Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 17 usuários online :: 0 registrados, 0 invisíveis e 17 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Escanemento com antivírus.
2 participantes
Página 1 de 3
Página 1 de 3 • 1, 2, 3 
Escanemento com antivírus.
por dan_asa Seg 28 Abr 2014, 17:35
Olá. Preciso do uma ajuda. Quando escaneio o meu pc da forma completa com o antivúrus Avast ele não completa e trava o PC reiniciando-o.?
O que devo fazer? Opções que já tentei:
1-passei vários antispywares;
2-deletei vírus manualmente no executar/redigit e outros;
3-desistalei e instalei o Avaste para uma versão mais recente;
4-fiz o escaneamento pelo boot e apareceu uns vírus ou coisa parecida, mas estavam na pasta do windows;
5-fiz a varredura com o ccleaner.
As varreduras mais simples se completam e não apresentam vírus. O probelma também acontece quando uso alguns antispywares como o Superantispyware ou o Spyware Terminator na varredura mais completa. O PC funciona normalmente, mas tenho medo de ele vir a para de funcionar e não quero pensar na soluçõa de formatação, pelo menos quero saber se existe uma outra solução - terminar o escanemento de qualquer ferramenta que eu ultilizar.
Abraço e obrigado.
O que devo fazer? Opções que já tentei:
1-passei vários antispywares;
2-deletei vírus manualmente no executar/redigit e outros;
3-desistalei e instalei o Avaste para uma versão mais recente;
4-fiz o escaneamento pelo boot e apareceu uns vírus ou coisa parecida, mas estavam na pasta do windows;
5-fiz a varredura com o ccleaner.
As varreduras mais simples se completam e não apresentam vírus. O probelma também acontece quando uso alguns antispywares como o Superantispyware ou o Spyware Terminator na varredura mais completa. O PC funciona normalmente, mas tenho medo de ele vir a para de funcionar e não quero pensar na soluçõa de formatação, pelo menos quero saber se existe uma outra solução - terminar o escanemento de qualquer ferramenta que eu ultilizar.
Abraço e obrigado.
dan_asa- Iniciante
- Mensagens : 34
Reputação : 1
Data de inscrição : 27/04/2014
Re: Escanemento com antivírus.
por Power Max Seg 28 Abr 2014, 17:39
Olá dan_asa.
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
resultado do escaneamento.
por dan_asa Seg 28 Abr 2014, 18:43
~ Relatório do ZHPDiag v2014.4.28.48 - Nicolas Coolman (28/04/2014)
~ Iniciado por DANIEL (28/04/2014 18:32:41)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.7600.16385
GCIE: Google Chrome v34.0.1847.116 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 32-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Ad-Aware v8.0.0
Spybot - Search & Destroy v1.6.2
Spyware Terminator 2012 v3.0.0.69
SUPERAntiSpyware v5.7.1018
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.13
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 ActiveX
Adobe Reader X
Java 7 Update 55
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1978 MB (45% free)
System Restore: Activé (Enable)
System drive C: has 144 GB (48%) free of 298 GB
---\\ Modo de conexão ao sistema
~ Computer Name: DANIEL-PC
~ User Name: DANIEL
~ All Users Names: HomeGroupUser$, DANIEL, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\DANIEL\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\DANIEL\AppData\Roaming\
~ %Desktop% : C:\Users\DANIEL\Desktop\
~ %Favorites% : C:\Users\DANIEL\Favorites\
~ %LocalAppData% : C:\Users\DANIEL\AppData\Local\
~ %StartMenu% : C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 144 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 37 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.2626FC9755BE22F805D3CFA0CE3EE727] - (.Microsoft Corporation - Windows Explorer.) (.31/10/2009 - 02:45:39.) -- C:\Windows\Explorer.exe [2614272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.78B9ADA2BC8946AF7B17678E0D07A773] - (.Microsoft Corporation - Internet Extensions para Win32.) (.21/12/2010 - 02:38:22.) -- C:\Windows\System32\wininet.dll [981504]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 20:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 20:14:17.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.F1B6AA08497EA86CA6EF6F7A08B0BFB8] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/02/2010 - 04:32:05.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.13/07/2009 - 22:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/14
~ Mes Videos (My Videos) : 1/4
~ Mes Favoris (My Favorites) : 1/64
~ Mes Documents (My Documents) : 2/62
~ Mon Bureau (My Desktop) : 2/29989
~ Menu demarrer (Programs) : 1/58
~ Hidden Files: Scanned in 00mn 58s
---\\ Processos lançados
[MD5.8E67B6FAD3C2696FF8507A2A24F83286] - (.Crawler.com - Spyware Terminator 2012 Realtime Shield Ser.) -- C:\Program Files\Spyware Terminator\st_rsser.exe [482992] [PID.2452]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.3580]
[MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704] [PID.3648]
[MD5.B895C862BC32F6D65892D7C7FF5B3F78] - (.Lavasoft - Ad-Aware Tray Application.) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [528832] [PID.944]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.2068]
[MD5.2EBBBFC120593C683796092F2DDA0EFC] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [841032] [PID.2480]
[MD5.1780A53FCE5975B94604775CD9460F22] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7865344] [PID.2212]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
G2 - GCE: Preference [User Data\Default] [bbjciahceamgodcoidkjpchnokgfpphh] Funmoods Chat v.2.3.8 (Désactivé) =>PUP.Funmoods
G2 - GCE: Preference [User Data\Default] [bkomkajifikmkfnjgphkjcfeepbnojok] PriceGong v.5.6.2 (Désactivé) =>Adware.PriceGong
G2 - GCE: Preference [User Data\Default] [cjpglkicenollcignonpgiafdgfeehoj] Funmoods v.9.4.15, (Désactivé) =>PUP.Funmoods
G2 - GCE: Preference [User Data\Default] [dlnembnfbcpjnepmfjmngjenhhajpdfd] IB Updater v.2.0.0.110 (Désactivé) =>Adware.InstallBrain
G2 - GCE: Preference [User Data\Default] [gaiilaahiahdejapggenmdmafpmbipje] DealPly v.3.9.7.9 (Désactivé) =>PUP.DealPly
G2 - GCE: Preference [User Data\Default] [hgojaaaiddhmiiakpejiklijbalpckih] Status Winks v.3.0.0.0 (Désactivé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 19 Legitimates Filtered in 01mn 25s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Funmoods
~ IE Browser: 10 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.11:8080
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} . (.PriceGong - PriceGong Comparative Shopping Tool.) -- C:\Program Files\PriceGong\2.6.2\PriceGongIE.dll =>Adware.PriceGong
O2 - BHO: IB Updater Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} . (...) -- C:\Program Files\IB Updater\Extension32.dll =>Adware.InstallBrain
O2 - BHO: Smiley Bar for Facebook - {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} . (.Status Winks - ScriptHost.) -- C:\Program Files\Smiley Bar for Facebook\ScriptHost.dll =>Adware.SmileyBar
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} . (.DealPly Technologies Ltd - DealPly for Internet Explorer.) -- C:\Program Files\DealPly\DealPlyIE.dll =>PUP.DealPly
~ BHO: 32 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [NWEReboot] Chave orfã
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKCU\..\RunOnce: [AutoLaunch] . (...) -- C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [AutoLaunch] . (...) -- C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [Del19283611] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\System32\cmd.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [AutoLaunch] . (...) -- C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [Del19283611] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\System32\cmd.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4080307448-181241973-1533720549-1000\..\RunOnce: [AutoLaunch] . (...) -- C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: Search - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} . (...) -- C:\Program Files\Minibar\icons\icon16.ico =>PUP.Minibar
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Chave orfã
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFFF406D-C981-4B82-92F4-43D0403490F8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpDomain = seduc.ce.gov.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{AFFF406D-C981-4B82-92F4-43D0403490F8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpDomain = seduc.ce.gov.br
O17 - HKLM\System\CS2\Services\Tcpip\..\{AFFF406D-C981-4B82-92F4-43D0403490F8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpDomain = seduc.ce.gov.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files\browse~1\23787~1.43\{16cdf~1\browse~1.dll (.not file.)
~ AppInit DLL: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: BitMeter Capture Service (BitMeterCaptureService) . (...) - C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe
O23 - Service: BitMeter Web Service (BitMeterWebService) . (...) - C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe
O23 - Service: (IBUpdaterService) . (.No owner - Installer.) - C:\Windows\System32\dmwu.exe =>Adware.InstallBrain
~ Services: 13 Legitimates Filtered in 00mn 06s
---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (lsdelete) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
[MD5.4EE862402A5ECEE9A6F291E08B79F2C7] [APT] [DealPlyUpdate] (.DealPly.) -- C:\Program Files\DealPly\DealPlyUpdate.exe [78024] =>PUP.DealPly
[MD5.00000000000000000000000000000000] [APT] [{7552CC8D-8394-48E0-9447-DD95320AD973}] (...) -- E:\Tiago Quick@ACERASPIREONE\#DOC\PROGRAMAS\DX9\DX9\DX9NT.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B2D4BED7-FD21-44B6-8D1E-DFE9F9674679}] (...) -- C:\Users\DANIEL\Desktop\Receitanet-1.03.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DA674A55-E958-4032-8C87-EE32BF80F738}] (...) -- C:\Users\DANIEL\Desktop\DANIEL\INTERNET FILES\Programas\VÖDEOS PLAYERS\CyberLink DVD Suite v5\CDS\PDVD\Setup.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) [492]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056]
~ Scheduled Task: 18 Legitimates Filtered in 00mn 05s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for RootKit Detection.) - C:\Windows\System32\DRIVERS\avipbb.sys
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (sp_rsdrv2) . (...) - C:\Windows\system32\drivers\sp_rsdrv2.sys
~ Drivers: 93 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: DealPly - (.DealPly Technologies Ltd.) [HKLM] -- DealPly =>PUP.DealPly
O42 - Logiciel: Files To Phones - (.PromoToMobile team.) [HKLM] -- Files To Phones
O42 - Logiciel: Hao123.com - (...) [HKLM] -- Hao123.com
O42 - Logiciel: IB Updater 2.0.0.110 - (.IncrediBar.) [HKLM] -- {336D0C35-8A85-403a-B9D2-65C292C39087}_is1 =>Adware.InstallBrain
O42 - Logiciel: IB Updater Service - (...) [HKLM] -- WNLT =>Adware.InstallBrain
O42 - Logiciel: IRPF2010 - Declaração de Ajuste Anual e Final de Espólio - (...) [HKLM] -- IRPF2010 - Declaração de Ajuste Anual e Final de Espólio
O42 - Logiciel: IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2011
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2012
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: PDFTiger - (...) [HKLM] -- PDFTiger_is1
O42 - Logiciel: PDFTigerDriver - (...) [HKLM] -- {AEM384L1-28E3-1232-1233-1JD74JDIEK32}_is1
O42 - Logiciel: PicaView - (...) [HKLM] -- PicaView
O42 - Logiciel: PowerBackup 2.5 - (...) [HKLM] -- {ADD5DB49-72CF-11D8-9D75-000129760D75}
O42 - Logiciel: PriceGong 2.6.2 - (.PriceGong.) [HKLM] -- PriceGong =>Adware.PriceGong
O42 - Logiciel: Update Manager for SweetPacks 1.0 - (.SweetIM Technologies Ltd..) [HKLM] -- {FB697452-8CA4-46B4-98B1-165C922A2EF3} =>PUP.SweetIM
O42 - Logiciel: Updater Service - (...) [HKLM] -- Updater Service =>Adware.IncrediBar
~ Logic: 32 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\Apex]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\BrowserMngr] =>PUP.Babylon
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\DealPly] =>PUP.DealPly
[HKCU\Software\FileScout] =>PUP.FileScout
[HKCU\Software\Hoolapp]
[HKCU\Software\IFCE/SENGE]
[HKCU\Software\IM]
[HKCU\Software\IncrediMail]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Minibar] =>PUP.Minibar
[HKCU\Software\SERPRO]
[HKCU\Software\WNLT] =>Adware.IncrediBar
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\a2df8ce73ae541] =>PUP.Babylon
[HKCU\Software\superdownloads.com.br]
[HKCU\Software\thyanté]
[HKLM\Software\360Safe] =>Trojan.Lozavita
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\BrowserMngr] =>PUP.Babylon
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\DVDRippper]
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\IB Updater] =>Adware.InstallBrain
[HKLM\Software\IncrediMail]
[HKLM\Software\Minibar] =>PUP.Minibar
[HKLM\Software\Programas RFB]
[HKLM\Software\PromoToMobile]
[HKLM\Software\a2df8ce73ae541] =>PUP.Babylon
~ Key Software: 361 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 07/02/2013 - 18:20:00 - [] ----D C:\Program Files\Apex
O43 - CFD: 23/02/2014 - 00:29:00 - [] ----D C:\Program Files\Baidu Security =>Adware.BDSearch
O43 - CFD: 25/04/2014 - 01:26:07 - [] ----D C:\Program Files\DealPly =>PUP.DealPly
O43 - CFD: 26/01/2013 - 23:35:30 - [] ----D C:\Program Files\File Scout =>PUP.FileScout
O43 - CFD: 08/11/2012 - 19:12:58 - [] ----D C:\Program Files\Hao123.com
O43 - CFD: 08/11/2012 - 19:12:28 - [] ----D C:\Program Files\IB Updater =>Adware.InstallBrain
O43 - CFD: 08/11/2012 - 19:12:54 - [] ----D C:\Program Files\Minibar =>PUP.Minibar
O43 - CFD: 23/01/2012 - 11:32:51 - [] ----D C:\Program Files\OxelonMedia
O43 - CFD: 22/10/2012 - 11:35:03 - [] ----D C:\Program Files\PDFTiger
O43 - CFD: 29/02/2012 - 21:05:48 - [] ----D C:\Program Files\PriceGong =>Adware.PriceGong
O43 - CFD: 06/03/2013 - 20:14:08 - [] ----D C:\Program Files\Programas RFB
O43 - CFD: 13/10/2011 - 14:15:52 - [] ----D C:\Program Files\PromoToMobile
O43 - CFD: 22/10/2012 - 11:38:44 - [] ----D C:\Program Files\qvPDF
O43 - CFD: 23/02/2014 - 00:32:27 - [] ----D C:\ProgramData\baidu =>Adware.BDSearch
O43 - CFD: 23/02/2014 - 00:32:42 - [] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 10/10/2012 - 21:32:56 - [] ----D C:\ProgramData\Browser Manager
O43 - CFD: 13/10/2011 - 14:16:02 - [] ----D C:\ProgramData\Files To Phones
O43 - CFD: 26/01/2013 - 23:35:32 - [] ----D C:\ProgramData\IBUpdaterService =>Adware.InstallBrain
O43 - CFD: 02/04/2011 - 01:18:24 - [] --H-D C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
O43 - CFD: 23/02/2014 - 00:33:00 - [] ----D C:\Users\DANIEL\AppData\Roaming\Baidu =>Adware.BDSearch
O43 - CFD: 23/02/2014 - 00:33:09 - [] ----D C:\Users\DANIEL\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 26/03/2013 - 23:20:50 - [] ----D C:\Users\DANIEL\AppData\Roaming\File Scout =>PUP.FileScout
O43 - CFD: 23/01/2012 - 11:48:34 - [] ----D C:\Users\DANIEL\AppData\Roaming\OxelonMC
O43 - CFD: 08/11/2012 - 19:12:57 - [] ----D C:\Users\DANIEL\AppData\Local\Minibar =>PUP.Minibar
O43 - CFD: 16/04/2011 - 12:07:44 - [] ----D C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2011
O43 - CFD: 18/04/2012 - 10:18:03 - [] ----D C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012
O43 - CFD: 06/03/2013 - 09:47:58 - [] ----D C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 27/03/2014 - 16:31:05 - [] ----D C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ 2 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 233 Legitimates Filtered in 00mn 02s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.7B80A0F6E1BE594D35DE8B200B70B6F7] - 18/04/2014 - 10:35:58 ---A- . (...) -- C:\Windows\System32\jupdate-1.7.0_55-b14.log [4118]
O44 - LFC:[MD5.0818297B71780D4CC34B8EC5CC07EF08] - 23/04/2014 - 01:18:28 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [128094]
O44 - LFC:[MD5.837A9D7C4126026734BFA35CAB448397] - 23/04/2014 - 01:18:28 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [663804]
O44 - LFC:[MD5.4D6C6E0505A8E5A0656DCB223497D37C] - 25/04/2014 - 05:04:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O44 - LFC:[MD5.70399604D001A7FC374B7930BD7694AD] - 25/04/2014 - 10:37:54 ---A- . (...) -- C:\TDSSKiller.2.8.16.0_25.04.2014_10.36.51_log.txt [135496]
O44 - LFC:[MD5.88D5A2DD2F77A7F4A5B03EC867A3B739] - 28/04/2014 - 16:48:32 ---A- . (...) -- C:\aaw7boot.log [443948]
~ Files: 28 Legitimates Filtered in 00mn 37s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"VIDC.XVID"="xvid.dll" . (...) -- C:\Windows\System32\xvid.dll
O52 - TDSD: \drivers.desc\"xvid.dll"="XviD MPEG-4 Video Codec" . (...) -- C:\Windows\System32\xvid.dll
~ TDSD: 27 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Hoolapp Android [Key] . (...) -- C:\Users\DANIEL\AppData\Roaming\HOOLAP~1\Hoolapp.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Sweetpacks Communicator [Key] . (...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
O53 - SMSR:HKLM\...\startupreg\Tim [Key] . (...) -- C:\Program Files\TI Software\TiMONITOR\lsass.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\DANIEL\Desktop\Daniel\INTERNET FILES\Programas\ACESSÓRIOS\utorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 27 Legitimates Filtered in 00mn 01s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [54912]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [23168]
O58 - SDL:25/04/2014 - 05:04:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O58 - SDL:25/04/2014 - 05:04:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944]
O58 - SDL:25/04/2014 - 05:04:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632]
O58 - SDL:02/04/2011 - 01:05:45 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\System32\Drivers\avgntflt.sys [56816]
O58 - SDL:13/02/2009 - 14:22:54 ---A- . (.Avira GmbH - Avira Driver for RootKit Detection.) -- C:\Windows\System32\Drivers\avipbb.sys [95576]
O58 - SDL:09/01/2014 - 08:42:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [47456]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:21/06/2011 - 11:24:06 ---A- . (...) -- C:\Windows\System32\Drivers\sp_rsdrv2.sys [32768]
O58 - SDL:13/02/2009 - 11:50:02 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\System32\Drivers\ssmdrv.sys [28376]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:20/03/2002 - 22:01:06 R--A- . (...) -- C:\Windows\System32\Digita.sys [6688]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 94 Legitimates Filtered in 00mn 10s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 31/05/2012 - C:\Windows\System32\drivers\360HookOem.sys (360HookOem) .(.360安全中心 - 360HookOem.) - LEGACY_360HOOKOEM
O64 - Services: CurCS - 25/04/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 01/04/2011 - C:\Windows\System32\drivers\BCM42RLY.sys (BCM42RLY) .(.Broadcom Corporation - Broadcom iLine10(tm) PCI Network Adapter Pr.) - LEGACY_BCM42RLY
O64 - Services: CurCS - 09/01/2014 - C:\Windows\System32\drivers\Bhbase.sys (Bhbase) .(.Baidu, Inc. - Baidu Antivirus Hook Base.) - LEGACY_BHBASE
~ Legacy: 99 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0BA52D6A-51F9-FAE9-F2B6-7083FE88FC34} - (Search the web (Babylon)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Funmoods) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Funmoods
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} [DefaultScope] - (MyStart Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IncrediBar
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
[MD5.CDA12F70283C1D0F08E5E729D8799A23] [SPRF][21/07/2011] (...) -- C:\Users\DANIEL\AppData\Roaming\ezpinst.exe [81920]
[MD5.B9B0ABB41ABA16E2562B261F5F9D9323] [SPRF][27/08/2009] (...) -- C:\Users\DANIEL\AppData\Roaming\init.dll [701]
[MD5.B9B0ABB41ABA16E2562B261F5F9D9323] [SPRF][26/11/2009] (...) -- C:\Users\DANIEL\AppData\Roaming\sound.dll [701]
[MD5.1BE2203AB50CAC237FDDF1BCAB819AE2] [SPRF][22/10/2012] (...) -- C:\Users\DANIEL\AppData\Roaming\SYSTEM32.dll [6]
~ Files: 6 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{2C31BFF9-895C-4C3B-BC5C-00A9741495FB}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Users\DANIEL\Saved Games\Downloads\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{576D71FE-AB4E-4A37-9CEE-CB2AE5FEA015}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Users\DANIEL\Saved Games\Downloads\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{B2715F25-9F85-4A73-BCFF-7DA060DE8DFC}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\DANIEL\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{6E3195AA-B887-4B98-8598-35AC43F6ABDD}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\DANIEL\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 02s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "254796BF4AC84B64891B61C529A2E23F" . (.Update Manager for SweetPacks 1.0.) -- C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}\ARPPRODUCTICON.exe =>PUP.SweetIM
~ Update Products: 1 Legitimates Filtered in 00mn 00s
---\\ Exportar as chaves do registo aleatórias (091)
[HKCU\Software\a2df8ce73ae541\history\{16cdff19-861d-48e3-a751-d99a27784753}2.2.643.41]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" =>PUP.Babylon
[HKCU\Software\a2df8ce73ae541\history\{16cdff19-861d-48e3-a751-d99a27784753}2.2.643.41]:version="2.2.643.41" =>PUP.Babylon
[HKCU\Software\a2df8ce73ae541] =>PUP.Babylon^
[HKCU\Software\a2df8ce73ae541]:GUID="{16cdff19-861d-48e3-a751-d99a27784753}" =>PUP.Babylon
[HKCU\Software\a2df8ce73ae541]:version="2.3.787.43" =>PUP.Babylon
[HKLM\Software\a2df8ce73ae541] =>PUP.Babylon^
[HKLM\Software\a2df8ce73ae541]:GUID="{16cdff19-861d-48e3-a751-d99a27784753}" =>PUP.Babylon
[HKLM\Software\a2df8ce73ae541]:version="2.3.787.43" =>PUP.Babylon
~ Export Key Software: Scanned in 00mn 00s
---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS: - {35B6525E-071A-4EA9-B3BD-F6A742572F08}
~ MNS: 3 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.85C5DEF2B079CA6E8CA7FCBD45793BEF] [WIS][29/02/2012] (.SweetIM Technologies Ltd. - Sweetpacks Communicator 1.0.) -- C:\Windows\Installer\da957.msi [2243584] =>PUP.SweetIM
[MD5.8797F3592E055284D113FEAA21B71ED3] [WIS][07/08/2012] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\e656f.msi [28160] =>Toolbar.Google
