0DB] - 13/02/2014 - 02:19:28 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147442]
O44 - LFC:[MD5.6DC4B471117B55A3B6AE6C8624805470] - 13/02/2014 - 02:19:28 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706974]
~ Files: 60 Legitimates Filtered in 00mn 08s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{c26e32a4-8af1-11e3-a229-e81132b6d37f}\AutoRun\command. (.No owner - AutoRun Microsoft.) -- F:\Windows\AutoRun.exe
~ Keys: Scanned in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 22/12/2013 - 14:57:41 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 22/12/2013 - 14:57:41 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.37F5CDA64FC515B3072531C1187EDCCA] - 21/01/2014 - 10:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032] =>Adware.BDSearch
O58 - SDL:[MD5.DFC1681F6645CB2AEA83897588F05362] - 21/01/2014 - 10:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624] =>Adware.BDSearch
O58 - SDL:[MD5.F4C1984178175ACE4A75BE23059C3E0A] - 21/01/2014 - 06:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992] =>Adware.BDSearch
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 21:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.94E572DB9A55B64EF01838933A620769] - 07/06/2012 - 02:01:16 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [293712]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 16:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.138ECE3E53DB1A808156C9F1E9AF5FC5] - 19/03/2007 - 16:02:32 ---A- . (...) -- C:\Windows\System32\Drivers\RLVrtAuCbl.sys [49664]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 21:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.8F866DF9A974BFFDCB2001D303BC0695] - 08/05/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [49536]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 18/02/2014 - 14:11:18 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
O58 - SDL:[MD5.4CA0DBA9E224473D664C25E411F5A3BD] - 02/08/2012 - 09:17:23 ---A- . (.Windows (R) 2003 DDK 3790 provider - Generic Port I/O for Win64.) -- C:\Windows\SysWOW64\drivers\rtport.sys [15144]
~ Drivers: 16 Legitimates Filtered in 00mn 04s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 21/01/2014 - C:\windows\system32\drivers\Bfilter.sys (Bfilter) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BFILTER =>Adware.BDSearch
O64 - Services: CurCS - 21/01/2014 - C:\windows\system32\drivers\Bfmon.sys (Bfmon) .(.Baidu, Inc. - Baidu FS Monitor Driver.) - LEGACY_BFMON =>Adware.BDSearch
O64 - Services: CurCS - 21/01/2014 - C:\windows\system32\drivers\Bprotect.sys (Bprotect) .(.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - LEGACY_BPROTECT =>Adware.BDSearch
O64 - Services: CurCS - 04/06/2011 - C:\Windows\System32\DRIVERS\nvpciflt.sys (nvpciflt) .(.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version.) - LEGACY_NVPCIFLT
~ Legacy: 107 Legitimates Filtered in 00mn 01s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784] =>Adware.BDSearch
[MD5.A5EA0AD9260B1550A14CC58D2C39B03D] [SPRF][26/12/2013] (...) -- C:\Users\User\AppData\Roaming\cgf.sys [3]
[MD5.616A03933D9F41EC413F758A9D88135D] [SPRF][26/12/2013] (...) -- C:\Users\User\AppData\Roaming\id.sys [4]
[MD5.C82C68DF7707DE0ECF736C23425CF527] [SPRF][23/08/2013] (...) -- C:\Users\User\AppData\Roaming\unins000.dat [16249]
[MD5.3E34B832DA213D3D6CD862424D7ADEDC] [SPRF][05/01/2014] (...) -- C:\Users\User\AppData\Roaming\unins001.dat [15735]
[MD5.C9D01039AE8148CDF53F2AE50F294D47] [SPRF][27/12/2013] (.No owner - Office 2010 Toolkit.) -- C:\Users\User\Desktop\Ativador.exe [13889024]
~ Files: 7 Legitimates Filtered in 00mn 02s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{FF2F73B9-2B94-4D84-8765-86E990663C5B}C:\program files (x86)\ares\ares.exe" | In - Public - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "UDP Query User{A8957BF7-0321-467F-9C5C-EBD78441D3A2}C:\program files (x86)\ares\ares.exe" | In - Public - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
~ Firewall: 180 Legitimates Filtered in 00mn 03s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "1FB4B89437DA8AA499BE814D004E4228" . (.Novo Dicionário Aurélio.) -- C:\windows\Installer\{498B4BF1-AD73-4AA8-99EB-18D400E42482}\ARPPRODUCTICON.exe
O90 - PUC: "BA8C006A137756E43BADD1A0BB591C8B" . (.InstallDLL.) -- C:\windows\Installer\{A600C8AB-7731-4E65-B3DA-1D0ABB95C1B8}\ARPPRODUCTICON.exe
~ Update Products: 476 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 06/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 03/06/2010 246520 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
SS - | Auto 14/10/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 14/10/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 14/10/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 15/07/2011 146592 | (Atheros Bt&Wlan Coex Agent) . (.Atheros.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
SR - | Auto 15/07/2011 91296 | (AtherosSvc) . (.Atheros Commnucations.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 06/02/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 16/10/2013 452968 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 05/05/2011 326424 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 04/06/2011 993896 | (NVSvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SR - | Auto 04/06/2011 1997416 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
SR - | Auto 22/01/2014 1444120 | (RapportMgmtService) . (.Trusteer Ltd..) - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
SR - | Auto 01/12/2009 244904 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SR - | Auto 05/05/2011 2656536 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 01/03/2011 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 01/03/2011 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 01mn 02s
---\\ Scâner Aditional (088)
Database Version : 13031 - (17/02/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 5
[HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus] =>Adware.BDSearch
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\ProgramData\baidu =>Adware.BDSearch^
C:\Users\User\AppData\Roaming\Baidu =>Adware.BDSearch^
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\baidu] =>Adware.BDSearch^
C:\ProgramData\FileSplitUpLoad.dll =>Adware.BDSearch^
~ Additionnel Scan: 371291 Items scanned in 01mn 28s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.OptimizerPro
~ MSI: 3 link(s) detected in 01mn 28s
~ 1608 Legitimates filtered by white list
End of the scan (531 lines in 06mn 26s)(0)
~ Relatório do ZHPDiag v2014.2.17.15 - Nicolas Coolman (17/02/2014)
~ Iniciado por User (18/02/2014 15:21:53)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16518
GCIE: Google Chrome v32.0.1700.107 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2013
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.10 =>Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4009 MB (49% free)
System Restore: Activé (Enable)
System drive C: has 101 GB (56%) free of 178 GB
---\\ Modo de conexão ao sistema
~ Computer Name: GISELLEUSER-PC
~ User Name: User
~ All Users Names: User, UpdatusUser, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\User\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\User\AppData\Roaming\
~ %Desktop% : C:\Users\User\Desktop\
~ %Favorites% : C:\Users\User\Favorites\
~ %LocalAppData% : C:\Users\User\AppData\Local\
~ %StartMenu% : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 101 Go of 178 Go)
D: Hard drive, Flash drive, Thumb drive (Free 235 Go of 265 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Free 0 Go of 0 Go)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 21:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.263B6E451526A90FF8B1CEC759F22956] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/02/2014 - 05:24:52.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 23:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 23:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 21:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 21:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 19:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 23:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 23:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 23:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 19:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 22:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 23:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 23:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 23:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.25/02/2011 - 02:25:38.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/2077
~ Mes musiques (My Musics) : 1/62
~ Mes Videos (My Videos) : 1/112
~ Mes Favoris (My Favorites) : 1/14
~ Mes Documents (My Documents) : 2/107
~ Mon Bureau (My Desktop) : 1/76
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 09s
---\\ Processos lançados
[MD5.20B52B09283E8A18B22319BF971A8C37] - (.Trusteer Ltd. - RapportService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [2484504] [PID.2068]
[MD5.4D6D3F1A6F8247B8C310249BD1A26810] - (.Samsung Electronics CO., LTD. - SW Update Agent.) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2877560] [PID.2224]
[MD5.D7750818347E82680987AE0C0F2E2384] - (.Samsung Electronics - Easy Speed Up Manager.) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [5458312] [PID.2800]
[MD5.B00F98FF6FE8682FF941BEB2559BF191] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.312]
[MD5.3DF7F0845798D46E9991D0E01BEE32DD] - (.Samsung Electronics Co., Ltd. - MovieColorEnhancer.exe.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [784976] [PID.2796]
[MD5.A8FD8550DB68767204EE4616BBD4871A] - (.Samsung Electronics Co., Ltd. - Easy Display Manager.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [1087056] [PID.3084]
[MD5.B87140DD34BCB9E4D3BCB9119C1BA7A8] - (.Samsung Electronics Co., Ltd. - Smart Setting Program.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2275408] [PID.3092]
[MD5.FA10D5FBD2BF7B90CDC08CCBE3593881] - (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe [3211776] [PID.4388]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.4436] =>Toolbar.Google
[MD5.4D83DC461F8F4370274CF6E9AC9A34F4] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.4848]
[MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096] [PID.4884]
[MD5.57B4D34232852BFE4453BE571DF90D21] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.3532]
[MD5.2C7CF4D4A17B5765E23F6B82C16AF4EB] - (.CyberLink Corp. - Media+Player RC Service.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe [87336] [PID.5012]
[MD5.F44D81108907554134B8661F5EEADD7B] - (.No owner - UIMain.) -- C:\Program Files (x86)\Claro 3G\UIMain.exe [10778968] [PID.2340]
[MD5.D3A1D2987051118159D4DE38E3027CEA] - (.SEC - Samsung Recovery Solution 5.) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [4403280] [PID.3892]
[MD5.1C2981CB3E52E48372AE37C7481C7B31] - (...) -- C:\Program Files (x86)\Claro 3G\CMUpdater.exe [677712] [PID.3428]
[MD5.5640B4C10682FBC39C86C8C7A8392B5E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866632] [PID.5928]
[MD5.F289B31D23BB3DC8E6640A6D09E4BF51] - (.SAMSUNG Electronics - SSCKbdHk.) -- C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [3395664] [PID.1944]
[MD5.E433210DD9F9EF43D4D170E52FFFF116] - (.Microsoft Corporation - Microsoft Word.) -- C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.exe [1423008] [PID.3252]
[MD5.AB44884BC129FC04D75A4649E0710203] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8338432] [PID.3164]
[MD5.DAAA237C34A506EF56D44A56EA039CC0] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [452968] [PID.128]
[MD5.B22ACB059BD52A7091C54F16AEE8F040] - (.Trusteer Ltd. - RapportMgmtService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120] [PID.596]
