Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14838 usuários registradosO último membro registrado é Lanterna Verde com Disco
Os nossos membros postaram um total de 36058 mensagens em 3689 assuntos
Quem está conectado?
Há 50 usuários online :: 0 registrados, 0 invisíveis e 50 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
Power Max | ||||
joram | ||||
Wings [In Memoriam] | ||||
caedurodrigues | ||||
Amigo Brasileiro | ||||
luizvilarinho | ||||
Danii | ||||
Admin | ||||
Danilo Marsaro | ||||
Andreata |
Como remover o blueseek?
2 participantes
Página 1 de 2
Página 1 de 2 • 1, 2
Como remover o blueseek?
Como remover o blueseek?
Mariana7777- Iniciante
- Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014
Re: Como remover o blueseek?
Boa Tarde! MarianaMariana7777 escreveu:Como remover o blueseek?
|- Bem Vinda ao Fórum PC Brasil!
|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... par Xplode )
|- Ao acessar,clique em "Download Now".
|- Ps: Se utilizar o navegador IE9,desabilite o filtro "[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]".
|- Salve-o no desktop!
< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Clique direito em adwcleaner.exe,e escolha sua execução como administrador.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Ps: Dê início ao scan,clicando em "Examinar".
< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
|- Copie o log ou clique "Relatório".
|- Poste: < C:\AdwCleaner\AdwCleaner[S0].txt >
|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "COMPLETA" e aguarde a conclusão!
|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
|- Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
|- Maiores informações: < |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| >
A+
joram- Administrador
- Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Como remover o blueseek?
Mas como isso irá remover o blueseek?
Para que serve cada passo,e programa?
Para que serve cada passo,e programa?
Mariana7777- Iniciante
- Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014
Re: Como remover o blueseek?
Olá! Mariana7777Mariana7777 escreveu:Mas como isso irá remover o blueseek?
Para que serve cada passo,e programa?
|- Para evitar o árduo trabalho de um procedimento manual,nem sempre bem sucedido.
A+
joram- Administrador
- Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Como remover o blueseek?
# AdwCleaner v3.308 - Relatório criado 31/08/2014 às 00:00:34
# Atualizado 20/08/2014 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (64 bits)
# Usuário : Usuario - USUARIO-PC
# Executando de : C:\Users\Usuario\Downloads\adwcleaner_3.308.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : APNMCP
Serviço Deletada : TBSrv
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\AskPartnerNetwork
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\Program Files (x86)\AskPartnerNetwork
Pasta Deletada : C:\Program Files (x86)\Conduit
Pasta Deletada : C:\Program Files (x86)\NCH Software
Pasta Deletada : C:\Program Files (x86)\SiteLookup
Pasta Deletada : C:\Program Files (x86)\Tbccint
Pasta Deletada : C:\Program Files (x86)\NCH
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Usuario\AppData\Local\AskPartnerNetwork
Pasta Deletada : C:\Users\Usuario\AppData\Local\Conduit
Pasta Deletada : C:\Users\Usuario\AppData\Local\Temp\apn
Pasta Deletada : C:\Users\Usuario\AppData\Local\Temp\Iminent
Pasta Deletada : C:\Users\Usuario\AppData\Local\Temp\mt_ffx
Pasta Deletada : C:\Users\Usuario\AppData\Local\Temp\NCH
Pasta Deletada : C:\Users\Usuario\AppData\LocalLow\Conduit
Pasta Deletada : C:\Users\Usuario\AppData\LocalLow\IminentToolbar
Pasta Deletada : C:\Users\Usuario\AppData\LocalLow\NCH
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\IminentToolbar
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\SimilarAddon
Pasta Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Arquivo Deletada : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bpibb4g1.default\searchplugins\ask-search.xml
Arquivo Deletada : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bpibb4g1.default\user.js
Arquivo Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.iminent.com_0.localstorage
Arquivo Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.iminent.com_0.localstorage-journal
***** [ Tarefas ] *****
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainerV2]
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Chave Deletedo : HKLM\SOFTWARE\Classes\Toolbar.CT3282502
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{529F0B15-96BB-4CA3-AB41-958E5C4E83B4}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{529F0B15-96BB-4CA3-AB41-958E5C4E83B4}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E9E61AC0-4EFE-4920-A492-14138D8E0A6C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F5DE9F5-AFA4-453B-8CE2-2F05276A4E75}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]
Chave Deletedo : HKCU\Software\APN PIP
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\IminentToolbar
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\Tbccint_HKLM
Chave Deletedo : HKCU\Software\AppDataLow\Toolbar
Chave Deletedo : HKCU\Software\AppDataLow\Software\Conduit
Chave Deletedo : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Chave Deletedo : HKCU\Software\AppDataLow\Software\SmartBar
Chave Deletedo : HKCU\Software\AppDataLow\Software\NCH
Chave Deletedo : HKLM\SOFTWARE\AskPartnerNetwork
Chave Deletedo : HKLM\SOFTWARE\Conduit
Chave Deletedo : HKLM\SOFTWARE\Iminent
Chave Deletedo : HKLM\SOFTWARE\PIP
Chave Deletedo : HKLM\SOFTWARE\NCH
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NCH Toolbar
Chave Deletedo : [x64] HKLM\SOFTWARE\Iminent
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v31.0 (x86 pt-BR)
[ Arquivo : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bpibb4g1.default\prefs.js ]
Linha deletada : user_pref("extensions.iminent.admin", false);
Linha deletada : user_pref("extensions.iminent.aflt", "orgnl");
Linha deletada : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Linha deletada : user_pref("extensions.iminent.autoRvrt", "false");
Linha deletada : user_pref("extensions.iminent.dfltLng", "");
Linha deletada : user_pref("extensions.iminent.excTlbr", false);
Linha deletada : user_pref("extensions.iminent.ffxUnstlRst", false);
Linha deletada : user_pref("extensions.iminent.id", "fee424f60000000000002aedb94abb2b");
Linha deletada : user_pref("extensions.iminent.instlDay", "16152");
Linha deletada : user_pref("extensions.iminent.instlRef", "");
Linha deletada : user_pref("extensions.iminent.newTab", false);
Linha deletada : user_pref("extensions.iminent.prdct", "iminent");
Linha deletada : user_pref("extensions.iminent.prtnrId", "iminent");
Linha deletada : user_pref("extensions.iminent.rvrt", "false");
Linha deletada : user_pref("extensions.iminent.smplGrp", "none");
Linha deletada : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
Linha deletada : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Linha deletada : user_pref("extensions.iminent.vrsn", "1.8.28.3");
Linha deletada : user_pref("extensions.iminent.vrsnTs", "1.8.28.315:51:30");
Linha deletada : user_pref("extensions.iminent.vrsni", "1.8.28.3");
Linha deletada : user_pref("iminent.ShowThankyouPixel", "0");
Linha deletada : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0.8900199601687155,\"s\":8,\"es\":2}");
Linha deletada : user_pref("iminent.enableToolbar", "false");
Linha deletada : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"10bb6277-6b2b-413e-8d82-ad9398543254\",\"name\":\"Dealply\",\"addonId\":1,\"url\":\"http://i.imitinjs.info/imitin/javascript.js\",\"querySt[...]
Linha deletada : user_pref("iminent.externalScripts.iRobinHood.IROBPKG", "{\"pkgid\":\"wrDCtMK5wrbCuMKzwrDCtcK5\",\"raw_pkgid\":\"158792148\"}");
Linha deletada : user_pref("iminent.externalScripts.iRobinHood.irobsettings", "[{\"TM\":\"61590.7\",\"IA\":\"1\",\"HU\":\"hxxp://iminent.donation-tools.org/home.aspx\",\"CC\":\"Fight Cancer\",\"CI\":\"5719\",\"AU\":\"[...]
Linha deletada : user_pref("iminent.externalScripts.iRobinHood.menuURL", "hxxp://iminent.donation-tools.org/home.aspx?pkgId=wrDCtMK5wrbCuMKzwrDCtcK5");
Linha deletada : user_pref("iminent.registerToolbarEvent100", "1407963426149");
Linha deletada : user_pref("iminent.registerToolbarEvent101", "1408828959060");
Linha deletada : user_pref("iminent.registerToolbarEvent102", "1408828141543");
Linha deletada : user_pref("iminent.registerToolbarEvent105", "1408135635516");
Linha deletada : user_pref("iminent.registerToolbarEvent109", "1408836753547");
Linha deletada : user_pref("iminent.registerToolbarEvent111", "1408836751821");
Linha deletada : user_pref("iminent.registerToolbarEvent112", "1408836760615");
Linha deletada : user_pref("iminent.registerToolbarEvent122", "1408836753849");
Linha deletada : user_pref("iminent.registerToolbarEvent136", "1395691269258");
Linha deletada : user_pref("iminent.registerToolbarEvent140", "1408831588617");
Linha deletada : user_pref("iminent.trackExternalScripts1", "1397259776283");
Linha deletada : user_pref("iminent.trackExternalScripts2", "1397259780065");
Linha deletada : user_pref("iminent.trackExternalScripts3", "1397261090351");
Linha deletada : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
-\\ Google Chrome v36.0.1985.143
[ Arquivo : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : bopakagnckmlgajfccecajhnimjiiedh
*************************
AdwCleaner[R0].txt - [11291 octets] - [30/08/2014 23:02:16]
AdwCleaner[R1].txt - [11352 octets] - [30/08/2014 23:08:33]
AdwCleaner[R2].txt - [11413 octets] - [30/08/2014 23:58:33]
AdwCleaner[S0].txt - [10824 octets] - [31/08/2014 00:00:34]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10885 octets] ##########
# Atualizado 20/08/2014 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (64 bits)
# Usuário : Usuario - USUARIO-PC
# Executando de : C:\Users\Usuario\Downloads\adwcleaner_3.308.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : APNMCP
Serviço Deletada : TBSrv
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\AskPartnerNetwork
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\Program Files (x86)\AskPartnerNetwork
Pasta Deletada : C:\Program Files (x86)\Conduit
Pasta Deletada : C:\Program Files (x86)\NCH Software
Pasta Deletada : C:\Program Files (x86)\SiteLookup
Pasta Deletada : C:\Program Files (x86)\Tbccint
Pasta Deletada : C:\Program Files (x86)\NCH
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Usuario\AppData\Local\AskPartnerNetwork
Pasta Deletada : C:\Users\Usuario\AppData\Local\Conduit
Pasta Deletada : C:\Users\Usuario\AppData\Local\Temp\apn
Pasta Deletada : C:\Users\Usuario\AppData\Local\Temp\Iminent
Pasta Deletada : C:\Users\Usuario\AppData\Local\Temp\mt_ffx
Pasta Deletada : C:\Users\Usuario\AppData\Local\Temp\NCH
Pasta Deletada : C:\Users\Usuario\AppData\LocalLow\Conduit
Pasta Deletada : C:\Users\Usuario\AppData\LocalLow\IminentToolbar
Pasta Deletada : C:\Users\Usuario\AppData\LocalLow\NCH
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\IminentToolbar
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\SimilarAddon
Pasta Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Arquivo Deletada : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bpibb4g1.default\searchplugins\ask-search.xml
Arquivo Deletada : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bpibb4g1.default\user.js
Arquivo Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.iminent.com_0.localstorage
Arquivo Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.iminent.com_0.localstorage-journal
***** [ Tarefas ] *****
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainerV2]
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Chave Deletedo : HKLM\SOFTWARE\Classes\Toolbar.CT3282502
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{529F0B15-96BB-4CA3-AB41-958E5C4E83B4}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{529F0B15-96BB-4CA3-AB41-958E5C4E83B4}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E9E61AC0-4EFE-4920-A492-14138D8E0A6C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F5DE9F5-AFA4-453B-8CE2-2F05276A4E75}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]
Chave Deletedo : HKCU\Software\APN PIP
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\IminentToolbar
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\Tbccint_HKLM
Chave Deletedo : HKCU\Software\AppDataLow\Toolbar
Chave Deletedo : HKCU\Software\AppDataLow\Software\Conduit
Chave Deletedo : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Chave Deletedo : HKCU\Software\AppDataLow\Software\SmartBar
Chave Deletedo : HKCU\Software\AppDataLow\Software\NCH
Chave Deletedo : HKLM\SOFTWARE\AskPartnerNetwork
Chave Deletedo : HKLM\SOFTWARE\Conduit
Chave Deletedo : HKLM\SOFTWARE\Iminent
Chave Deletedo : HKLM\SOFTWARE\PIP
Chave Deletedo : HKLM\SOFTWARE\NCH
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NCH Toolbar
Chave Deletedo : [x64] HKLM\SOFTWARE\Iminent
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v31.0 (x86 pt-BR)
[ Arquivo : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bpibb4g1.default\prefs.js ]
Linha deletada : user_pref("extensions.iminent.admin", false);
Linha deletada : user_pref("extensions.iminent.aflt", "orgnl");
Linha deletada : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Linha deletada : user_pref("extensions.iminent.autoRvrt", "false");
Linha deletada : user_pref("extensions.iminent.dfltLng", "");
Linha deletada : user_pref("extensions.iminent.excTlbr", false);
Linha deletada : user_pref("extensions.iminent.ffxUnstlRst", false);
Linha deletada : user_pref("extensions.iminent.id", "fee424f60000000000002aedb94abb2b");
Linha deletada : user_pref("extensions.iminent.instlDay", "16152");
Linha deletada : user_pref("extensions.iminent.instlRef", "");
Linha deletada : user_pref("extensions.iminent.newTab", false);
Linha deletada : user_pref("extensions.iminent.prdct", "iminent");
Linha deletada : user_pref("extensions.iminent.prtnrId", "iminent");
Linha deletada : user_pref("extensions.iminent.rvrt", "false");
Linha deletada : user_pref("extensions.iminent.smplGrp", "none");
Linha deletada : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
Linha deletada : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Linha deletada : user_pref("extensions.iminent.vrsn", "1.8.28.3");
Linha deletada : user_pref("extensions.iminent.vrsnTs", "1.8.28.315:51:30");
Linha deletada : user_pref("extensions.iminent.vrsni", "1.8.28.3");
Linha deletada : user_pref("iminent.ShowThankyouPixel", "0");
Linha deletada : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0.8900199601687155,\"s\":8,\"es\":2}");
Linha deletada : user_pref("iminent.enableToolbar", "false");
Linha deletada : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"10bb6277-6b2b-413e-8d82-ad9398543254\",\"name\":\"Dealply\",\"addonId\":1,\"url\":\"http://i.imitinjs.info/imitin/javascript.js\",\"querySt[...]
Linha deletada : user_pref("iminent.externalScripts.iRobinHood.IROBPKG", "{\"pkgid\":\"wrDCtMK5wrbCuMKzwrDCtcK5\",\"raw_pkgid\":\"158792148\"}");
Linha deletada : user_pref("iminent.externalScripts.iRobinHood.irobsettings", "[{\"TM\":\"61590.7\",\"IA\":\"1\",\"HU\":\"hxxp://iminent.donation-tools.org/home.aspx\",\"CC\":\"Fight Cancer\",\"CI\":\"5719\",\"AU\":\"[...]
Linha deletada : user_pref("iminent.externalScripts.iRobinHood.menuURL", "hxxp://iminent.donation-tools.org/home.aspx?pkgId=wrDCtMK5wrbCuMKzwrDCtcK5");
Linha deletada : user_pref("iminent.registerToolbarEvent100", "1407963426149");
Linha deletada : user_pref("iminent.registerToolbarEvent101", "1408828959060");
Linha deletada : user_pref("iminent.registerToolbarEvent102", "1408828141543");
Linha deletada : user_pref("iminent.registerToolbarEvent105", "1408135635516");
Linha deletada : user_pref("iminent.registerToolbarEvent109", "1408836753547");
Linha deletada : user_pref("iminent.registerToolbarEvent111", "1408836751821");
Linha deletada : user_pref("iminent.registerToolbarEvent112", "1408836760615");
Linha deletada : user_pref("iminent.registerToolbarEvent122", "1408836753849");
Linha deletada : user_pref("iminent.registerToolbarEvent136", "1395691269258");
Linha deletada : user_pref("iminent.registerToolbarEvent140", "1408831588617");
Linha deletada : user_pref("iminent.trackExternalScripts1", "1397259776283");
Linha deletada : user_pref("iminent.trackExternalScripts2", "1397259780065");
Linha deletada : user_pref("iminent.trackExternalScripts3", "1397261090351");
Linha deletada : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
-\\ Google Chrome v36.0.1985.143
[ Arquivo : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : bopakagnckmlgajfccecajhnimjiiedh
*************************
AdwCleaner[R0].txt - [11291 octets] - [30/08/2014 23:02:16]
AdwCleaner[R1].txt - [11352 octets] - [30/08/2014 23:08:33]
AdwCleaner[R2].txt - [11413 octets] - [30/08/2014 23:58:33]
AdwCleaner[S0].txt - [10824 octets] - [31/08/2014 00:00:34]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10885 octets] ##########
Mariana7777- Iniciante
- Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014
Re: Como remover o blueseek?
Bom Dia! Mariana7777
|- Resta-lhe agora,o relatório da ferramenta ZHPDiag.
|- Como esse log possui tamanho que o Editor não suporta,procure [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] ou envie-o a Cjoint.com.
< |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| >
|- Leia o Tutorial,de como hospedar relatórios em Cjoint.com.
Abs!
|- Resta-lhe agora,o relatório da ferramenta ZHPDiag.
|- Como esse log possui tamanho que o Editor não suporta,procure [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] ou envie-o a Cjoint.com.
< |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| >
|- Leia o Tutorial,de como hospedar relatórios em Cjoint.com.