~ WIS: 2 Legitimates Filtered in 00mn 54s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32 =>PUP.Funmoods
HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS =>PUP.Funmoods
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_223E2B8E7BAD9544_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_223E2B8E7BAD9544_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 =>Adware.IncrediBar
HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS =>Adware.IncrediBar
HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32 =>Adware.IncrediBar
HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS =>Adware.IncrediBar
HKLM\SOFTWARE\Microsoft\Tracing\melondrea_0702-81cfb2ef_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\melondrea_0702-81cfb2ef_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\melondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\melondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\melondrea_Setup_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\melondrea_Setup_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASAPI32 =>PUP.Babylon
HKLM\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASMANCS =>PUP.Babylon
HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32 =>PUP.SweetIM
HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS =>PUP.SweetIM
HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32 =>PUP.SweetIM
HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS =>PUP.SweetIM
HKLM\SOFTWARE\Microsoft\Tracing\updatemelondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\updatemelondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\utilmelondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\utilmelondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 329 Legitimates Filtered in 00mn 00s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google
[HKCR\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}] (IB Updater) =>Adware.InstallBrain
[HKCR\CLSID\{60EACC1A-33FA-443D-9846-17B28E2C9BDB}] (Minibar) =>PUP.Minibar
[HKCR\CLSID\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}] (Smiley Bar for Facebook) =>Adware.SmileyBar
[HKCR\CLSID\{A0717E52-8AC8-4dd9-8682-0B76775125E6}] (DivX Settings Manager) =>PUP.SystemK
[HKCR\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] (DealPly) =>PUP.DealPly
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
[HKCR\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044}] (MinibarBHO) =>PUP.Minibar
[HKCR\CLSID\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}] (MinibarButton) =>PUP.Minibar
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] (Google Toolbar Notifier BHO) =>Toolbar.Google
[HKCR\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}] (PriceGongCtrl Class) =>Adware.PriceGong
~ BCK: 7184 Legitimates Filtered in 00mn 11s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 25/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 07/08/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 07/08/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 20/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 26/01/2013 671648 | (IBUpdaterService) . (...) - C:\Windows\System32\dmwu.exe =>Adware.InstallBrain
SS - | Demand 16/05/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 10/10/2013 120088 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 25/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 19/11/2011 85435 | (BitMeterCaptureService) . (...) - C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe
SR - | Auto 19/11/2011 141466 | (BitMeterWebService) . (...) - C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe
SR - | Auto 20/04/2010 615712 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Demand 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Users\DANIEL\AppData\Local\Temp\7zS08CA\hpslpsvc32.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 22/08/2011 1036104 | (Lavasoft Ad-Aware Service) . (.Lavasoft.) - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/08/2005 167936 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
SR - | Auto 28/03/2012 482992 | (ST2012_Svc) . (.Crawler.com.) - C:\Program Files\Spyware Terminator\st_rsser.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 01/04/2011 40960 | (wltrysvc) . (.Broadcom Corporation.) - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 13s
---\\ Scâner Aditional (088)
Database Version : 13045 - (28/04/2014)
Clés trouvées (Keys found) : 142
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 25
Fichiers trouvés (Files found) : 25
[HKLM\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh] =>PUP.Funmoods^
[HKLM\Software\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok] =>Adware.PriceGong^
[HKLM\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj] =>PUP.Funmoods^
[HKLM\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd] =>Adware.InstallBrain^
[HKLM\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje] =>PUP.DealPly^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.InstallBrain^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}] =>Adware.SmileyBar^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =>PUP.DealPly^
[HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService] =>Adware.InstallBrain^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly] =>PUP.DealPly^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1] =>Adware.InstallBrain^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WNLT] =>Adware.InstallBrain^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong] =>Adware.PriceGong^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service] =>Adware.IncrediBar^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Sweetpacks Communicator] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
[HKLM\Software\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}] =>PUP.Funmoods
[HKLM\Software\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}] =>PUP.BearShare
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong
[HKLM\Software\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong
[HKLM\Software\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}] =>Toolbar.Expresso
[HKLM\Software\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}] =>PUP.Minibar
[HKLM\Software\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}] =>PUP.BearShare
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}] =>PUP.BearShare
[HKLM\Software\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}] =>PUP.BearShare
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{539F76FD-084E-4858-86D5-62F02F54AE86}] =>PUP.Minibar
[HKLM\Software\Classes\CLSID\{539F76FD-084E-4858-86D5-62F02F54AE86}] =>PUP.Minibar
[HKLM\Software\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent
[HKLM\Software\Classes\CLSID\{6BC38BF4-E84D-46E1-920B-42D31AEA617E}] =>Toolbar.Agent
[HKLM\Software\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}] =>PUP.iMesh
[HKLM\Software\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}] =>Adware.PriceGong
[HKLM\Software\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}] =>PUP.iMesh
[HKLM\Software\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}] =>Adware.PriceGong
[HKLM\Software\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}] =>PUP.Funmoods
[HKLM\Software\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}] =>Toolbar.Expresso
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =>PUP.DealPly
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =>PUP.DealPly
[HKLM\Software\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =>PUP.DealPly
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>PUP.Minibar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>PUP.Minibar
[HKLM\Software\Classes\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>PUP.Minibar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>PUP.Minibar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}] =>PUP.Minibar
[HKLM\Software\Classes\CLSID\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}] =>PUP.Minibar
[HKLM\Software\Microsoft\Internet Explorer\extensions\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}] =>PUP.Minibar
[HKLM\Software\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}] =>Adware.PriceGong
[HKLM\Software\Classes\TypeLib\{F13D3582-1359-4F8F-9A48-EF3AE9F5701C}] =>PUP.Minibar
[HKLM\Software\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}] =>PUP.iMesh
[HKLM\Software\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}] =>PUP.iMesh
[HKLM\Software\Classes\AppID\NCTAudioCompress3.DLL] =>PUP.BearShare
[HKLM\Software\Classes\AppID\NCTAudioFormatSettings3.DLL] =>PUP.BearShare
[HKLM\Software\Classes\AppID\PriceGongIE.DLL] =>Adware.PriceGong
[HKLM\Software\Classes\esrv.funmoodsESrvc] =>PUP.Funmoods
[HKLM\Software\Classes\esrv.funmoodsESrvc.1] =>PUP.Funmoods
[HKLM\Software\Classes\Extension.ExtensionHelperObject] =>Toolbar.Expresso
[HKLM\Software\Classes\Extension.ExtensionHelperObject.1] =>Toolbar.Expresso
[HKLM\Software\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}] =>Adware.Adkubru
[HKLM\Software\Classes\PriceFactorIE.PriceGongBHO] =>Adware.PriceGong
[HKLM\Software\Classes\PriceFactorIE.PriceGongBHO.1] =>Adware.PriceGong
[HKLM\Software\Classes\PriceGongIE.PriceGongCtrl] =>Adware.PriceGong
[HKLM\Software\Classes\PriceGongIE.PriceGongCtrl.1] =>Adware.PriceGong
[HKLM\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph] =>Hijacker.Eazel
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\BrowserMngr] =>PUP.Babylon
[HKLM\Software\BrowserMngr] =>PUP.Babylon
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\Minibar] =>PUP.Minibar
[HKLM\Software\Minibar] =>PUP.Minibar
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\WNLT] =>Adware.IncrediBar
[HKLM\Software\WNLT] =>Adware.IncrediBar
[HKCU\Software\DealPly] =>PUP.DealPly
[HKLM\Software\DealPly] =>PUP.DealPly
[HKLM\Software\Microsoft\Tracing\incredibar_installer_RASAPI32] =>Adware.IncrediBar
[HKLM\Software\Microsoft\Tracing\incredibar_installer_RASMANCS] =>Adware.IncrediBar
[HKLM\Software\Microsoft\Tracing\IncredibarToolbar_RASAPI32] =>Adware.IncrediBar
[HKLM\Software\Microsoft\Tracing\IncredibarToolbar_RASMANCS] =>Adware.IncrediBar
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F] =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\254796BF4AC84B64891B61C529A2E23F] =>PUP.SweetIM
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smiley Bar for Facebook] =>Adware.SmileyBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}] =>Adware.SmileyBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}] =>Adware.SmileyBar
[HKLM\Software\Classes\CLSID\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}] =>Adware.SmileyBar
[HKLM\Software\Classes\ScriptHost.Tool.1] =>Toolbar.Agent
[HKLM\Software\Classes\ScriptHost.Tool] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\AddonsFramework.DLL] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\ButtonSite.DLL] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\PropertySync.EXE] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\ScriptHost.DLL] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}] =>Toolbar.Freecorder
[HKLM\Software\360Safe] =>Trojan.Lozavita
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
[HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh =>PUP.Funmoods^
C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok =>Adware.PriceGong^
C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj =>PUP.Funmoods^
C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd =>Adware.InstallBrain^
C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje =>PUP.DealPly^
C:\Program Files\Baidu Security =>Adware.BDSearch^
C:\Program Files\DealPly =>PUP.DealPly^
C:\Program Files\File Scout =>PUP.FileScout^
C:\Program Files\IB Updater =>Adware.InstallBrain^
C:\Program Files\Minibar =>PUP.Minibar^
C:\Program Files\PriceGong =>Adware.PriceGong^
C:\ProgramData\baidu =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\ProgramData\IBUpdaterService =>Adware.InstallBrain^
C:\Users\DANIEL\AppData\Roaming\Baidu =>Adware.BDSearch^
C:\Users\DANIEL\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\Users\DANIEL\AppData\Roaming\File Scout =>PUP.FileScout^
C:\Users\DANIEL\AppData\Local\Minibar =>PUP.Minibar^
C:\Program Files\Smiley Bar for Facebook =>Adware.SmileyBar
C:\ProgramData\Browser Manager =>PUP.Babylon
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly =>PUP.DealPly
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong =>Adware.PriceGong
C:\Users\DANIEL\AppData\LocalLow\Minibar =>PUP.Minibar
C:\Users\DANIEL\AppData\LocalLow\PriceGong =>Adware.PriceGong
C:\Users\DANIEL\AppData\LocalLow\SweetIM =>PUP.SweetIM
C:\Program Files\DealPly\DealPlyUpdate.exe =>PUP.DealPly^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr^
[HKCU\Software\FileScout] =>PUP.FileScout^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\IB Updater] =>Adware.InstallBrain^
[HKCU\Software\a2df8ce73ae541\history\{16cdff19-861d-48e3-a751-d99a27784753}2.2.643.41]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" =>PUP.Babylon^
[HKCU\Software\a2df8ce73ae541] =>PUP.Babylon^^
[HKLM\Software\a2df8ce73ae541] =>PUP.Babylon^^
C:\Windows\Installer\da957.msi =>PUP.SweetIM^
C:\Windows\Installer\e656f.msi =>Toolbar.Google^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^
[HKCR\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}] (IB Updater) =>Adware.InstallBrain^
[HKCR\CLSID\{60EACC1A-33FA-443D-9846-17B28E2C9BDB}] (Minibar) =>PUP.Minibar^
[HKCR\CLSID\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}] (Smiley Bar for Facebook) =>Adware.SmileyBar^
[HKCR\CLSID\{A0717E52-8AC8-4dd9-8682-0B76775125E6}] (DivX Settings Manager) =>PUP.SystemK^
[HKCR\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] (DealPly) =>PUP.DealPly^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
[HKCR\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044}] (MinibarBHO) =>PUP.Minibar^
[HKCR\CLSID\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}] (MinibarButton) =>PUP.Minibar^
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] (Google Toolbar Notifier BHO) =>Toolbar.Google^
[HKCR\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}] (PriceGongCtrl Class) =>Adware.PriceGong^
~ Additionnel Scan: 247611 Items scanned in 00mn 44s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Funmoods
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.PriceGong
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.InstallBrain
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.DealPly
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.SmileyBar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Minibar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SweetIM
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IncrediBar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.1ClickDownloader
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Datamngr
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.FileScout
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.InstallCore
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.MegaSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Melondrea
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SystemK
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.BearShare
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.iMesh
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Eazel
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Bandoo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.BProtector
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BrowseFox
~ MSI: 25 link(s) detected in 00mn 00s
~ 1010 Legitimates filtered by white list
End of the scan (879 lines in 05mn 52s)(0)
~ Iniciado por DANIEL (28/04/2014 18:32:41)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.7600.16385
GCIE: Google Chrome v34.0.1847.116 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 32-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Ad-Aware v8.0.0
Spybot - Search & Destroy v1.6.2
Spyware Terminator 2012 v3.0.0.69
SUPERAntiSpyware v5.7.1018
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.13
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 ActiveX
Adobe Reader X
Java 7 Update 55
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1978 MB (45% free)
System Restore: Activé (Enable)
System drive C: has 144 GB (48%) free of 298 GB
---\\ Modo de conexão ao sistema
~ Computer Name: DANIEL-PC
~ User Name: DANIEL
~ All Users Names: HomeGroupUser$, DANIEL, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\DANIEL\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\DANIEL\AppData\Roaming\
~ %Desktop% : C:\Users\DANIEL\Desktop\
~ %Favorites% : C:\Users\DANIEL\Favorites\
~ %LocalAppData% : C:\Users\DANIEL\AppData\Local\
~ %StartMenu% : C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 144 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 37 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.2626FC9755BE22F805D3CFA0CE3EE727] - (.Microsoft Corporation - Windows Explorer.) (.31/10/2009 - 02:45:39.) -- C:\Windows\Explorer.exe [2614272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.78B9ADA2BC8946AF7B17678E0D07A773] - (.Microsoft Corporation - Internet Extensions para Win32.) (.21/12/2010 - 02:38:22.) -- C:\Windows\System32\wininet.dll [981504]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 20:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 20:14:17.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.F1B6AA08497EA86CA6EF6F7A08B0BFB8] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/02/2010 - 04:32:05.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.13/07/2009 - 22:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/14
~ Mes Videos (My Videos) : 1/4
~ Mes Favoris (My Favorites) : 1/64
~ Mes Documents (My Documents) : 2/62
~ Mon Bureau (My Desktop) : 2/29989
~ Menu demarrer (Programs) : 1/58
~ Hidden Files: Scanned in 00mn 58s
---\\ Processos lançados
[MD5.8E67B6FAD3C2696FF8507A2A24F83286] - (.Crawler.com - Spyware Terminator 2012 Realtime Shield Ser.) -- C:\Program Files\Spyware Terminator\st_rsser.exe [482992] [PID.2452]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.3580]
[MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704] [PID.3648]
[MD5.B895C862BC32F6D65892D7C7FF5B3F78] - (.Lavasoft - Ad-Aware Tray Application.) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [528832] [PID.944]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.2068]
[MD5.2EBBBFC120593C683796092F2DDA0EFC] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [841032] [PID.2480]
[MD5.1780A53FCE5975B94604775CD9460F22] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7865344] [PID.2212]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
G2 - GCE: Preference [User Data\Default] [bbjciahceamgodcoidkjpchnokgfpphh] Funmoods Chat v.2.3.8 (Désactivé) =>PUP.Funmoods
G2 - GCE: Preference [User Data\Default] [bkomkajifikmkfnjgphkjcfeepbnojok] PriceGong v.5.6.2 (Désactivé) =>Adware.PriceGong
G2 - GCE: Preference [User Data\Default] [cjpglkicenollcignonpgiafdgfeehoj] Funmoods v.9.4.15, (Désactivé) =>PUP.Funmoods
G2 - GCE: Preference [User Data\Default] [dlnembnfbcpjnepmfjmngjenhhajpdfd] IB Updater v.2.0.0.110 (Désactivé) =>Adware.InstallBrain
G2 - GCE: Preference [User Data\Default] [gaiilaahiahdejapggenmdmafpmbipje] DealPly v.3.9.7.9 (Désactivé) =>PUP.DealPly
G2 - GCE: Preference [User Data\Default] [hgojaaaiddhmiiakpejiklijbalpckih] Status Winks v.3.0.0.0 (Désactivé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 19 Legitimates Filtered in 01mn 25s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Funmoods
~ IE Browser: 10 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.11:8080
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} . (.PriceGong - PriceGong Comparative Shopping Tool.) -- C:\Program Files\PriceGong\2.6.2\PriceGongIE.dll =>Adware.PriceGong
O2 - BHO: IB Updater Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} . (...) -- C:\Program Files\IB Updater\Extension32.dll =>Adware.InstallBrain
O2 - BHO: Smiley Bar for Facebook - {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} . (.Status Winks - ScriptHost.) -- C:\Program Files\Smiley Bar for Facebook\ScriptHost.dll =>Adware.SmileyBar
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} . (.DealPly Technologies Ltd - DealPly for Internet Explorer.) -- C:\Program Files\DealPly\DealPlyIE.dll =>PUP.DealPly
~ BHO: 32 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [NWEReboot] Chave orfã
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKCU\..\RunOnce: [AutoLaunch] . (...) -- C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [AutoLaunch] . (...) -- C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [Del19283611] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\System32\cmd.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [AutoLaunch] . (...) -- C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [Del19283611] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\System32\cmd.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4080307448-181241973-1533720549-1000\..\RunOnce: [AutoLaunch] . (...) -- C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: Search - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} . (...) -- C:\Program Files\Minibar\icons\icon16.ico =>PUP.Minibar
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Chave orfã
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFFF406D-C981-4B82-92F4-43D0403490F8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpDomain = seduc.ce.gov.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{AFFF406D-C981-4B82-92F4-43D0403490F8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpDomain = seduc.ce.gov.br
O17 - HKLM\System\CS2\Services\Tcpip\..\{AFFF406D-C981-4B82-92F4-43D0403490F8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpDomain = seduc.ce.gov.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files\browse~1\23787~1.43\{16cdf~1\browse~1.dll (.not file.)