[MD5.CC42F104172B4A62793083D380867317] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1580]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.932]
[MD5.650F111D5CDA64C10AE4B9D1BA9D4FFF] - (.Atheros - Atheros Coex Service Application.) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592] [PID.2076]
[MD5.F12A68ED55053940CADD59CA5E3468DD] - (.No owner - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904] [PID.2356]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2668]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2788]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3380]
[MD5.F4A17DCAB576267C85663E64F3ACE5A4] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326424] [PID.5812]
[MD5.D96DDEA6C699A99832E0186057801971] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1997416] [PID.5964]
[MD5.DB641944F7E4B14C13C3FEFC89843F69] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656536] [PID.1588]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nnjbodopomfddehlalfilheomcahbpei] GBBD Caixa Economica Federal v.3.5.0 (Désactivé)
~ Google Browser: 17 Legitimates Filtered in 00mn 14s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\User\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\User\AppData\Local\GAS Tecnologia\GBBD\npsf_CEF.dll
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll
~ BHO: 17 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Ares.lnk . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Central Folhamatic.LNK . (...) -- C:\folhawin\central\centralf.exe
O4 - GS\Desktop [Public]: Claro 3G.lnk . (...) -- C:\Program Files (x86)\Claro 3G\UIMain.exe
O4 - GS\Desktop [Public]: CrazyTalk Cam Suite.lnk . (.Reallusion Inc. - Cam Suite.) -- C:\Program Files\Reallusion\CrazyTalk Cam Suite\CTCamSuite.exe
O4 - GS\Desktop [Public]: Easy Settings.lnk . (.Samsung Electronics Co., Ltd. - Easy Settings.) -- C:\Program Files (x86)\Samsung\Easy Settings\ControlCenter.exe
O4 - GS\Desktop [Public]: Multimedia POP.lnk . (.TODO:
O4 - GS\Desktop [Public]: SpywareBlaster.lnk . (...) -- C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe
O4 - GS\Desktop [Public]: SW Update.lnk . (.Samsung Electronics CO., LTD. - SW Update Client.) -- C:\Program Files (x86)\Samsung\SW Update\sManager.exe
O4 - GS\Desktop [Public]: Video Search.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Program [Public]: Dicionário Aurélio.lnk . (.Positivo - No Comment.) -- C:\Program Files (x86)\Positivo\Aurelio\aurelio.exe
O4 - GS\QuickLaunch [User]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [User]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\TaskBar [User]: Claro 3G.lnk . (...) -- C:\Program Files (x86)\Claro 3G\UIMain.exe
O4 - GS\TaskBar [User]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [User]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [User]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [User]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [User]: Dic Português - Novo Acordo Ortográfico - DCL.lnk . (.ABC WebHouse Tecnologia Ltda. - No Comment.) -- C:\Program Files (x86)\Dic de Portugues\dicionário.exe
O4 - GS\Desktop [User]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [User]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\Desktop [User]: Redação.lnk . (.Adobe Systems, Inc. - Adobe Flash Player 9.0 r45.) -- C:\Program Files (x86)\Redacao\Redacao.exe
~ Global Startup: 79 Legitimates Filtered in 00mn 03s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [AtherosBtStack] . (.Atheros Communications - Bluetooth Stack Server.) -- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
O4 - HKLM\..\Run: [AthBtTray] . (.Atheros Commnucations - Bluetooth Suite Common Rescource.) -- C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.)
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-580441236-439076865-2119370448-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-580441236-439076865-2119370448-1000\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
~ IE Zone Confiance: Scanned in 00mn 01s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FD8D09F-CCAA-4D41-A91F-BFF898F5145C}: NameServer = 200.169.117.221 200.169.117.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{004CE12D-2E4D-4669-BDA8-B64F9DBEF8A0}: DhcpNameServer = 200.189.88.12 200.189.88.39
O17 - HKLM\System\CCS\Services\Tcpip\..\{C95AAC79-8DF5-4C67-AA08-FB73A8739DAC}: DhcpNameServer = 200.189.88.12 200.189.88.39
O17 - HKLM\System\CS1\Services\Tcpip\..\{2FD8D09F-CCAA-4D41-A91F-BFF898F5145C}: NameServer = 200.169.117.221 200.169.117.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{004CE12D-2E4D-4669-BDA8-B64F9DBEF8A0}: DhcpNameServer = 200.189.88.12 200.189.88.39
O17 - HKLM\System\CS1\Services\Tcpip\..\{C95AAC79-8DF5-4C67-AA08-FB73A8739DAC}: DhcpNameServer = 200.189.88.12 200.189.88.39
O17 - HKLM\System\CS2\Services\Tcpip\..\{2FD8D09F-CCAA-4D41-A91F-BFF898F5145C}: NameServer = 200.169.117.221 200.169.117.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{004CE12D-2E4D-4669-BDA8-B64F9DBEF8A0}: DhcpNameServer = 200.189.88.12 200.189.88.39
O17 - HKLM\System\CS2\Services\Tcpip\..\{C95AAC79-8DF5-4C67-AA08-FB73A8739DAC}: DhcpNameServer = 200.189.88.12 200.189.88.39
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA Compatible NVIDIA shim initializatio.) - C:\windows\system32\nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: Intel(R) Management and Security Application User Notificat (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
~ Services: 12 Legitimates Filtered in 00mn 39s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\windows\AutoKMS.exe (.not file.) [0] =>Trojan.Trojan.Keygen
[MD5.00000000000000000000000000000000] [APT] [{8DD3F590-DDF0-4CC4-B924-B528736691F7}] (...) -- C:\Users\User\Downloads\iGBPCEFsf (4).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B3CC5D96-2E34-4B31-957E-F1D4A19A2268}] (...) -- C:\Users\User\Downloads\iGBPCEFsf (3).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F002299B-1E57-4179-84BC-A769DE2A7F99}] (...) -- C:\Users\User\Downloads\iGBPCEFsf (1).exe (.not file.) [0]