Abs!
joram- Administrador
- Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
~ Relatório do ZHPDiag v2014.8.28.125 - Nicolas Coolman (28/08/2014)
~ Iniciado por Usuario (31/08/2014 07:05:49)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Desativado pelo Utilizador
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16521
MFIE: Mozilla Firefox 31.0 (Defaut)
GCIE: Google Chrome v36.0.1985.143
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! EasyPass v7-9-1-129
McAfee Security Scan Plus v3.8.150.1
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
FrostWire 5.5.0 v5.5.0.0
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3932 MB (48% free)
System Restore: Activé (Enable)
System drive C: has 148 GB (76%) free of 195 GB
---\\ Modo de conexão ao sistema
~ Computer Name: USUARIO-PC
~ User Name: Usuario
~ All Users Names: Usuario, Convidado, Administrador,
~ Unselected Option: None
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Usuario\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Usuario\AppData\Roaming\
~ %Desktop% : C:\Users\Usuario\Desktop\
~ %Favorites% : C:\Users\Usuario\Favorites\
~ %LocalAppData% : C:\Users\Usuario\AppData\Local\
~ %StartMenu% : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 148 Go of 195 Go)
D: Hard drive, Flash drive, Thumb drive (Free 503 Go of 503 Go)
E: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 46 Scanned in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Internet Extensions para Win32.) (.01/03/2014 - 00:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 04:25:32.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 04:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 00:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 00:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 01:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 00:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 01:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 02:06:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 00:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 04:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/21
~ Mes musiques (My Musics) : 1/13
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/46
~ Mes Documents (My Documents) : 5/228
~ Mon Bureau (My Desktop) : 1/12
~ Menu demarrer (Programs) : 1/68
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.9112B74937BFF9A785B35EC15A9763E1] - (.Dritek System Inc. - Launch Manager Worker.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe [343632] [PID.2480]
[MD5.F0A034864DD865C624F0236DCB53B777] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [94208] [PID.2696]
[MD5.07322C7B12AF81F00AC248190BBF69BE] - (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [100200] [PID.2704]
[MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.exe [97680] [PID.804]
[MD5.535B596FA46EA94D2E4B8FD887CEA58B] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [1106512] [PID.3692]
[MD5.048EA4B978851788E9F5E8E4F081DF7A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904] [PID.3716]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3732]
[MD5.10F36FB8CD6218CD7F818268E0F3F9C6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.4288]
[MD5.02F8883595A2B3D7FFA11C71EAC68473] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.4336]
[MD5.2F777711F4A380AACADBB85A3E7EBFCB] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe [1864368] [PID.4436]
[MD5.33BF80A2291C54DC7D7601CDEF63138E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8099328] [PID.5016]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\SysWOW64\DllHost.exe [7168] [PID.3828]
[MD5.2080DCEBE27D92F29AAB5FCFF77613A2] - (.AVAST Software - avast! Antivirus Installer.) -- C:\Program Files\AVAST Software\Avast\Setup\Instup.exe [198200] [PID.4952]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1952]
[MD5.81669E35B7F87E03426A228290EB5776] - (.Dritek System Inc. - Dritek WMI Service.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe [355920] [PID.2392]
[MD5.A0BC34A5EF2328F147CE658CDF97C0C8] - (.Dritek System Inc. - Launch Manager utility process.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe [419408] [PID.2640]
[MD5.79BC44FF509C79D4E34DED3CD6EFD92B] - (.Atheros - Atheros Coex Service Application.) -- C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864] [PID.2896]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Store v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] Google Docs v.0.7 (Activé)
G2 - GCE: Preference [User Data\Default] [eemcgdkfndhakfknompkggombfjjjeno] Bookmark Manager v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [ennkphjdgehloodpbhlhldgbnhmacadg] Settings v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [gomekmidlodglbbmalcneegieacbdmki] avast! Online Security v.9.0.2022.121, (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [mfehgcgbbipciphmccgaenjidiccnmng] Cloud Print v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [mgndgikekgjfcpckkfioiadnlibdjbkf] Chrome v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [oilipfekkmncanaajkapbpancpelijih] Auto Refresh Plus v.2.0.6, (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
G2 - EXT: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [Google Docs]
G2 - EXT: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [avast! Online Security]
G2 - EXT: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [Google Wallet]
G2 - EXT: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih [Auto Refresh Plus]
~ Google Lines Browser: 37 Scanned in 00mn 06s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bpibb4g1.default\prefs.js
M2 - MFEP: RegExtension {e4f94d1e-2f53-401e-8885-681602c0ddd8} . (...) -- C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
M0 - MFSP: prefs.js [Usuario - bpibb4g1.default] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
M2 - MFEP: Extension [Usuario - bpibb4g1.default] {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} =>.Adblock Plus Extension Mozilla Firefox
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll
~ Firefox Browser: 4 Scanned in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navegador da Internet.) (11.00.9600.16428 (winblue_gdr.131013-1700)) -- C:\Windows\SysWOW64\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
~ IE Browser: 18 Scanned in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: MSS+ Identifier [64Bits] - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} . (.McAfee, Inc. - Quick Browser Identifier for MSS+ Tool.) -- C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: RoboForm BHO [64Bits] - {724d43a9-0d85-11d4-9908-00400523e39a} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper [64Bits] - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IESpeakDoc [64Bits] - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} . (.Atheros Commnucations - Bluetooth IE PlugIn.) -- C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Auxiliar de Conexão de Conta da Microsoft [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
~ BHO: 16 Scanned in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (...) -- (.not file.)
O3 - Toolbar: avast! EasyPass Toolbar - [HKLM]{724d43a0-0d85-11d4-9908-00400523e39a} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [RtHDVBg_Dolby] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [AtherosBtStack] . (.Atheros Communications - Bluetooth Stack Server.) -- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
O4 - HKLM\..\Run: [AthBtTray] . (.Atheros Commnucations - Bluetooth Suite Common Rescource.) -- C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (.not file.)
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [RoboForm] . (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [Dolby Home Theater v4] . (.Dolby Laboratories Inc. - Dolby Profile Selector.) -- C:\Dolby PCEE4\pcee4.exe
O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Wow6432Node\Run: [NWEReboot] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Wow6432Node\Run: [NeroFilterCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:\Windows\SysWOW64\NeroCheck.exe
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2770183107-934580787-1828063163-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-2770183107-934580787-1828063163-1000\..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (.not file.)
O4 - HKUS\S-1-5-21-2770183107-934580787-1828063163-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-2770183107-934580787-1828063163-1000\..\Run: [RoboForm] . (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
~ Application: Scanned in 00mn 00s
---\\ Icones das opções IE invisiveis no painel das configurações (05)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ IE Control Panel: 1 Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Preencher [64Bits] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Salvar Formulários [64Bits] - {320AF880-6646-11D3-ABEE-C5DBF3571F49} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show avast! EasyPass Toolbar [64Bits] - {724d43aa-0d85-11d4-9908-00400523e39a} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Provedor de Correção de Nomeação de Emails.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\system32\wshbth.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Provedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll =>.Microsoft Corporation
O10 - WLSP:\000000000009\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll =>.Microsoft Corporation
~ Winsock: 9 Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3784E67C-A510-4FB8-AB98-DD671670D024}: DhcpNameServer = 8.8.4.4 186.237.152.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{3784E67C-A510-4FB8-AB98-DD671670D024}: DhcpNameServer = 8.8.4.4 186.237.152.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{3784E67C-A510-4FB8-AB98-DD671670D024}: DhcpNameServer = 8.8.4.4 186.237.152.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.4.4 186.237.152.3
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ SSODL: 1 Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AtherosSvc (AtherosSvc) . (.Atheros Commnucations - AdminService Application.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Dritek WMI Service (DsiWMIService) . (.Dritek System Inc. - Dritek WMI Service.) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: ZAtheros Wlan Agent (ZAtheros Wlan Agent) . (.Atheros - Atheros Coex Service Application.) - C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
~ Services: 5 Scanned in 00mn 03s
---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Desktop Component: 4 Scanned in 00mn 00s
---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ BEX: 1 Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648]
[MD5.07322C7B12AF81F00AC248190BBF69BE] [APT] [Run RoboForm TaskBar Icon] (.Siber Systems.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [100200]
[MD5.F6B7CAC71DC7D1224EC61CF409357021] [APT] [{CA840AAD-CFA1-4C07-BEA4-F7A14BEE624C}] (.Mozilla.) -- C:\Users\Usuario\Downloads\Firefox Setup 17.0.1.exe [19248568]
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1066]
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1070]
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
~ Scheduled Task: 17 Scanned in 00mn 01s
---\\ Componentes instalados (ActiveSetup Installed Components) (040)
O40 - ASIC: Microsoft Windows Media Player [64Bits] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\SysWOW64\wmpdxm.dll =>.Microsoft Corporation
O40 - ASIC: Themes Setup [64Bits] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\Windows\System32\themeui.dll
O40 - ASIC: Internet Explorer [64Bits] - {2D46B6DC-2207-486B-B523-A557E6D54B47} . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\system32\cmd.exe
O40 - ASIC: Microsoft Windows [64Bits] - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe =>.Microsoft Corporation
O40 - ASIC: Browsing Enhancements [64Bits] - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extensão shell da pasta FTP do Microsoft Internet Explorer.) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Windows Desktop Update [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\Windows\System32\shell32.dll
O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
~ Active Setup: 10 Scanned in 00mn 00s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys
O41 - Driver: C:\Windows\System32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys
O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: (InCDPass) . (. - .) - C:\Windows\System32\drivers\InCDPass.sys (.not file.)
O41 - Driver: (InCDRm) . (. - .) - C:\Windows\System32\drivers\InCDRm.sys (.not file.)
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Agendador de pacotes de serviço.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Driver do Subsistema de Buffer da Unidade R.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (VWiFiFlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\System32\DRIVERS\vwififlt.sys
O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys
O41 - Driver: (aswRdr) . (. - .) - C:\Windows\system32\drivers\aswRdr2.sys (.not file.)
O41 - Driver: (aswSnx) . (. - .) - C:\Windows\system32\drivers\aswSnx.sys (.not file.)
O41 - Driver: (aswSP) . (. - .) - C:\Windows\system32\drivers\aswSP.sys (.not file.)
~ Drivers: 72 Scanned in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Adobe Flash Player 13 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 13 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader XI (11.0.07) - Português - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1046-7B44-AB0000000001}
O42 - Logiciel: Ask Shopping Toolbar - (.APN, LLC.) [HKLM][64Bits] -- {4F524A2D-5637-2D53-4154-A758B70C0F01} =>Adware.Bandoo
O42 - Logiciel: Ask Toolbar - (.APN, LLC.) [HKLM][64Bits] -- {4F524A2D-5637-006A-76A7-A758B70C0F05} =>Toolbar.Avira
O42 - Logiciel: Atheros Bluetooth Suite (64) - (.Atheros.) [HKLM][64Bits] -- {230D1595-57DA-4933-8C4E-375797EBB7E1}
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
O42 - Logiciel: Dolby Home Theater v4 - (.Dolby Laboratories Inc.) [HKLM][64Bits] -- {B26438B4-BF51-49C3-9567-7F14A5E40CB9}
O42 - Logiciel: Dropbox - (.Dropbox, Inc..) [HKCU][64Bits] -- Dropbox
O42 - Logiciel: FrostWire 5.5.0 - (.FrostWire Team.) [HKLM][64Bits] -- FrostWire 5
O42 - Logiciel: Galeria de Fotos - (.Microsoft Corporation.) [HKLM][64Bits] -- {9EE1AE8B-4872-41CA-8C9A-C33D899523E0}
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: Intel(R) OpenCL CPU Runtime - (.Intel Corporation.) [HKLM][64Bits] -- {FCB3772C-B7D0-4933-B1A9-3707EBACC573}
O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM][64Bits] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}
O42 - Logiciel: Java 7 Update 55 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83217051FF}
O42 - Logiciel: Launch Manager - (.Acer Inc..) [HKLM][64Bits] -- LManager
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
O42 - Logiciel: MSVCRT110 - (.Microsoft.) [HKLM][64Bits] -- {8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}
O42 - Logiciel: MSVCRT110_amd64 - (.Microsoft.) [HKLM][64Bits] -- {E9FA781F-3E80-4399-825A-AD3E11C28C77}
O42 - Logiciel: McAfee Security Scan Plus - (.McAfee, Inc..) [HKLM][64Bits] -- McAfee Security Scan
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Mozilla Firefox 31.0 (x86 pt-BR) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 31.0 (x86 pt-BR)
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService
O42 - Logiciel: Nero 7 Ultra Edition - (.Nero AG.) [HKLM][64Bits] -- {4781569D-5404-1F26-4B2B-6DF444441031}
O42 - Logiciel: Qualcomm Atheros WiFi Driver Installation - (.Qualcomm Atheros.) [HKLM][64Bits] -- {28006915-2739-4EBE-B5E8-49B25D32EB33}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: TempoPerfect Metronome Software - (.NCH Software.) [HKLM][64Bits] -- TempoPerfect
O42 - Logiciel: WinRAR 5.10 (32-bit) - (.win.rar GmbH.) [HKLM][64Bits] -- WinRAR archiver
O42 - Logiciel: aTube Catcher versão 3.8 - (.DsNET Corp.) [HKLM][64Bits] -- {D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1
O42 - Logiciel: avast! EasyPass v7-9-1-129 - (.AVAST Software.) [HKLM][64Bits] -- AI RoboForm
~ Logic: 43 Scanned in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Adobe]
[HKCU\Software\Ahead]
[HKCU\Software\AppDataLow\Software\BackgroundContainerV2] =>PUP.Babylon
[HKCU\Software\AppDataLow\Software\JavaSoft]
[HKCU\Software\AppDataLow]
[HKCU\Software\Atheros]
[HKCU\Software\Avast Software]
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKCU\Software\Baixaki]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Dolby]
[HKCU\Software\Dritek]
[HKCU\Software\Google]
[HKCU\Software\IM Providers]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\MCAFEE]
[HKCU\Software\Macromedia]
[HKCU\Software\Magnet]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\NCH Software]
[HKCU\Software\NCH Swift Sound]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\Policies]
[HKCU\Software\Realtek]
[HKCU\Software\RegisteredApplications]
[HKCU\Software\Siber Systems]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Wow6432Node]
[HKCU\Software\ZebHelpProcess Helper]
[HKCU\Software\drpsu]
[HKLM\Software\ATHEROS]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Baidu Security]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\DTS]
[HKLM\Software\Dolby]
[HKLM\Software\Intel]
[HKLM\Software\Khronos]
[HKLM\Software\Macromedia]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\ODBC]
[HKLM\Software\Policies]
[HKLM\Software\Qualcomm Atheros Fast Reconnect]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SRS Labs]
[HKLM\Software\SonicFocus]
[HKLM\Software\Sonic]
[HKLM\Software\Synaptics]
[HKLM\Software\WIDCOMM_TEMP]
[HKLM\Software\Waves Audio]
[HKLM\Software\Wow6432Node\ATHEROS]
[HKLM\Software\Wow6432Node\Adobe]
[HKLM\Software\Wow6432Node\AdwCleaner]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu]
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]
[HKLM\Software\Wow6432Node\Classes]
[HKLM\Software\Wow6432Node\Clients]
[HKLM\Software\Wow6432Node\Dritek]
[HKLM\Software\Wow6432Node\Google]
[HKLM\Software\Wow6432Node\Intel]