~ AppInit DLL: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: BitMeter Capture Service (BitMeterCaptureService) . (...) - C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe
O23 - Service: BitMeter Web Service (BitMeterWebService) . (...) - C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe
O23 - Service: (IBUpdaterService) . (.No owner - Installer.) - C:\Windows\System32\dmwu.exe =>Adware.InstallBrain
~ Services: 13 Legitimates Filtered in 00mn 06s
---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (lsdelete) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
[MD5.4EE862402A5ECEE9A6F291E08B79F2C7] [APT] [DealPlyUpdate] (.DealPly.) -- C:\Program Files\DealPly\DealPlyUpdate.exe [78024] =>PUP.DealPly
[MD5.00000000000000000000000000000000] [APT] [{7552CC8D-8394-48E0-9447-DD95320AD973}] (...) -- E:\Tiago Quick@ACERASPIREONE\#DOC\PROGRAMAS\DX9\DX9\DX9NT.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B2D4BED7-FD21-44B6-8D1E-DFE9F9674679}] (...) -- C:\Users\DANIEL\Desktop\Receitanet-1.03.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DA674A55-E958-4032-8C87-EE32BF80F738}] (...) -- C:\Users\DANIEL\Desktop\DANIEL\INTERNET FILES\Programas\VÖDEOS PLAYERS\CyberLink DVD Suite v5\CDS\PDVD\Setup.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) [492]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056]
~ Scheduled Task: 18 Legitimates Filtered in 00mn 05s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for RootKit Detection.) - C:\Windows\System32\DRIVERS\avipbb.sys
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (sp_rsdrv2) . (...) - C:\Windows\system32\drivers\sp_rsdrv2.sys
~ Drivers: 93 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: DealPly - (.DealPly Technologies Ltd.) [HKLM] -- DealPly =>PUP.DealPly
O42 - Logiciel: Files To Phones - (.PromoToMobile team.) [HKLM] -- Files To Phones
O42 - Logiciel: Hao123.com - (...) [HKLM] -- Hao123.com
O42 - Logiciel: IB Updater 2.0.0.110 - (.IncrediBar.) [HKLM] -- {336D0C35-8A85-403a-B9D2-65C292C39087}_is1 =>Adware.InstallBrain
O42 - Logiciel: IB Updater Service - (...) [HKLM] -- WNLT =>Adware.InstallBrain
O42 - Logiciel: IRPF2010 - Declaração de Ajuste Anual e Final de Espólio - (...) [HKLM] -- IRPF2010 - Declaração de Ajuste Anual e Final de Espólio
O42 - Logiciel: IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2011
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2012
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: PDFTiger - (...) [HKLM] -- PDFTiger_is1
O42 - Logiciel: PDFTigerDriver - (...) [HKLM] -- {AEM384L1-28E3-1232-1233-1JD74JDIEK32}_is1
O42 - Logiciel: PicaView - (...) [HKLM] -- PicaView
O42 - Logiciel: PowerBackup 2.5 - (...) [HKLM] -- {ADD5DB49-72CF-11D8-9D75-000129760D75}
O42 - Logiciel: PriceGong 2.6.2 - (.PriceGong.) [HKLM] -- PriceGong =>Adware.PriceGong
O42 - Logiciel: Update Manager for SweetPacks 1.0 - (.SweetIM Technologies Ltd..) [HKLM] -- {FB697452-8CA4-46B4-98B1-165C922A2EF3} =>PUP.SweetIM
O42 - Logiciel: Updater Service - (...) [HKLM] -- Updater Service =>Adware.IncrediBar
~ Logic: 32 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\Apex]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\BrowserMngr] =>PUP.Babylon
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\DealPly] =>PUP.DealPly
[HKCU\Software\FileScout] =>PUP.FileScout
[HKCU\Software\Hoolapp]
[HKCU\Software\IFCE/SENGE]
[HKCU\Software\IM]
[HKCU\Software\IncrediMail]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Minibar] =>PUP.Minibar
[HKCU\Software\SERPRO]
[HKCU\Software\WNLT] =>Adware.IncrediBar
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\a2df8ce73ae541] =>PUP.Babylon
[HKCU\Software\superdownloads.com.br]
[HKCU\Software\thyanté]
[HKLM\Software\360Safe] =>Trojan.Lozavita
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\BrowserMngr] =>PUP.Babylon
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\DVDRippper]
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\IB Updater] =>Adware.InstallBrain
[HKLM\Software\IncrediMail]
[HKLM\Software\Minibar] =>PUP.Minibar
[HKLM\Software\Programas RFB]
[HKLM\Software\PromoToMobile]
[HKLM\Software\a2df8ce73ae541] =>PUP.Babylon
~ Key Software: 361 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 07/02/2013 - 18:20:00 - [] ----D C:\Program Files\Apex
O43 - CFD: 23/02/2014 - 00:29:00 - [] ----D C:\Program Files\Baidu Security =>Adware.BDSearch
O43 - CFD: 25/04/2014 - 01:26:07 - [] ----D C:\Program Files\DealPly =>PUP.DealPly
O43 - CFD: 26/01/2013 - 23:35:30 - [] ----D C:\Program Files\File Scout =>PUP.FileScout
O43 - CFD: 08/11/2012 - 19:12:58 - [] ----D C:\Program Files\Hao123.com
O43 - CFD: 08/11/2012 - 19:12:28 - [] ----D C:\Program Files\IB Updater =>Adware.InstallBrain
O43 - CFD: 08/11/2012 - 19:12:54 - [] ----D C:\Program Files\Minibar =>PUP.Minibar
O43 - CFD: 23/01/2012 - 11:32:51 - [] ----D C:\Program Files\OxelonMedia
O43 - CFD: 22/10/2012 - 11:35:03 - [] ----D C:\Program Files\PDFTiger
O43 - CFD: 29/02/2012 - 21:05:48 - [] ----D C:\Program Files\PriceGong =>Adware.PriceGong
O43 - CFD: 06/03/2013 - 20:14:08 - [] ----D C:\Program Files\Programas RFB
O43 - CFD: 13/10/2011 - 14:15:52 - [] ----D C:\Program Files\PromoToMobile
O43 - CFD: 22/10/2012 - 11:38:44 - [] ----D C:\Program Files\qvPDF
O43 - CFD: 23/02/2014 - 00:32:27 - [] ----D C:\ProgramData\baidu =>Adware.BDSearch
O43 - CFD: 23/02/2014 - 00:32:42 - [] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 10/10/2012 - 21:32:56 - [] ----D C:\ProgramData\Browser Manager
O43 - CFD: 13/10/2011 - 14:16:02 - [] ----D C:\ProgramData\Files To Phones
O43 - CFD: 26/01/2013 - 23:35:32 - [] ----D C:\ProgramData\IBUpdaterService =>Adware.InstallBrain
O43 - CFD: 02/04/2011 - 01:18:24 - [] --H-D C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
O43 - CFD: 23/02/2014 - 00:33:00 - [] ----D C:\Users\DANIEL\AppData\Roaming\Baidu =>Adware.BDSearch
O43 - CFD: 23/02/2014 - 00:33:09 - [] ----D C:\Users\DANIEL\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 26/03/2013 - 23:20:50 - [] ----D C:\Users\DANIEL\AppData\Roaming\File Scout =>PUP.FileScout
O43 - CFD: 23/01/2012 - 11:48:34 - [] ----D C:\Users\DANIEL\AppData\Roaming\OxelonMC
O43 - CFD: 08/11/2012 - 19:12:57 - [] ----D C:\Users\DANIEL\AppData\Local\Minibar =>PUP.Minibar
O43 - CFD: 16/04/2011 - 12:07:44 - [] ----D C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2011
O43 - CFD: 18/04/2012 - 10:18:03 - [] ----D C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012
O43 - CFD: 06/03/2013 - 09:47:58 - [] ----D C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 27/03/2014 - 16:31:05 - [] ----D C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ 2 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 233 Legitimates Filtered in 00mn 02s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.7B80A0F6E1BE594D35DE8B200B70B6F7] - 18/04/2014 - 10:35:58 ---A- . (...) -- C:\Windows\System32\jupdate-1.7.0_55-b14.log [4118]
O44 - LFC:[MD5.0818297B71780D4CC34B8EC5CC07EF08] - 23/04/2014 - 01:18:28 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [128094]
O44 - LFC:[MD5.837A9D7C4126026734BFA35CAB448397] - 23/04/2014 - 01:18:28 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [663804]
O44 - LFC:[MD5.4D6C6E0505A8E5A0656DCB223497D37C] - 25/04/2014 - 05:04:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O44 - LFC:[MD5.70399604D001A7FC374B7930BD7694AD] - 25/04/2014 - 10:37:54 ---A- . (...) -- C:\TDSSKiller.2.8.16.0_25.04.2014_10.36.51_log.txt [135496]
O44 - LFC:[MD5.88D5A2DD2F77A7F4A5B03EC867A3B739] - 28/04/2014 - 16:48:32 ---A- . (...) -- C:\aaw7boot.log [443948]
~ Files: 28 Legitimates Filtered in 00mn 37s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"VIDC.XVID"="xvid.dll" . (...) -- C:\Windows\System32\xvid.dll
O52 - TDSD: \drivers.desc\"xvid.dll"="XviD MPEG-4 Video Codec" . (...) -- C:\Windows\System32\xvid.dll
~ TDSD: 27 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Hoolapp Android [Key] . (...) -- C:\Users\DANIEL\AppData\Roaming\HOOLAP~1\Hoolapp.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Sweetpacks Communicator [Key] . (...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
O53 - SMSR:HKLM\...\startupreg\Tim [Key] . (...) -- C:\Program Files\TI Software\TiMONITOR\lsass.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\DANIEL\Desktop\Daniel\INTERNET FILES\Programas\ACESSÓRIOS\utorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 27 Legitimates Filtered in 00mn 01s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [54912]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [23168]
O58 - SDL:25/04/2014 - 05:04:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O58 - SDL:25/04/2014 - 05:04:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944]
O58 - SDL:25/04/2014 - 05:04:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632]
O58 - SDL:02/04/2011 - 01:05:45 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\System32\Drivers\avgntflt.sys [56816]
O58 - SDL:13/02/2009 - 14:22:54 ---A- . (.Avira GmbH - Avira Driver for RootKit Detection.) -- C:\Windows\System32\Drivers\avipbb.sys [95576]
O58 - SDL:09/01/2014 - 08:42:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [47456]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:21/06/2011 - 11:24:06 ---A- . (...) -- C:\Windows\System32\Drivers\sp_rsdrv2.sys [32768]
O58 - SDL:13/02/2009 - 11:50:02 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\System32\Drivers\ssmdrv.sys [28376]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:20/03/2002 - 22:01:06 R--A- . (...) -- C:\Windows\System32\Digita.sys [6688]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 94 Legitimates Filtered in 00mn 10s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 31/05/2012 - C:\Windows\System32\drivers\360HookOem.sys (360HookOem) .(.360安全中心 - 360HookOem.) - LEGACY_360HOOKOEM
O64 - Services: CurCS - 25/04/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 01/04/2011 - C:\Windows\System32\drivers\BCM42RLY.sys (BCM42RLY) .(.Broadcom Corporation - Broadcom iLine10(tm) PCI Network Adapter Pr.) - LEGACY_BCM42RLY
O64 - Services: CurCS - 09/01/2014 - C:\Windows\System32\drivers\Bhbase.sys (Bhbase) .(.Baidu, Inc. - Baidu Antivirus Hook Base.) - LEGACY_BHBASE
~ Legacy: 99 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0BA52D6A-51F9-FAE9-F2B6-7083FE88FC34} - (Search the web (Babylon)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Funmoods) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Funmoods
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} [DefaultScope] - (MyStart Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IncrediBar
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
[MD5.CDA12F70283C1D0F08E5E729D8799A23] [SPRF][21/07/2011] (...) -- C:\Users\DANIEL\AppData\Roaming\ezpinst.exe [81920]
[MD5.B9B0ABB41ABA16E2562B261F5F9D9323] [SPRF][27/08/2009] (...) -- C:\Users\DANIEL\AppData\Roaming\init.dll [701]
[MD5.B9B0ABB41ABA16E2562B261F5F9D9323] [SPRF][26/11/2009] (...) -- C:\Users\DANIEL\AppData\Roaming\sound.dll [701]
[MD5.1BE2203AB50CAC237FDDF1BCAB819AE2] [SPRF][22/10/2012] (...) -- C:\Users\DANIEL\AppData\Roaming\SYSTEM32.dll [6]
~ Files: 6 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{2C31BFF9-895C-4C3B-BC5C-00A9741495FB}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Users\DANIEL\Saved Games\Downloads\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{576D71FE-AB4E-4A37-9CEE-CB2AE5FEA015}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Users\DANIEL\Saved Games\Downloads\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{B2715F25-9F85-4A73-BCFF-7DA060DE8DFC}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\DANIEL\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{6E3195AA-B887-4B98-8598-35AC43F6ABDD}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\DANIEL\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 02s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "254796BF4AC84B64891B61C529A2E23F" . (.Update Manager for SweetPacks 1.0.) -- C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}\ARPPRODUCTICON.exe =>PUP.SweetIM
~ Update Products: 1 Legitimates Filtered in 00mn 00s
---\\ Exportar as chaves do registo aleatórias (091)
[HKCU\Software\a2df8ce73ae541\history\{16cdff19-861d-48e3-a751-d99a27784753}2.2.643.41]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" =>PUP.Babylon
[HKCU\Software\a2df8ce73ae541\history\{16cdff19-861d-48e3-a751-d99a27784753}2.2.643.41]:version="2.2.643.41" =>PUP.Babylon
[HKCU\Software\a2df8ce73ae541] =>PUP.Babylon^
[HKCU\Software\a2df8ce73ae541]:GUID="{16cdff19-861d-48e3-a751-d99a27784753}" =>PUP.Babylon
[HKCU\Software\a2df8ce73ae541]:version="2.3.787.43" =>PUP.Babylon
[HKLM\Software\a2df8ce73ae541] =>PUP.Babylon^
[HKLM\Software\a2df8ce73ae541]:GUID="{16cdff19-861d-48e3-a751-d99a27784753}" =>PUP.Babylon
[HKLM\Software\a2df8ce73ae541]:version="2.3.787.43" =>PUP.Babylon
~ Export Key Software: Scanned in 00mn 00s
---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS: - {35B6525E-071A-4EA9-B3BD-F6A742572F08}
~ MNS: 3 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.85C5DEF2B079CA6E8CA7FCBD45793BEF] [WIS][29/02/2012] (.SweetIM Technologies Ltd. - Sweetpacks Communicator 1.0.) -- C:\Windows\Installer\da957.msi [2243584] =>PUP.SweetIM
[MD5.8797F3592E055284D113FEAA21B71ED3] [WIS][07/08/2012] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\e656f.msi [28160] =>Toolbar.Google
~ WIS: 2 Legitimates Filtered in 00mn 54s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32 =>PUP.Funmoods
HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS =>PUP.Funmoods
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_223E2B8E7BAD9544_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_223E2B8E7BAD9544_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 =>Adware.IncrediBar
HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS =>Adware.IncrediBar
HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32 =>Adware.IncrediBar
HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS =>Adware.IncrediBar
HKLM\SOFTWARE\Microsoft\Tracing\melondrea_0702-81cfb2ef_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\melondrea_0702-81cfb2ef_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\melondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\melondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\melondrea_Setup_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\melondrea_Setup_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASAPI32 =>PUP.Babylon
HKLM\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASMANCS =>PUP.Babylon
HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32 =>PUP.SweetIM
HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS =>PUP.SweetIM
HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32 =>PUP.SweetIM
HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS =>PUP.SweetIM
HKLM\SOFTWARE\Microsoft\Tracing\updatemelondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\updatemelondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\utilmelondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\utilmelondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 329 Legitimates Filtered in 00mn 00s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google
[HKCR\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}] (IB Updater) =>Adware.InstallBrain
[HKCR\CLSID\{60EACC1A-33FA-443D-9846-17B28E2C9BDB}] (Minibar) =>PUP.Minibar
[HKCR\CLSID\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}] (Smiley Bar for Facebook) =>Adware.SmileyBar
[HKCR\CLSID\{A0717E52-8AC8-4dd9-8682-0B76775125E6}] (DivX Settings Manager) =>PUP.SystemK
[HKCR\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] (DealPly) =>PUP.DealPly
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
[HKCR\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044}] (MinibarBHO) =>PUP.Minibar
[HKCR\CLSID\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}] (MinibarButton) =>PUP.Minibar
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] (Google Toolbar Notifier BHO) =>Toolbar.Google
[HKCR\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}] (PriceGongCtrl Class) =>Adware.PriceGong
~ BCK: 7184 Legitimates Filtered in 00mn 11s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 25/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 07/08/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 07/08/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 20/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 26/01/2013 671648 | (IBUpdaterService) . (...) - C:\Windows\System32\dmwu.exe =>Adware.InstallBrain
SS - | Demand 16/05/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 10/10/2013 120088 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 25/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 19/11/2011 85435 | (BitMeterCaptureService) . (...) - C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe
SR - | Auto 19/11/2011 141466 | (BitMeterWebService) . (...) - C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe
SR - | Auto 20/04/2010 615712 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Demand 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Users\DANIEL\AppData\Local\Temp\7zS08CA\hpslpsvc32.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 22/08/2011 1036104 | (Lavasoft Ad-Aware Service) . (.Lavasoft.) - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/08/2005 167936 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
SR - | Auto 28/03/2012 482992 | (ST2012_Svc) . (.Crawler.com.) - C:\Program Files\Spyware Terminator\st_rsser.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 01/04/2011 40960 | (wltrysvc) . (.Broadcom Corporation.) - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 13s
---\\ Scâner Aditional (088)
Database Version : 13045 - (28/04/2014)
Clés trouvées (Keys found) : 142
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 25
Fichiers trouvés (Files found) : 25
[HKLM\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh] =>PUP.Funmoods^
[HKLM\Software\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok] =>Adware.PriceGong^
[HKLM\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj] =>PUP.Funmoods^
[HKLM\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd] =>Adware.InstallBrain^
[HKLM\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje] =>PUP.DealPly^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.InstallBrain^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}] =>Adware.SmileyBar^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =>PUP.DealPly^
[HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService] =>Adware.InstallBrain^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly] =>PUP.DealPly^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1] =>Adware.InstallBrain^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WNLT] =>Adware.InstallBrain^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong] =>Adware.PriceGong^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service] =>Adware.IncrediBar^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Sweetpacks Communicator] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
[HKLM\Software\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}] =>PUP.Funmoods
[HKLM\Software\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}] =>PUP.BearShare
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong
[HKLM\Software\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong
[HKLM\Software\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}] =>Toolbar.Expresso
[HKLM\Software\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}] =>PUP.Minibar
[HKLM\Software\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}] =>PUP.BearShare
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}] =>PUP.BearShare
[HKLM\Software\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}] =>PUP.BearShare
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{539F76FD-084E-4858-86D5-62F02F54AE86}] =>PUP.Minibar
[HKLM\Software\Classes\CLSID\{539F76FD-084E-4858-86D5-62F02F54AE86}] =>PUP.Minibar
[HKLM\Software\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent
[HKLM\Software\Classes\CLSID\{6BC38BF4-E84D-46E1-920B-42D31AEA617E}] =>Toolbar.Agent
[HKLM\Software\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}] =>PUP.iMesh
[HKLM\Software\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}] =>Adware.PriceGong
[HKLM\Software\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}] =>PUP.iMesh
[HKLM\Software\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}] =>Adware.PriceGong
[HKLM\Software\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}] =>PUP.Funmoods
[HKLM\Software\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}] =>Toolbar.Expresso
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =>PUP.DealPly
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =>PUP.DealPly
[HKLM\Software\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =>PUP.DealPly
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>PUP.Minibar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>PUP.Minibar
[HKLM\Software\Classes\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>PUP.Minibar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>PUP.Minibar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}] =>PUP.Minibar
[HKLM\Software\Classes\CLSID\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}] =>PUP.Minibar
[HKLM\Software\Microsoft\Internet Explorer\extensions\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}] =>PUP.Minibar
[HKLM\Software\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}] =>Adware.PriceGong
[HKLM\Software\Classes\TypeLib\{F13D3582-1359-4F8F-9A48-EF3AE9F5701C}] =>PUP.Minibar
[HKLM\Software\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}] =>PUP.iMesh
[HKLM\Software\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}] =>PUP.iMesh
[HKLM\Software\Classes\AppID\NCTAudioCompress3.DLL] =>PUP.BearShare