~ Scheduled Task: 29 Legitimates Filtered in 00mn 14s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\windows\system32\drivers\Bfilter.sys =>Adware.BDSearch
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\windows\system32\drivers\Bfmon.sys =>Adware.BDSearch
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\windows\system32\drivers\Bprotect.sys =>Adware.BDSearch
~ Drivers: 90 Legitimates Filtered in 00mn 01s
---\\ Software instalados (042)
O42 - Logiciel: Ares 2.1.9 - (.Ares Development Group.) [HKLM][64Bits] -- Ares
O42 - Logiciel: Claro 3G - (...) [HKLM][64Bits] -- {93D34EE3-99B3-4DB1-8B0A-0A657466F90D}
O42 - Logiciel: Dic de Portugues - (...) [HKLM][64Bits] -- Dic de Portugues
O42 - Logiciel: Klavaro-1.9.7 - (...) [HKLM][64Bits] -- Klavaro_is1
O42 - Logiciel: Redacao - (...) [HKLM][64Bits] -- Redacao
~ Logic: 42 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\GbAs]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Claro 3G]
[HKLM\Software\Wow6432Node\baidu] =>Adware.BDSearch
~ Key Software: 313 Legitimates Filtered in 00mn 02s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 02/01/2013 - 22:40:55 - [6,891] ----D C:\Program Files (x86)\Ares
O43 - CFD: 14/02/2014 - 01:38:22 - [0] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 18/02/2014 - 14:06:22 - [26,612] ----D C:\Program Files (x86)\Claro 3G
O43 - CFD: 29/08/2013 - 12:38:05 - [25,266] ----D C:\Program Files (x86)\Dic de Portugues
O43 - CFD: 14/02/2014 - 01:35:54 - [25,375] ----D C:\Program Files (x86)\Klavaro-1.9.7
O43 - CFD: 04/02/2014 - 21:05:11 - [234,443] ----D C:\Program Files (x86)\Redacao
O43 - CFD: 24/02/2013 - 18:05:59 - [2,807] ----D C:\Program Files (x86)\SupportInfo
O43 - CFD: 14/02/2014 - 01:38:50 - [1,316] ----D C:\ProgramData\baidu =>Adware.BDSearch
O43 - CFD: 14/02/2014 - 01:38:55 - [0] ----D C:\Users\User\AppData\Roaming\Baidu =>Adware.BDSearch
O43 - CFD: 14/02/2014 - 02:41:12 - [0,002] ----D C:\Users\User\AppData\Roaming\klavaro
O43 - CFD: 02/01/2013 - 22:40:58 - [0,097] ----D C:\Users\User\AppData\Local\Ares
O43 - CFD: 29/08/2013 - 12:38:02 - [0,001] ----D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dic de Portugues
O43 - CFD: 29/08/2013 - 12:33:41 - [0,001] ----D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Redacao
~ 26 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 233 Legitimates Filtered in 01mn 18s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.02940D6C7722E91342A32CFF5C60F4E4] - 04/02/2014 - 18:08:33 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.DB0874EB205AF4699DFE1146E6880026] - 04/02/2014 - 21:08:47 ---A- . (...) -- C:\PureRa.txt [40668]
O44 - LFC:[MD5.2465EBC8CD6E412CDC1AB9FEF40BCAE6] - 12/02/2014 - 17:22:42 ---A- . (...) -- C:\Windows\win.ini [478]
O44 - LFC:[MD5.8E3CFF5D1D5360AC8DF6B2A20D7DA0DB] - 13/02/2014 - 02:19:28 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147442]
O44 - LFC:[MD5.6DC4B471117B55A3B6AE6C8624805470] - 13/02/2014 - 02:19:28 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706974]
~ Files: 60 Legitimates Filtered in 00mn 08s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{c26e32a4-8af1-11e3-a229-e81132b6d37f}\AutoRun\command. (.No owner - AutoRun Microsoft.) -- F:\Windows\AutoRun.exe
~ Keys: Scanned in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 22/12/2013 - 14:57:41 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 22/12/2013 - 14:57:41 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.37F5CDA64FC515B3072531C1187EDCCA] - 21/01/2014 - 10:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032] =>Adware.BDSearch
O58 - SDL:[MD5.DFC1681F6645CB2AEA83897588F05362] - 21/01/2014 - 10:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624] =>Adware.BDSearch
O58 - SDL:[MD5.F4C1984178175ACE4A75BE23059C3E0A] - 21/01/2014 - 06:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992] =>Adware.BDSearch
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 21:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.94E572DB9A55B64EF01838933A620769] - 07/06/2012 - 02:01:16 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [293712]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 16:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.138ECE3E53DB1A808156C9F1E9AF5FC5] - 19/03/2007 - 16:02:32 ---A- . (...) -- C:\Windows\System32\Drivers\RLVrtAuCbl.sys [49664]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 21:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.8F866DF9A974BFFDCB2001D303BC0695] - 08/05/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [49536]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 18/02/2014 - 14:11:18 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
O58 - SDL:[MD5.4CA0DBA9E224473D664C25E411F5A3BD] - 02/08/2012 - 09:17:23 ---A- . (.Windows (R) 2003 DDK 3790 provider - Generic Port I/O for Win64.) -- C:\Windows\SysWOW64\drivers\rtport.sys [15144]
~ Drivers: 16 Legitimates Filtered in 00mn 04s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 21/01/2014 - C:\windows\system32\drivers\Bfilter.sys (Bfilter) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BFILTER =>Adware.BDSearch
O64 - Services: CurCS - 21/01/2014 - C:\windows\system32\drivers\Bfmon.sys (Bfmon) .(.Baidu, Inc. - Baidu FS Monitor Driver.) - LEGACY_BFMON =>Adware.BDSearch
O64 - Services: CurCS - 21/01/2014 - C:\windows\system32\drivers\Bprotect.sys (Bprotect) .(.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - LEGACY_BPROTECT =>Adware.BDSearch
O64 - Services: CurCS - 04/06/2011 - C:\Windows\System32\DRIVERS\nvpciflt.sys (nvpciflt) .(.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version.) - LEGACY_NVPCIFLT
~ Legacy: 107 Legitimates Filtered in 00mn 01s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784] =>Adware.BDSearch