[HKLM\Software\Wow6432Node\JavaSoft]
[HKLM\Software\Wow6432Node\JreMetrics]
[HKLM\Software\Wow6432Node\Khronos]
[HKLM\Software\Wow6432Node\Macromedia]
[HKLM\Software\Wow6432Node\MozillaPlugins]
[HKLM\Software\Wow6432Node\Mozilla]
[HKLM\Software\Wow6432Node\NCH Software]
[HKLM\Software\Wow6432Node\NCH Swift Sound]
[HKLM\Software\Wow6432Node\Nero]
[HKLM\Software\Wow6432Node\ODBC]
[HKLM\Software\Wow6432Node\Policies]
[HKLM\Software\Wow6432Node\Qualcomm Atheros WiFi Driver Installation]
[HKLM\Software\Wow6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\Wow6432Node\Realtek]
[HKLM\Software\Wow6432Node\RegisteredApplications]
[HKLM\Software\Wow6432Node\Siber Systems]
[HKLM\Software\Wow6432Node\SiteSee]
[HKLM\Software\Wow6432Node\Volatile]
[HKLM\Software\Wow6432Node\WinRAR]
[HKLM\Software\Wow6432Node\ahead]
[HKLM\Software\Wow6432Node\dotNetInstaller]
[HKLM\Software\Wow6432Node\mcafeeupdater]
[HKLM\Software\Wow6432Node\mozilla.org]
[HKLM\Software\Wow6432Node]
[HKLM\Software\mcafeeupdater]
~ Key Software: 175 Scanned in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 09/04/2013 - 20:54:49 - [] ----D C:\Program Files (x86)\Adobe
O43 - CFD: 04/12/2012 - 15:17:14 - [] ----D C:\Program Files (x86)\Atheros
O43 - CFD: 27/08/2014 - 16:41:21 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 25/08/2014 - 15:08:21 - [] ----D C:\Program Files (x86)\Baidu-Security-2014-4.4.4.80971
O43 - CFD: 14/06/2014 - 10:51:01 - [] ----D C:\Program Files (x86)\Bluetooth Suite
O43 - CFD: 24/08/2014 - 11:28:09 - [] ----D C:\Program Files (x86)\Common Files
O43 - CFD: 25/08/2014 - 15:07:44 - [] ----D C:\Program Files (x86)\DsNET Corp
O43 - CFD: 05/12/2012 - 11:24:22 - [] ----D C:\Program Files (x86)\FrostWire 5
O43 - CFD: 28/05/2013 - 12:49:45 - [] ----D C:\Program Files (x86)\Google
O43 - CFD: 04/12/2012 - 15:16:42 - [] --H-D C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 04/12/2012 - 15:05:27 - [] ----D C:\Program Files (x86)\Intel
O43 - CFD: 28/03/2014 - 16:33:32 - [] ----D C:\Program Files (x86)\Internet Explorer
O43 - CFD: 24/08/2014 - 13:43:24 - [] ----D C:\Program Files (x86)\Java
O43 - CFD: 04/12/2012 - 15:22:08 - [] ----D C:\Program Files (x86)\Launch Manager
O43 - CFD: 04/12/2012 - 10:34:40 - [] ----D C:\Program Files (x86)\Microsoft Office
O43 - CFD: 19/04/2014 - 13:31:08 - [] ----D C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 27/08/2014 - 16:29:06 - [] ----D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
O43 - CFD: 04/12/2012 - 10:34:28 - [] ----D C:\Program Files (x86)\Microsoft Visual Studio
O43 - CFD: 04/12/2012 - 10:32:38 - [] ----D C:\Program Files (x86)\Microsoft Visual Studio 8
O43 - CFD: 01/01/2013 - 08:30:24 - [] ----D C:\Program Files (x86)\Microsoft Works
O43 - CFD: 02/01/2013 - 07:42:11 - [] ----D C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 24/07/2014 - 11:41:42 - [] ----D C:\Program Files (x86)\Mozilla Firefox
O43 - CFD: 25/07/2014 - 12:02:16 - [] ----D C:\Program Files (x86)\Mozilla Maintenance Service
O43 - CFD: 04/12/2012 - 10:34:56 - [] ----D C:\Program Files (x86)\MSBuild
O43 - CFD: 15/07/2013 - 17:48:48 - [] ----D C:\Program Files (x86)\NCH Swift Sound
O43 - CFD: 05/12/2012 - 12:36:03 - [] ----D C:\Program Files (x86)\Nero
O43 - CFD: 04/12/2012 - 14:49:21 - [] ----D C:\Program Files (x86)\Realtek
O43 - CFD: 14/07/2009 - 02:32:38 - [] ----D C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 27/01/2014 - 10:19:57 - [] ----D C:\Program Files (x86)\Siber Systems
O43 - CFD: 04/12/2012 - 14:50:34 - [0] --H-D C:\Program Files (x86)\Temp
O43 - CFD: 14/07/2009 - 01:57:06 - [0] --H-D C:\Program Files (x86)\Uninstall Information
O43 - CFD: 11/01/2014 - 15:43:34 - [] ----D C:\Program Files (x86)\Windows Defender
O43 - CFD: 27/08/2014 - 16:28:41 - [] ----D C:\Program Files (x86)\Windows Live
O43 - CFD: 08/01/2014 - 18:54:57 - [] ----D C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 11/01/2014 - 15:43:51 - [] ----D C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - 02:32:38 - [] ----D C:\Program Files (x86)\Windows NT
O43 - CFD: 08/01/2014 - 18:54:55 - [] ----D C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 08/01/2014 - 18:54:56 - [] ----D C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 08/01/2014 - 18:54:58 - [] ----D C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 24/08/2014 - 11:13:16 - [] ----D C:\Program Files (x86)\WinRAR
O43 - CFD: 31/08/2014 - 06:54:59 - [] ----D C:\Program Files (x86)\ZHPDiag =>.Nicolas Coolman
O43 - CFD: 09/04/2013 - 20:54:57 - [] ----D C:\Program Files (x86)\Common Files\Adobe
O43 - CFD: 05/12/2012 - 12:36:03 - [] ----D C:\Program Files (x86)\Common Files\Ahead
O43 - CFD: 04/12/2012 - 14:55:33 - [] ----D C:\Program Files (x86)\Common Files\Atheros
O43 - CFD: 04/12/2012 - 10:34:28 - [] ----D C:\Program Files (x86)\Common Files\DESIGNER
O43 - CFD: 04/12/2012 - 14:49:11 - [] ----D C:\Program Files (x86)\Common Files\InstallShield
O43 - CFD: 04/12/2012 - 15:05:10 - [] ----D C:\Program Files (x86)\Common Files\Intel
O43 - CFD: 23/11/2013 - 09:55:35 - [] ----D C:\Program Files (x86)\Common Files\Java
O43 - CFD: 27/08/2014 - 16:24:59 - [] ----D C:\Program Files (x86)\Common Files\microsoft shared
O43 - CFD: 14/07/2009 - 00:20:08 - [] ----D C:\Program Files (x86)\Common Files\Services
O43 - CFD: 14/07/2009 - 00:20:08 - [] ----D C:\Program Files (x86)\Common Files\SpeechEngines
O43 - CFD: 08/01/2014 - 18:54:53 - [] ----D C:\Program Files (x86)\Common Files\System
O43 - CFD: 04/12/2012 - 15:29:01 - [] ----D C:\Program Files (x86)\Common Files\Windows Live
O43 - CFD: 28/05/2013 - 11:43:25 - [] ----D C:\ProgramData\Adobe
O43 - CFD: 14/07/2009 - 02:08:56 - [] -SH-D C:\ProgramData\Application Data
O43 - CFD: 04/12/2012 - 15:17:08 - [] ----D C:\ProgramData\Atheros
O43 - CFD: 07/01/2014 - 18:57:16 - [] ----D C:\ProgramData\AVAST Software
O43 - CFD: 27/08/2014 - 16:41:21 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 04/12/2012 - 19:51:47 - [] -SH-D C:\ProgramData\Dados de aplicativos
O43 - CFD: 14/07/2009 - 02:08:56 - [] -SH-D C:\ProgramData\Desktop
O43 - CFD: 04/12/2012 - 19:51:47 - [] -SH-D C:\ProgramData\Documentos
O43 - CFD: 14/07/2009 - 02:08:56 - [] -SH-D C:\ProgramData\Documents
O43 - CFD: 14/07/2009 - 02:08:56 - [] -SH-D C:\ProgramData\Favorites
O43 - CFD: 04/12/2012 - 19:51:47 - [] -SH-D C:\ProgramData\Favoritos
O43 - CFD: 04/12/2012 - 15:11:50 - [0] ----D C:\ProgramData\Intel
O43 - CFD: 08/02/2013 - 16:00:21 - [] ----D C:\ProgramData\McAfee
O43 - CFD: 14/06/2014 - 17:32:32 - [] ----D C:\ProgramData\McAfee Security Scan
O43 - CFD: 04/12/2012 - 19:51:47 - [] -SH-D C:\ProgramData\Menu Iniciar
O43 - CFD: 27/08/2014 - 16:26:53 - [] -S--D C:\ProgramData\Microsoft
O43 - CFD: 10/01/2013 - 08:30:49 - [] ----D C:\ProgramData\Microsoft Help
O43 - CFD: 04/12/2012 - 19:51:47 - [] -SH-D C:\ProgramData\Modelos
O43 - CFD: 05/12/2012 - 11:16:05 - [] ----D C:\ProgramData\Mozilla
O43 - CFD: 15/07/2013 - 17:48:48 - [] ----D C:\ProgramData\NCH Swift Sound
O43 - CFD: 24/08/2014 - 13:48:47 - [0] ----D C:\ProgramData\Oracle
O43 - CFD: 04/12/2012 - 15:11:37 - [0] ----D C:\ProgramData\Roaming
O43 - CFD: 27/01/2014 - 10:20:23 - [] ----D C:\ProgramData\RoboForm
O43 - CFD: 14/07/2009 - 02:08:56 - [] -SH-D C:\ProgramData\Start Menu
O43 - CFD: 05/12/2012 - 11:23:50 - [] ----D C:\ProgramData\Sun
O43 - CFD: 14/07/2009 - 02:08:56 - [] -SH-D C:\ProgramData\Templates
O43 - CFD: 09/04/2013 - 21:04:34 - [] ----D C:\Users\Usuario\AppData\Roaming\Adobe
O43 - CFD: 05/12/2012 - 12:36:51 - [] ----D C:\Users\Usuario\AppData\Roaming\Ahead
O43 - CFD: 04/12/2012 - 14:56:43 - [] ----D C:\Users\Usuario\AppData\Roaming\Atheros
O43 - CFD: 27/01/2014 - 10:24:55 - [] ----D C:\Users\Usuario\AppData\Roaming\AVAST Software
O43 - CFD: 11/04/2013 - 12:59:25 - [] ----D C:\Users\Usuario\AppData\Roaming\Azureus =>P2P.Azureus
O43 - CFD: 27/08/2014 - 16:41:08 - [] ----D C:\Users\Usuario\AppData\Roaming\Baidu Security
O43 - CFD: 09/08/2014 - 14:47:32 - [] ----D C:\Users\Usuario\AppData\Roaming\Dropbox
O43 - CFD: 09/08/2014 - 14:47:31 - [] ----D C:\Users\Usuario\AppData\Roaming\DropboxMaster
O43 - CFD: 04/12/2012 - 19:52:22 - [] ----D C:\Users\Usuario\AppData\Roaming\Identities
O43 - CFD: 04/12/2012 - 15:11:37 - [0] ----D C:\Users\Usuario\AppData\Roaming\Intel
O43 - CFD: 05/12/2012 - 11:14:29 - [] ----D C:\Users\Usuario\AppData\Roaming\Macromedia
O43 - CFD: 14/07/2009 - 15:12:00 - [0] ----D C:\Users\Usuario\AppData\Roaming\Media Center Programs
O43 - CFD: 21/06/2014 - 21:39:59 - [] -S--D C:\Users\Usuario\AppData\Roaming\Microsoft
O43 - CFD: 05/12/2012 - 11:19:56 - [] ----D C:\Users\Usuario\AppData\Roaming\Mozilla
O43 - CFD: 27/01/2014 - 10:22:00 - [] ----D C:\Users\Usuario\AppData\Roaming\RoboForm
O43 - CFD: 04/12/2012 - 10:09:38 - [] ----D C:\Users\Usuario\AppData\Roaming\WinRAR
O43 - CFD: 31/08/2014 - 07:06:11 - [] ----D C:\Users\Usuario\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 12/04/2014 - 18:10:22 - [] ----D C:\Users\Usuario\AppData\Local\Adobe
O43 - CFD: 01/01/2013 - 10:09:05 - [] ----D C:\Users\Usuario\AppData\Local\Ahead
O43 - CFD: 13/12/2012 - 15:39:38 - [] ----D C:\Users\Usuario\AppData\Local\Ares
O43 - CFD: 04/12/2012 - 15:00:52 - [] ----D C:\Users\Usuario\AppData\Local\BMExplorer
O43 - CFD: 24/08/2014 - 11:28:09 - [] ----D C:\Users\Usuario\AppData\Local\CrashDumps
O43 - CFD: 04/12/2012 - 19:51:59 - [] -SH-D C:\Users\Usuario\AppData\Local\Dados de aplicativos
O43 - CFD: 17/05/2014 - 17:18:25 - [] ----D C:\Users\Usuario\AppData\Local\Diagnostics
O43 - CFD: 28/05/2013 - 12:49:48 - [] ----D C:\Users\Usuario\AppData\Local\Google
O43 - CFD: 04/12/2012 - 19:51:59 - [] -SH-D C:\Users\Usuario\AppData\Local\Histórico
O43 - CFD: 07/12/2012 - 17:21:11 - [] ----D C:\Users\Usuario\AppData\Local\Macromedia
O43 - CFD: 27/08/2014 - 16:36:30 - [] ----D C:\Users\Usuario\AppData\Local\Microsoft
O43 - CFD: 23/05/2014 - 22:25:10 - [] ----D C:\Users\Usuario\AppData\Local\Microsoft Games
O43 - CFD: 08/01/2014 - 12:05:54 - [] ----D C:\Users\Usuario\AppData\Local\Microsoft Help
O43 - CFD: 01/10/2013 - 14:39:38 - [] ----D C:\Users\Usuario\AppData\Local\Mozilla
O43 - CFD: 23/03/2014 - 15:47:12 - [] ----D C:\Users\Usuario\AppData\Local\Programs
O43 - CFD: 31/08/2014 - 06:56:21 - [] ----D C:\Users\Usuario\AppData\Local\Temp
O43 - CFD: 04/12/2012 - 19:51:59 - [] -SH-D C:\Users\Usuario\AppData\Local\Temporary Internet Files
O43 - CFD: 13/12/2012 - 16:09:14 - [] ----D C:\Users\Usuario\AppData\Local\VirtualStore
O43 - CFD: 30/08/2014 - 23:55:17 - [] ----D C:\Users\Usuario\AppData\Local\Windows Live
O43 - CFD: 14/07/2009 - 01:54:32 - [] R---D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 11/01/2014 - 15:52:17 - [] R---D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 09/08/2014 - 14:47:02 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
O43 - CFD: 05/12/2012 - 11:24:22 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
O43 - CFD: 14/07/2009 - 01:49:38 - [] R---D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 11/01/2014 - 15:52:17 - [] R---D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 24/08/2014 - 10:29:26 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
~ Program Folder: 122 Scanned in 00mn 00s
~ Iniciado por Usuario (31/08/2014 07:05:49)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Desativado pelo Utilizador
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16521
MFIE: Mozilla Firefox 31.0 (Defaut)
GCIE: Google Chrome v36.0.1985.143
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! EasyPass v7-9-1-129
McAfee Security Scan Plus v3.8.150.1
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
FrostWire 5.5.0 v5.5.0.0
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3932 MB (48% free)
System Restore: Activé (Enable)
System drive C: has 148 GB (76%) free of 195 GB
---\\ Modo de conexão ao sistema
~ Computer Name: USUARIO-PC
~ User Name: Usuario
~ All Users Names: Usuario, Convidado, Administrador,
~ Unselected Option: None
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Usuario\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Usuario\AppData\Roaming\
~ %Desktop% : C:\Users\Usuario\Desktop\
~ %Favorites% : C:\Users\Usuario\Favorites\
~ %LocalAppData% : C:\Users\Usuario\AppData\Local\
~ %StartMenu% : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 148 Go of 195 Go)
D: Hard drive, Flash drive, Thumb drive (Free 503 Go of 503 Go)
E: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 46 Scanned in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Internet Extensions para Win32.) (.01/03/2014 - 00:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 04:25:32.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 04:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 00:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 00:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 01:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 00:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 01:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 02:06:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 00:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 04:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/21
~ Mes musiques (My Musics) : 1/13
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/46
~ Mes Documents (My Documents) : 5/228
~ Mon Bureau (My Desktop) : 1/12
~ Menu demarrer (Programs) : 1/68
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.9112B74937BFF9A785B35EC15A9763E1] - (.Dritek System Inc. - Launch Manager Worker.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe [343632] [PID.2480]
[MD5.F0A034864DD865C624F0236DCB53B777] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [94208] [PID.2696]
[MD5.07322C7B12AF81F00AC248190BBF69BE] - (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [100200] [PID.2704]
[MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.exe [97680] [PID.804]
[MD5.535B596FA46EA94D2E4B8FD887CEA58B] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [1106512] [PID.3692]
[MD5.048EA4B978851788E9F5E8E4F081DF7A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904] [PID.3716]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3732]
[MD5.10F36FB8CD6218CD7F818268E0F3F9C6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.4288]
[MD5.02F8883595A2B3D7FFA11C71EAC68473] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.4336]
[MD5.2F777711F4A380AACADBB85A3E7EBFCB] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe [1864368] [PID.4436]
[MD5.33BF80A2291C54DC7D7601CDEF63138E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8099328] [PID.5016]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\SysWOW64\DllHost.exe [7168] [PID.3828]
[MD5.2080DCEBE27D92F29AAB5FCFF77613A2] - (.AVAST Software - avast! Antivirus Installer.) -- C:\Program Files\AVAST Software\Avast\Setup\Instup.exe [198200] [PID.4952]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1952]
[MD5.81669E35B7F87E03426A228290EB5776] - (.Dritek System Inc. - Dritek WMI Service.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe [355920] [PID.2392]
[MD5.A0BC34A5EF2328F147CE658CDF97C0C8] - (.Dritek System Inc. - Launch Manager utility process.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe [419408] [PID.2640]
[MD5.79BC44FF509C79D4E34DED3CD6EFD92B] - (.Atheros - Atheros Coex Service Application.) -- C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864] [PID.2896]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Store v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] Google Docs v.0.7 (Activé)
G2 - GCE: Preference [User Data\Default] [eemcgdkfndhakfknompkggombfjjjeno] Bookmark Manager v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [ennkphjdgehloodpbhlhldgbnhmacadg] Settings v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [gomekmidlodglbbmalcneegieacbdmki] avast! Online Security v.9.0.2022.121, (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [mfehgcgbbipciphmccgaenjidiccnmng] Cloud Print v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [mgndgikekgjfcpckkfioiadnlibdjbkf] Chrome v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [oilipfekkmncanaajkapbpancpelijih] Auto Refresh Plus v.2.0.6, (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
G2 - EXT: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [Google Docs]
G2 - EXT: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [avast! Online Security]
G2 - EXT: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [Google Wallet]
G2 - EXT: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih [Auto Refresh Plus]
~ Google Lines Browser: 37 Scanned in 00mn 06s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bpibb4g1.default\prefs.js
M2 - MFEP: RegExtension {e4f94d1e-2f53-401e-8885-681602c0ddd8} . (...) -- C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
M0 - MFSP: prefs.js [Usuario - bpibb4g1.default] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
M2 - MFEP: Extension [Usuario - bpibb4g1.default] {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} =>.Adblock Plus Extension Mozilla Firefox
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll
~ Firefox Browser: 4 Scanned in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navegador da Internet.) (11.00.9600.16428 (winblue_gdr.131013-1700)) -- C:\Windows\SysWOW64\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
~ IE Browser: 18 Scanned in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: MSS+ Identifier [64Bits] - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} . (.McAfee, Inc. - Quick Browser Identifier for MSS+ Tool.) -- C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: RoboForm BHO [64Bits] - {724d43a9-0d85-11d4-9908-00400523e39a} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper [64Bits] - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IESpeakDoc [64Bits] - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} . (.Atheros Commnucations - Bluetooth IE PlugIn.) -- C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Auxiliar de Conexão de Conta da Microsoft [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
~ BHO: 16 Scanned in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (...) -- (.not file.)