[HKLM\Software\Classes\AppID\NCTAudioFormatSettings3.DLL] =>PUP.BearShare
[HKLM\Software\Classes\AppID\PriceGongIE.DLL] =>Adware.PriceGong
[HKLM\Software\Classes\esrv.funmoodsESrvc] =>PUP.Funmoods
[HKLM\Software\Classes\esrv.funmoodsESrvc.1] =>PUP.Funmoods
[HKLM\Software\Classes\Extension.ExtensionHelperObject] =>Toolbar.Expresso
[HKLM\Software\Classes\Extension.ExtensionHelperObject.1] =>Toolbar.Expresso
[HKLM\Software\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}] =>Adware.Adkubru
[HKLM\Software\Classes\PriceFactorIE.PriceGongBHO] =>Adware.PriceGong
[HKLM\Software\Classes\PriceFactorIE.PriceGongBHO.1] =>Adware.PriceGong
[HKLM\Software\Classes\PriceGongIE.PriceGongCtrl] =>Adware.PriceGong
[HKLM\Software\Classes\PriceGongIE.PriceGongCtrl.1] =>Adware.PriceGong
[HKLM\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph] =>Hijacker.Eazel
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\BrowserMngr] =>PUP.Babylon
[HKLM\Software\BrowserMngr] =>PUP.Babylon
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\Minibar] =>PUP.Minibar
[HKLM\Software\Minibar] =>PUP.Minibar
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\WNLT] =>Adware.IncrediBar
[HKLM\Software\WNLT] =>Adware.IncrediBar
[HKCU\Software\DealPly] =>PUP.DealPly
[HKLM\Software\DealPly] =>PUP.DealPly
[HKLM\Software\Microsoft\Tracing\incredibar_installer_RASAPI32] =>Adware.IncrediBar
[HKLM\Software\Microsoft\Tracing\incredibar_installer_RASMANCS] =>Adware.IncrediBar
[HKLM\Software\Microsoft\Tracing\IncredibarToolbar_RASAPI32] =>Adware.IncrediBar
[HKLM\Software\Microsoft\Tracing\IncredibarToolbar_RASMANCS] =>Adware.IncrediBar
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F] =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\254796BF4AC84B64891B61C529A2E23F] =>PUP.SweetIM
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smiley Bar for Facebook] =>Adware.SmileyBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}] =>Adware.SmileyBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}] =>Adware.SmileyBar
[HKLM\Software\Classes\CLSID\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}] =>Adware.SmileyBar
[HKLM\Software\Classes\ScriptHost.Tool.1] =>Toolbar.Agent
[HKLM\Software\Classes\ScriptHost.Tool] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\AddonsFramework.DLL] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\ButtonSite.DLL] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\PropertySync.EXE] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\ScriptHost.DLL] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}] =>Toolbar.Freecorder
[HKLM\Software\360Safe] =>Trojan.Lozavita
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
[HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh =>PUP.Funmoods^
C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok =>Adware.PriceGong^
C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj =>PUP.Funmoods^
C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd =>Adware.InstallBrain^
C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje =>PUP.DealPly^
C:\Program Files\Baidu Security =>Adware.BDSearch^
C:\Program Files\DealPly =>PUP.DealPly^
C:\Program Files\File Scout =>PUP.FileScout^
C:\Program Files\IB Updater =>Adware.InstallBrain^
C:\Program Files\Minibar =>PUP.Minibar^
C:\Program Files\PriceGong =>Adware.PriceGong^
C:\ProgramData\baidu =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\ProgramData\IBUpdaterService =>Adware.InstallBrain^
C:\Users\DANIEL\AppData\Roaming\Baidu =>Adware.BDSearch^
C:\Users\DANIEL\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\Users\DANIEL\AppData\Roaming\File Scout =>PUP.FileScout^
C:\Users\DANIEL\AppData\Local\Minibar =>PUP.Minibar^
C:\Program Files\Smiley Bar for Facebook =>Adware.SmileyBar
C:\ProgramData\Browser Manager =>PUP.Babylon
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly =>PUP.DealPly
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong =>Adware.PriceGong
C:\Users\DANIEL\AppData\LocalLow\Minibar =>PUP.Minibar
C:\Users\DANIEL\AppData\LocalLow\PriceGong =>Adware.PriceGong
C:\Users\DANIEL\AppData\LocalLow\SweetIM =>PUP.SweetIM
C:\Program Files\DealPly\DealPlyUpdate.exe =>PUP.DealPly^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr^
[HKCU\Software\FileScout] =>PUP.FileScout^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\IB Updater] =>Adware.InstallBrain^
[HKCU\Software\a2df8ce73ae541\history\{16cdff19-861d-48e3-a751-d99a27784753}2.2.643.41]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" =>PUP.Babylon^
[HKCU\Software\a2df8ce73ae541] =>PUP.Babylon^^
[HKLM\Software\a2df8ce73ae541] =>PUP.Babylon^^
C:\Windows\Installer\da957.msi =>PUP.SweetIM^
C:\Windows\Installer\e656f.msi =>Toolbar.Google^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^
[HKCR\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}] (IB Updater) =>Adware.InstallBrain^
[HKCR\CLSID\{60EACC1A-33FA-443D-9846-17B28E2C9BDB}] (Minibar) =>PUP.Minibar^
[HKCR\CLSID\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}] (Smiley Bar for Facebook) =>Adware.SmileyBar^
[HKCR\CLSID\{A0717E52-8AC8-4dd9-8682-0B76775125E6}] (DivX Settings Manager) =>PUP.SystemK^
[HKCR\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] (DealPly) =>PUP.DealPly^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
[HKCR\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044}] (MinibarBHO) =>PUP.Minibar^
[HKCR\CLSID\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}] (MinibarButton) =>PUP.Minibar^
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] (Google Toolbar Notifier BHO) =>Toolbar.Google^
[HKCR\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}] (PriceGongCtrl Class) =>Adware.PriceGong^
~ Additionnel Scan: 247611 Items scanned in 00mn 44s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Funmoods
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.PriceGong
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.InstallBrain
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.DealPly
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.SmileyBar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Minibar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SweetIM
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IncrediBar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.1ClickDownloader
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Datamngr
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.FileScout
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.InstallCore
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.MegaSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Melondrea
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SystemK
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.BearShare
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.iMesh
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Eazel
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Bandoo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.BProtector
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BrowseFox
~ MSI: 25 link(s) detected in 00mn 00s
~ 1010 Legitimates filtered by white list
End of the scan (879 lines in 05mn 52s)(0)
dan_asa- Iniciante
- Mensagens : 34
Reputação : 1
Data de inscrição : 27/04/2014
Re: Escanemento com antivírus.
por Power Max Seg 28 Abr 2014, 19:37
Seu PC está com vários adwares.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
dan_asa- Iniciante
- Mensagens : 34
Reputação : 1
Data de inscrição : 27/04/2014
Re: Escanemento com antivírus.
por Power Max Seg 28 Abr 2014, 19:54
dan_asa escreveu:Ok. Vou fazer isso.
Fico no aguardo.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Relatório do Adwcleaner:
por dan_asa Sex 02 maio 2014, 17:56
# AdwCleaner v3.205 - Relatório criado 02/05/2014 às 17:47:30
# Atualizado 28/04/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic (32 bits)
# Usuário : DANIEL - DANIEL-PC
# Executando de : C:\Users\DANIEL\Desktop\Daniel\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
[#] Serviço Deletada : Browser Manager
[#] Serviço Deletada : IBUpdaterService
Serviço Deletada : IePluginService
Serviço Deletada : Wpm
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Program Files\DealPly
Pasta Deletada : C:\Program Files\file scout
Pasta Deletada : C:\Program Files\IB Updater
Pasta Deletada : C:\Program Files\Minibar
Pasta Deletada : C:\Program Files\PriceGong
Pasta Deletada : C:\Program Files\Smiley Bar for Facebook
Pasta Deletada : C:\Program Files\SupTab
Pasta Deletada : C:\Windows\system32\ARFC
Pasta Deletada : C:\Windows\system32\WNLT
Pasta Deletada : C:\Users\DANIEL\AppData\Local\Minibar
Pasta Deletada : C:\Users\DANIEL\AppData\Local\PackageAware
Pasta Deletada : C:\Users\DANIEL\AppData\LocalLow\Minibar
Pasta Deletada : C:\Users\DANIEL\AppData\LocalLow\PriceGong
Pasta Deletada : C:\Users\DANIEL\AppData\LocalLow\SweetIM
Pasta Deletada : C:\Users\DANIEL\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Pasta Deletada : C:\Users\DANIEL\AppData\Roaming\baidu
Pasta Deletada : C:\Users\DANIEL\AppData\Roaming\DigitalSites
Pasta Deletada : C:\Users\DANIEL\AppData\Roaming\file scout
Pasta Deletada : C:\Users\DANIEL\AppData\Roaming\HoolappforAndroid
Pasta Deletada : C:\Users\DANIEL\AppData\Roaming\PerformerSoft
Pasta Deletada : C:\Users\DANIEL\AppData\Roaming\StatusWinks
Pasta Deletada : C:\Users\DANIEL\AppData\Roaming\SupTab
Pasta Deletada : C:\Users\DANIEL\AppData\Roaming\sweet-page
Pasta Deletada : C:\Users\DANIEL\AppData\Roaming\Uniblue
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Pasta Deletada : C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Pasta Deletada : C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Pasta Deletada : C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Pasta Deletada : C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Pasta Deletada : C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgojaaaiddhmiiakpejiklijbalpckih
Arquivo Deletada : C:\Windows\system32\dmwu.exe
Arquivo Deletada : C:\Windows\system32\ImhxxpComm.dll
Arquivo Deletada : C:\Windows\system32\roboot.exe
Arquivo Deletada : C:\Users\DANIEL\AppData\Local\funmoods.crx
Arquivo Deletada : C:\Users\DANIEL\AppData\Local\funmoods-speeddial_sf.crx
Arquivo Deletada : C:\Program Files\Mozilla Firefox\user.js
Arquivo Deletada : C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Arquivo Deletada : C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
Arquivo Deletada : C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
Arquivo Deletada : C:\Windows\System32\Tasks\Browser Manager
Arquivo Deletada : C:\Windows\System32\Tasks\DealPlyUpdate
***** [ Atalhos ] *****
***** [ Registro ] *****
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [{B64982B1-D112-42B5-B1E4-D3867C4533F8}]
Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [statuswinks@StatusWinks]
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [statuswinks@StatusWinks]
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\hgojaaaiddhmiiakpejiklijbalpckih
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12D4448E-3FFB-4C18-9827-8DF1C0153044}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12D4448E-3FFB-4C18-9827-8DF1C0153044}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D29F232-5F31-4A55-98D6-6A4964AEDFE9}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D29F232-5F31-4A55-98D6-6A4964AEDFE9}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chave Deletedo : HKLM\SOFTWARE\Classes\*\shell\filescout
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Chave Deletedo : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Facebook.ScriptHostObject
Chave Deletedo : HKLM\SOFTWARE\Classes\Facebook.ScriptHostObject.1
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Chave Deletedo : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Chave Deletedo : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetPacks Communicator
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKCU\Software\a2df8ce73ae541
Chave Deletedo : HKLM\SOFTWARE\a2df8ce73ae541
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{539F76FD-084E-4858-86D5-62F02F54AE86}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{60EACC1A-33FA-443D-9846-17B28E2C9BDB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{F13D3582-1359-4F8F-9A48-EF3AE9F5701C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{539F76FD-084E-4858-86D5-62F02F54AE86}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{539F76FD-084E-4858-86D5-62F02F54AE86}]
Chave Deletedo : HKCU\Software\1ClickDownload
Chave Deletedo : HKCU\Software\BrowserMngr
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\DataMngr
[#] Chave Deletedo : HKCU\Software\DataMngr_Toolbar
Chave Deletedo : HKCU\Software\DealPly
Chave Deletedo : HKCU\Software\dsiteproducts
Chave Deletedo : HKCU\Software\filescout
Chave Deletedo : HKCU\Software\IM
Chave Deletedo : HKCU\Software\ImInstaller
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\Minibar
Chave Deletedo : HKCU\Software\performersoft llc
Chave Deletedo : HKCU\Software\wnlt
Chave Deletedo : HKCU\Software\YahooPartnerToolbar
Chave Deletedo : HKCU\Software\AppDataLow\Software\PriceGong
Chave Deletedo : HKLM\Software\BrowserMngr
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\DataMngr
Chave Deletedo : HKLM\Software\DealPly
Chave Deletedo : HKLM\Software\IB Updater
Chave Deletedo : HKLM\Software\Minibar
Chave Deletedo : HKLM\Software\supTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\sweet-pageSoftware
Chave Deletedo : HKLM\Software\Uniblue
Chave Deletedo : HKLM\Software\wnlt
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smiley Bar for Facebook
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\browse~1\23787~1.43\{16cdf~1\browse~1.dll
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\254796BF4AC84B64891B61C529A2E23F
Chave Deletedo : HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F
Chave Deletedo : HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F
***** [ Navegadores ] *****
-\\ Internet Explorer v8.0.7600.16722
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
-\\ Google Chrome v34.0.1847.131
[ Arquivo : C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Homepage] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : bbjciahceamgodcoidkjpchnokgfpphh
Deletedo [Extension] : bkomkajifikmkfnjgphkjcfeepbnojok
Deletedo [Extension] : cjpglkicenollcignonpgiafdgfeehoj
Deletedo [Extension] : dlnembnfbcpjnepmfjmngjenhhajpdfd
Deletedo [Extension] : gaiilaahiahdejapggenmdmafpmbipje
Deletedo [Extension] : hgojaaaiddhmiiakpejiklijbalpckih
*************************
AdwCleaner[R0].txt - [25527 octets] - [02/05/2014 17:42:01]
AdwCleaner[S0].txt - [24043 octets] - [02/05/2014 17:47:30]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [24104 octets] ##########
# Atualizado 28/04/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic (32 bits)
# Usuário : DANIEL - DANIEL-PC
# Executando de : C:\Users\DANIEL\Desktop\Daniel\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
[#] Serviço Deletada : Browser Manager
[#] Serviço Deletada : IBUpdaterService
Serviço Deletada : IePluginService
Serviço Deletada : Wpm
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Program Files\DealPly
Pasta Deletada : C:\Program Files\file scout
Pasta Deletada : C:\Program Files\IB Updater
Pasta Deletada : C:\Program Files\Minibar
Pasta Deletada : C:\Program Files\PriceGong
Pasta Deletada : C:\Program Files\Smiley Bar for Facebook
Pasta Deletada : C:\Program Files\SupTab
Pasta Deletada : C:\Windows\system32\ARFC
Pasta Deletada : C:\Windows\system32\WNLT
Pasta Deletada : C:\Users\DANIEL\AppData\Local\Minibar
Pasta Deletada : C:\Users\DANIEL\AppData\Local\PackageAware
Pasta Deletada : C:\Users\DANIEL\AppData\LocalLow\Minibar
Pasta Deletada : C:\Users\DANIEL\AppData\LocalLow\PriceGong
Pasta Deletada : C:\Users\DANIEL\AppData\LocalLow\SweetIM
Pasta Deletada : C:\Users\DANIEL\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Pasta Deletada : C:\Users\DANIEL\AppData\Roaming\baidu
Pasta Deletada : C:\Users\DANIEL\AppData\Roaming\DigitalSites
Pasta Deletada : C:\Users\DANIEL\AppData\Roaming\file scout
Pasta Deletada : C:\Users\DANIEL\AppData\Roaming\HoolappforAndroid
Pasta Deletada : C:\Users\DANIEL\AppData\Roaming\PerformerSoft
Pasta Deletada : C:\Users\DANIEL\AppData\Roaming\StatusWinks
Pasta Deletada : C:\Users\DANIEL\AppData\Roaming\SupTab
Pasta Deletada : C:\Users\DANIEL\AppData\Roaming\sweet-page
Pasta Deletada : C:\Users\DANIEL\AppData\Roaming\Uniblue
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Pasta Deletada : C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Pasta Deletada : C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Pasta Deletada : C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Pasta Deletada : C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Pasta Deletada : C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgojaaaiddhmiiakpejiklijbalpckih
Arquivo Deletada : C:\Windows\system32\dmwu.exe
Arquivo Deletada : C:\Windows\system32\ImhxxpComm.dll
Arquivo Deletada : C:\Windows\system32\roboot.exe
Arquivo Deletada : C:\Users\DANIEL\AppData\Local\funmoods.crx
Arquivo Deletada : C:\Users\DANIEL\AppData\Local\funmoods-speeddial_sf.crx
Arquivo Deletada : C:\Program Files\Mozilla Firefox\user.js
Arquivo Deletada : C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Arquivo Deletada : C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
Arquivo Deletada : C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
Arquivo Deletada : C:\Windows\System32\Tasks\Browser Manager
Arquivo Deletada : C:\Windows\System32\Tasks\DealPlyUpdate
***** [ Atalhos ] *****
***** [ Registro ] *****
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [{B64982B1-D112-42B5-B1E4-D3867C4533F8}]
Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [statuswinks@StatusWinks]
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [statuswinks@StatusWinks]
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\hgojaaaiddhmiiakpejiklijbalpckih
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12D4448E-3FFB-4C18-9827-8DF1C0153044}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12D4448E-3FFB-4C18-9827-8DF1C0153044}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D29F232-5F31-4A55-98D6-6A4964AEDFE9}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D29F232-5F31-4A55-98D6-6A4964AEDFE9}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chave Deletedo : HKLM\SOFTWARE\Classes\*\shell\filescout
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Chave Deletedo : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Facebook.ScriptHostObject
Chave Deletedo : HKLM\SOFTWARE\Classes\Facebook.ScriptHostObject.1
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Chave Deletedo : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Chave Deletedo : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetPacks Communicator
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKCU\Software\a2df8ce73ae541
Chave Deletedo : HKLM\SOFTWARE\a2df8ce73ae541
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{539F76FD-084E-4858-86D5-62F02F54AE86}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{60EACC1A-33FA-443D-9846-17B28E2C9BDB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{F13D3582-1359-4F8F-9A48-EF3AE9F5701C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{539F76FD-084E-4858-86D5-62F02F54AE86}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{539F76FD-084E-4858-86D5-62F02F54AE86}]
Chave Deletedo : HKCU\Software\1ClickDownload
Chave Deletedo : HKCU\Software\BrowserMngr
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\DataMngr
[#] Chave Deletedo : HKCU\Software\DataMngr_Toolbar
Chave Deletedo : HKCU\Software\DealPly
Chave Deletedo : HKCU\Software\dsiteproducts
Chave Deletedo : HKCU\Software\filescout
Chave Deletedo : HKCU\Software\IM
Chave Deletedo : HKCU\Software\ImInstaller
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\Minibar
Chave Deletedo : HKCU\Software\performersoft llc
Chave Deletedo : HKCU\Software\wnlt
Chave Deletedo : HKCU\Software\YahooPartnerToolbar
Chave Deletedo : HKCU\Software\AppDataLow\Software\PriceGong
Chave Deletedo : HKLM\Software\BrowserMngr
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\DataMngr
Chave Deletedo : HKLM\Software\DealPly
Chave Deletedo : HKLM\Software\IB Updater
Chave Deletedo : HKLM\Software\Minibar
Chave Deletedo : HKLM\Software\supTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\sweet-pageSoftware
Chave Deletedo : HKLM\Software\Uniblue
Chave Deletedo : HKLM\Software\wnlt
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smiley Bar for Facebook
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\browse~1\23787~1.43\{16cdf~1\browse~1.dll
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\254796BF4AC84B64891B61C529A2E23F
Chave Deletedo : HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F
Chave Deletedo : HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F
***** [ Navegadores ] *****
-\\ Internet Explorer v8.0.7600.16722
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
-\\ Google Chrome v34.0.1847.131
[ Arquivo : C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Homepage] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : bbjciahceamgodcoidkjpchnokgfpphh
Deletedo [Extension] : bkomkajifikmkfnjgphkjcfeepbnojok
Deletedo [Extension] : cjpglkicenollcignonpgiafdgfeehoj
Deletedo [Extension] : dlnembnfbcpjnepmfjmngjenhhajpdfd
Deletedo [Extension] : gaiilaahiahdejapggenmdmafpmbipje
Deletedo [Extension] : hgojaaaiddhmiiakpejiklijbalpckih
*************************
AdwCleaner[R0].txt - [25527 octets] - [02/05/2014 17:42:01]
AdwCleaner[S0].txt - [24043 octets] - [02/05/2014 17:47:30]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [24104 octets] ##########
dan_asa- Iniciante
- Mensagens : 34
Reputação : 1
Data de inscrição : 27/04/2014
Re: Escanemento com antivírus.