[MD5.A5EA0AD9260B1550A14CC58D2C39B03D] [SPRF][26/12/2013] (...) -- C:\Users\User\AppData\Roaming\cgf.sys [3]
[MD5.616A03933D9F41EC413F758A9D88135D] [SPRF][26/12/2013] (...) -- C:\Users\User\AppData\Roaming\id.sys [4]
[MD5.C82C68DF7707DE0ECF736C23425CF527] [SPRF][23/08/2013] (...) -- C:\Users\User\AppData\Roaming\unins000.dat [16249]
[MD5.3E34B832DA213D3D6CD862424D7ADEDC] [SPRF][05/01/2014] (...) -- C:\Users\User\AppData\Roaming\unins001.dat [15735]
[MD5.C9D01039AE8148CDF53F2AE50F294D47] [SPRF][27/12/2013] (.No owner - Office 2010 Toolkit.) -- C:\Users\User\Desktop\Ativador.exe [13889024]
~ Files: 7 Legitimates Filtered in 00mn 02s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{FF2F73B9-2B94-4D84-8765-86E990663C5B}C:\program files (x86)\ares\ares.exe" | In - Public - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "UDP Query User{A8957BF7-0321-467F-9C5C-EBD78441D3A2}C:\program files (x86)\ares\ares.exe" | In - Public - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
~ Firewall: 180 Legitimates Filtered in 00mn 03s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "1FB4B89437DA8AA499BE814D004E4228" . (.Novo Dicionário Aurélio.) -- C:\windows\Installer\{498B4BF1-AD73-4AA8-99EB-18D400E42482}\ARPPRODUCTICON.exe
O90 - PUC: "BA8C006A137756E43BADD1A0BB591C8B" . (.InstallDLL.) -- C:\windows\Installer\{A600C8AB-7731-4E65-B3DA-1D0ABB95C1B8}\ARPPRODUCTICON.exe
~ Update Products: 476 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 06/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 03/06/2010 246520 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
SS - | Auto 14/10/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 14/10/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 14/10/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 15/07/2011 146592 | (Atheros Bt&Wlan Coex Agent) . (.Atheros.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
SR - | Auto 15/07/2011 91296 | (AtherosSvc) . (.Atheros Commnucations.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 06/02/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 16/10/2013 452968 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 05/05/2011 326424 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 04/06/2011 993896 | (NVSvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SR - | Auto 04/06/2011 1997416 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
SR - | Auto 22/01/2014 1444120 | (RapportMgmtService) . (.Trusteer Ltd..) - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
SR - | Auto 01/12/2009 244904 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SR - | Auto 05/05/2011 2656536 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 01/03/2011 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 01/03/2011 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 01mn 02s
---\\ Scâner Aditional (088)
Database Version : 13031 - (17/02/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 5
[HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus] =>Adware.BDSearch
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\ProgramData\baidu =>Adware.BDSearch^
C:\Users\User\AppData\Roaming\Baidu =>Adware.BDSearch^
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\baidu] =>Adware.BDSearch^
C:\ProgramData\FileSplitUpLoad.dll =>Adware.BDSearch^
~ Additionnel Scan: 371291 Items scanned in 01mn 28s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.OptimizerPro
~ MSI: 3 link(s) detected in 01mn 28s
~ 1608 Legitimates filtered by white list
End of the scan (531 lines in 06mn 26s)(0)
Giselle82- Iniciante
- Mensagens : 39
Reputação : 0
Data de inscrição : 01/02/2014
Re: Problemas com windows
Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.
Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
_______________________________________________________________________________________________________________
Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e envie estes arquivos destacados em azul abaixo para serem analisados (um de cada vez):
C:\Users\User\AppData\Roaming\cgf.sys
C:\Users\User\AppData\Roaming\id.sys
E à medida em que o escaneamento de cada um deles terminar, copie o link que aparecerá na barra de endereços de seu navegador e poste estes dois links em sua próxima resposta juntamente com o relatório do ZHPFix.
___________________________________________________________________________________________________
Copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até SysRestore).
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Abra o Zhpfix > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta juntamente com os links das análises dos dois arquivos no site Virus Total.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.
Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
_______________________________________________________________________________________________________________
Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e envie estes arquivos destacados em azul abaixo para serem analisados (um de cada vez):
C:\Users\User\AppData\Roaming\cgf.sys
C:\Users\User\AppData\Roaming\id.sys
E à medida em que o escaneamento de cada um deles terminar, copie o link que aparecerá na barra de endereços de seu navegador e poste estes dois links em sua próxima resposta juntamente com o relatório do ZHPFix.
___________________________________________________________________________________________________
Copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até SysRestore).
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Abra o Zhpfix > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta juntamente com os links das análises dos dois arquivos no site Virus Total.
Última edição por Power Max em Sáb 08 Mar 2014, 23:24, editado 2 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Problemas com windows
Aqui o Relatório.