O3 - Toolbar: avast! EasyPass Toolbar - [HKLM]{724d43a0-0d85-11d4-9908-00400523e39a} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [RtHDVBg_Dolby] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [AtherosBtStack] . (.Atheros Communications - Bluetooth Stack Server.) -- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
O4 - HKLM\..\Run: [AthBtTray] . (.Atheros Commnucations - Bluetooth Suite Common Rescource.) -- C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (.not file.)
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [RoboForm] . (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [Dolby Home Theater v4] . (.Dolby Laboratories Inc. - Dolby Profile Selector.) -- C:\Dolby PCEE4\pcee4.exe
O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Wow6432Node\Run: [NWEReboot] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Wow6432Node\Run: [NeroFilterCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:\Windows\SysWOW64\NeroCheck.exe
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2770183107-934580787-1828063163-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-2770183107-934580787-1828063163-1000\..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (.not file.)
O4 - HKUS\S-1-5-21-2770183107-934580787-1828063163-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-2770183107-934580787-1828063163-1000\..\Run: [RoboForm] . (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
~ Application: Scanned in 00mn 00s
---\\ Icones das opções IE invisiveis no painel das configurações (05)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ IE Control Panel: 1 Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Preencher [64Bits] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Salvar Formulários [64Bits] - {320AF880-6646-11D3-ABEE-C5DBF3571F49} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show avast! EasyPass Toolbar [64Bits] - {724d43aa-0d85-11d4-9908-00400523e39a} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Provedor de Correção de Nomeação de Emails.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\system32\wshbth.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Provedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll =>.Microsoft Corporation
O10 - WLSP:\000000000009\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll =>.Microsoft Corporation
~ Winsock: 9 Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3784E67C-A510-4FB8-AB98-DD671670D024}: DhcpNameServer = 8.8.4.4 186.237.152.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{3784E67C-A510-4FB8-AB98-DD671670D024}: DhcpNameServer = 8.8.4.4 186.237.152.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{3784E67C-A510-4FB8-AB98-DD671670D024}: DhcpNameServer = 8.8.4.4 186.237.152.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.4.4 186.237.152.3
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ SSODL: 1 Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AtherosSvc (AtherosSvc) . (.Atheros Commnucations - AdminService Application.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Dritek WMI Service (DsiWMIService) . (.Dritek System Inc. - Dritek WMI Service.) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: ZAtheros Wlan Agent (ZAtheros Wlan Agent) . (.Atheros - Atheros Coex Service Application.) - C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
~ Services: 5 Scanned in 00mn 03s
---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Desktop Component: 4 Scanned in 00mn 00s
---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ BEX: 1 Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648]
[MD5.07322C7B12AF81F00AC248190BBF69BE] [APT] [Run RoboForm TaskBar Icon] (.Siber Systems.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [100200]
[MD5.F6B7CAC71DC7D1224EC61CF409357021] [APT] [{CA840AAD-CFA1-4C07-BEA4-F7A14BEE624C}] (.Mozilla.) -- C:\Users\Usuario\Downloads\Firefox Setup 17.0.1.exe [19248568]
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1066]
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1070]
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
~ Scheduled Task: 17 Scanned in 00mn 01s
---\\ Componentes instalados (ActiveSetup Installed Components) (040)
O40 - ASIC: Microsoft Windows Media Player [64Bits] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\SysWOW64\wmpdxm.dll =>.Microsoft Corporation
O40 - ASIC: Themes Setup [64Bits] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\Windows\System32\themeui.dll
O40 - ASIC: Internet Explorer [64Bits] - {2D46B6DC-2207-486B-B523-A557E6D54B47} . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\system32\cmd.exe
O40 - ASIC: Microsoft Windows [64Bits] - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe =>.Microsoft Corporation
O40 - ASIC: Browsing Enhancements [64Bits] - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extensão shell da pasta FTP do Microsoft Internet Explorer.) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Windows Desktop Update [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\Windows\System32\shell32.dll
O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
~ Active Setup: 10 Scanned in 00mn 00s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys
O41 - Driver: C:\Windows\System32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys
O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: (InCDPass) . (. - .) - C:\Windows\System32\drivers\InCDPass.sys (.not file.)
O41 - Driver: (InCDRm) . (. - .) - C:\Windows\System32\drivers\InCDRm.sys (.not file.)
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Agendador de pacotes de serviço.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Driver do Subsistema de Buffer da Unidade R.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (VWiFiFlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\System32\DRIVERS\vwififlt.sys
O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys
O41 - Driver: (aswRdr) . (. - .) - C:\Windows\system32\drivers\aswRdr2.sys (.not file.)
O41 - Driver: (aswSnx) . (. - .) - C:\Windows\system32\drivers\aswSnx.sys (.not file.)
O41 - Driver: (aswSP) . (. - .) - C:\Windows\system32\drivers\aswSP.sys (.not file.)
~ Drivers: 72 Scanned in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Adobe Flash Player 13 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 13 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader XI (11.0.07) - Português - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1046-7B44-AB0000000001}
O42 - Logiciel: Ask Shopping Toolbar - (.APN, LLC.) [HKLM][64Bits] -- {4F524A2D-5637-2D53-4154-A758B70C0F01} =>Adware.Bandoo
O42 - Logiciel: Ask Toolbar - (.APN, LLC.) [HKLM][64Bits] -- {4F524A2D-5637-006A-76A7-A758B70C0F05} =>Toolbar.Avira
O42 - Logiciel: Atheros Bluetooth Suite (64) - (.Atheros.) [HKLM][64Bits] -- {230D1595-57DA-4933-8C4E-375797EBB7E1}
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
O42 - Logiciel: Dolby Home Theater v4 - (.Dolby Laboratories Inc.) [HKLM][64Bits] -- {B26438B4-BF51-49C3-9567-7F14A5E40CB9}
O42 - Logiciel: Dropbox - (.Dropbox, Inc..) [HKCU][64Bits] -- Dropbox
O42 - Logiciel: FrostWire 5.5.0 - (.FrostWire Team.) [HKLM][64Bits] -- FrostWire 5
O42 - Logiciel: Galeria de Fotos - (.Microsoft Corporation.) [HKLM][64Bits] -- {9EE1AE8B-4872-41CA-8C9A-C33D899523E0}
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: Intel(R) OpenCL CPU Runtime - (.Intel Corporation.) [HKLM][64Bits] -- {FCB3772C-B7D0-4933-B1A9-3707EBACC573}
O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM][64Bits] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}
O42 - Logiciel: Java 7 Update 55 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83217051FF}
O42 - Logiciel: Launch Manager - (.Acer Inc..) [HKLM][64Bits] -- LManager
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
O42 - Logiciel: MSVCRT110 - (.Microsoft.) [HKLM][64Bits] -- {8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}
O42 - Logiciel: MSVCRT110_amd64 - (.Microsoft.) [HKLM][64Bits] -- {E9FA781F-3E80-4399-825A-AD3E11C28C77}
O42 - Logiciel: McAfee Security Scan Plus - (.McAfee, Inc..) [HKLM][64Bits] -- McAfee Security Scan
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Mozilla Firefox 31.0 (x86 pt-BR) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 31.0 (x86 pt-BR)
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService
O42 - Logiciel: Nero 7 Ultra Edition - (.Nero AG.) [HKLM][64Bits] -- {4781569D-5404-1F26-4B2B-6DF444441031}
O42 - Logiciel: Qualcomm Atheros WiFi Driver Installation - (.Qualcomm Atheros.) [HKLM][64Bits] -- {28006915-2739-4EBE-B5E8-49B25D32EB33}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: TempoPerfect Metronome Software - (.NCH Software.) [HKLM][64Bits] -- TempoPerfect
O42 - Logiciel: WinRAR 5.10 (32-bit) - (.win.rar GmbH.) [HKLM][64Bits] -- WinRAR archiver
O42 - Logiciel: aTube Catcher versão 3.8 - (.DsNET Corp.) [HKLM][64Bits] -- {D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1
O42 - Logiciel: avast! EasyPass v7-9-1-129 - (.AVAST Software.) [HKLM][64Bits] -- AI RoboForm
~ Logic: 43 Scanned in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Adobe]
[HKCU\Software\Ahead]
[HKCU\Software\AppDataLow\Software\BackgroundContainerV2] =>PUP.Babylon
[HKCU\Software\AppDataLow\Software\JavaSoft]
[HKCU\Software\AppDataLow]
[HKCU\Software\Atheros]
[HKCU\Software\Avast Software]
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKCU\Software\Baixaki]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Dolby]
[HKCU\Software\Dritek]
[HKCU\Software\Google]
[HKCU\Software\IM Providers]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\MCAFEE]
[HKCU\Software\Macromedia]
[HKCU\Software\Magnet]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\NCH Software]
[HKCU\Software\NCH Swift Sound]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\Policies]
[HKCU\Software\Realtek]
[HKCU\Software\RegisteredApplications]
[HKCU\Software\Siber Systems]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Wow6432Node]
[HKCU\Software\ZebHelpProcess Helper]
[HKCU\Software\drpsu]
[HKLM\Software\ATHEROS]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Baidu Security]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\DTS]
[HKLM\Software\Dolby]
[HKLM\Software\Intel]
[HKLM\Software\Khronos]
[HKLM\Software\Macromedia]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\ODBC]
[HKLM\Software\Policies]
[HKLM\Software\Qualcomm Atheros Fast Reconnect]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SRS Labs]
[HKLM\Software\SonicFocus]
[HKLM\Software\Sonic]
[HKLM\Software\Synaptics]
[HKLM\Software\WIDCOMM_TEMP]
[HKLM\Software\Waves Audio]
[HKLM\Software\Wow6432Node\ATHEROS]
[HKLM\Software\Wow6432Node\Adobe]
[HKLM\Software\Wow6432Node\AdwCleaner]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu]
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]
[HKLM\Software\Wow6432Node\Classes]
[HKLM\Software\Wow6432Node\Clients]
[HKLM\Software\Wow6432Node\Dritek]
[HKLM\Software\Wow6432Node\Google]
[HKLM\Software\Wow6432Node\Intel]
[HKLM\Software\Wow6432Node\JavaSoft]
[HKLM\Software\Wow6432Node\JreMetrics]
[HKLM\Software\Wow6432Node\Khronos]
[HKLM\Software\Wow6432Node\Macromedia]
[HKLM\Software\Wow6432Node\MozillaPlugins]
[HKLM\Software\Wow6432Node\Mozilla]
[HKLM\Software\Wow6432Node\NCH Software]
[HKLM\Software\Wow6432Node\NCH Swift Sound]
[HKLM\Software\Wow6432Node\Nero]
[HKLM\Software\Wow6432Node\ODBC]
[HKLM\Software\Wow6432Node\Policies]
[HKLM\Software\Wow6432Node\Qualcomm Atheros WiFi Driver Installation]
[HKLM\Software\Wow6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\Wow6432Node\Realtek]
[HKLM\Software\Wow6432Node\RegisteredApplications]
[HKLM\Software\Wow6432Node\Siber Systems]
[HKLM\Software\Wow6432Node\SiteSee]
[HKLM\Software\Wow6432Node\Volatile]
[HKLM\Software\Wow6432Node\WinRAR]
[HKLM\Software\Wow6432Node\ahead]
[HKLM\Software\Wow6432Node\dotNetInstaller]
[HKLM\Software\Wow6432Node\mcafeeupdater]
[HKLM\Software\Wow6432Node\mozilla.org]
[HKLM\Software\Wow6432Node]
[HKLM\Software\mcafeeupdater]
~ Key Software: 175 Scanned in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 09/04/2013 - 20:54:49 - [] ----D C:\Program Files (x86)\Adobe
O43 - CFD: 04/12/2012 - 15:17:14 - [] ----D C:\Program Files (x86)\Atheros
O43 - CFD: 27/08/2014 - 16:41:21 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 25/08/2014 - 15:08:21 - [] ----D C:\Program Files (x86)\Baidu-Security-2014-4.4.4.80971
O43 - CFD: 14/06/2014 - 10:51:01 - [] ----D C:\Program Files (x86)\Bluetooth Suite
O43 - CFD: 24/08/2014 - 11:28:09 - [] ----D C:\Program Files (x86)\Common Files
O43 - CFD: 25/08/2014 - 15:07:44 - [] ----D C:\Program Files (x86)\DsNET Corp
O43 - CFD: 05/12/2012 - 11:24:22 - [] ----D C:\Program Files (x86)\FrostWire 5
O43 - CFD: 28/05/2013 - 12:49:45 - [] ----D C:\Program Files (x86)\Google
O43 - CFD: 04/12/2012 - 15:16:42 - [] --H-D C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 04/12/2012 - 15:05:27 - [] ----D C:\Program Files (x86)\Intel
O43 - CFD: 28/03/2014 - 16:33:32 - [] ----D C:\Program Files (x86)\Internet Explorer
O43 - CFD: 24/08/2014 - 13:43:24 - [] ----D C:\Program Files (x86)\Java
O43 - CFD: 04/12/2012 - 15:22:08 - [] ----D C:\Program Files (x86)\Launch Manager
O43 - CFD: 04/12/2012 - 10:34:40 - [] ----D C:\Program Files (x86)\Microsoft Office
O43 - CFD: 19/04/2014 - 13:31:08 - [] ----D C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 27/08/2014 - 16:29:06 - [] ----D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
O43 - CFD: 04/12/2012 - 10:34:28 - [] ----D C:\Program Files (x86)\Microsoft Visual Studio
O43 - CFD: 04/12/2012 - 10:32:38 - [] ----D C:\Program Files (x86)\Microsoft Visual Studio 8
O43 - CFD: 01/01/2013 - 08:30:24 - [] ----D C:\Program Files (x86)\Microsoft Works
O43 - CFD: 02/01/2013 - 07:42:11 - [] ----D C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 24/07/2014 - 11:41:42 - [] ----D C:\Program Files (x86)\Mozilla Firefox
O43 - CFD: 25/07/2014 - 12:02:16 - [] ----D C:\Program Files (x86)\Mozilla Maintenance Service
O43 - CFD: 04/12/2012 - 10:34:56 - [] ----D C:\Program Files (x86)\MSBuild
O43 - CFD: 15/07/2013 - 17:48:48 - [] ----D C:\Program Files (x86)\NCH Swift Sound
O43 - CFD: 05/12/2012 - 12:36:03 - [] ----D C:\Program Files (x86)\Nero
O43 - CFD: 04/12/2012 - 14:49:21 - [] ----D C:\Program Files (x86)\Realtek
O43 - CFD: 14/07/2009 - 02:32:38 - [] ----D C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 27/01/2014 - 10:19:57 - [] ----D C:\Program Files (x86)\Siber Systems
O43 - CFD: 04/12/2012 - 14:50:34 - [0] --H-D C:\Program Files (x86)\Temp
O43 - CFD: 14/07/2009 - 01:57:06 - [0] --H-D C:\Program Files (x86)\Uninstall Information
O43 - CFD: 11/01/2014 - 15:43:34 - [] ----D C:\Program Files (x86)\Windows Defender
O43 - CFD: 27/08/2014 - 16:28:41 - [] ----D C:\Program Files (x86)\Windows Live
O43 - CFD: 08/01/2014 - 18:54:57 - [] ----D C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 11/01/2014 - 15:43:51 - [] ----D C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - 02:32:38 - [] ----D C:\Program Files (x86)\Windows NT
O43 - CFD: 08/01/2014 - 18:54:55 - [] ----D C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 08/01/2014 - 18:54:56 - [] ----D C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 08/01/2014 - 18:54:58 - [] ----D C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 24/08/2014 - 11:13:16 - [] ----D C:\Program Files (x86)\WinRAR
O43 - CFD: 31/08/2014 - 06:54:59 - [] ----D C:\Program Files (x86)\ZHPDiag =>.Nicolas Coolman
O43 - CFD: 09/04/2013 - 20:54:57 - [] ----D C:\Program Files (x86)\Common Files\Adobe
O43 - CFD: 05/12/2012 - 12:36:03 - [] ----D C:\Program Files (x86)\Common Files\Ahead
O43 - CFD: 04/12/2012 - 14:55:33 - [] ----D C:\Program Files (x86)\Common Files\Atheros
O43 - CFD: 04/12/2012 - 10:34:28 - [] ----D C:\Program Files (x86)\Common Files\DESIGNER
O43 - CFD: 04/12/2012 - 14:49:11 - [] ----D C:\Program Files (x86)\Common Files\InstallShield
O43 - CFD: 04/12/2012 - 15:05:10 - [] ----D C:\Program Files (x86)\Common Files\Intel
O43 - CFD: 23/11/2013 - 09:55:35 - [] ----D C:\Program Files (x86)\Common Files\Java
O43 - CFD: 27/08/2014 - 16:24:59 - [] ----D C:\Program Files (x86)\Common Files\microsoft shared
O43 - CFD: 14/07/2009 - 00:20:08 - [] ----D C:\Program Files (x86)\Common Files\Services
O43 - CFD: 14/07/2009 - 00:20:08 - [] ----D C:\Program Files (x86)\Common Files\SpeechEngines
O43 - CFD: 08/01/2014 - 18:54:53 - [] ----D C:\Program Files (x86)\Common Files\System
O43 - CFD: 04/12/2012 - 15:29:01 - [] ----D C:\Program Files (x86)\Common Files\Windows Live
O43 - CFD: 28/05/2013 - 11:43:25 - [] ----D C:\ProgramData\Adobe
O43 - CFD: 14/07/2009 - 02:08:56 - [] -SH-D C:\ProgramData\Application Data
O43 - CFD: 04/12/2012 - 15:17:08 - [] ----D C:\ProgramData\Atheros