por Power Max Sex 02 maio 2014, 18:09
Faça o download do Malwarebytes em um destes links abaixo:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Na sua próxima resposta poste este log (relatório) do Malwarebytes.
Ficamos no aguardo.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Aconteceu de novo!
por dan_asa Sex 02 maio 2014, 19:01
Eu tinha me referido para um problema o escaneamento com antivirus não terminava, pois bem, quando escaneei com esse último programa recomendado (Malwarebytes) aconteceu de novo e o PC reiniciou sozinho. Outra coisa, uma mensagem como esta: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] fica aparecendo, ela informa que o Windows encontrou um problema no disco rígido. O que devo fazer?
dan_asa- Iniciante
- Mensagens : 34
Reputação : 1
Data de inscrição : 27/04/2014
Re: Escanemento com antivírus.
por Power Max Sex 02 maio 2014, 19:09
* Inicie o PC em Modo Seguro com rede (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver iniciando e escolhendo a opção Modo Seguro com rede. Quando o PC estiver no modo seguro com rede faça a limpeza com o Malwarebytes seguindo aquele tutorial que te passei e depois poste o relatório dele.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Escanemento com antivírus.
por dan_asa Sex 02 maio 2014, 19:11
Power Max escreveu:* Inicie o PC em Modo Seguro com rede (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver iniciando e escolhendo a opção Modo Seguro com rede. Quando o PC estiver no modo seguro com rede faça a limpeza com o Malwarebytes seguindo aquele tutorial que te passei e depois poste o relatório dele.
Ok. Vou fazer isso, mais uma vez obrigado!
dan_asa- Iniciante
- Mensagens : 34
Reputação : 1
Data de inscrição : 27/04/2014
Sobre a mensagem.
por dan_asa Sáb 03 maio 2014, 07:44
Vc não citou sobre a mensagem que eu mensionei em relação ao HD. Ela á autêntica ou é consequência dos vírus? Se ela é autêntica preciso trocar o meu HD?
obs: Estou tentando fazer a varredura com o Malwarebytes pelo o modo seguro, mas o programa fechou sozinho antes de terminá-la. Tou tentando novamente.
obs: Estou tentando fazer a varredura com o Malwarebytes pelo o modo seguro, mas o programa fechou sozinho antes de terminá-la. Tou tentando novamente.
dan_asa- Iniciante
- Mensagens : 34
Reputação : 1
Data de inscrição : 27/04/2014
Re: Escanemento com antivírus.
por dan_asa Sáb 03 maio 2014, 07:52
dan_asa escreveu:Vc não citou sobre a mensagem que eu mensionei em relação ao HD. Ela á autêntica ou é consequência dos vírus? Se ela é autêntica preciso trocar o meu HD?
obs: Estou tentando fazer a varredura com o Malwarebytes pelo o modo seguro, mas o programa fechou sozinho antes de terminá-la. Tou tentando novamente.
Tentei abrir novamente o Malwarebytes para tentar escanear novamente já que na primeira não deu certo, tudo isso no modo seguro, e aconteceu a mesma coisa: PC parou, informou que o Windows encontrou um problema e reiniciu.
dan_asa- Iniciante
- Mensagens : 34
Reputação : 1
Data de inscrição : 27/04/2014
Re: Escanemento com antivírus.
por Power Max Sáb 03 maio 2014, 09:04
A imagem que você postou é muito pequena, não tive como ler nada do que é escrito nela. Se você puder postar uma imagem em tamanho maior facilitará a visualização.Vc não citou sobre a mensagem que eu mensionei em relação ao HD. Ela á autêntica ou é consequência dos vírus?
__________________________________________________________
Abra novamente o ( ZHPDiag )[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Escanemento com antivírus.
por dan_asa Dom 04 maio 2014, 10:21
Power Max escreveu:A imagem que você postou é muito pequena, não tive como ler nada do que é escrito nela. Se você puder postar uma imagem em tamanho maior facilitará a visualização.Vc não citou sobre a mensagem que eu mensionei em relação ao HD. Ela á autêntica ou é consequência dos vírus?
__________________________________________________________
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Ok. Vou fazer isso. Sobre a mensagem ela diz: "O Windows detectou um problema no disco rígido". obs: Eu não sei postar uma imagem maior, vou tentar aqui.
dan_asa- Iniciante
- Mensagens : 34
Reputação : 1
Data de inscrição : 27/04/2014
Re: Escanemento com antivírus.
por Power Max Dom 04 maio 2014, 10:24
Vamos continuar com a limpeza dos malwares, talvez isto ajude também na solução desta questão do erro que você citou também. Fico na espera do log do ZHPDiag.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Mensagem do Windows.
por dan_asa Dom 04 maio 2014, 10:25
[img][Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem][/img]
Última edição por dan_asa em Dom 04 maio 2014, 10:34, editado 1 vez(es)
dan_asa- Iniciante
- Mensagens : 34
Reputação : 1
Data de inscrição : 27/04/2014
Re: Escanemento com antivírus.
por Power Max Dom 04 maio 2014, 10:33
a imagem não apareceu. Falta também você postar o log que pedi.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Relatória ZHPdiag:
por dan_asa Dom 04 maio 2014, 10:36
~ Relatório do ZHPDiag v2014.4.28.48 - Nicolas Coolman (28/04/2014)
~ Iniciado por DANIEL (04/05/2014 10:22:35)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.7600.16385
GCIE: Google Chrome v34.0.1847.131 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 32-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Malwarebytes Anti-Malware versão 2.0.1.1004
Ad-Aware v8.0.0
Spybot - Search & Destroy v1.6.2
Spyware Terminator 2012 v3.0.0.69
SUPERAntiSpyware v5.7.1018
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.13
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 ActiveX
Adobe Reader X
Java 7 Update 55
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1978 MB (49% free)
System Restore: Activé (Enable)
System drive C: has 139 GB (46%) free of 298 GB
---\\ Modo de conexão ao sistema
~ Computer Name: DANIEL-PC
~ User Name: DANIEL
~ All Users Names: HomeGroupUser$, DANIEL, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\DANIEL\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\DANIEL\AppData\Roaming\
~ %Desktop% : C:\Users\DANIEL\Desktop\
~ %Favorites% : C:\Users\DANIEL\Favorites\
~ %LocalAppData% : C:\Users\DANIEL\AppData\Local\
~ %StartMenu% : C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 139 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 37 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.2626FC9755BE22F805D3CFA0CE3EE727] - (.Microsoft Corporation - Windows Explorer.) (.31/10/2009 - 02:45:39.) -- C:\Windows\Explorer.exe [2614272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.78B9ADA2BC8946AF7B17678E0D07A773] - (.Microsoft Corporation - Internet Extensions para Win32.) (.21/12/2010 - 02:38:22.) -- C:\Windows\System32\wininet.dll [981504]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 20:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 20:14:17.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.F1B6AA08497EA86CA6EF6F7A08B0BFB8] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/02/2010 - 04:32:05.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.13/07/2009 - 22:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes: Scanned in 00mn 01s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/14
~ Mes Videos (My Videos) : 1/4
~ Mes Favoris (My Favorites) : 1/64
~ Mes Documents (My Documents) : 2/63
~ Mon Bureau (My Desktop) : 2/30492
~ Menu demarrer (Programs) : 1/58
~ Hidden Files: Scanned in 00mn 50s
---\\ Processos lançados
[MD5.0FACC053BAFF107027CBD1F48885FD4A] - (.Microsoft Corporation - Resolvedor do Usuário de Diagnóstico de Dis.) -- C:\Windows\system32\DFDWiz.exe [68608] [PID.1668]
[MD5.8E67B6FAD3C2696FF8507A2A24F83286] - (.Crawler.com - Spyware Terminator 2012 Realtime Shield Ser.) -- C:\Program Files\Spyware Terminator\st_rsser.exe [482992] [PID.2500]
[MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704] [PID.3580]
[MD5.CE5C9977DA751DDC30952AC4DCBCA788] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.3660]
[MD5.B895C862BC32F6D65892D7C7FF5B3F78] - (.Lavasoft - Ad-Aware Tray Application.) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [528832] [PID.3716]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [841032] [PID.4092]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.2932]
[MD5.7BF214603213C9452BF19B779CE621A8] - (.ACD Systems, Ltd. - ACDSee.) -- C:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe [2760704] [PID.1336]
[MD5.3BEA438A5CF492215B9845AB5AD3608A] - (.ACD Systems Ltd. - IDBSvr.) -- C:\Program Files\Common Files\ACD Systems\IDBSvr.exe [229376] [PID.2856]
[MD5.1780A53FCE5975B94604775CD9460F22] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7865344] [PID.152]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 13 Legitimates Filtered in 01mn 36s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.11:8080
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [NWEReboot] Chave orfã
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKCU\..\RunOnce: [AutoLaunch] . (...) -- C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [AutoLaunch] . (...) -- C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [Del19283611] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\System32\cmd.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [AutoLaunch] . (...) -- C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [Del19283611] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\System32\cmd.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4080307448-181241973-1533720549-1000\..\RunOnce: [AutoLaunch] . (...) -- C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} . (...) -- C:\Program Files\Hewlett-Packard\Smart Print\SmartPrint.ico
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
O9 - Extra button: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Chave orfã
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFFF406D-C981-4B82-92F4-43D0403490F8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpDomain = seduc.ce.gov.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{AFFF406D-C981-4B82-92F4-43D0403490F8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpDomain = seduc.ce.gov.br
O17 - HKLM\System\CS2\Services\Tcpip\..\{AFFF406D-C981-4B82-92F4-43D0403490F8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpDomain = seduc.ce.gov.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: BitMeter Capture Service (BitMeterCaptureService) . (...) - C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe
O23 - Service: BitMeter Web Service (BitMeterWebService) . (...) - C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe
~ Services: 12 Legitimates Filtered in 00mn 05s
---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (lsdelete) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{286D0232-FEE1-4453-BA48-A13C6C272462}] (...) -- C:\Users\DANIEL\AppData\Roaming\sweet-page\UninstallManager.exe (.not file.) [0] =>PUP.SweetPage
[MD5.00000000000000000000000000000000] [APT] [{7552CC8D-8394-48E0-9447-DD95320AD973}] (...) -- E:\Tiago Quick@ACERASPIREONE\#DOC\PROGRAMAS\DX9\DX9\DX9NT.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B2D4BED7-FD21-44B6-8D1E-DFE9F9674679}] (...) -- C:\Users\DANIEL\Desktop\Receitanet-1.03.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DA674A55-E958-4032-8C87-EE32BF80F738}] (...) -- C:\Users\DANIEL\Desktop\DANIEL\INTERNET FILES\Programas\VÖDEOS PLAYERS\CyberLink DVD Suite v5\CDS\PDVD\Setup.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) [492]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056]
~ Scheduled Task: 20 Legitimates Filtered in 00mn 05s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for RootKit Detection.) - C:\Windows\System32\DRIVERS\avipbb.sys
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (sp_rsdrv2) . (...) - C:\Windows\system32\drivers\sp_rsdrv2.sys
~ Drivers: 99 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Files To Phones - (.PromoToMobile team.) [HKLM] -- Files To Phones
O42 - Logiciel: Hao123.com - (...) [HKLM] -- Hao123.com
O42 - Logiciel: IRPF2010 - Declaração de Ajuste Anual e Final de Espólio - (...) [HKLM] -- IRPF2010 - Declaração de Ajuste Anual e Final de Espólio
O42 - Logiciel: IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2011
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2012
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: PDFTiger - (...) [HKLM] -- PDFTiger_is1
O42 - Logiciel: PDFTigerDriver - (...) [HKLM] -- {AEM384L1-28E3-1232-1233-1JD74JDIEK32}_is1
O42 - Logiciel: PicaView - (...) [HKLM] -- PicaView
O42 - Logiciel: PowerBackup 2.5 - (...) [HKLM] -- {ADD5DB49-72CF-11D8-9D75-000129760D75}
~ Logic: 27 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Apex]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Hoolapp]
[HKCU\Software\IFCE/SENGE]
[HKCU\Software\IncrediMail]
[HKCU\Software\SERPRO]
[HKCU\Software\superdownloads.com.br]
[HKCU\Software\thyanté]
[HKLM\Software\360Safe] =>Trojan.Lozavita
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\DVDRippper]
[HKLM\Software\IncrediMail]
[HKLM\Software\Programas RFB]
[HKLM\Software\PromoToMobile]
[HKLM\Software\baidu] =>Adware.BDSearch
~ Key Software: 324 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 07/02/2013 - 18:20:00 - [] ----D C:\Program Files\Apex
O43 - CFD: 23/02/2014 - 00:29:00 - [] ----D C:\Program Files\Baidu Security =>Adware.BDSearch
O43 - CFD: 08/11/2012 - 19:12:58 - [] ----D C:\Program Files\Hao123.com
O43 - CFD: 23/01/2012 - 11:32:51 - [] ----D C:\Program Files\OxelonMedia
O43 - CFD: 22/10/2012 - 11:35:03 - [] ----D C:\Program Files\PDFTiger
O43 - CFD: 06/03/2013 - 20:14:08 - [] ----D C:\Program Files\Programas RFB
O43 - CFD: 13/10/2011 - 14:15:52 - [] ----D C:\Program Files\PromoToMobile
O43 - CFD: 22/10/2012 - 11:38:44 - [] ----D C:\Program Files\qvPDF
O43 - CFD: 23/02/2014 - 00:32:27 - [] ----D C:\ProgramData\baidu =>Adware.BDSearch
O43 - CFD: 02/05/2014 - 17:33:00 - [] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 10/10/2012 - 21:32:56 - [] ----D C:\ProgramData\Browser Manager
O43 - CFD: 13/10/2011 - 14:16:02 - [] ----D C:\ProgramData\Files To Phones
O43 - CFD: 26/01/2013 - 23:35:32 - [] ----D C:\ProgramData\IBUpdaterService =>Adware.InstallBrain
O43 - CFD: 02/05/2014 - 17:31:58 - [] ----D C:\ProgramData\IePluginService =>Trojan.SProtector
O43 - CFD: 02/05/2014 - 17:30:25 - [] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 02/04/2011 - 01:18:24 - [] --H-D C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
O43 - CFD: 02/05/2014 - 17:59:57 - [] ----D C:\Users\DANIEL\AppData\Roaming\Baidu =>Adware.BDSearch
O43 - CFD: 23/02/2014 - 00:33:09 - [] ----D C:\Users\DANIEL\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 23/01/2012 - 11:48:34 - [] ----D C:\Users\DANIEL\AppData\Roaming\OxelonMC
O43 - CFD: 16/04/2011 - 12:07:44 - [] ----D C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2011
O43 - CFD: 18/04/2012 - 10:18:03 - [] ----D C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012
O43 - CFD: 06/03/2013 - 09:47:58 - [] ----D C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 27/03/2014 - 16:31:05 - [] ----D C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ 2 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 232 Legitimates Filtered in 00mn 02s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.4C182BDB0E01582B29E2A38ABD6ACE44] - 02/05/2014 - 17:33:29 ---A- . (...) -- C:\Windows\System32\config.ini [29]
O44 - LFC:[MD5.76D39824F6AFAFC84E5C012D58B15DA5] - 03/05/2014 - 07:49:16 ---A- . (...) -- C:\Windows\ntbtlog.txt [183308]
O44 - LFC:[MD5.531E79CFD5466F8A1428B61A30A2E1CF] - 04/05/2014 - 10:12:03 ---A- . (...) -- C:\aaw7boot.log [448876]
O44 - LFC:[MD5.4D6C6E0505A8E5A0656DCB223497D37C] - 25/04/2014 - 05:04:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O44 - LFC:[MD5.70399604D001A7FC374B7930BD7694AD] - 25/04/2014 - 10:37:54 ---A- . (...) -- C:\TDSSKiller.2.8.16.0_25.04.2014_10.36.51_log.txt [135496]
O44 - LFC:[MD5.0818297B71780D4CC34B8EC5CC07EF08] - 30/04/2014 - 21:40:40 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [128094]
O44 - LFC:[MD5.837A9D7C4126026734BFA35CAB448397] - 30/04/2014 - 21:40:40 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [663804]
~ Files: 33 Legitimates Filtered in 00mn 51s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{9f7ed1e7-5c70-11e0-a67b-806e6f6e6963}\AutoRun\command. (...) -- D:\Setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \drivers.desc\"xvid.dll"="XviD MPEG-4 Video Codec" . (...) -- C:\Windows\System32\xvid.dll
~ TDSD: 22 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Hoolapp Android [Key] . (...) -- C:\Users\DANIEL\AppData\Roaming\HOOLAP~1\Hoolapp.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\hpqSRMon [Key] . (...) -- C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Tim [Key] . (...) -- C:\Program Files\TI Software\TiMONITOR\lsass.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\DANIEL\Desktop\Daniel\INTERNET FILES\Programas\ACESSÓRIOS\utorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 26 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [54912]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [23168]
O58 - SDL:25/04/2014 - 05:04:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O58 - SDL:25/04/2014 - 05:04:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944]
O58 - SDL:25/04/2014 - 05:04:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632]
O58 - SDL:02/04/2011 - 01:05:45 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\System32\Drivers\avgntflt.sys [56816]
O58 - SDL:13/02/2009 - 14:22:54 ---A- . (.Avira GmbH - Avira Driver for RootKit Detection.) -- C:\Windows\System32\Drivers\avipbb.sys [95576]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:21/06/2011 - 11:24:06 ---A- . (...) -- C:\Windows\System32\Drivers\sp_rsdrv2.sys [32768]
O58 - SDL:13/02/2009 - 11:50:02 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\System32\Drivers\ssmdrv.sys [28376]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:20/03/2002 - 22:01:06 R--A- . (...) -- C:\Windows\System32\Digita.sys [6688]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 97 Legitimates Filtered in 00mn 04s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 31/05/2012 - C:\Windows\System32\drivers\360HookOem.sys (360HookOem) .(.360安全中心 - 360HookOem.) - LEGACY_360HOOKOEM
O64 - Services: CurCS - 25/04/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 102 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0BA52D6A-51F9-FAE9-F2B6-7083FE88FC34} - (Search the web (Babylon)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
[MD5.CDA12F70283C1D0F08E5E729D8799A23] [SPRF][21/07/2011] (...) -- C:\Users\DANIEL\AppData\Roaming\ezpinst.exe [81920]
[MD5.B9B0ABB41ABA16E2562B261F5F9D9323] [SPRF][27/08/2009] (...) -- C:\Users\DANIEL\AppData\Roaming\init.dll [701]
[MD5.B9B0ABB41ABA16E2562B261F5F9D9323] [SPRF][26/11/2009] (...) -- C:\Users\DANIEL\AppData\Roaming\sound.dll [701]
[MD5.1BE2203AB50CAC237FDDF1BCAB819AE2] [SPRF][22/10/2012] (...) -- C:\Users\DANIEL\AppData\Roaming\SYSTEM32.dll [6]
~ Files: 6 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{2C31BFF9-895C-4C3B-BC5C-00A9741495FB}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Users\DANIEL\Saved Games\Downloads\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{576D71FE-AB4E-4A37-9CEE-CB2AE5FEA015}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Users\DANIEL\Saved Games\Downloads\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{B2715F25-9F85-4A73-BCFF-7DA060DE8DFC}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\DANIEL\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{6E3195AA-B887-4B98-8598-35AC43F6ABDD}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\DANIEL\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 02s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.85C5DEF2B079CA6E8CA7FCBD45793BEF] [WIS][29/02/2012] (.SweetIM Technologies Ltd. - Sweetpacks Communicator 1.0.) -- C:\Windows\Installer\da957.msi [2243584] =>PUP.SweetIM
[MD5.8797F3592E055284D113FEAA21B71ED3] [WIS][07/08/2012] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\e656f.msi [28160] =>Toolbar.Google
~ WIS: 2 Legitimates Filtered in 00mn 02s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_223E2B8E7BAD9544_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_223E2B8E7BAD9544_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\melondrea_0702-81cfb2ef_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\melondrea_0702-81cfb2ef_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\melondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\melondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\melondrea_Setup_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\melondrea_Setup_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASAPI32 =>PUP.SupTab
HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASMANCS =>PUP.SupTab
HKLM\SOFTWARE\Microsoft\Tracing\updatemelondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\updatemelondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\utilmelondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\utilmelondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASAPI32 =>PUP.WpManager
HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASMANCS =>PUP.WpManager
~ BTK: 355 Legitimates Filtered in 00mn 00s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google
[HKCR\CLSID\{A0717E52-8AC8-4dd9-8682-0B76775125E6}] (DivX Settings Manager) =>PUP.SystemK
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] (Google Toolbar Notifier BHO) =>Toolbar.Google
~ BCK: 6909 Legitimates Filtered in 00mn 12s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 28/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 07/08/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 07/08/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 20/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 16/05/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 10/10/2013 120088 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 25/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 19/11/2011 85435 | (BitMeterCaptureService) . (...) - C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe
SR - | Auto 19/11/2011 141466 | (BitMeterWebService) . (...) - C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe
SR - | Auto 20/04/2010 615712 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 13/07/2009 20992 | C:\Users\DANIEL\AppData\Local\Temp\7zS08CA\hpslpsvc32.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 22/08/2011 1036104 | (Lavasoft Ad-Aware Service) . (.Lavasoft.) - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/08/2005 167936 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