Rapport de ZHPFix 2014.2.16.5 par Nicolas Coolman, Update du 16/02/2014
Fichier d'export Registre :
Run by User at 18/02/2014 22:20:43
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 08s)
Reparação de atalhos do navegador
========== Processo memória ==========
ELIMINA REINICIAR: Memory Process: C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
========== Modulos memória ==========
ELIMINÉ: Memory Module: C:\ProgramData\FileSplitUpLoad.dll
========== Estado dos serviços ==========
BFILTER Parado
BFMON Parado
BPROTECT Parado
========== Chaves do Registo ==========
ELIMINÉ:* CLSID Extra Buttons: {2670000A-7350-4f3c-8081-5663EE0C6C49}
ELIMINÉ:* CLSID Extra Buttons: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\baidu
ELIMINÉ CLSID MPSK: {c26e32a4-8af1-11e3-a229-e81132b6d37f}
ELIMINÉ: HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
ELIMINÉ: HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus
========== Valores do Registo ==========
ELIMINÉ RunValue: ETDCtrl
ELIMINÉ RunValue: swg
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
ELIMINÉ: C:\Users\User\AppData\Local\{0902AA6B-3AF6-4E1F-AC25-C4686D022645}
ELIMINÉ: C:\Users\User\AppData\Local\{26706394-F1B6-4D99-9487-2B5351835D6C}
ELIMINÉ: C:\Users\User\AppData\Local\{2A968F0E-ADAC-48BF-99E1-AFF41DF43EA4}
ELIMINÉ: C:\Users\User\AppData\Local\{3814E066-3739-436B-A06F-CD710173C671}
ELIMINÉ: C:\Users\User\AppData\Local\{3C81B0B4-8F81-4B64-BB2D-0AF3478620A1}
ELIMINÉ: C:\Users\User\AppData\Local\{42CC2C2D-3926-4F63-B137-7B3A8E824BE3}
ELIMINÉ: C:\Users\User\AppData\Local\{4FA804DA-E9CD-4369-8C4A-761D0D677B6D}
ELIMINÉ: C:\Users\User\AppData\Local\{5C80F366-4716-4FB0-AB2E-6E9FB1945A61}
ELIMINÉ: C:\Users\User\AppData\Local\{797943F0-9660-4B6A-8968-901426C9AB66}
ELIMINÉ: C:\Users\User\AppData\Local\{7BDC395D-CBB4-4C95-BC8E-9F05F838E3BE}
ELIMINÉ: C:\Users\User\AppData\Local\{821FE80D-1AF3-4B4B-9752-48C6E3DC3AE0}
ELIMINÉ: C:\Users\User\AppData\Local\{8DC7520D-DEAC-429F-A03A-6A4F89BA6A5E}
ELIMINÉ: C:\Users\User\AppData\Local\{8F9AEF95-6FA9-4125-A3CC-A2232F6D2CF0}
ELIMINÉ: C:\Users\User\AppData\Local\{A612E6F8-928A-4AA9-85EB-7AE05CE31FA0}
ELIMINÉ: C:\Users\User\AppData\Local\{AD450A2E-25D7-4095-AF6D-524CD7878CBB}
ELIMINÉ: C:\Users\User\AppData\Local\{AD68600E-F3D4-44F5-A821-79D9B2419D38}
ELIMINÉ: C:\Users\User\AppData\Local\{AE28B1F9-CAE9-4CEC-8C3C-2094AE011B35}
ELIMINÉ: C:\Users\User\AppData\Local\{B57CB3B7-F309-4FD0-9B2A-F5D07607C82C}
ELIMINÉ: C:\Users\User\AppData\Local\{BC7AD0B1-EDA7-4E4F-B919-623842BC7F2D}
ELIMINÉ: C:\Users\User\AppData\Local\{BF153061-145D-4F37-9402-BFC8126B5794}
ELIMINÉ: C:\Users\User\AppData\Local\{C06FFE70-D5D9-41DA-A339-73779F505CFE}
ELIMINÉ: C:\Users\User\AppData\Local\{D167B785-5350-4B76-A186-5B6CC2B2F3AE}
ELIMINÉ: C:\Users\User\AppData\Local\{D767655F-1DF8-4555-8D0B-A366F14FA49D}
ELIMINÉ: C:\Users\User\AppData\Local\{E1046AB3-D4A2-4977-A910-8E24E19CCF3B}
ELIMINÉ: C:\Users\User\AppData\Local\{FE8114A1-D5D6-4940-9CEF-93AF232549A0}
ELIMINÉ: C:\Users\User\AppData\Local\{FF1C4ADA-208A-4AE5-B71E-913BC3E11614}
========== Ficheiros ==========
ELIMINA REINICIAR: c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe
ELIMINA REINICIAR: f:\windows\autorun.exe
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (61) (24.940.944 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: AutoKMS
ELIMINÉ: {8DD3F590-DDF0-4CC4-B924-B528736691F7}
ELIMINÉ: {B3CC5D96-2E34-4B31-957E-F1D4A19A2268}
ELIMINÉ: {F002299B-1E57-4179-84BC-A769DE2A7F99}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Processo memória
1 : Modulos memória
12 : Chaves do Registo
8 : Valores do Registo
26 : Pastas
7 : Ficheiros
3 : Estado dos serviços
4 : Tarefa planificada
1 : Restauração Sistema
End of clean in 01mn 20s
========== Caminho do ficheiro do relatório ==========
C:\Users\User\AppData\Roaming\ZHP\ZHPFix[R1].txt - 18/02/2014 22:20:52 [4760]
Rapport de ZHPFix 2014.2.16.5 par Nicolas Coolman, Update du 16/02/2014
Fichier d'export Registre :
Run by User at 18/02/2014 22:20:43
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 08s)
Reparação de atalhos do navegador
========== Processo memória ==========
ELIMINA REINICIAR: Memory Process: C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
========== Modulos memória ==========
ELIMINÉ: Memory Module: C:\ProgramData\FileSplitUpLoad.dll