O43 - CFD: 07/01/2014 - 18:57:16 - [] ----D C:\ProgramData\AVAST Software
O43 - CFD: 27/08/2014 - 16:41:21 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 04/12/2012 - 19:51:47 - [] -SH-D C:\ProgramData\Dados de aplicativos
O43 - CFD: 14/07/2009 - 02:08:56 - [] -SH-D C:\ProgramData\Desktop
O43 - CFD: 04/12/2012 - 19:51:47 - [] -SH-D C:\ProgramData\Documentos
O43 - CFD: 14/07/2009 - 02:08:56 - [] -SH-D C:\ProgramData\Documents
O43 - CFD: 14/07/2009 - 02:08:56 - [] -SH-D C:\ProgramData\Favorites
O43 - CFD: 04/12/2012 - 19:51:47 - [] -SH-D C:\ProgramData\Favoritos
O43 - CFD: 04/12/2012 - 15:11:50 - [0] ----D C:\ProgramData\Intel
O43 - CFD: 08/02/2013 - 16:00:21 - [] ----D C:\ProgramData\McAfee
O43 - CFD: 14/06/2014 - 17:32:32 - [] ----D C:\ProgramData\McAfee Security Scan
O43 - CFD: 04/12/2012 - 19:51:47 - [] -SH-D C:\ProgramData\Menu Iniciar
O43 - CFD: 27/08/2014 - 16:26:53 - [] -S--D C:\ProgramData\Microsoft
O43 - CFD: 10/01/2013 - 08:30:49 - [] ----D C:\ProgramData\Microsoft Help
O43 - CFD: 04/12/2012 - 19:51:47 - [] -SH-D C:\ProgramData\Modelos
O43 - CFD: 05/12/2012 - 11:16:05 - [] ----D C:\ProgramData\Mozilla
O43 - CFD: 15/07/2013 - 17:48:48 - [] ----D C:\ProgramData\NCH Swift Sound
O43 - CFD: 24/08/2014 - 13:48:47 - [0] ----D C:\ProgramData\Oracle
O43 - CFD: 04/12/2012 - 15:11:37 - [0] ----D C:\ProgramData\Roaming
O43 - CFD: 27/01/2014 - 10:20:23 - [] ----D C:\ProgramData\RoboForm
O43 - CFD: 14/07/2009 - 02:08:56 - [] -SH-D C:\ProgramData\Start Menu
O43 - CFD: 05/12/2012 - 11:23:50 - [] ----D C:\ProgramData\Sun
O43 - CFD: 14/07/2009 - 02:08:56 - [] -SH-D C:\ProgramData\Templates
O43 - CFD: 09/04/2013 - 21:04:34 - [] ----D C:\Users\Usuario\AppData\Roaming\Adobe
O43 - CFD: 05/12/2012 - 12:36:51 - [] ----D C:\Users\Usuario\AppData\Roaming\Ahead
O43 - CFD: 04/12/2012 - 14:56:43 - [] ----D C:\Users\Usuario\AppData\Roaming\Atheros
O43 - CFD: 27/01/2014 - 10:24:55 - [] ----D C:\Users\Usuario\AppData\Roaming\AVAST Software
O43 - CFD: 11/04/2013 - 12:59:25 - [] ----D C:\Users\Usuario\AppData\Roaming\Azureus =>P2P.Azureus
O43 - CFD: 27/08/2014 - 16:41:08 - [] ----D C:\Users\Usuario\AppData\Roaming\Baidu Security
O43 - CFD: 09/08/2014 - 14:47:32 - [] ----D C:\Users\Usuario\AppData\Roaming\Dropbox
O43 - CFD: 09/08/2014 - 14:47:31 - [] ----D C:\Users\Usuario\AppData\Roaming\DropboxMaster
O43 - CFD: 04/12/2012 - 19:52:22 - [] ----D C:\Users\Usuario\AppData\Roaming\Identities
O43 - CFD: 04/12/2012 - 15:11:37 - [0] ----D C:\Users\Usuario\AppData\Roaming\Intel
O43 - CFD: 05/12/2012 - 11:14:29 - [] ----D C:\Users\Usuario\AppData\Roaming\Macromedia
O43 - CFD: 14/07/2009 - 15:12:00 - [0] ----D C:\Users\Usuario\AppData\Roaming\Media Center Programs
O43 - CFD: 21/06/2014 - 21:39:59 - [] -S--D C:\Users\Usuario\AppData\Roaming\Microsoft
O43 - CFD: 05/12/2012 - 11:19:56 - [] ----D C:\Users\Usuario\AppData\Roaming\Mozilla
O43 - CFD: 27/01/2014 - 10:22:00 - [] ----D C:\Users\Usuario\AppData\Roaming\RoboForm
O43 - CFD: 04/12/2012 - 10:09:38 - [] ----D C:\Users\Usuario\AppData\Roaming\WinRAR
O43 - CFD: 31/08/2014 - 07:06:11 - [] ----D C:\Users\Usuario\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 12/04/2014 - 18:10:22 - [] ----D C:\Users\Usuario\AppData\Local\Adobe
O43 - CFD: 01/01/2013 - 10:09:05 - [] ----D C:\Users\Usuario\AppData\Local\Ahead
O43 - CFD: 13/12/2012 - 15:39:38 - [] ----D C:\Users\Usuario\AppData\Local\Ares
O43 - CFD: 04/12/2012 - 15:00:52 - [] ----D C:\Users\Usuario\AppData\Local\BMExplorer
O43 - CFD: 24/08/2014 - 11:28:09 - [] ----D C:\Users\Usuario\AppData\Local\CrashDumps
O43 - CFD: 04/12/2012 - 19:51:59 - [] -SH-D C:\Users\Usuario\AppData\Local\Dados de aplicativos
O43 - CFD: 17/05/2014 - 17:18:25 - [] ----D C:\Users\Usuario\AppData\Local\Diagnostics
O43 - CFD: 28/05/2013 - 12:49:48 - [] ----D C:\Users\Usuario\AppData\Local\Google
O43 - CFD: 04/12/2012 - 19:51:59 - [] -SH-D C:\Users\Usuario\AppData\Local\Histórico
O43 - CFD: 07/12/2012 - 17:21:11 - [] ----D C:\Users\Usuario\AppData\Local\Macromedia
O43 - CFD: 27/08/2014 - 16:36:30 - [] ----D C:\Users\Usuario\AppData\Local\Microsoft
O43 - CFD: 23/05/2014 - 22:25:10 - [] ----D C:\Users\Usuario\AppData\Local\Microsoft Games
O43 - CFD: 08/01/2014 - 12:05:54 - [] ----D C:\Users\Usuario\AppData\Local\Microsoft Help
O43 - CFD: 01/10/2013 - 14:39:38 - [] ----D C:\Users\Usuario\AppData\Local\Mozilla
O43 - CFD: 23/03/2014 - 15:47:12 - [] ----D C:\Users\Usuario\AppData\Local\Programs
O43 - CFD: 31/08/2014 - 06:56:21 - [] ----D C:\Users\Usuario\AppData\Local\Temp
O43 - CFD: 04/12/2012 - 19:51:59 - [] -SH-D C:\Users\Usuario\AppData\Local\Temporary Internet Files
O43 - CFD: 13/12/2012 - 16:09:14 - [] ----D C:\Users\Usuario\AppData\Local\VirtualStore
O43 - CFD: 30/08/2014 - 23:55:17 - [] ----D C:\Users\Usuario\AppData\Local\Windows Live
O43 - CFD: 14/07/2009 - 01:54:32 - [] R---D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 11/01/2014 - 15:52:17 - [] R---D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 09/08/2014 - 14:47:02 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
O43 - CFD: 05/12/2012 - 11:24:22 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
O43 - CFD: 14/07/2009 - 01:49:38 - [] R---D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 11/01/2014 - 15:52:17 - [] R---D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 24/08/2014 - 10:29:26 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
~ Program Folder: 122 Scanned in 00mn 00s
Mariana7777- Iniciante
- Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014
Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt ) 2
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.840FCC75E5CD9064B284A274FC914304] - 24/08/2014 - 11:21:15 ---A- . (...) -- C:\Windows\ntbtlog.txt [436064]
O44 - LFC:[MD5.A4DDFE5DC4E73D1FED9B1B3A3D885612] - 27/08/2014 - 16:21:03 ---A- . (.Microsoft Corporation - No Comment.) -- C:\Windows\System32\d3dx9_32.dll [4398360]
O44 - LFC:[MD5.6D9F600B1376A3D6BD87AC825FA68059] - 27/08/2014 - 16:21:07 ---A- . (...) -- C:\Windows\DirectX.log [198]
O44 - LFC:[MD5.B739C423276AE62D7AC91773226EC13B] - 27/08/2014 - 16:22:19 ---A- . (.Microsoft Corporation - Direct3D 10.1 Extensions.) -- C:\Windows\System32\d3dx10_42.dll [523088]
O44 - LFC:[MD5.9D6429F410597750B2DC2579B2347303] - 27/08/2014 - 16:23:51 ---A- . (.Microsoft Corporation - Direct3D 10.1 Extensions.) -- C:\Windows\System32\d3dx11_43.dll [276832]
O44 - LFC:[MD5.ADA0C39D4EACDC81FD84163A95D62079] - 27/08/2014 - 16:23:58 ---A- . (.Microsoft Corporation - Direct3D HLSL Compiler.) -- C:\Windows\System32\D3DCompiler_43.dll [2526056]
O44 - LFC:[MD5.E9739AE8B2FA28DCD6F2EF5525DA8827] - 27/08/2014 - 16:24:01 ---A- . (.Microsoft Corporation - Audio Effect Library.) -- C:\Windows\System32\XAPOFX1_5.dll [77656]
O44 - LFC:[MD5.4F7513FF4DE6303088DB28DCBCEF372C] - 27/08/2014 - 16:24:01 ---A- . (.Microsoft Corporation - XAudio2 Game Audio API.) -- C:\Windows\System32\XAudio2_7.dll [518488]
O44 - LFC:[MD5.9940ECED3E4A375988FBB126899FE5E7] - 31/08/2014 - 00:02:09 ---A- . (...) -- C:\Windows\PFRO.log [292468]
O44 - LFC:[MD5.A07985D1663DCA35F75DDB08E144BC05] - 31/08/2014 - 00:02:17 ---A- . (...) -- C:\Windows\setupact.log [70484]
O44 - LFC:[MD5.A424CB46A145E5AABF15621550976DF2] - 31/08/2014 - 00:03:13 ---A- . (.Broadcom Corporation - Broadcom xD Picture Card Bus Driver.) -- C:\Windows\System32\Drivers\b57xdbd.sys [67624]
O44 - LFC:[MD5.82B0BA6564F0B2707C3247355B847B06] - 31/08/2014 - 06:48:04 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.8FBDD916D2B3ACF9E786D2A41EE48F0B] - 31/08/2014 - 06:58:36 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1419790]
O44 - LFC:[MD5.49DD2EE048E32A994E4BAB689278E363] - 31/08/2014 - 07:01:40 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [512]
~ Files: 14 Scanned in 00mn 03s
---\\ Negação do serviço (Local Security Authority) (048)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pacote de Segurança Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corp. - LiveSSP.) -- C:\Windows\System32\livessp.dll
~ LSA: 9 Scanned in 00mn 00s
---\\ Controlo do Modo de Segurança (CSB) (49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
~ CSB: 13 Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{97385fa4-3e3f-11e2-8a36-dc0ea1a7cf05}\AutoRun\command. (...) -- F:\Setupx.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
~ TDSD: 2 Scanned in 00mn 00s
---\\ Enumeração das chaves do registo SecurityProviders (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
~ MSCP: 2 Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0
~ MWPE Keys: 8 Scanned in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 22:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:13/07/2009 - 22:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\Drivers\adpahci.sys [339536]
O58 - SDL:13/07/2009 - 22:52:21 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\System32\Drivers\adpu320.sys [182864]
O58 - SDL:13/07/2009 - 22:52:21 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\Drivers\aliide.sys [15440]
O58 - SDL:11/03/2011 - 03:41:12 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\Drivers\amdsata.sys [107904]
O58 - SDL:13/07/2009 - 22:52:20 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\Windows\System32\Drivers\amdsbs.sys [194128]
O58 - SDL:11/03/2011 - 03:41:12 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\Drivers\amdxata.sys [27008]
O58 - SDL:15/09/2011 - 08:48:24 ---A- . (.Windows (R) Win 7 DDK provider - Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual A.) -- C:\Windows\System32\Drivers\AmpPal.sys [299008]
O58 - SDL:13/07/2009 - 22:52:21 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\Drivers\arc.sys [87632]
O58 - SDL:13/07/2009 - 22:52:21 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\Drivers\arcsas.sys [97856]
O58 - SDL:15/02/2012 - 00:41:34 ---A- . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driver.) -- C:\Windows\System32\Drivers\athrx.sys [3538432]
O58 - SDL:10/06/2009 - 17:34:23 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\System32\Drivers\b57nd60a.sys [270848]
O58 - SDL:20/01/2011 - 11:15:28 ---A- . (.Broadcom Corporation - Broadcom xD Picture Card Bus Driver.) -- C:\Windows\System32\Drivers\b57xdbd.sys [67624]
O58 - SDL:20/01/2011 - 11:15:30 ---A- . (.Broadcom Corporation - Broadcom xD Picture Card Miniport Driver.) -- C:\Windows\System32\Drivers\b57xdmp.sys [19496]
O58 - SDL:10/06/2009 - 17:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltLo.sys [18432]
O58 - SDL:10/06/2009 - 17:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltUp.sys [8704]
O58 - SDL:13/07/2009 - 22:19:07 ---A- . (.Brother Industries Ltd. - Brother Serial I/F Driver (WDM).) -- C:\Windows\System32\Drivers\BrSerId.sys [286720]
O58 - SDL:10/06/2009 - 17:41:10 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\Drivers\BrSerWdm.sys [47104]
O58 - SDL:10/06/2009 - 17:41:10 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\Drivers\BrUsbMdm.sys [14976]
O58 - SDL:10/06/2009 - 17:41:10 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\Drivers\BrUsbSer.sys [14720]
O58 - SDL:16/05/2011 - 07:57:32 ---A- . (.Broadcom Corporation - Broadcom Memory Stick Driver.) -- C:\Windows\System32\Drivers\bScsiMSa.sys [51240]
O58 - SDL:20/02/2012 - 11:33:26 ---A- . (.Atheros - Atheros A2DP driver.) -- C:\Windows\System32\Drivers\btath_a2dp.sys [339616]
O58 - SDL:20/02/2012 - 11:33:44 ---A- . (.Atheros - Atheros Bluetooth AVDT driver.) -- C:\Windows\System32\Drivers\btath_avdt.sys [110752]
O58 - SDL:20/02/2012 - 11:33:56 ---A- . (.Atheros - Atheros BUS driver.) -- C:\Windows\System32\Drivers\btath_bus.sys [30368]
O58 - SDL:20/02/2012 - 11:34:14 ---A- . (.Atheros - Atheros FILTER driver.) -- C:\Windows\System32\Drivers\btath_flt.sys [36000]
O58 - SDL:20/02/2012 - 11:34:32 ---A- . (.Atheros - Atheros HCRP driver.) -- C:\Windows\System32\Drivers\btath_hcrp.sys [167584]
O58 - SDL:20/02/2012 - 11:35:02 ---A- . (.Atheros - Atheros FILTER driver.) -- C:\Windows\System32\Drivers\btath_lwflt.sys [68256]
O58 - SDL:20/02/2012 - 11:35:14 ---A- . (.Atheros - Atheros AVRCP driver.) -- C:\Windows\System32\Drivers\btath_rcp.sys [280992]
O58 - SDL:20/02/2012 - 11:36:02 ---A- . (.Atheros - BtFilter Driver.) -- C:\Windows\System32\Drivers\btfilter.sys [550560]
O58 - SDL:10/06/2009 - 17:34:28 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\Drivers\bxvbda.sys [468480]
O58 - SDL:13/07/2009 - 22:52:31 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\cmdide.sys [17488]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:34:33 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\Drivers\evbda.sys [3286016]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:17/07/2012 - 18:12:08 ---A- . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\Windows\System32\Drivers\HECIx64.sys [62784]
O58 - SDL:20/11/2010 - 04:33:36 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\System32\Drivers\HpSAMD.sys [78720]
O58 - SDL:11/03/2011 - 03:41:26 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\System32\Drivers\iaStorV.sys [410496]
O58 - SDL:14/02/2012 - 15:47:38 ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\Drivers\igdkmd64.sys [14692224]
O58 - SDL:13/07/2009 - 22:48:04 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\Drivers\iirsp.sys [44112]
O58 - SDL:06/12/2011 - 08:23:10 ---A- . (.Intel(R) Corporation - Intel(R) Display Audio Driver.) -- C:\Windows\System32\Drivers\IntcDAud.sys [331264]
O58 - SDL:27/01/2012 - 06:39:34 ---A- . (.Intel Corporation - Intel(R) USB 3.0 Hub Driver.) -- C:\Windows\System32\Drivers\iusb3hub.sys [356120]
O58 - SDL:27/01/2012 - 06:39:34 ---A- . (.Intel Corporation - Intel(R) USB 3.0 eXtensible Host Controller Driver.) -- C:\Windows\System32\Drivers\iusb3xhc.sys [787736]
O58 - SDL:14/03/2011 - 11:53:43 ---A- . (.Broadcom Corporation - Broadcom NetLink (TM) Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\System32\Drivers\k57nd60a.sys [412712]
O58 - SDL:13/07/2009 - 22:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_fc.sys [114752]
O58 - SDL:13/07/2009 - 22:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas.sys [106560]
O58 - SDL:13/07/2009 - 22:48:04 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas2.sys [65600]
O58 - SDL:13/07/2009 - 22:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_scsi.sys [115776]
O58 - SDL:24/02/2009 - 17:35:44 ---A- . (.MagicISO, Inc. - MagicISO SCSI Host Controller.) -- C:\Windows\System32\Drivers\mcdbus.sys [255552]
O58 - SDL:13/07/2009 - 22:48:04 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for.) -- C:\Windows\System32\Drivers\megasas.sys [35392]
O58 - SDL:13/07/2009 - 22:48:04 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\Drivers\MegaSR.sys [284736]
O58 - SDL:13/07/2009 - 22:48:26 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\Drivers\nfrd960.sys [51264]
O58 - SDL:11/03/2011 - 03:41:34 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\Drivers\nvraid.sys [148352]
O58 - SDL:11/03/2011 - 03:41:34 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\Drivers\nvstor.sys [166272]
O58 - SDL:13/07/2009 - 22:45:46 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\Drivers\ql2300.sys [1524816]
O58 - SDL:13/07/2009 - 22:45:45 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\Drivers\ql40xx.sys [128592]
O58 - SDL:03/01/2012 - 07:55:54 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\RTKVHD64.sys [4730344]
O58 - SDL:10/06/2009 - 17:37:19 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\System32\Drivers\secdrv.sys [23040]
O58 - SDL:13/07/2009 - 22:45:45 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid2.sys [43584]
O58 - SDL:13/07/2009 - 22:45:46 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid4.sys [80464]
O58 - SDL:14/02/2012 - 01:33:02 ---A- . (.Synaptics Incorporated - Synaptics SMBus Driver.) -- C:\Windows\System32\Drivers\Smb_driver.sys [22800]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\viaide.sys [17488]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\Drivers\vsmraid.sys [161872]
~ Drivers: 63 Scanned in 00mn 01s
---\\ Últimos ficheiros alterados ou criados (Utilizador) (061)
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\n7458\wajam_2207-6c14163c.exe [55363] =>PUP.Wajam
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\nsl9F2D.tmp\System.dll [11264]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\spark_install.exe [44065600]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n6399\s6399.exe [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n6478\s6478.exe [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n6657\s6657.exe [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n6889\s6889.exe [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n7458\s7458.exe [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Baidu Inc..) -- C:\Users\Usuario\AppData\Local\Temp\n7458\spark_1706-7a62f19d.exe [1285312]