SR - | Auto 28/03/2012 482992 | (ST2012_Svc) . (.Crawler.com.) - C:\Program Files\Spyware Terminator\st_rsser.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 01/04/2011 40960 | (wltrysvc) . (.Broadcom Corporation.) - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 15s
---\\ Scâner Aditional (088)
Database Version : 13045 - (28/04/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 11
Fichiers trouvés (Files found) : 10
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
[HKLM\Software\Classes\CLSID\{6BC38BF4-E84D-46E1-920B-42D31AEA617E}] =>Toolbar.Agent
[HKLM\Software\360Safe] =>Trojan.Lozavita
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\Program Files\Baidu Security =>Adware.BDSearch^
C:\ProgramData\baidu =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\ProgramData\IBUpdaterService =>Adware.InstallBrain^
C:\ProgramData\IePluginService =>Trojan.SProtector^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\DANIEL\AppData\Roaming\Baidu =>Adware.BDSearch^
C:\Users\DANIEL\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Browser Manager =>PUP.Babylon
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly =>PUP.DealPly
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong =>Adware.PriceGong
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch^
[HKLM\Software\baidu] =>Adware.BDSearch^
C:\Windows\Installer\da957.msi =>PUP.SweetIM^
C:\Windows\Installer\e656f.msi =>Toolbar.Google^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^
[HKCR\CLSID\{A0717E52-8AC8-4dd9-8682-0B76775125E6}] (DivX Settings Manager) =>PUP.SystemK^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] (Google Toolbar Notifier BHO) =>Toolbar.Google^
~ Additionnel Scan: 220632 Items scanned in 00mn 47s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SweetPage
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.InstallBrain
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.SProtector
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.WpManager
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SweetIM
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.MegaSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Melondrea
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupTab
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SystemK
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BrowseFox
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.DealPly
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.PriceGong
~ MSI: 15 link(s) detected in 00mn 00s
~ 976 Legitimates filtered by white list
End of the scan (606 lines in 05mn 10s)(0)
~ Iniciado por DANIEL (04/05/2014 10:22:35)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.7600.16385
GCIE: Google Chrome v34.0.1847.131 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 32-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Malwarebytes Anti-Malware versão 2.0.1.1004
Ad-Aware v8.0.0
Spybot - Search & Destroy v1.6.2
Spyware Terminator 2012 v3.0.0.69
SUPERAntiSpyware v5.7.1018
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.13
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 ActiveX
Adobe Reader X
Java 7 Update 55
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1978 MB (49% free)
System Restore: Activé (Enable)
System drive C: has 139 GB (46%) free of 298 GB
---\\ Modo de conexão ao sistema
~ Computer Name: DANIEL-PC
~ User Name: DANIEL
~ All Users Names: HomeGroupUser$, DANIEL, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\DANIEL\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\DANIEL\AppData\Roaming\
~ %Desktop% : C:\Users\DANIEL\Desktop\
~ %Favorites% : C:\Users\DANIEL\Favorites\
~ %LocalAppData% : C:\Users\DANIEL\AppData\Local\
~ %StartMenu% : C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 139 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 37 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.2626FC9755BE22F805D3CFA0CE3EE727] - (.Microsoft Corporation - Windows Explorer.) (.31/10/2009 - 02:45:39.) -- C:\Windows\Explorer.exe [2614272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.78B9ADA2BC8946AF7B17678E0D07A773] - (.Microsoft Corporation - Internet Extensions para Win32.) (.21/12/2010 - 02:38:22.) -- C:\Windows\System32\wininet.dll [981504]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 20:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 20:14:17.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.F1B6AA08497EA86CA6EF6F7A08B0BFB8] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/02/2010 - 04:32:05.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.13/07/2009 - 22:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes: Scanned in 00mn 01s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/14
~ Mes Videos (My Videos) : 1/4
~ Mes Favoris (My Favorites) : 1/64
~ Mes Documents (My Documents) : 2/63
~ Mon Bureau (My Desktop) : 2/30492
~ Menu demarrer (Programs) : 1/58
~ Hidden Files: Scanned in 00mn 50s
---\\ Processos lançados
[MD5.0FACC053BAFF107027CBD1F48885FD4A] - (.Microsoft Corporation - Resolvedor do Usuário de Diagnóstico de Dis.) -- C:\Windows\system32\DFDWiz.exe [68608] [PID.1668]
[MD5.8E67B6FAD3C2696FF8507A2A24F83286] - (.Crawler.com - Spyware Terminator 2012 Realtime Shield Ser.) -- C:\Program Files\Spyware Terminator\st_rsser.exe [482992] [PID.2500]
[MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704] [PID.3580]
[MD5.CE5C9977DA751DDC30952AC4DCBCA788] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.3660]
[MD5.B895C862BC32F6D65892D7C7FF5B3F78] - (.Lavasoft - Ad-Aware Tray Application.) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [528832] [PID.3716]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [841032] [PID.4092]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.2932]
[MD5.7BF214603213C9452BF19B779CE621A8] - (.ACD Systems, Ltd. - ACDSee.) -- C:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe [2760704] [PID.1336]
[MD5.3BEA438A5CF492215B9845AB5AD3608A] - (.ACD Systems Ltd. - IDBSvr.) -- C:\Program Files\Common Files\ACD Systems\IDBSvr.exe [229376] [PID.2856]
[MD5.1780A53FCE5975B94604775CD9460F22] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7865344] [PID.152]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 13 Legitimates Filtered in 01mn 36s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.11:8080
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [NWEReboot] Chave orfã
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKCU\..\RunOnce: [AutoLaunch] . (...) -- C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [AutoLaunch] . (...) -- C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [Del19283611] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\System32\cmd.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [AutoLaunch] . (...) -- C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [Del19283611] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\System32\cmd.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4080307448-181241973-1533720549-1000\..\RunOnce: [AutoLaunch] . (...) -- C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} . (...) -- C:\Program Files\Hewlett-Packard\Smart Print\SmartPrint.ico
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
O9 - Extra button: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Chave orfã
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFFF406D-C981-4B82-92F4-43D0403490F8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpDomain = seduc.ce.gov.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{AFFF406D-C981-4B82-92F4-43D0403490F8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpDomain = seduc.ce.gov.br
O17 - HKLM\System\CS2\Services\Tcpip\..\{AFFF406D-C981-4B82-92F4-43D0403490F8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpDomain = seduc.ce.gov.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: BitMeter Capture Service (BitMeterCaptureService) . (...) - C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe
O23 - Service: BitMeter Web Service (BitMeterWebService) . (...) - C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe
~ Services: 12 Legitimates Filtered in 00mn 05s
---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (lsdelete) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{286D0232-FEE1-4453-BA48-A13C6C272462}] (...) -- C:\Users\DANIEL\AppData\Roaming\sweet-page\UninstallManager.exe (.not file.) [0] =>PUP.SweetPage
[MD5.00000000000000000000000000000000] [APT] [{7552CC8D-8394-48E0-9447-DD95320AD973}] (...) -- E:\Tiago Quick@ACERASPIREONE\#DOC\PROGRAMAS\DX9\DX9\DX9NT.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B2D4BED7-FD21-44B6-8D1E-DFE9F9674679}] (...) -- C:\Users\DANIEL\Desktop\Receitanet-1.03.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DA674A55-E958-4032-8C87-EE32BF80F738}] (...) -- C:\Users\DANIEL\Desktop\DANIEL\INTERNET FILES\Programas\VÖDEOS PLAYERS\CyberLink DVD Suite v5\CDS\PDVD\Setup.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) [492]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056]
~ Scheduled Task: 20 Legitimates Filtered in 00mn 05s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for RootKit Detection.) - C:\Windows\System32\DRIVERS\avipbb.sys
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (sp_rsdrv2) . (...) - C:\Windows\system32\drivers\sp_rsdrv2.sys
~ Drivers: 99 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Files To Phones - (.PromoToMobile team.) [HKLM] -- Files To Phones
O42 - Logiciel: Hao123.com - (...) [HKLM] -- Hao123.com
O42 - Logiciel: IRPF2010 - Declaração de Ajuste Anual e Final de Espólio - (...) [HKLM] -- IRPF2010 - Declaração de Ajuste Anual e Final de Espólio
O42 - Logiciel: IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2011
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2012
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: PDFTiger - (...) [HKLM] -- PDFTiger_is1
O42 - Logiciel: PDFTigerDriver - (...) [HKLM] -- {AEM384L1-28E3-1232-1233-1JD74JDIEK32}_is1
O42 - Logiciel: PicaView - (...) [HKLM] -- PicaView
O42 - Logiciel: PowerBackup 2.5 - (...) [HKLM] -- {ADD5DB49-72CF-11D8-9D75-000129760D75}
~ Logic: 27 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Apex]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Hoolapp]
[HKCU\Software\IFCE/SENGE]
[HKCU\Software\IncrediMail]
[HKCU\Software\SERPRO]
[HKCU\Software\superdownloads.com.br]
[HKCU\Software\thyanté]
[HKLM\Software\360Safe] =>Trojan.Lozavita
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\DVDRippper]
[HKLM\Software\IncrediMail]
[HKLM\Software\Programas RFB]
[HKLM\Software\PromoToMobile]
[HKLM\Software\baidu] =>Adware.BDSearch
~ Key Software: 324 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 07/02/2013 - 18:20:00 - [] ----D C:\Program Files\Apex
O43 - CFD: 23/02/2014 - 00:29:00 - [] ----D C:\Program Files\Baidu Security =>Adware.BDSearch
O43 - CFD: 08/11/2012 - 19:12:58 - [] ----D C:\Program Files\Hao123.com
O43 - CFD: 23/01/2012 - 11:32:51 - [] ----D C:\Program Files\OxelonMedia
O43 - CFD: 22/10/2012 - 11:35:03 - [] ----D C:\Program Files\PDFTiger
O43 - CFD: 06/03/2013 - 20:14:08 - [] ----D C:\Program Files\Programas RFB
O43 - CFD: 13/10/2011 - 14:15:52 - [] ----D C:\Program Files\PromoToMobile
O43 - CFD: 22/10/2012 - 11:38:44 - [] ----D C:\Program Files\qvPDF
O43 - CFD: 23/02/2014 - 00:32:27 - [] ----D C:\ProgramData\baidu =>Adware.BDSearch
O43 - CFD: 02/05/2014 - 17:33:00 - [] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 10/10/2012 - 21:32:56 - [] ----D C:\ProgramData\Browser Manager
O43 - CFD: 13/10/2011 - 14:16:02 - [] ----D C:\ProgramData\Files To Phones
O43 - CFD: 26/01/2013 - 23:35:32 - [] ----D C:\ProgramData\IBUpdaterService =>Adware.InstallBrain
O43 - CFD: 02/05/2014 - 17:31:58 - [] ----D C:\ProgramData\IePluginService =>Trojan.SProtector
O43 - CFD: 02/05/2014 - 17:30:25 - [] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 02/04/2011 - 01:18:24 - [] --H-D C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
O43 - CFD: 02/05/2014 - 17:59:57 - [] ----D C:\Users\DANIEL\AppData\Roaming\Baidu =>Adware.BDSearch
O43 - CFD: 23/02/2014 - 00:33:09 - [] ----D C:\Users\DANIEL\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 23/01/2012 - 11:48:34 - [] ----D C:\Users\DANIEL\AppData\Roaming\OxelonMC
O43 - CFD: 16/04/2011 - 12:07:44 - [] ----D C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2011
O43 - CFD: 18/04/2012 - 10:18:03 - [] ----D C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012
O43 - CFD: 06/03/2013 - 09:47:58 - [] ----D C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 27/03/2014 - 16:31:05 - [] ----D C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ 2 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 232 Legitimates Filtered in 00mn 02s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.4C182BDB0E01582B29E2A38ABD6ACE44] - 02/05/2014 - 17:33:29 ---A- . (...) -- C:\Windows\System32\config.ini [29]
O44 - LFC:[MD5.76D39824F6AFAFC84E5C012D58B15DA5] - 03/05/2014 - 07:49:16 ---A- . (...) -- C:\Windows\ntbtlog.txt [183308]
O44 - LFC:[MD5.531E79CFD5466F8A1428B61A30A2E1CF] - 04/05/2014 - 10:12:03 ---A- . (...) -- C:\aaw7boot.log [448876]
O44 - LFC:[MD5.4D6C6E0505A8E5A0656DCB223497D37C] - 25/04/2014 - 05:04:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O44 - LFC:[MD5.70399604D001A7FC374B7930BD7694AD] - 25/04/2014 - 10:37:54 ---A- . (...) -- C:\TDSSKiller.2.8.16.0_25.04.2014_10.36.51_log.txt [135496]
O44 - LFC:[MD5.0818297B71780D4CC34B8EC5CC07EF08] - 30/04/2014 - 21:40:40 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [128094]
O44 - LFC:[MD5.837A9D7C4126026734BFA35CAB448397] - 30/04/2014 - 21:40:40 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [663804]
~ Files: 33 Legitimates Filtered in 00mn 51s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{9f7ed1e7-5c70-11e0-a67b-806e6f6e6963}\AutoRun\command. (...) -- D:\Setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \drivers.desc\"xvid.dll"="XviD MPEG-4 Video Codec" . (...) -- C:\Windows\System32\xvid.dll
~ TDSD: 22 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Hoolapp Android [Key] . (...) -- C:\Users\DANIEL\AppData\Roaming\HOOLAP~1\Hoolapp.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\hpqSRMon [Key] . (...) -- C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Tim [Key] . (...) -- C:\Program Files\TI Software\TiMONITOR\lsass.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\DANIEL\Desktop\Daniel\INTERNET FILES\Programas\ACESSÓRIOS\utorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 26 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [54912]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [23168]
O58 - SDL:25/04/2014 - 05:04:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O58 - SDL:25/04/2014 - 05:04:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944]
O58 - SDL:25/04/2014 - 05:04:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632]
O58 - SDL:02/04/2011 - 01:05:45 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\System32\Drivers\avgntflt.sys [56816]
O58 - SDL:13/02/2009 - 14:22:54 ---A- . (.Avira GmbH - Avira Driver for RootKit Detection.) -- C:\Windows\System32\Drivers\avipbb.sys [95576]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:21/06/2011 - 11:24:06 ---A- . (...) -- C:\Windows\System32\Drivers\sp_rsdrv2.sys [32768]
O58 - SDL:13/02/2009 - 11:50:02 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\System32\Drivers\ssmdrv.sys [28376]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:20/03/2002 - 22:01:06 R--A- . (...) -- C:\Windows\System32\Digita.sys [6688]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 97 Legitimates Filtered in 00mn 04s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 31/05/2012 - C:\Windows\System32\drivers\360HookOem.sys (360HookOem) .(.360安全中心 - 360HookOem.) - LEGACY_360HOOKOEM
O64 - Services: CurCS - 25/04/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 102 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0BA52D6A-51F9-FAE9-F2B6-7083FE88FC34} - (Search the web (Babylon)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
[MD5.CDA12F70283C1D0F08E5E729D8799A23] [SPRF][21/07/2011] (...) -- C:\Users\DANIEL\AppData\Roaming\ezpinst.exe [81920]
[MD5.B9B0ABB41ABA16E2562B261F5F9D9323] [SPRF][27/08/2009] (...) -- C:\Users\DANIEL\AppData\Roaming\init.dll [701]
[MD5.B9B0ABB41ABA16E2562B261F5F9D9323] [SPRF][26/11/2009] (...) -- C:\Users\DANIEL\AppData\Roaming\sound.dll [701]
[MD5.1BE2203AB50CAC237FDDF1BCAB819AE2] [SPRF][22/10/2012] (...) -- C:\Users\DANIEL\AppData\Roaming\SYSTEM32.dll [6]
~ Files: 6 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{2C31BFF9-895C-4C3B-BC5C-00A9741495FB}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Users\DANIEL\Saved Games\Downloads\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{576D71FE-AB4E-4A37-9CEE-CB2AE5FEA015}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Users\DANIEL\Saved Games\Downloads\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{B2715F25-9F85-4A73-BCFF-7DA060DE8DFC}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\DANIEL\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{6E3195AA-B887-4B98-8598-35AC43F6ABDD}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\DANIEL\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 02s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.85C5DEF2B079CA6E8CA7FCBD45793BEF] [WIS][29/02/2012] (.SweetIM Technologies Ltd. - Sweetpacks Communicator 1.0.) -- C:\Windows\Installer\da957.msi [2243584] =>PUP.SweetIM
[MD5.8797F3592E055284D113FEAA21B71ED3] [WIS][07/08/2012] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\e656f.msi [28160] =>Toolbar.Google
~ WIS: 2 Legitimates Filtered in 00mn 02s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_223E2B8E7BAD9544_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_223E2B8E7BAD9544_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\melondrea_0702-81cfb2ef_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\melondrea_0702-81cfb2ef_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\melondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\melondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\melondrea_Setup_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\melondrea_Setup_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASAPI32 =>PUP.SupTab
HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASMANCS =>PUP.SupTab
HKLM\SOFTWARE\Microsoft\Tracing\updatemelondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\updatemelondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\utilmelondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\utilmelondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASAPI32 =>PUP.WpManager
HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASMANCS =>PUP.WpManager
~ BTK: 355 Legitimates Filtered in 00mn 00s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google
[HKCR\CLSID\{A0717E52-8AC8-4dd9-8682-0B76775125E6}] (DivX Settings Manager) =>PUP.SystemK
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] (Google Toolbar Notifier BHO) =>Toolbar.Google
~ BCK: 6909 Legitimates Filtered in 00mn 12s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 28/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 07/08/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 07/08/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 20/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 16/05/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 10/10/2013 120088 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 25/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 19/11/2011 85435 | (BitMeterCaptureService) . (...) - C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe
SR - | Auto 19/11/2011 141466 | (BitMeterWebService) . (...) - C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe
SR - | Auto 20/04/2010 615712 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 13/07/2009 20992 | C:\Users\DANIEL\AppData\Local\Temp\7zS08CA\hpslpsvc32.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 22/08/2011 1036104 | (Lavasoft Ad-Aware Service) . (.Lavasoft.) - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/08/2005 167936 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
SR - | Auto 28/03/2012 482992 | (ST2012_Svc) . (.Crawler.com.) - C:\Program Files\Spyware Terminator\st_rsser.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 01/04/2011 40960 | (wltrysvc) . (.Broadcom Corporation.) - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 15s
---\\ Scâner Aditional (088)
Database Version : 13045 - (28/04/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 11
Fichiers trouvés (Files found) : 10
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
[HKLM\Software\Classes\CLSID\{6BC38BF4-E84D-46E1-920B-42D31AEA617E}] =>Toolbar.Agent
[HKLM\Software\360Safe] =>Trojan.Lozavita
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\Program Files\Baidu Security =>Adware.BDSearch^
C:\ProgramData\baidu =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\ProgramData\IBUpdaterService =>Adware.InstallBrain^
C:\ProgramData\IePluginService =>Trojan.SProtector^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\DANIEL\AppData\Roaming\Baidu =>Adware.BDSearch^
C:\Users\DANIEL\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Browser Manager =>PUP.Babylon
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly =>PUP.DealPly
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong =>Adware.PriceGong
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch^
[HKLM\Software\baidu] =>Adware.BDSearch^
C:\Windows\Installer\da957.msi =>PUP.SweetIM^
C:\Windows\Installer\e656f.msi =>Toolbar.Google^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^
[HKCR\CLSID\{A0717E52-8AC8-4dd9-8682-0B76775125E6}] (DivX Settings Manager) =>PUP.SystemK^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] (Google Toolbar Notifier BHO) =>Toolbar.Google^
~ Additionnel Scan: 220632 Items scanned in 00mn 47s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SweetPage
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.InstallBrain
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.SProtector
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.WpManager
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SweetIM
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.MegaSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Melondrea
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupTab
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SystemK
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BrowseFox
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.DealPly
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.PriceGong
~ MSI: 15 link(s) detected in 00mn 00s
~ 976 Legitimates filtered by white list
End of the scan (606 lines in 05mn 10s)(0)
dan_asa- Iniciante
- Mensagens : 34
Reputação : 1
Data de inscrição : 27/04/2014
Re: Escanemento com antivírus.