========== Estado dos serviços ==========
BFILTER Parado
BFMON Parado
BPROTECT Parado
========== Chaves do Registo ==========
ELIMINÉ:* CLSID Extra Buttons: {2670000A-7350-4f3c-8081-5663EE0C6C49}
ELIMINÉ:* CLSID Extra Buttons: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\baidu
ELIMINÉ CLSID MPSK: {c26e32a4-8af1-11e3-a229-e81132b6d37f}
ELIMINÉ: HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
ELIMINÉ: HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus
========== Valores do Registo ==========
ELIMINÉ RunValue: ETDCtrl
ELIMINÉ RunValue: swg
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
ELIMINÉ: C:\Users\User\AppData\Local\{0902AA6B-3AF6-4E1F-AC25-C4686D022645}
ELIMINÉ: C:\Users\User\AppData\Local\{26706394-F1B6-4D99-9487-2B5351835D6C}
ELIMINÉ: C:\Users\User\AppData\Local\{2A968F0E-ADAC-48BF-99E1-AFF41DF43EA4}
ELIMINÉ: C:\Users\User\AppData\Local\{3814E066-3739-436B-A06F-CD710173C671}
ELIMINÉ: C:\Users\User\AppData\Local\{3C81B0B4-8F81-4B64-BB2D-0AF3478620A1}
ELIMINÉ: C:\Users\User\AppData\Local\{42CC2C2D-3926-4F63-B137-7B3A8E824BE3}
ELIMINÉ: C:\Users\User\AppData\Local\{4FA804DA-E9CD-4369-8C4A-761D0D677B6D}
ELIMINÉ: C:\Users\User\AppData\Local\{5C80F366-4716-4FB0-AB2E-6E9FB1945A61}
ELIMINÉ: C:\Users\User\AppData\Local\{797943F0-9660-4B6A-8968-901426C9AB66}
ELIMINÉ: C:\Users\User\AppData\Local\{7BDC395D-CBB4-4C95-BC8E-9F05F838E3BE}
ELIMINÉ: C:\Users\User\AppData\Local\{821FE80D-1AF3-4B4B-9752-48C6E3DC3AE0}
ELIMINÉ: C:\Users\User\AppData\Local\{8DC7520D-DEAC-429F-A03A-6A4F89BA6A5E}
ELIMINÉ: C:\Users\User\AppData\Local\{8F9AEF95-6FA9-4125-A3CC-A2232F6D2CF0}
ELIMINÉ: C:\Users\User\AppData\Local\{A612E6F8-928A-4AA9-85EB-7AE05CE31FA0}
ELIMINÉ: C:\Users\User\AppData\Local\{AD450A2E-25D7-4095-AF6D-524CD7878CBB}
ELIMINÉ: C:\Users\User\AppData\Local\{AD68600E-F3D4-44F5-A821-79D9B2419D38}
ELIMINÉ: C:\Users\User\AppData\Local\{AE28B1F9-CAE9-4CEC-8C3C-2094AE011B35}
ELIMINÉ: C:\Users\User\AppData\Local\{B57CB3B7-F309-4FD0-9B2A-F5D07607C82C}
ELIMINÉ: C:\Users\User\AppData\Local\{BC7AD0B1-EDA7-4E4F-B919-623842BC7F2D}
ELIMINÉ: C:\Users\User\AppData\Local\{BF153061-145D-4F37-9402-BFC8126B5794}
ELIMINÉ: C:\Users\User\AppData\Local\{C06FFE70-D5D9-41DA-A339-73779F505CFE}
ELIMINÉ: C:\Users\User\AppData\Local\{D167B785-5350-4B76-A186-5B6CC2B2F3AE}
ELIMINÉ: C:\Users\User\AppData\Local\{D767655F-1DF8-4555-8D0B-A366F14FA49D}
ELIMINÉ: C:\Users\User\AppData\Local\{E1046AB3-D4A2-4977-A910-8E24E19CCF3B}
ELIMINÉ: C:\Users\User\AppData\Local\{FE8114A1-D5D6-4940-9CEF-93AF232549A0}
ELIMINÉ: C:\Users\User\AppData\Local\{FF1C4ADA-208A-4AE5-B71E-913BC3E11614}
========== Ficheiros ==========
ELIMINA REINICIAR: c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe
ELIMINA REINICIAR: f:\windows\autorun.exe
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (61) (24.940.944 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: AutoKMS
ELIMINÉ: {8DD3F590-DDF0-4CC4-B924-B528736691F7}
ELIMINÉ: {B3CC5D96-2E34-4B31-957E-F1D4A19A2268}
ELIMINÉ: {F002299B-1E57-4179-84BC-A769DE2A7F99}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Processo memória
1 : Modulos memória
12 : Chaves do Registo
8 : Valores do Registo
26 : Pastas
7 : Ficheiros
3 : Estado dos serviços
4 : Tarefa planificada
1 : Restauração Sistema
End of clean in 01mn 20s
========== Caminho do ficheiro do relatório ==========
C:\Users\User\AppData\Roaming\ZHP\ZHPFix[R1].txt - 18/02/2014 22:20:52 [4760]
Giselle82- Iniciante
- Mensagens : 39
Reputação : 0
Data de inscrição : 01/02/2014
Re: Problemas com windows
Siga, por gentileza, as dicas do tutorial abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste, por gentileza, o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Última edição por Power Max em Sáb 08 Mar 2014, 23:24, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Problemas com windows
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
desculpem é que estava sem internet.
desculpem é que estava sem internet.
Giselle82- Iniciante
- Mensagens : 39
Reputação : 0
Data de inscrição : 01/02/2014
Re: Problemas com windows
Quanto a este link, ele está quebrado:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Poste o link completo, por gentileza.
Falta também você executar o AdwCleaner e postar o relatório dele.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Poste o link completo, por gentileza.