O61 - LFC: 24/08/2014 - 07:06:26 ---A- . (...) -- C:\Users\Usuario\Downloads\wrar510br.exe [4443360]
O61 - LFC: 24/08/2014 - 07:06:26 ---A- . (.Firseria.-.Installer · sl.) -- C:\Users\Usuario\Downloads\WinRAR.exe [577728] =>PUP.Firseria
O61 - LFC: 24/08/2014 - 07:06:26 ---A- . (.Oracle Corporation.) -- C:\Users\Usuario\Downloads\jxpiinstall.exe [918952]
O61 - LFC: 25/08/2014 - 07:06:26 ---A- . (...) -- C:\Users\Usuario\Downloads\atube-catcher-3-8-7973-32-bits.exe [689200]
O61 - LFC: 25/08/2014 - 07:06:26 ---A- . (.DsNET Corp.) -- C:\Users\Usuario\Downloads\atube-catcher-3-8-7973-32-bits [1].exe [16806776]
O61 - LFC: 27/08/2014 - 07:06:25 ---A- . (.Baidu, Inc..) -- C:\Users\Usuario\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.9.76886.exe [22526848]
O61 - LFC: 27/08/2014 - 07:06:26 ---A- . (.Microsoft Corporation.) -- C:\Users\Usuario\Downloads\wlsetup-web.exe [1242312]
O61 - LFC: 30/08/2014 - 07:06:25 ---A- . (.MSIL TECHNOLOGIES LLC.) -- C:\Users\Usuario\AppData\Local\Temp\TempProductLLC\220814_m.exe [25032]
O61 - LFC: 30/08/2014 - 07:06:26 ---A- . (...) -- C:\Users\Usuario\Downloads\adwcleaner_3.308.exe [1364531]
O61 - LFC: 31/08/2014 - 07:06:26 ---A- . (.Nicolas Coolman.) -- C:\Users\Usuario\Downloads\ZHPDiag2.exe [6860008] =>.Nicolas Coolman
~ 10102 Fichiers temporaires (Temporary files)
~ 278 Fichiers cookies (Cookies files)
~ Files: 19 Scanned in 00mn 01s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 89 Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.bat>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt>[HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html>[HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.js>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.scr>[HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
~ FASS Keys: 11 Scanned in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {283BFDBE-7AF0-47CB-8573-30F9A295F356} - (NCH Customized Web Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Listagem dos serviços iniciados pelo Svchost (SSS) (O83)
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Serviço de Experiência com Aplicativo.) -- C:\Windows\System32\aelupsvc.dll [72192]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [80384]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [80384]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll [236032]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Cliente da Diretiva de Grupo.) -- C:\Windows\System32\gpsvc.dll [777728]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\System32\ikeext.dll [859648]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Serviço de Áudio do Windows.) -- C:\Windows\System32\Audiosrv.dll [679424]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gerenciador de Discagem Automática de Acesso Remoto.) -- C:\Windows\System32\rasauto.dll [99328]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\System32\rasmans.dll [344064]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gerenciador de Interface Dinâmica.) -- C:\Windows\System32\mprdim.dll [97792]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistema (SENS).) -- C:\Windows\System32\sens.dll [64512]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\System32\ipnathlp.dll [359424]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft(R) Windows(TM).) -- C:\Windows\System32\tapisrv.dll [316928]
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gerenciador de Conexões Remotas do Servidor Host da Sessão da Área de.) -- C:\Windows\System32\termsrv.dll [680960]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [2477536]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de plano de fundo.) -- C:\Windows\System32\qmgr.dll [849920]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\System32\shsvcs.dll [370688]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 em uma rede IPv4..) -- C:\Windows\System32\iphlpsvc.dll [569344]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\Windows\system32\seclogon.dll [30720]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações de Aplicativos.) -- C:\Windows\System32\appinfo.dll [70144]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Descoberta iSCSI.) -- C:\Windows\System32\iscsiexe.dll [156672]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Serviço Agendador de Classes de Multimídia.) -- C:\Windows\System32\mmcss.dll [67584]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [242688]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração da Área de Trabalho Remota.) -- C:\Windows\System32\sessenv.dll [121856]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\System32\browser.dll [136704]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Serviço Microsoft EAPHost.) -- C:\Windows\System32\eapsvc.dll [111104]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll [1110016]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\Windows\System32\kmsvc.dll [90624]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\System32\wercplsupport.dll [84480]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [209920]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\System32\themeservice.dll [44544]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Serviço BDE.) -- C:\Windows\System32\bdesvc.dll [100864]
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Serviço de instalação do software.) -- C:\Windows\System32\appmgmts.dll [193536]
~ Services: 33 Scanned in 00mn 00s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "D2A425F4736535D214457A857BC0F010" . (.Ask Shopping Toolbar.) -- C:\Windows\Installer\{4F524A2D-5637-2D53-4154-A758B70C0F01}\ToolbarIcon.exe =>Adware.Bandoo
O90 - PUC: "D2A425F47365A600677A7A857BC0F050" . (.Ask Toolbar.) -- C:\Windows\Installer\{4F524A2D-5637-006A-76A7-A758B70C0F05}\ToolbarIcon.exe =>Toolbar.Ask
~ Update Products: 2 Scanned in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.90BBC1FAB1C49A625160997038066353] [WIS][24/06/2014] (.APN, LLC - Ask Shopping Toolbar.) -- C:\Windows\Installer\158bb77.msi [512000] =>Toolbar.Avira
[MD5.7E7969FBEFB97E7AE2F8EA52DED9BADD] [WIS][05/08/2014] (.APN, LLC - Ask Toolbar.) -- C:\Windows\Installer\51dcc3d.msi [507904] =>Toolbar.Avira
~ WIS: 2 Scanned in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 20/02/2012 276248 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 28/05/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/05/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/04/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
SS - | Demand 24/07/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 20/02/2012 106144 | (AtherosSvc) . (.Atheros Commnucations.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 02/03/2012 355920 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 19/02/2012 72864 | (ZAtheros Wlan Agent) . (.Atheros.) - C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
~ Services: Scanned in 00mn 08s
---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBR) (080)
Run by Usuario at 31/08/2014 07:06:52
~ OS 64 not supported by MBR tool
~ MBR: 0 Scanned in 00mn 00s
---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBRCheck) (080)
Written by ad13, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Run by Usuario at 31/08/2014 07:06:54
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scâner Aditional (088)
Database Version : 13026 - (28/08/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 5
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5637-2D53-4154-A758B70C0F01}] =>Adware.Bandoo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5637-006A-76A7-A758B70C0F05}] =>Toolbar.Avira^
C:\Users\Usuario\AppData\Roaming\Azureus =>P2P.Azureus^
[HKCU\Software\AppDataLow\Software\BackgroundContainerV2] =>PUP.Babylon^
C:\Windows\Installer\158bb77.msi =>Toolbar.Avira^
C:\Windows\Installer\51dcc3d.msi =>Toolbar.Avira^
C:\Users\Usuario\AppData\Local\Temp\ToolbarHelper.exe =>Toolbar.Conduit
~ Additionnel Scan: 245395 Items scanned in 00mn 51s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 7 Scanned in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Bandoo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Wajam
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Firseria
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
~ MSI: 6 link(s) detected in 00mn 00s
End of the scan (1050 lines in 02mn 00s)(0)
O44 - LFC:[MD5.840FCC75E5CD9064B284A274FC914304] - 24/08/2014 - 11:21:15 ---A- . (...) -- C:\Windows\ntbtlog.txt [436064]
O44 - LFC:[MD5.A4DDFE5DC4E73D1FED9B1B3A3D885612] - 27/08/2014 - 16:21:03 ---A- . (.Microsoft Corporation - No Comment.) -- C:\Windows\System32\d3dx9_32.dll [4398360]
O44 - LFC:[MD5.6D9F600B1376A3D6BD87AC825FA68059] - 27/08/2014 - 16:21:07 ---A- . (...) -- C:\Windows\DirectX.log [198]
O44 - LFC:[MD5.B739C423276AE62D7AC91773226EC13B] - 27/08/2014 - 16:22:19 ---A- . (.Microsoft Corporation - Direct3D 10.1 Extensions.) -- C:\Windows\System32\d3dx10_42.dll [523088]
O44 - LFC:[MD5.9D6429F410597750B2DC2579B2347303] - 27/08/2014 - 16:23:51 ---A- . (.Microsoft Corporation - Direct3D 10.1 Extensions.) -- C:\Windows\System32\d3dx11_43.dll [276832]
O44 - LFC:[MD5.ADA0C39D4EACDC81FD84163A95D62079] - 27/08/2014 - 16:23:58 ---A- . (.Microsoft Corporation - Direct3D HLSL Compiler.) -- C:\Windows\System32\D3DCompiler_43.dll [2526056]
O44 - LFC:[MD5.E9739AE8B2FA28DCD6F2EF5525DA8827] - 27/08/2014 - 16:24:01 ---A- . (.Microsoft Corporation - Audio Effect Library.) -- C:\Windows\System32\XAPOFX1_5.dll [77656]
O44 - LFC:[MD5.4F7513FF4DE6303088DB28DCBCEF372C] - 27/08/2014 - 16:24:01 ---A- . (.Microsoft Corporation - XAudio2 Game Audio API.) -- C:\Windows\System32\XAudio2_7.dll [518488]
O44 - LFC:[MD5.9940ECED3E4A375988FBB126899FE5E7] - 31/08/2014 - 00:02:09 ---A- . (...) -- C:\Windows\PFRO.log [292468]
O44 - LFC:[MD5.A07985D1663DCA35F75DDB08E144BC05] - 31/08/2014 - 00:02:17 ---A- . (...) -- C:\Windows\setupact.log [70484]
O44 - LFC:[MD5.A424CB46A145E5AABF15621550976DF2] - 31/08/2014 - 00:03:13 ---A- . (.Broadcom Corporation - Broadcom xD Picture Card Bus Driver.) -- C:\Windows\System32\Drivers\b57xdbd.sys [67624]
O44 - LFC:[MD5.82B0BA6564F0B2707C3247355B847B06] - 31/08/2014 - 06:48:04 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.8FBDD916D2B3ACF9E786D2A41EE48F0B] - 31/08/2014 - 06:58:36 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1419790]
O44 - LFC:[MD5.49DD2EE048E32A994E4BAB689278E363] - 31/08/2014 - 07:01:40 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [512]
~ Files: 14 Scanned in 00mn 03s
---\\ Negação do serviço (Local Security Authority) (048)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pacote de Segurança Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corp. - LiveSSP.) -- C:\Windows\System32\livessp.dll
~ LSA: 9 Scanned in 00mn 00s
---\\ Controlo do Modo de Segurança (CSB) (49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
~ CSB: 13 Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{97385fa4-3e3f-11e2-8a36-dc0ea1a7cf05}\AutoRun\command. (...) -- F:\Setupx.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
~ TDSD: 2 Scanned in 00mn 00s
---\\ Enumeração das chaves do registo SecurityProviders (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
~ MSCP: 2 Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0
~ MWPE Keys: 8 Scanned in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 22:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:13/07/2009 - 22:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\Drivers\adpahci.sys [339536]
O58 - SDL:13/07/2009 - 22:52:21 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\System32\Drivers\adpu320.sys [182864]
O58 - SDL:13/07/2009 - 22:52:21 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\Drivers\aliide.sys [15440]
O58 - SDL:11/03/2011 - 03:41:12 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\Drivers\amdsata.sys [107904]
O58 - SDL:13/07/2009 - 22:52:20 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\Windows\System32\Drivers\amdsbs.sys [194128]
O58 - SDL:11/03/2011 - 03:41:12 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\Drivers\amdxata.sys [27008]
O58 - SDL:15/09/2011 - 08:48:24 ---A- . (.Windows (R) Win 7 DDK provider - Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual A.) -- C:\Windows\System32\Drivers\AmpPal.sys [299008]
O58 - SDL:13/07/2009 - 22:52:21 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\Drivers\arc.sys [87632]
O58 - SDL:13/07/2009 - 22:52:21 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\Drivers\arcsas.sys [97856]
O58 - SDL:15/02/2012 - 00:41:34 ---A- . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driver.) -- C:\Windows\System32\Drivers\athrx.sys [3538432]
O58 - SDL:10/06/2009 - 17:34:23 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\System32\Drivers\b57nd60a.sys [270848]
O58 - SDL:20/01/2011 - 11:15:28 ---A- . (.Broadcom Corporation - Broadcom xD Picture Card Bus Driver.) -- C:\Windows\System32\Drivers\b57xdbd.sys [67624]
O58 - SDL:20/01/2011 - 11:15:30 ---A- . (.Broadcom Corporation - Broadcom xD Picture Card Miniport Driver.) -- C:\Windows\System32\Drivers\b57xdmp.sys [19496]
O58 - SDL:10/06/2009 - 17:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltLo.sys [18432]
O58 - SDL:10/06/2009 - 17:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltUp.sys [8704]
O58 - SDL:13/07/2009 - 22:19:07 ---A- . (.Brother Industries Ltd. - Brother Serial I/F Driver (WDM).) -- C:\Windows\System32\Drivers\BrSerId.sys [286720]
O58 - SDL:10/06/2009 - 17:41:10 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\Drivers\BrSerWdm.sys [47104]
O58 - SDL:10/06/2009 - 17:41:10 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\Drivers\BrUsbMdm.sys [14976]
O58 - SDL:10/06/2009 - 17:41:10 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\Drivers\BrUsbSer.sys [14720]
O58 - SDL:16/05/2011 - 07:57:32 ---A- . (.Broadcom Corporation - Broadcom Memory Stick Driver.) -- C:\Windows\System32\Drivers\bScsiMSa.sys [51240]
O58 - SDL:20/02/2012 - 11:33:26 ---A- . (.Atheros - Atheros A2DP driver.) -- C:\Windows\System32\Drivers\btath_a2dp.sys [339616]
O58 - SDL:20/02/2012 - 11:33:44 ---A- . (.Atheros - Atheros Bluetooth AVDT driver.) -- C:\Windows\System32\Drivers\btath_avdt.sys [110752]
O58 - SDL:20/02/2012 - 11:33:56 ---A- . (.Atheros - Atheros BUS driver.) -- C:\Windows\System32\Drivers\btath_bus.sys [30368]
O58 - SDL:20/02/2012 - 11:34:14 ---A- . (.Atheros - Atheros FILTER driver.) -- C:\Windows\System32\Drivers\btath_flt.sys [36000]
O58 - SDL:20/02/2012 - 11:34:32 ---A- . (.Atheros - Atheros HCRP driver.) -- C:\Windows\System32\Drivers\btath_hcrp.sys [167584]
O58 - SDL:20/02/2012 - 11:35:02 ---A- . (.Atheros - Atheros FILTER driver.) -- C:\Windows\System32\Drivers\btath_lwflt.sys [68256]
O58 - SDL:20/02/2012 - 11:35:14 ---A- . (.Atheros - Atheros AVRCP driver.) -- C:\Windows\System32\Drivers\btath_rcp.sys [280992]
O58 - SDL:20/02/2012 - 11:36:02 ---A- . (.Atheros - BtFilter Driver.) -- C:\Windows\System32\Drivers\btfilter.sys [550560]
O58 - SDL:10/06/2009 - 17:34:28 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\Drivers\bxvbda.sys [468480]
O58 - SDL:13/07/2009 - 22:52:31 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\cmdide.sys [17488]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:34:33 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\Drivers\evbda.sys [3286016]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:17/07/2012 - 18:12:08 ---A- . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\Windows\System32\Drivers\HECIx64.sys [62784]
O58 - SDL:20/11/2010 - 04:33:36 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\System32\Drivers\HpSAMD.sys [78720]
O58 - SDL:11/03/2011 - 03:41:26 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\System32\Drivers\iaStorV.sys [410496]
O58 - SDL:14/02/2012 - 15:47:38 ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\Drivers\igdkmd64.sys [14692224]
O58 - SDL:13/07/2009 - 22:48:04 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\Drivers\iirsp.sys [44112]
O58 - SDL:06/12/2011 - 08:23:10 ---A- . (.Intel(R) Corporation - Intel(R) Display Audio Driver.) -- C:\Windows\System32\Drivers\IntcDAud.sys [331264]
O58 - SDL:27/01/2012 - 06:39:34 ---A- . (.Intel Corporation - Intel(R) USB 3.0 Hub Driver.) -- C:\Windows\System32\Drivers\iusb3hub.sys [356120]
O58 - SDL:27/01/2012 - 06:39:34 ---A- . (.Intel Corporation - Intel(R) USB 3.0 eXtensible Host Controller Driver.) -- C:\Windows\System32\Drivers\iusb3xhc.sys [787736]
O58 - SDL:14/03/2011 - 11:53:43 ---A- . (.Broadcom Corporation - Broadcom NetLink (TM) Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\System32\Drivers\k57nd60a.sys [412712]
O58 - SDL:13/07/2009 - 22:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_fc.sys [114752]