por Power Max Dom 04 maio 2014, 11:59
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Dom 04 maio 2014, 17:55, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Relatório ZHPfix:
por dan_asa Dom 04 maio 2014, 13:02
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by DANIEL at 04/05/2014 13:00:43
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 32-bit (Build 7600)
Reciclagem vazia (00mn 38s)
Reparação de atalhos do navegador
========== Softwares ==========
AUSENTE Uninstall Process: c:\program files\hao123.com\uninstallminibar.exe
========== Processo memória ==========
AUSENTE Memory Process: O34 - HKLM BootExecute: (lsdelete) - File not found
========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hao123.com]
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
ELIMINÉ: CLSID Extra Buttons: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKLM\Software\360Safe
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\baidu
ELIMINÉ CLSID MPSK: {9f7ed1e7-5c70-11e0-a67b-806e6f6e6963}
ELIMINÉ: StartupReg: Tim
ELIMINÉ: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
ELIMINÉ: SearchScopes :{0BA52D6A-51F9-FAE9-F2B6-7083FE88FC34}
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\melondrea_0702-81cfb2ef_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\melondrea_0702-81cfb2ef_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\melondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\melondrea_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\melondrea_Setup_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\melondrea_Setup_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updatemelondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updatemelondrea_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\utilmelondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\utilmelondrea_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASMANCS
ELIMINÉ: HKCR\CLSID\{A0717E52-8AC8-4dd9-8682-0B76775125E6}
ELIMINÉ: HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F}
ELIMINÉ RunValue: NWEReboot
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
ELIMINÉ: C:\Users\DANIEL\AppData\Local\{78A3432E-4949-4083-B736-5D1309BE81F4}
ELIMINÉ: C:\Users\DANIEL\AppData\Local\{A7F45267-DC34-4A9A-83BD-8A53587DA566}
========== Ficheiros ==========
ELIMINÉ: C:\Windows\Installer\da957.msi
ELIMINÉ Temporários windows (99) (131.964.893 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: {286D0232-FEE1-4453-BA48-A13C6C272462}
ELIMINÉ: {7552CC8D-8394-48E0-9447-DD95320AD973}
ELIMINÉ: {B2D4BED7-FD21-44B6-8D1E-DFE9F9674679}
ELIMINÉ: {DA674A55-E958-4032-8C87-EE32BF80F738}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Processo memória
35 : Chaves do Registo
8 : Valores do Registo
2 : Pastas
3 : Ficheiros
1 : Softwares
4 : Tarefa planificada
1 : Restauração Sistema
End of clean in 01mn 37s
========== Caminho do ficheiro do relatório ==========
C:\Users\DANIEL\AppData\Roaming\ZHP\ZHPFix[R1].txt - 04/05/2014 13:01:21 [3798]
Fichier d'export Registre :
Run by DANIEL at 04/05/2014 13:00:43
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 32-bit (Build 7600)
Reciclagem vazia (00mn 38s)
Reparação de atalhos do navegador
========== Softwares ==========
AUSENTE Uninstall Process: c:\program files\hao123.com\uninstallminibar.exe
========== Processo memória ==========
AUSENTE Memory Process: O34 - HKLM BootExecute: (lsdelete) - File not found
========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hao123.com]
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
ELIMINÉ: CLSID Extra Buttons: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKLM\Software\360Safe
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\baidu
ELIMINÉ CLSID MPSK: {9f7ed1e7-5c70-11e0-a67b-806e6f6e6963}
ELIMINÉ: StartupReg: Tim
ELIMINÉ: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
ELIMINÉ: SearchScopes :{0BA52D6A-51F9-FAE9-F2B6-7083FE88FC34}
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\melondrea_0702-81cfb2ef_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\melondrea_0702-81cfb2ef_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\melondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\melondrea_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\melondrea_Setup_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\melondrea_Setup_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updatemelondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updatemelondrea_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\utilmelondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\utilmelondrea_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASMANCS
ELIMINÉ: HKCR\CLSID\{A0717E52-8AC8-4dd9-8682-0B76775125E6}
ELIMINÉ: HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F}
ELIMINÉ RunValue: NWEReboot
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
ELIMINÉ: C:\Users\DANIEL\AppData\Local\{78A3432E-4949-4083-B736-5D1309BE81F4}
ELIMINÉ: C:\Users\DANIEL\AppData\Local\{A7F45267-DC34-4A9A-83BD-8A53587DA566}
========== Ficheiros ==========
ELIMINÉ: C:\Windows\Installer\da957.msi
ELIMINÉ Temporários windows (99) (131.964.893 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: {286D0232-FEE1-4453-BA48-A13C6C272462}
ELIMINÉ: {7552CC8D-8394-48E0-9447-DD95320AD973}
ELIMINÉ: {B2D4BED7-FD21-44B6-8D1E-DFE9F9674679}
ELIMINÉ: {DA674A55-E958-4032-8C87-EE32BF80F738}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Processo memória
35 : Chaves do Registo
8 : Valores do Registo
2 : Pastas
3 : Ficheiros
1 : Softwares
4 : Tarefa planificada
1 : Restauração Sistema
End of clean in 01mn 37s
========== Caminho do ficheiro do relatório ==========
C:\Users\DANIEL\AppData\Roaming\ZHP\ZHPFix[R1].txt - 04/05/2014 13:01:21 [3798]
dan_asa- Iniciante
- Mensagens : 34
Reputação : 1
Data de inscrição : 27/04/2014
Re: Escanemento com antivírus.
por Power Max Dom 04 maio 2014, 13:04
Abra novamente o ( ZHPDiag )[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Relatório ZHPDiag:
por dan_asa Dom 04 maio 2014, 13:18
~ Relatório do ZHPDiag v2014.4.28.48 - Nicolas Coolman (28/04/2014)
~ Iniciado por DANIEL (04/05/2014 13:09:09)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.7600.16385
GCIE: Google Chrome v34.0.1847.131 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 32-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Malwarebytes Anti-Malware versão 2.0.1.1004
Ad-Aware v8.0.0
Spybot - Search & Destroy v1.6.2
Spyware Terminator 2012 v3.0.0.69
SUPERAntiSpyware v5.7.1018
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.13
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 ActiveX
Adobe Reader X
Java 7 Update 55
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1978 MB (40% free)
System Restore: Activé (Enable)
System drive C: has 139 GB (46%) free of 298 GB
---\\ Modo de conexão ao sistema
~ Computer Name: DANIEL-PC
~ User Name: DANIEL
~ All Users Names: HomeGroupUser$, DANIEL, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\DANIEL\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\DANIEL\AppData\Roaming\
~ %Desktop% : C:\Users\DANIEL\Desktop\
~ %Favorites% : C:\Users\DANIEL\Favorites\
~ %LocalAppData% : C:\Users\DANIEL\AppData\Local\
~ %StartMenu% : C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 139 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 37 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.2626FC9755BE22F805D3CFA0CE3EE727] - (.Microsoft Corporation - Windows Explorer.) (.31/10/2009 - 02:45:39.) -- C:\Windows\Explorer.exe [2614272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.78B9ADA2BC8946AF7B17678E0D07A773] - (.Microsoft Corporation - Internet Extensions para Win32.) (.21/12/2010 - 02:38:22.) -- C:\Windows\System32\wininet.dll [981504]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 20:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 20:14:17.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.F1B6AA08497EA86CA6EF6F7A08B0BFB8] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/02/2010 - 04:32:05.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.13/07/2009 - 22:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/14
~ Mes Videos (My Videos) : 1/4
~ Mes Favoris (My Favorites) : 1/64
~ Mes Documents (My Documents) : 2/63
~ Mon Bureau (My Desktop) : 2/30496
~ Menu demarrer (Programs) : 1/58
~ Hidden Files: Scanned in 00mn 18s
---\\ Processos lançados
[MD5.0FACC053BAFF107027CBD1F48885FD4A] - (.Microsoft Corporation - Resolvedor do Usuário de Diagnóstico de Dis.) -- C:\Windows\system32\DFDWiz.exe [68608] [PID.1668]
[MD5.8E67B6FAD3C2696FF8507A2A24F83286] - (.Crawler.com - Spyware Terminator 2012 Realtime Shield Ser.) -- C:\Program Files\Spyware Terminator\st_rsser.exe [482992] [PID.2500]
[MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704] [PID.3580]
[MD5.CE5C9977DA751DDC30952AC4DCBCA788] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.3660]
[MD5.B895C862BC32F6D65892D7C7FF5B3F78] - (.Lavasoft - Ad-Aware Tray Application.) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [528832] [PID.3716]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.2932]
[MD5.1780A53FCE5975B94604775CD9460F22] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7865344] [PID.152]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [841032] [PID.4180]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 13 Legitimates Filtered in 01mn 27s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKCU\..\RunOnce: [AutoLaunch] . (...) -- C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [AutoLaunch] . (...) -- C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [Del19283611] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\System32\cmd.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [AutoLaunch] . (...) -- C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [Del19283611] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\System32\cmd.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4080307448-181241973-1533720549-1000\..\RunOnce: [AutoLaunch] . (...) -- C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} . (...) -- C:\Program Files\Hewlett-Packard\Smart Print\SmartPrint.ico
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFFF406D-C981-4B82-92F4-43D0403490F8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpDomain = seduc.ce.gov.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{AFFF406D-C981-4B82-92F4-43D0403490F8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpDomain = seduc.ce.gov.br
O17 - HKLM\System\CS2\Services\Tcpip\..\{AFFF406D-C981-4B82-92F4-43D0403490F8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpDomain = seduc.ce.gov.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: BitMeter Capture Service (BitMeterCaptureService) . (...) - C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe
O23 - Service: BitMeter Web Service (BitMeterWebService) . (...) - C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe
~ Services: 12 Legitimates Filtered in 00mn 05s
---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (lsdelete) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) [492]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 02s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for RootKit Detection.) - C:\Windows\System32\DRIVERS\avipbb.sys
O41 - Driver: (sp_rsdrv2) . (...) - C:\Windows\system32\drivers\sp_rsdrv2.sys
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 89 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Files To Phones - (.PromoToMobile team.) [HKLM] -- Files To Phones
O42 - Logiciel: IRPF2010 - Declaração de Ajuste Anual e Final de Espólio - (...) [HKLM] -- IRPF2010 - Declaração de Ajuste Anual e Final de Espólio
O42 - Logiciel: IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2011
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2012
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: PDFTiger - (...) [HKLM] -- PDFTiger_is1
O42 - Logiciel: PDFTigerDriver - (...) [HKLM] -- {AEM384L1-28E3-1232-1233-1JD74JDIEK32}_is1
O42 - Logiciel: PicaView - (...) [HKLM] -- PicaView
O42 - Logiciel: PowerBackup 2.5 - (...) [HKLM] -- {ADD5DB49-72CF-11D8-9D75-000129760D75}
~ Logic: 26 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Apex]
[HKCU\Software\Hoolapp]
[HKCU\Software\IFCE/SENGE]
[HKCU\Software\IncrediMail]
[HKCU\Software\SERPRO]
[HKCU\Software\superdownloads.com.br]
[HKCU\Software\thyanté]
[HKLM\Software\DVDRippper]
[HKLM\Software\IncrediMail]
[HKLM\Software\Programas RFB]
[HKLM\Software\PromoToMobile]
~ Key Software: 317 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 07/02/2013 - 18:20:00 - [] ----D C:\Program Files\Apex
O43 - CFD: 23/01/2012 - 11:32:51 - [] ----D C:\Program Files\OxelonMedia
O43 - CFD: 22/10/2012 - 11:35:03 - [] ----D C:\Program Files\PDFTiger
O43 - CFD: 06/03/2013 - 20:14:08 - [] ----D C:\Program Files\Programas RFB
O43 - CFD: 13/10/2011 - 14:15:52 - [] ----D C:\Program Files\PromoToMobile
O43 - CFD: 22/10/2012 - 11:38:44 - [] ----D C:\Program Files\qvPDF
O43 - CFD: 13/10/2011 - 14:16:02 - [] ----D C:\ProgramData\Files To Phones
O43 - CFD: 02/04/2011 - 01:18:24 - [] --H-D C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
O43 - CFD: 23/01/2012 - 11:48:34 - [] ----D C:\Users\DANIEL\AppData\Roaming\OxelonMC
O43 - CFD: 16/04/2011 - 12:07:44 - [] ----D C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2011
O43 - CFD: 18/04/2012 - 10:18:03 - [] ----D C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012
O43 - CFD: 06/03/2013 - 09:47:58 - [] ----D C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 27/03/2014 - 16:31:05 - [] ----D C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 221 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.4C182BDB0E01582B29E2A38ABD6ACE44] - 02/05/2014 - 17:33:29 ---A- . (...) -- C:\Windows\System32\config.ini [29]
O44 - LFC:[MD5.76D39824F6AFAFC84E5C012D58B15DA5] - 03/05/2014 - 07:49:16 ---A- . (...) -- C:\Windows\ntbtlog.txt [183308]
O44 - LFC:[MD5.531E79CFD5466F8A1428B61A30A2E1CF] - 04/05/2014 - 10:12:03 ---A- . (...) -- C:\aaw7boot.log [448876]
O44 - LFC:[MD5.0818297B71780D4CC34B8EC5CC07EF08] - 04/05/2014 - 10:44:43 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [128094]
O44 - LFC:[MD5.837A9D7C4126026734BFA35CAB448397] - 04/05/2014 - 10:44:43 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [663804]
O44 - LFC:[MD5.4D6C6E0505A8E5A0656DCB223497D37C] - 25/04/2014 - 05:04:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O44 - LFC:[MD5.70399604D001A7FC374B7930BD7694AD] - 25/04/2014 - 10:37:54 ---A- . (...) -- C:\TDSSKiller.2.8.16.0_25.04.2014_10.36.51_log.txt [135496]
~ Files: 33 Legitimates Filtered in 00mn 02s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \drivers.desc\"xvid.dll"="XviD MPEG-4 Video Codec" . (...) -- C:\Windows\System32\xvid.dll
~ TDSD: 22 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Hoolapp Android [Key] . (...) -- C:\Users\DANIEL\AppData\Roaming\HOOLAP~1\Hoolapp.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\hpqSRMon [Key] . (...) -- C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\DANIEL\Desktop\Daniel\INTERNET FILES\Programas\ACESSÓRIOS\utorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 25 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [54912]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [23168]
O58 - SDL:25/04/2014 - 05:04:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O58 - SDL:25/04/2014 - 05:04:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944]
O58 - SDL:25/04/2014 - 05:04:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632]
O58 - SDL:02/04/2011 - 01:05:45 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\System32\Drivers\avgntflt.sys [56816]
O58 - SDL:13/02/2009 - 14:22:54 ---A- . (.Avira GmbH - Avira Driver for RootKit Detection.) -- C:\Windows\System32\Drivers\avipbb.sys [95576]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:21/06/2011 - 11:24:06 ---A- . (...) -- C:\Windows\System32\Drivers\sp_rsdrv2.sys [32768]
O58 - SDL:13/02/2009 - 11:50:02 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\System32\Drivers\ssmdrv.sys [28376]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:20/03/2002 - 22:01:06 R--A- . (...) -- C:\Windows\System32\Digita.sys [6688]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 97 Legitimates Filtered in 00mn 01s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 31/05/2012 - C:\Windows\System32\drivers\360HookOem.sys (360HookOem) .(.360安全中心 - 360HookOem.) - LEGACY_360HOOKOEM
O64 - Services: CurCS - 25/04/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 102 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
[MD5.CDA12F70283C1D0F08E5E729D8799A23] [SPRF][21/07/2011] (...) -- C:\Users\DANIEL\AppData\Roaming\ezpinst.exe [81920]
[MD5.B9B0ABB41ABA16E2562B261F5F9D9323] [SPRF][27/08/2009] (...) -- C:\Users\DANIEL\AppData\Roaming\init.dll [701]
[MD5.B9B0ABB41ABA16E2562B261F5F9D9323] [SPRF][26/11/2009] (...) -- C:\Users\DANIEL\AppData\Roaming\sound.dll [701]
[MD5.1BE2203AB50CAC237FDDF1BCAB819AE2] [SPRF][22/10/2012] (...) -- C:\Users\DANIEL\AppData\Roaming\SYSTEM32.dll [6]
~ Files: 6 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{2C31BFF9-895C-4C3B-BC5C-00A9741495FB}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Users\DANIEL\Saved Games\Downloads\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{576D71FE-AB4E-4A37-9CEE-CB2AE5FEA015}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Users\DANIEL\Saved Games\Downloads\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{B2715F25-9F85-4A73-BCFF-7DA060DE8DFC}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\DANIEL\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{6E3195AA-B887-4B98-8598-35AC43F6ABDD}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\DANIEL\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 01s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.8797F3592E055284D113FEAA21B71ED3] [WIS][07/08/2012] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\e656f.msi [28160] =>Toolbar.Google
~ WIS: 1 Legitimates Filtered in 00mn 00s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_223E2B8E7BAD9544_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_223E2B8E7BAD9544_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 339 Legitimates Filtered in 00mn 00s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] (Google Toolbar Notifier BHO) =>Toolbar.Google