Falta também você executar o AdwCleaner e postar o relatório dele.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Problemas com windows
não tenho mais esse program
Giselle82- Iniciante
- Mensagens : 39
Reputação : 0
Data de inscrição : 01/02/2014
Re: Problemas com windows
É só baixá-lo e executá-lo seguindo as dicas deste tutorial que lhe passei:Giselle82 escreveu:não tenho mais esse program
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re power
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Relatório.
# AdwCleaner v3.019 - Relatório criado 21/02/2014 às 12:17:39
# Atualizado 17/02/2014 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)
# Usuário : User - GISELLEUSER-PC
# Executando de : C:\Users\User\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Users\User\Documents\optimizer pro
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{8E9F2D02-6B06-4EBA-92C2-68438EADED28}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{5563BEFE-3B03-43B1-8041-64A9745DAA56}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{8E9F2D02-6B06-4EBA-92C2-68438EADED28}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{208D4124-3895-4974-B293-A159BD306078}
Chave Deletedo : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.16518
-\\ Google Chrome v32.0.1700.107
[ Arquivo : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1922 octets] - [21/02/2014 12:15:48]
AdwCleaner[S0].txt - [1816 octets] - [21/02/2014 12:17:39]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1876 octets] ##########
Relatório.
# AdwCleaner v3.019 - Relatório criado 21/02/2014 às 12:17:39
# Atualizado 17/02/2014 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)
# Usuário : User - GISELLEUSER-PC
# Executando de : C:\Users\User\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Users\User\Documents\optimizer pro
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{8E9F2D02-6B06-4EBA-92C2-68438EADED28}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{5563BEFE-3B03-43B1-8041-64A9745DAA56}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{8E9F2D02-6B06-4EBA-92C2-68438EADED28}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{208D4124-3895-4974-B293-A159BD306078}
Chave Deletedo : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.16518
-\\ Google Chrome v32.0.1700.107
[ Arquivo : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1922 octets] - [21/02/2014 12:15:48]
AdwCleaner[S0].txt - [1816 octets] - [21/02/2014 12:17:39]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1876 octets] ##########
Giselle82- Iniciante
- Mensagens : 39
Reputação : 0
Data de inscrição : 01/02/2014
Re: Problemas com windows
Siga, por gentileza, as dicas do tutorial abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste, por gentileza, o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste, por gentileza, o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Última edição por Power Max em Sáb 08 Mar 2014, 23:25, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re power
relatório
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on 21/02/2014 at 13:04:42,11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\windows\syswow64\sho4FBB.tmp
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/02/2014 at 13:40:11,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on 21/02/2014 at 13:04:42,11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\windows\syswow64\sho4FBB.tmp
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/02/2014 at 13:40:11,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Giselle82- Iniciante
- Mensagens : 39
Reputação : 0
Data de inscrição : 01/02/2014
Re: Problemas com windows
Como está o PC? O problema continua ou foi resolvido?
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re power
Na verdade ele não reinicia toda hora então só vai dar pra saber daqui algum tempo
mas os desligamentos tem a ver com isso.
mas os desligamentos tem a ver com isso.
Giselle82- Iniciante
- Mensagens : 39
Reputação : 0
Data de inscrição : 01/02/2014
Re: Problemas com windows
Na verdade a tela azul tem várias causas: problemas de hardware, vírus, drivers com problemas, superaquecimento, etc. Por isto é que o técnico é bom nesta hora porque ele pode testar todas as causas possíveis e ver o que está causando o problema e assim corrigi-lo.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re power
Obrigada
Vou ter que procurar um tecnico, esse monte de bloco que ficou na minha área de trabalho como faço para limpar.
Grata.
Vou ter que procurar um tecnico, esse monte de bloco que ficou na minha área de trabalho como faço para limpar.
Grata.
Giselle82- Iniciante
- Mensagens : 39
Reputação : 0
Data de inscrição : 01/02/2014
Re: Problemas com windows
Instale o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (caso já tenha ele, não precisa instalar de novo).
Abra o Ccleaner > clique no botão Limpeza > clique na opção Executar Limpeza. Isto é demonstrado na imagem abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Confirme a operação acima clicando no botão OK. Aguarde a conclusão do procedimento.
Depois disto, clique no botão botão Registro > Procurar Erros > Corrigir erro(s) selecionado(s) > neste momento você poderá optar por fazer uma cópia das alterações que serão feitas no registro (por motivos de segurança), escolha a opção que desejar (sim ou não) > e confirme a limpeza clicando no botão Corrigir todos os erros selecionados > clique no botão Fechar (ou OK):
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
__________________________________________________________________________________________________________________Depois disto siga também as dicas deste tutorial abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve no Desktop (Área de Trabalho)
*Depois disto é só executá-lo, deixar selecionadas as opções Remove disinfection tools e Purge system restore
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Clique em [Run]
Depois de executar o Delfix conforme descrito acima, é só deletar o DelFix e o arquivo C:\DelFix.txt
_______________________________________________________________________________________________________________________
Siga também as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
E aí você fica observando o PC. Se não der mais erro é porque o problema foi resolvido.
Se mesmo assim o erro voltar, aí você leva ao técnico.
Um abraço!
Última edição por Power Max em Sáb 08 Mar 2014, 23:25, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re power
Muito Obrigada
daqui uma semana posto novamente se deu problema ou não.
Grata.
daqui uma semana posto novamente se deu problema ou não.
Grata.
Giselle82- Iniciante
- Mensagens : 39
Reputação : 0
Data de inscrição : 01/02/2014
Re: Problemas com windows
TÓPICO ARQUIVADO
Como a autora não respondeu por mais de 15 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Como a autora não respondeu por mais de 15 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos
|
|