O58 - SDL:13/07/2009 - 22:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas.sys [106560]
O58 - SDL:13/07/2009 - 22:48:04 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas2.sys [65600]
O58 - SDL:13/07/2009 - 22:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_scsi.sys [115776]
O58 - SDL:24/02/2009 - 17:35:44 ---A- . (.MagicISO, Inc. - MagicISO SCSI Host Controller.) -- C:\Windows\System32\Drivers\mcdbus.sys [255552]
O58 - SDL:13/07/2009 - 22:48:04 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for.) -- C:\Windows\System32\Drivers\megasas.sys [35392]
O58 - SDL:13/07/2009 - 22:48:04 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\Drivers\MegaSR.sys [284736]
O58 - SDL:13/07/2009 - 22:48:26 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\Drivers\nfrd960.sys [51264]
O58 - SDL:11/03/2011 - 03:41:34 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\Drivers\nvraid.sys [148352]
O58 - SDL:11/03/2011 - 03:41:34 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\Drivers\nvstor.sys [166272]
O58 - SDL:13/07/2009 - 22:45:46 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\Drivers\ql2300.sys [1524816]
O58 - SDL:13/07/2009 - 22:45:45 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\Drivers\ql40xx.sys [128592]
O58 - SDL:03/01/2012 - 07:55:54 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\RTKVHD64.sys [4730344]
O58 - SDL:10/06/2009 - 17:37:19 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\System32\Drivers\secdrv.sys [23040]
O58 - SDL:13/07/2009 - 22:45:45 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid2.sys [43584]
O58 - SDL:13/07/2009 - 22:45:46 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid4.sys [80464]
O58 - SDL:14/02/2012 - 01:33:02 ---A- . (.Synaptics Incorporated - Synaptics SMBus Driver.) -- C:\Windows\System32\Drivers\Smb_driver.sys [22800]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\viaide.sys [17488]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\Drivers\vsmraid.sys [161872]
~ Drivers: 63 Scanned in 00mn 01s
---\\ Últimos ficheiros alterados ou criados (Utilizador) (061)
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\n7458\wajam_2207-6c14163c.exe [55363] =>PUP.Wajam
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\nsl9F2D.tmp\System.dll [11264]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\spark_install.exe [44065600]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n6399\s6399.exe [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n6478\s6478.exe [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n6657\s6657.exe [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n6889\s6889.exe [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n7458\s7458.exe [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Baidu Inc..) -- C:\Users\Usuario\AppData\Local\Temp\n7458\spark_1706-7a62f19d.exe [1285312]
O61 - LFC: 24/08/2014 - 07:06:26 ---A- . (...) -- C:\Users\Usuario\Downloads\wrar510br.exe [4443360]
O61 - LFC: 24/08/2014 - 07:06:26 ---A- . (.Firseria.-.Installer · sl.) -- C:\Users\Usuario\Downloads\WinRAR.exe [577728] =>PUP.Firseria
O61 - LFC: 24/08/2014 - 07:06:26 ---A- . (.Oracle Corporation.) -- C:\Users\Usuario\Downloads\jxpiinstall.exe [918952]
O61 - LFC: 25/08/2014 - 07:06:26 ---A- . (...) -- C:\Users\Usuario\Downloads\atube-catcher-3-8-7973-32-bits.exe [689200]
O61 - LFC: 25/08/2014 - 07:06:26 ---A- . (.DsNET Corp.) -- C:\Users\Usuario\Downloads\atube-catcher-3-8-7973-32-bits [1].exe [16806776]
O61 - LFC: 27/08/2014 - 07:06:25 ---A- . (.Baidu, Inc..) -- C:\Users\Usuario\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.9.76886.exe [22526848]
O61 - LFC: 27/08/2014 - 07:06:26 ---A- . (.Microsoft Corporation.) -- C:\Users\Usuario\Downloads\wlsetup-web.exe [1242312]
O61 - LFC: 30/08/2014 - 07:06:25 ---A- . (.MSIL TECHNOLOGIES LLC.) -- C:\Users\Usuario\AppData\Local\Temp\TempProductLLC\220814_m.exe [25032]
O61 - LFC: 30/08/2014 - 07:06:26 ---A- . (...) -- C:\Users\Usuario\Downloads\adwcleaner_3.308.exe [1364531]
O61 - LFC: 31/08/2014 - 07:06:26 ---A- . (.Nicolas Coolman.) -- C:\Users\Usuario\Downloads\ZHPDiag2.exe [6860008] =>.Nicolas Coolman
~ 10102 Fichiers temporaires (Temporary files)
~ 278 Fichiers cookies (Cookies files)
~ Files: 19 Scanned in 00mn 01s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 89 Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.bat>
O67 - Shell Spawning: <.cpl>
O67 - Shell Spawning: <.cmd>
O67 - Shell Spawning: <.com>
O67 - Shell Spawning: <.evt>
O67 - Shell Spawning: <.exe>
O67 - Shell Spawning: <.html>
O67 - Shell Spawning: <.js>
O67 - Shell Spawning: <.reg>
O67 - Shell Spawning: <.scr>
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Scanned in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {283BFDBE-7AF0-47CB-8573-30F9A295F356} - (NCH Customized Web Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Listagem dos serviços iniciados pelo Svchost (SSS) (O83)
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Serviço de Experiência com Aplicativo.) -- C:\Windows\System32\aelupsvc.dll [72192]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [80384]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [80384]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll [236032]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Cliente da Diretiva de Grupo.) -- C:\Windows\System32\gpsvc.dll [777728]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\System32\ikeext.dll [859648]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Serviço de Áudio do Windows.) -- C:\Windows\System32\Audiosrv.dll [679424]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gerenciador de Discagem Automática de Acesso Remoto.) -- C:\Windows\System32\rasauto.dll [99328]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\System32\rasmans.dll [344064]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gerenciador de Interface Dinâmica.) -- C:\Windows\System32\mprdim.dll [97792]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistema (SENS).) -- C:\Windows\System32\sens.dll [64512]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\System32\ipnathlp.dll [359424]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft(R) Windows(TM).) -- C:\Windows\System32\tapisrv.dll [316928]
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gerenciador de Conexões Remotas do Servidor Host da Sessão da Área de.) -- C:\Windows\System32\termsrv.dll [680960]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [2477536]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de plano de fundo.) -- C:\Windows\System32\qmgr.dll [849920]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\System32\shsvcs.dll [370688]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 em uma rede IPv4..) -- C:\Windows\System32\iphlpsvc.dll [569344]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\Windows\system32\seclogon.dll [30720]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações de Aplicativos.) -- C:\Windows\System32\appinfo.dll [70144]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Descoberta iSCSI.) -- C:\Windows\System32\iscsiexe.dll [156672]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Serviço Agendador de Classes de Multimídia.) -- C:\Windows\System32\mmcss.dll [67584]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [242688]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração da Área de Trabalho Remota.) -- C:\Windows\System32\sessenv.dll [121856]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\System32\browser.dll [136704]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Serviço Microsoft EAPHost.) -- C:\Windows\System32\eapsvc.dll [111104]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll [1110016]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\Windows\System32\kmsvc.dll [90624]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\System32\wercplsupport.dll [84480]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [209920]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\System32\themeservice.dll [44544]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Serviço BDE.) -- C:\Windows\System32\bdesvc.dll [100864]
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Serviço de instalação do software.) -- C:\Windows\System32\appmgmts.dll [193536]
~ Services: 33 Scanned in 00mn 00s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "D2A425F4736535D214457A857BC0F010" . (.Ask Shopping Toolbar.) -- C:\Windows\Installer\{4F524A2D-5637-2D53-4154-A758B70C0F01}\ToolbarIcon.exe =>Adware.Bandoo
O90 - PUC: "D2A425F47365A600677A7A857BC0F050" . (.Ask Toolbar.) -- C:\Windows\Installer\{4F524A2D-5637-006A-76A7-A758B70C0F05}\ToolbarIcon.exe =>Toolbar.Ask
~ Update Products: 2 Scanned in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.90BBC1FAB1C49A625160997038066353] [WIS][24/06/2014] (.APN, LLC - Ask Shopping Toolbar.) -- C:\Windows\Installer\158bb77.msi [512000] =>Toolbar.Avira
[MD5.7E7969FBEFB97E7AE2F8EA52DED9BADD] [WIS][05/08/2014] (.APN, LLC - Ask Toolbar.) -- C:\Windows\Installer\51dcc3d.msi [507904] =>Toolbar.Avira
~ WIS: 2 Scanned in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 20/02/2012 276248 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 28/05/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/05/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/04/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
SS - | Demand 24/07/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 20/02/2012 106144 | (AtherosSvc) . (.Atheros Commnucations.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 02/03/2012 355920 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 19/02/2012 72864 | (ZAtheros Wlan Agent) . (.Atheros.) - C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
~ Services: Scanned in 00mn 08s
---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBR) (080)
Run by Usuario at 31/08/2014 07:06:52
~ OS 64 not supported by MBR tool
~ MBR: 0 Scanned in 00mn 00s
---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBRCheck) (080)
Written by ad13, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Run by Usuario at 31/08/2014 07:06:54
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scâner Aditional (088)
Database Version : 13026 - (28/08/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 5
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5637-2D53-4154-A758B70C0F01}] =>Adware.Bandoo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5637-006A-76A7-A758B70C0F05}] =>Toolbar.Avira^
C:\Users\Usuario\AppData\Roaming\Azureus =>P2P.Azureus^
[HKCU\Software\AppDataLow\Software\BackgroundContainerV2] =>PUP.Babylon^
C:\Windows\Installer\158bb77.msi =>Toolbar.Avira^
C:\Windows\Installer\51dcc3d.msi =>Toolbar.Avira^
C:\Users\Usuario\AppData\Local\Temp\ToolbarHelper.exe =>Toolbar.Conduit
~ Additionnel Scan: 245395 Items scanned in 00mn 51s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 7 Scanned in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Bandoo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Wajam
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Firseria
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
~ MSI: 6 link(s) detected in 00mn 00s
End of the scan (1050 lines in 02mn 00s)(0)
Mariana7777- Iniciante
- Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014
Re: Como remover o blueseek?
Bom Dia! Mariana7777
####
---\\ Softwares de proteçao do sistema
avast! EasyPass v7-9-1-129
McAfee Security Scan Plus v3.8.150.1
Windows Defender W7 (Activate)
####
|- Aqui diz que vc está sem antivírus ou estão desabilitados. Confirmas esse fato?
|- Depois de sua resposta e log de SecurityCheck,postarei o script obtido de ZHPDiag.
-/-
|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by screen317 )
>>> < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
|- Salve-o no desktop!
|- Duplo-clique em SecurityCheck.exe
|- Siga as instruções e poste o relatório. ( checkup.txt )
A+
####
---\\ Softwares de proteçao do sistema
avast! EasyPass v7-9-1-129
McAfee Security Scan Plus v3.8.150.1
Windows Defender W7 (Activate)
####
|- Aqui diz que vc está sem antivírus ou estão desabilitados. Confirmas esse fato?
|- Depois de sua resposta e log de SecurityCheck,postarei o script obtido de ZHPDiag.
-/-
|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by screen317 )
>>> < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
|- Salve-o no desktop!
|- Duplo-clique em SecurityCheck.exe
|- Siga as instruções e poste o relatório. ( checkup.txt )
A+
joram- Administrador
- Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Como remover o blueseek?
Sim,desabilitei o antivírus,como você tinha pedido.
Mariana7777- Iniciante
- Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014
Re: Como remover o blueseek?
Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 55
Java version out of Date!
Adobe Flash Player 13.0.0.182 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (31.0)
Google Chrome 36.0.1985.125
Google Chrome 36.0.1985.143
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast Setup Instup.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: =
````````````````````End of Log``````````````````````
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 55
Java version out of Date!
Adobe Flash Player 13.0.0.182 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (31.0)
Google Chrome 36.0.1985.125
Google Chrome 36.0.1985.143
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast Setup Instup.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: =
````````````````````End of Log``````````````````````
Mariana7777- Iniciante
- Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014
Re: Como remover o blueseek?
Boa Noite! Mariana7777
|- Execute este script na ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
|- À seguir,minimize o Bloco de Notas.
Script ZHPFix
Emptyprefetch
Emptytemp
ifeofix
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (...) -- (.not file.)
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã
O42 - Logiciel: Ask Shopping Toolbar - (.APN, LLC.) [HKLM][64Bits] -- {4F524A2D-5637-2D53-4154-A758B70C0F01} =>Adware.Bandoo
O43 - CFD: 27/08/2014 - 16:41:21 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 27/08/2014 - 16:41:21 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 27/08/2014 - 16:41:08 - [] ----D C:\Users\Usuario\AppData\Roaming\Baidu Security
O44 - LFC:[MD5.6D9F600B1376A3D6BD87AC825FA68059] - 27/08/2014 - 16:21:07 ---A- . (...) -- C:\Windows\DirectX.log [198]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\n7458\wajam_2207-6c14163c.exe [55363] =>PUP.Wajam
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\nsl9F2D.tmp\System.dll [11264]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\spark_install.exe [44065600]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n6399\s6399.exe [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n6478\s6478.exe [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n6657\s6657.exe [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n6889\s6889.exe [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n7458\s7458.exe [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Baidu Inc..) -- C:\Users\Usuario\AppData\Local\Temp\n7458\spark_1706-7a62f19d.exe [1285312]
O61 - LFC: 27/08/2014 - 07:06:25 ---A- . (.Baidu, Inc..) -- C:\Users\Usuario\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.9.76886.exe [22526848]
O61 - LFC: 30/08/2014 - 07:06:25 ---A- . (.MSIL TECHNOLOGIES LLC.) -- C:\Users\Usuario\AppData\Local\Temp\TempProductLLC\220814_m.exe [25032]
O69 - SBI: SearchScopes [HKCU] {283BFDBE-7AF0-47CB-8573-30F9A295F356} - (NCH Customized Web Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O90 - PUC: "D2A425F47365A600677A7A857BC0F050" . (.Ask Toolbar.) -- C:\Windows\Installer\{4F524A2D-5637-006A-76A7-A758B70C0F05}\ToolbarIcon.exe =>Toolbar.Ask
O90 - PUC: "D2A425F4736535D214457A857BC0F010" . (.Ask Shopping Toolbar.) -- C:\Windows\Installer\{4F524A2D-5637-2D53-4154-A758B70C0F01}\ToolbarIcon.exe =>Adware.Bandoo
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKCU\Software\AppDataLow\Software\BackgroundContainerV2] =>PUP.Babylon
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5637-2D53-4154-A758B70C0F01}] =>Adware.Bandoo^
[HKCU\Software\AppDataLow\Software\BackgroundContainerV2] =>PUP.Babylon^
C:\Users\Usuario\AppData\Roaming\Baidu Security
C:\Program Files (x86)\Baidu Security
C:\ProgramData\Baidu Security
C:\Users\Usuario\AppData\Local\Temp\ToolbarHelper.exe =>Toolbar.Conduit
Firewallraz
Emptyclsid
|- Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!
A+
|- Execute este script na ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
|- À seguir,minimize o Bloco de Notas.
Script ZHPFix
Emptyprefetch
Emptytemp
ifeofix
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (...) -- (.not file.)