~ BCK: 6906 Legitimates Filtered in 00mn 11s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 28/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 07/08/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 07/08/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 20/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 16/05/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 10/10/2013 120088 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 25/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 19/11/2011 85435 | (BitMeterCaptureService) . (...) - C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe
SR - | Auto 19/11/2011 141466 | (BitMeterWebService) . (...) - C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe
SR - | Auto 20/04/2010 615712 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 13/07/2009 20992 | C:\Users\DANIEL\AppData\Local\Temp\7zS08CA\hpslpsvc32.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 22/08/2011 1036104 | (Lavasoft Ad-Aware Service) . (.Lavasoft.) - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/08/2005 167936 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
SR - | Auto 28/03/2012 482992 | (ST2012_Svc) . (.Crawler.com.) - C:\Program Files\Spyware Terminator\st_rsser.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 01/04/2011 40960 | (wltrysvc) . (.Broadcom Corporation.) - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 12s
---\\ Scâner Aditional (088)
Database Version : 13045 - (28/04/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 3
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
[HKLM\Software\Classes\CLSID\{6BC38BF4-E84D-46E1-920B-42D31AEA617E}] =>Toolbar.Agent
C:\Windows\Installer\e656f.msi =>Toolbar.Google^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] (Google Toolbar Notifier BHO) =>Toolbar.Google^
~ Additionnel Scan: 218808 Items scanned in 00mn 29s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s
~ 944 Legitimates filtered by white list
End of the scan (516 lines in 02mn 59s)(0)
~ Iniciado por DANIEL (04/05/2014 13:09:09)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.7600.16385
GCIE: Google Chrome v34.0.1847.131 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 32-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Malwarebytes Anti-Malware versão 2.0.1.1004
Ad-Aware v8.0.0
Spybot - Search & Destroy v1.6.2
Spyware Terminator 2012 v3.0.0.69
SUPERAntiSpyware v5.7.1018
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.13
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 ActiveX
Adobe Reader X
Java 7 Update 55
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1978 MB (40% free)
System Restore: Activé (Enable)
System drive C: has 139 GB (46%) free of 298 GB
---\\ Modo de conexão ao sistema
~ Computer Name: DANIEL-PC
~ User Name: DANIEL
~ All Users Names: HomeGroupUser$, DANIEL, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\DANIEL\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\DANIEL\AppData\Roaming\
~ %Desktop% : C:\Users\DANIEL\Desktop\
~ %Favorites% : C:\Users\DANIEL\Favorites\
~ %LocalAppData% : C:\Users\DANIEL\AppData\Local\
~ %StartMenu% : C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 139 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 37 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.2626FC9755BE22F805D3CFA0CE3EE727] - (.Microsoft Corporation - Windows Explorer.) (.31/10/2009 - 02:45:39.) -- C:\Windows\Explorer.exe [2614272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.78B9ADA2BC8946AF7B17678E0D07A773] - (.Microsoft Corporation - Internet Extensions para Win32.) (.21/12/2010 - 02:38:22.) -- C:\Windows\System32\wininet.dll [981504]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 20:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 20:14:17.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.F1B6AA08497EA86CA6EF6F7A08B0BFB8] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/02/2010 - 04:32:05.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.13/07/2009 - 22:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/14
~ Mes Videos (My Videos) : 1/4
~ Mes Favoris (My Favorites) : 1/64
~ Mes Documents (My Documents) : 2/63
~ Mon Bureau (My Desktop) : 2/30496
~ Menu demarrer (Programs) : 1/58
~ Hidden Files: Scanned in 00mn 18s
---\\ Processos lançados
[MD5.0FACC053BAFF107027CBD1F48885FD4A] - (.Microsoft Corporation - Resolvedor do Usuário de Diagnóstico de Dis.) -- C:\Windows\system32\DFDWiz.exe [68608] [PID.1668]
[MD5.8E67B6FAD3C2696FF8507A2A24F83286] - (.Crawler.com - Spyware Terminator 2012 Realtime Shield Ser.) -- C:\Program Files\Spyware Terminator\st_rsser.exe [482992] [PID.2500]
[MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704] [PID.3580]
[MD5.CE5C9977DA751DDC30952AC4DCBCA788] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.3660]
[MD5.B895C862BC32F6D65892D7C7FF5B3F78] - (.Lavasoft - Ad-Aware Tray Application.) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [528832] [PID.3716]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.2932]
[MD5.1780A53FCE5975B94604775CD9460F22] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7865344] [PID.152]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [841032] [PID.4180]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\DANIEL\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 13 Legitimates Filtered in 01mn 27s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKCU\..\RunOnce: [AutoLaunch] . (...) -- C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [AutoLaunch] . (...) -- C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [Del19283611] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\System32\cmd.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [AutoLaunch] . (...) -- C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [Del19283611] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\System32\cmd.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4080307448-181241973-1533720549-1000\..\RunOnce: [AutoLaunch] . (...) -- C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} . (...) -- C:\Program Files\Hewlett-Packard\Smart Print\SmartPrint.ico
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFFF406D-C981-4B82-92F4-43D0403490F8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpDomain = seduc.ce.gov.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{AFFF406D-C981-4B82-92F4-43D0403490F8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpDomain = seduc.ce.gov.br
O17 - HKLM\System\CS2\Services\Tcpip\..\{AFFF406D-C981-4B82-92F4-43D0403490F8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{C173E9CB-60FB-4B30-BE84-D252F0D80B5A}: DhcpDomain = seduc.ce.gov.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: BitMeter Capture Service (BitMeterCaptureService) . (...) - C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe
O23 - Service: BitMeter Web Service (BitMeterWebService) . (...) - C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe
~ Services: 12 Legitimates Filtered in 00mn 05s
---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (lsdelete) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) [492]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 02s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for RootKit Detection.) - C:\Windows\System32\DRIVERS\avipbb.sys
O41 - Driver: (sp_rsdrv2) . (...) - C:\Windows\system32\drivers\sp_rsdrv2.sys
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 89 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Files To Phones - (.PromoToMobile team.) [HKLM] -- Files To Phones
O42 - Logiciel: IRPF2010 - Declaração de Ajuste Anual e Final de Espólio - (...) [HKLM] -- IRPF2010 - Declaração de Ajuste Anual e Final de Espólio
O42 - Logiciel: IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2011
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2012
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: PDFTiger - (...) [HKLM] -- PDFTiger_is1
O42 - Logiciel: PDFTigerDriver - (...) [HKLM] -- {AEM384L1-28E3-1232-1233-1JD74JDIEK32}_is1
O42 - Logiciel: PicaView - (...) [HKLM] -- PicaView
O42 - Logiciel: PowerBackup 2.5 - (...) [HKLM] -- {ADD5DB49-72CF-11D8-9D75-000129760D75}
~ Logic: 26 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Apex]
[HKCU\Software\Hoolapp]
[HKCU\Software\IFCE/SENGE]
[HKCU\Software\IncrediMail]
[HKCU\Software\SERPRO]
[HKCU\Software\superdownloads.com.br]
[HKCU\Software\thyanté]
[HKLM\Software\DVDRippper]
[HKLM\Software\IncrediMail]
[HKLM\Software\Programas RFB]
[HKLM\Software\PromoToMobile]
~ Key Software: 317 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 07/02/2013 - 18:20:00 - [] ----D C:\Program Files\Apex
O43 - CFD: 23/01/2012 - 11:32:51 - [] ----D C:\Program Files\OxelonMedia
O43 - CFD: 22/10/2012 - 11:35:03 - [] ----D C:\Program Files\PDFTiger
O43 - CFD: 06/03/2013 - 20:14:08 - [] ----D C:\Program Files\Programas RFB
O43 - CFD: 13/10/2011 - 14:15:52 - [] ----D C:\Program Files\PromoToMobile
O43 - CFD: 22/10/2012 - 11:38:44 - [] ----D C:\Program Files\qvPDF
O43 - CFD: 13/10/2011 - 14:16:02 - [] ----D C:\ProgramData\Files To Phones
O43 - CFD: 02/04/2011 - 01:18:24 - [] --H-D C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
O43 - CFD: 23/01/2012 - 11:48:34 - [] ----D C:\Users\DANIEL\AppData\Roaming\OxelonMC
O43 - CFD: 16/04/2011 - 12:07:44 - [] ----D C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2011
O43 - CFD: 18/04/2012 - 10:18:03 - [] ----D C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012
O43 - CFD: 06/03/2013 - 09:47:58 - [] ----D C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 27/03/2014 - 16:31:05 - [] ----D C:\Users\DANIEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 221 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.4C182BDB0E01582B29E2A38ABD6ACE44] - 02/05/2014 - 17:33:29 ---A- . (...) -- C:\Windows\System32\config.ini [29]
O44 - LFC:[MD5.76D39824F6AFAFC84E5C012D58B15DA5] - 03/05/2014 - 07:49:16 ---A- . (...) -- C:\Windows\ntbtlog.txt [183308]
O44 - LFC:[MD5.531E79CFD5466F8A1428B61A30A2E1CF] - 04/05/2014 - 10:12:03 ---A- . (...) -- C:\aaw7boot.log [448876]
O44 - LFC:[MD5.0818297B71780D4CC34B8EC5CC07EF08] - 04/05/2014 - 10:44:43 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [128094]
O44 - LFC:[MD5.837A9D7C4126026734BFA35CAB448397] - 04/05/2014 - 10:44:43 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [663804]
O44 - LFC:[MD5.4D6C6E0505A8E5A0656DCB223497D37C] - 25/04/2014 - 05:04:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O44 - LFC:[MD5.70399604D001A7FC374B7930BD7694AD] - 25/04/2014 - 10:37:54 ---A- . (...) -- C:\TDSSKiller.2.8.16.0_25.04.2014_10.36.51_log.txt [135496]
~ Files: 33 Legitimates Filtered in 00mn 02s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \drivers.desc\"xvid.dll"="XviD MPEG-4 Video Codec" . (...) -- C:\Windows\System32\xvid.dll
~ TDSD: 22 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Hoolapp Android [Key] . (...) -- C:\Users\DANIEL\AppData\Roaming\HOOLAP~1\Hoolapp.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\hpqSRMon [Key] . (...) -- C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\DANIEL\Desktop\Daniel\INTERNET FILES\Programas\ACESSÓRIOS\utorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 25 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [54912]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [23168]
O58 - SDL:25/04/2014 - 05:04:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O58 - SDL:25/04/2014 - 05:04:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944]
O58 - SDL:25/04/2014 - 05:04:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632]
O58 - SDL:02/04/2011 - 01:05:45 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\System32\Drivers\avgntflt.sys [56816]
O58 - SDL:13/02/2009 - 14:22:54 ---A- . (.Avira GmbH - Avira Driver for RootKit Detection.) -- C:\Windows\System32\Drivers\avipbb.sys [95576]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:21/06/2011 - 11:24:06 ---A- . (...) -- C:\Windows\System32\Drivers\sp_rsdrv2.sys [32768]
O58 - SDL:13/02/2009 - 11:50:02 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\System32\Drivers\ssmdrv.sys [28376]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:20/03/2002 - 22:01:06 R--A- . (...) -- C:\Windows\System32\Digita.sys [6688]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 97 Legitimates Filtered in 00mn 01s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 31/05/2012 - C:\Windows\System32\drivers\360HookOem.sys (360HookOem) .(.360安全中心 - 360HookOem.) - LEGACY_360HOOKOEM
O64 - Services: CurCS - 25/04/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 102 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
[MD5.CDA12F70283C1D0F08E5E729D8799A23] [SPRF][21/07/2011] (...) -- C:\Users\DANIEL\AppData\Roaming\ezpinst.exe [81920]
[MD5.B9B0ABB41ABA16E2562B261F5F9D9323] [SPRF][27/08/2009] (...) -- C:\Users\DANIEL\AppData\Roaming\init.dll [701]
[MD5.B9B0ABB41ABA16E2562B261F5F9D9323] [SPRF][26/11/2009] (...) -- C:\Users\DANIEL\AppData\Roaming\sound.dll [701]
[MD5.1BE2203AB50CAC237FDDF1BCAB819AE2] [SPRF][22/10/2012] (...) -- C:\Users\DANIEL\AppData\Roaming\SYSTEM32.dll [6]
~ Files: 6 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{2C31BFF9-895C-4C3B-BC5C-00A9741495FB}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Users\DANIEL\Saved Games\Downloads\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{576D71FE-AB4E-4A37-9CEE-CB2AE5FEA015}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Users\DANIEL\Saved Games\Downloads\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{B2715F25-9F85-4A73-BCFF-7DA060DE8DFC}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\DANIEL\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{6E3195AA-B887-4B98-8598-35AC43F6ABDD}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\DANIEL\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 01s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.8797F3592E055284D113FEAA21B71ED3] [WIS][07/08/2012] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\e656f.msi [28160] =>Toolbar.Google
~ WIS: 1 Legitimates Filtered in 00mn 00s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_223E2B8E7BAD9544_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_223E2B8E7BAD9544_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 339 Legitimates Filtered in 00mn 00s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] (Google Toolbar Notifier BHO) =>Toolbar.Google
~ BCK: 6906 Legitimates Filtered in 00mn 11s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 28/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 07/08/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 07/08/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 20/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 16/05/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 10/10/2013 120088 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 25/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 19/11/2011 85435 | (BitMeterCaptureService) . (...) - C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe
SR - | Auto 19/11/2011 141466 | (BitMeterWebService) . (...) - C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe
SR - | Auto 20/04/2010 615712 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 13/07/2009 20992 | C:\Users\DANIEL\AppData\Local\Temp\7zS08CA\hpslpsvc32.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 22/08/2011 1036104 | (Lavasoft Ad-Aware Service) . (.Lavasoft.) - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/08/2005 167936 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
SR - | Auto 28/03/2012 482992 | (ST2012_Svc) . (.Crawler.com.) - C:\Program Files\Spyware Terminator\st_rsser.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 01/04/2011 40960 | (wltrysvc) . (.Broadcom Corporation.) - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 12s
---\\ Scâner Aditional (088)
Database Version : 13045 - (28/04/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 3
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
[HKLM\Software\Classes\CLSID\{6BC38BF4-E84D-46E1-920B-42D31AEA617E}] =>Toolbar.Agent
C:\Windows\Installer\e656f.msi =>Toolbar.Google^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] (Google Toolbar Notifier BHO) =>Toolbar.Google^
~ Additionnel Scan: 218808 Items scanned in 00mn 29s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s
~ 944 Legitimates filtered by white list
End of the scan (516 lines in 02mn 59s)(0)
dan_asa- Iniciante
- Mensagens : 34
Reputação : 1
Data de inscrição : 27/04/2014
Re: Escanemento com antivírus.
por Power Max Dom 04 maio 2014, 13:31
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Dom 04 maio 2014, 17:55, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Relatório ZHPfix:
por dan_asa Dom 04 maio 2014, 13:41
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by DANIEL at 04/05/2014 13:39:48
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 32-bit (Build 7600)
Reciclagem vazia (00mn 02s)
========== Processo memória ==========
AUSENTE Memory Process: O34 - HKLM BootExecute: (lsdelete) - File not found
========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F}
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (2) (701.288 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Processo memória
5 : Chaves do Registo
1 : Valores do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 14s
========== Caminho do ficheiro do relatório ==========
C:\Users\DANIEL\AppData\Roaming\ZHP\ZHPFix[R1].txt - 04/05/2014 13:01:21 [3879]
C:\Users\DANIEL\AppData\Roaming\ZHP\ZHPFix[R2].txt - 04/05/2014 13:39:51 [1285]
Fichier d'export Registre :
Run by DANIEL at 04/05/2014 13:39:48
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 32-bit (Build 7600)
Reciclagem vazia (00mn 02s)
========== Processo memória ==========
AUSENTE Memory Process: O34 - HKLM BootExecute: (lsdelete) - File not found
========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F}
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (2) (701.288 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Processo memória
5 : Chaves do Registo
1 : Valores do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 14s
========== Caminho do ficheiro do relatório ==========
C:\Users\DANIEL\AppData\Roaming\ZHP\ZHPFix[R1].txt - 04/05/2014 13:01:21 [3879]
C:\Users\DANIEL\AppData\Roaming\ZHP\ZHPFix[R2].txt - 04/05/2014 13:39:51 [1285]
dan_asa- Iniciante
- Mensagens : 34
Reputação : 1
Data de inscrição : 27/04/2014
Página 1 de 3 • 1, 2, 3
Tópicos semelhantes» Baidu antivirus
» confidence-subprograms Não deixa eu Fazer nada! Me Ajudem PF
» como eu faço para instalar um bom antivirus gratis
» ce_umbrellacert
» Baidu Antivirus
» confidence-subprograms Não deixa eu Fazer nada! Me Ajudem PF
» como eu faço para instalar um bom antivirus gratis
» ce_umbrellacert
» Baidu Antivirus
Página 1 de 3
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|