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã
O42 - Logiciel: Ask Shopping Toolbar - (.APN, LLC.) [HKLM][64Bits] -- {4F524A2D-5637-2D53-4154-A758B70C0F01} =>Adware.Bandoo
O43 - CFD: 27/08/2014 - 16:41:21 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 27/08/2014 - 16:41:21 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 27/08/2014 - 16:41:08 - [] ----D C:\Users\Usuario\AppData\Roaming\Baidu Security
O44 - LFC:[MD5.6D9F600B1376A3D6BD87AC825FA68059] - 27/08/2014 - 16:21:07 ---A- . (...) -- C:\Windows\DirectX.log [198]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\n7458\wajam_2207-6c14163c.exe [55363] =>PUP.Wajam
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\nsl9F2D.tmp\System.dll [11264]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\spark_install.exe [44065600]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n6399\s6399.exe [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n6478\s6478.exe [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n6657\s6657.exe [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n6889\s6889.exe [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Apps Install.) -- C:\Users\Usuario\AppData\Local\Temp\n7458\s7458.exe [421056]
O61 - LFC: 24/08/2014 - 07:06:25 ---A- . (.Baidu Inc..) -- C:\Users\Usuario\AppData\Local\Temp\n7458\spark_1706-7a62f19d.exe [1285312]
O61 - LFC: 27/08/2014 - 07:06:25 ---A- . (.Baidu, Inc..) -- C:\Users\Usuario\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.9.76886.exe [22526848]
O61 - LFC: 30/08/2014 - 07:06:25 ---A- . (.MSIL TECHNOLOGIES LLC.) -- C:\Users\Usuario\AppData\Local\Temp\TempProductLLC\220814_m.exe [25032]
O69 - SBI: SearchScopes [HKCU] {283BFDBE-7AF0-47CB-8573-30F9A295F356} - (NCH Customized Web Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O90 - PUC: "D2A425F47365A600677A7A857BC0F050" . (.Ask Toolbar.) -- C:\Windows\Installer\{4F524A2D-5637-006A-76A7-A758B70C0F05}\ToolbarIcon.exe =>Toolbar.Ask
O90 - PUC: "D2A425F4736535D214457A857BC0F010" . (.Ask Shopping Toolbar.) -- C:\Windows\Installer\{4F524A2D-5637-2D53-4154-A758B70C0F01}\ToolbarIcon.exe =>Adware.Bandoo
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKCU\Software\AppDataLow\Software\BackgroundContainerV2] =>PUP.Babylon
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5637-2D53-4154-A758B70C0F01}] =>Adware.Bandoo^
[HKCU\Software\AppDataLow\Software\BackgroundContainerV2] =>PUP.Babylon^
C:\Users\Usuario\AppData\Roaming\Baidu Security
C:\Program Files (x86)\Baidu Security
C:\ProgramData\Baidu Security
C:\Users\Usuario\AppData\Local\Temp\ToolbarHelper.exe =>Toolbar.Conduit
Firewallraz
Emptyclsid
|- Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!
A+
joram- Administrador
- Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Como remover o blueseek?
Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by Usuario at 01/09/2014 12:45:33
High Elevated Privileges : OK
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 06s)
Prefetcher vazio
========== Softwares ==========
ELIMINÉ: Ask Shopping Toolbar
========== Chaves do Registo ==========
Ramo Base de Registos IFEO não infetado !
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
ELIMINÉ: SearchScopes :{283BFDBE-7AF0-47CB-8573-30F9A295F356}
ELIMINÉ: [HKLM\Software\Classes\Installer\Products\\D2A425F47365A600677A7A857BC0F050]
ELIMINÉ: [HKLM\Software\Classes\Installer\Features\D2A425F47365A600677A7A857BC0F050]
ELIMINÉ: HKCU\Software\AppDataLow\Software\BackgroundContainerV2
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baidu
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
ELIMINÉ: Toolbar: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (None) : {04121A2B-5A7E-4234-B994-44A7E2402CF8}
ELIMINÉ: FirewallRaz (Public) : TCP Query User{DA3FD9BF-73DF-4428-AD71-8A6E4F068B3E}C:\program files (x86)\ares\ares.exe
ELIMINÉ: FirewallRaz (Public) : UDP Query User{92A595E2-07C9-47B3-8842-3E92D4DDF9FD}C:\program files (x86)\ares\ares.exe
ELIMINÉ: FirewallRaz (Public) : TCP Query User{FD5D9BA5-6390-4C81-8D11-E599450FBEC4}C:\program files (x86)\ares\chatserver.exe
ELIMINÉ: FirewallRaz (Public) : UDP Query User{306E4028-0B89-4A6A-B0E1-19F9F40F270D}C:\program files (x86)\ares\chatserver.exe
ELIMINÉ: FirewallRaz (Public) : {5C887B78-5311-46BA-9DF5-FD9E627CB262}
ELIMINÉ: FirewallRaz (Public) : {3A55A04E-98F2-45BD-868F-BC5439C5780D}
ELIMINÉ: FirewallRaz (Public) : {0326AF06-F75B-4D50-A57F-14A079D6DC79}
ELIMINÉ: FirewallRaz (Public) : {431E3ADF-C6A8-4D12-BB1A-A13804DA2F93}
ELIMINÉ: FirewallRaz (Public) : {0BA76CEE-548C-4628-91AD-2CD995FCF741}
ELIMINÉ: FirewallRaz (Public) : {D9146784-A4EB-469F-8A4A-46F605753DA4}
ELIMINÉ: FirewallRaz (Public) : {BB7C1A58-5045-4258-B63C-0B21C07E13C7}
ELIMINÉ: FirewallRaz (Public) : {25AE2D39-6309-4835-8C2C-8DD8CE75EBD1}
========== Elementos dos dados do Registo ==========
SUBSTITUI Value NoActiveDesktopChanges : Good (0) - Bad (1)
SUBSTITUI Value Start_ShowMyGames : Good (1) - Bad (0)
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (5179) (979.362.387 octets)
ELIMINÉ: c:\windows\directx.log
========== Recapitulativo ==========
10 : Chaves do Registo
17 : Valores do Registo
2 : Elementos dos dados do Registo
1 : Pastas
2 : Ficheiros
1 : Softwares
End of clean in 01mn 07s
========== Caminho do ficheiro do relatório ==========
C:\Users\Usuario\AppData\Roaming\ZHP\ZHPFix[R1].txt - 01/09/2014 12:45:40 [3000]
Fichier d'export Registre :
Run by Usuario at 01/09/2014 12:45:33
High Elevated Privileges : OK
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 06s)
Prefetcher vazio
========== Softwares ==========
ELIMINÉ: Ask Shopping Toolbar
========== Chaves do Registo ==========
Ramo Base de Registos IFEO não infetado !
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
ELIMINÉ: SearchScopes :{283BFDBE-7AF0-47CB-8573-30F9A295F356}
ELIMINÉ: [HKLM\Software\Classes\Installer\Products\\D2A425F47365A600677A7A857BC0F050]
ELIMINÉ: [HKLM\Software\Classes\Installer\Features\D2A425F47365A600677A7A857BC0F050]
ELIMINÉ: HKCU\Software\AppDataLow\Software\BackgroundContainerV2
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baidu
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
ELIMINÉ: Toolbar: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (None) : {04121A2B-5A7E-4234-B994-44A7E2402CF8}
ELIMINÉ: FirewallRaz (Public) : TCP Query User{DA3FD9BF-73DF-4428-AD71-8A6E4F068B3E}C:\program files (x86)\ares\ares.exe
ELIMINÉ: FirewallRaz (Public) : UDP Query User{92A595E2-07C9-47B3-8842-3E92D4DDF9FD}C:\program files (x86)\ares\ares.exe
ELIMINÉ: FirewallRaz (Public) : TCP Query User{FD5D9BA5-6390-4C81-8D11-E599450FBEC4}C:\program files (x86)\ares\chatserver.exe
ELIMINÉ: FirewallRaz (Public) : UDP Query User{306E4028-0B89-4A6A-B0E1-19F9F40F270D}C:\program files (x86)\ares\chatserver.exe
ELIMINÉ: FirewallRaz (Public) : {5C887B78-5311-46BA-9DF5-FD9E627CB262}
ELIMINÉ: FirewallRaz (Public) : {3A55A04E-98F2-45BD-868F-BC5439C5780D}
ELIMINÉ: FirewallRaz (Public) : {0326AF06-F75B-4D50-A57F-14A079D6DC79}
ELIMINÉ: FirewallRaz (Public) : {431E3ADF-C6A8-4D12-BB1A-A13804DA2F93}
ELIMINÉ: FirewallRaz (Public) : {0BA76CEE-548C-4628-91AD-2CD995FCF741}
ELIMINÉ: FirewallRaz (Public) : {D9146784-A4EB-469F-8A4A-46F605753DA4}
ELIMINÉ: FirewallRaz (Public) : {BB7C1A58-5045-4258-B63C-0B21C07E13C7}
ELIMINÉ: FirewallRaz (Public) : {25AE2D39-6309-4835-8C2C-8DD8CE75EBD1}
========== Elementos dos dados do Registo ==========
SUBSTITUI Value NoActiveDesktopChanges : Good (0) - Bad (1)
SUBSTITUI Value Start_ShowMyGames : Good (1) - Bad (0)
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (5179) (979.362.387 octets)
ELIMINÉ: c:\windows\directx.log
========== Recapitulativo ==========
10 : Chaves do Registo
17 : Valores do Registo
2 : Elementos dos dados do Registo
1 : Pastas
2 : Ficheiros
1 : Softwares
End of clean in 01mn 07s
========== Caminho do ficheiro do relatório ==========
C:\Users\Usuario\AppData\Roaming\ZHP\ZHPFix[R1].txt - 01/09/2014 12:45:40 [3000]
Mariana7777- Iniciante
- Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014
Re: Como remover o blueseek?
Boa Tarde! Mariana7777
|- Pelo volume de detecções em sua máquina,vc terá que rodar o Malwarebytes.
|- Primeiramente,desinstale o AdwCleaner.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Abra a ferramenta AdwCleaner e clique em "Desinstalar".
|- Confirme a solicitação!
< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > << Link!
|- Baixe o Malwarebytes. (MBAM)
< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > << Link!
|- Vá a este endereço,e obtenha informações de instalação,atualização e configuração do MBAM.
|- Escolha o "Tipo da Verificação": Verificação Personalizada
|- Poste o relatório,ao concluir!
A+
|- Pelo volume de detecções em sua máquina,vc terá que rodar o Malwarebytes.
|- Primeiramente,desinstale o AdwCleaner.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Abra a ferramenta AdwCleaner e clique em "Desinstalar".
|- Confirme a solicitação!
< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > << Link!
|- Baixe o Malwarebytes. (MBAM)
< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > << Link!
|- Vá a este endereço,e obtenha informações de instalação,atualização e configuração do MBAM.
|- Escolha o "Tipo da Verificação": Verificação Personalizada
|- Poste o relatório,ao concluir!
A+
joram- Administrador
- Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Como remover o blueseek?
Apareceu que não encontrou nenhum malware,mas achou 14 ameaças em potencial.
Mariana7777- Iniciante
- Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014
Re: Como remover o blueseek?
o que tenho que fazer agora?
Mariana7777- Iniciante
- Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014
Re: Como remover o blueseek?
Olá!Mariana7777 escreveu:o que tenho que fazer agora?
|- Poste o relatório do Malwarebytes!
A+
joram- Administrador
- Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Como remover o blueseek?
Mas ele não me forneceu nenhum relatório,ou é esse com as ameaças?
Mariana7777- Iniciante
- Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014
Re: Como remover o blueseek?
Boa Tarde! Mariana7777Mariana7777 escreveu:Apareceu que não encontrou nenhum malware,mas achou 14 ameaças em potencial.
< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > << Link!
|- Vá ao Tutorial..role a página e leia!
A+
joram- Administrador
- Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Como remover o blueseek?
Obrigado pela paciência
Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Data de Verificação: 01/09/2014
Hora da Verificação: 13:31:20
Logfile: log 2.txt
Administrador: Sim
Versão: 2.00.2.1012
Malware Database: v2014.09.01.05
Rootkit Database: v2014.08.21.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Self-protection: Desabilitado
OS: Windows 7 Service Pack 1
CPU: x64
Sistema de Arquivo: NTFS
Usuário: Usuario
Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 418293
Tempo Decorrido: 1 hr, 28 min, 59 seg
Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processos: 0
(No malicious items detected)
Módulos: 0
(No malicious items detected)
Chaves de Registro: 0
(No malicious items detected)
Valores de Registro: 0
(No malicious items detected)
Dados do Registro: 0
(No malicious items detected)
Pastas: 0
(No malicious items detected)
Arquivos: 14
PUP.Optional.OpenCandy, C:\Users\Usuario\.frostwire5\updates\frostwire-5.7.5.windows.coc.premium.exe, Quarantined, [6c0dedfbed8ebc7a611f12fbe322fa06],
PUP.Optional.Iminent.A, C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LLIYB2EY\IminentMinibarIE[1].exe, Quarantined, [b5c475733c3fc1758dba1afcdc2504fc],
PUP.Optional.Iminent.A, C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LLIYB2EY\MinibarFirefox[1].exe, Quarantined, [5d1c6a7ef78446f061e6eb2bd130b947],
PUP.Optional.Iminent, C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RV40PVKS\metro[1].exe, Quarantined, [f287e602f487c274ab87f52058a9a858],
PUP.Optional.Wajam, C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RV40PVKS\WIE_2.12.2.5[1].exe, Quarantined, [a0d9a741dc9fc67049d2218a56aba25e],
PUP.Optional.Midia, C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN0X0E1H\220814_m[1].exe, Quarantined, [f28700e86e0d8bab80697f32659c1be5],
PUP.Optional.GenericExt.A, C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN0X0E1H\MinibarChrome[1].exe, Quarantined, [73061eca8cef5dd9224496a719e7dd23],
PUP.Optional.InstallCore, C:\Users\Usuario\Downloads\harry-potter-mega-theme-for-windows-7-10-32-bits.exe, Quarantined, [65140bdd027958de0b5a08ba07fdbe42],
PUP.Optional.InstallCore, C:\Users\Usuario\Downloads\atube-catcher-3-8-7973-32-bits.exe, Quarantined, [40391ccc85f661d550bb92d47e862ed2],
PUP.Optional.Firseria, C:\Users\Usuario\Downloads\WinRAR.exe, Quarantined, [84f5a741cbb0cc6a7d67858941c42ad6],
PUP.Optional.Iminent.A, C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_start.iminent.com_0.localstorage, Quarantined, [3b3e4c9cc8b35cdaeb8a91c371932cd4],
PUP.Optional.Iminent.A, C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_start.iminent.com_0.localstorage-journal, Quarantined, [7aff697fe695bd799ed7e86c31d359a7],
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633, Quarantined, [8dec37b1512a3ff7a0e780d836ce4db3],
PUP.Optional.Iminent.A, C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://www.google.com", "http://start.iminent.com/?appId=CF0DF3DB-53EF-4692-B380-2DEAA120D8DC", "http://search.iminent.com/?appId=CF0DF3DB-53EF-4692-B380-2DEAA120D8DC" ],), Replaced,[eb8eebfde2994beb539ce1397b8a59a7]
Physical Sectors: 0
(No malicious items detected)
(end)
Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Data de Verificação: 01/09/2014
Hora da Verificação: 13:31:20
Logfile: log 2.txt
Administrador: Sim
Versão: 2.00.2.1012
Malware Database: v2014.09.01.05
Rootkit Database: v2014.08.21.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Self-protection: Desabilitado
OS: Windows 7 Service Pack 1
CPU: x64
Sistema de Arquivo: NTFS
Usuário: Usuario
Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 418293
Tempo Decorrido: 1 hr, 28 min, 59 seg
Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processos: 0
(No malicious items detected)
Módulos: 0
(No malicious items detected)
Chaves de Registro: 0
(No malicious items detected)
Valores de Registro: 0
(No malicious items detected)
Dados do Registro: 0
(No malicious items detected)
Pastas: 0
(No malicious items detected)
Arquivos: 14
PUP.Optional.OpenCandy, C:\Users\Usuario\.frostwire5\updates\frostwire-5.7.5.windows.coc.premium.exe, Quarantined, [6c0dedfbed8ebc7a611f12fbe322fa06],
PUP.Optional.Iminent.A, C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LLIYB2EY\IminentMinibarIE[1].exe, Quarantined, [b5c475733c3fc1758dba1afcdc2504fc],
PUP.Optional.Iminent.A, C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LLIYB2EY\MinibarFirefox[1].exe, Quarantined, [5d1c6a7ef78446f061e6eb2bd130b947],
PUP.Optional.Iminent, C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RV40PVKS\metro[1].exe, Quarantined, [f287e602f487c274ab87f52058a9a858],
PUP.Optional.Wajam, C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RV40PVKS\WIE_2.12.2.5[1].exe, Quarantined, [a0d9a741dc9fc67049d2218a56aba25e],
PUP.Optional.Midia, C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN0X0E1H\220814_m[1].exe, Quarantined, [f28700e86e0d8bab80697f32659c1be5],
PUP.Optional.GenericExt.A, C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN0X0E1H\MinibarChrome[1].exe, Quarantined, [73061eca8cef5dd9224496a719e7dd23],
PUP.Optional.InstallCore, C:\Users\Usuario\Downloads\harry-potter-mega-theme-for-windows-7-10-32-bits.exe, Quarantined, [65140bdd027958de0b5a08ba07fdbe42],
PUP.Optional.InstallCore, C:\Users\Usuario\Downloads\atube-catcher-3-8-7973-32-bits.exe, Quarantined, [40391ccc85f661d550bb92d47e862ed2],
PUP.Optional.Firseria, C:\Users\Usuario\Downloads\WinRAR.exe, Quarantined, [84f5a741cbb0cc6a7d67858941c42ad6],
PUP.Optional.Iminent.A, C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_start.iminent.com_0.localstorage, Quarantined, [3b3e4c9cc8b35cdaeb8a91c371932cd4],
PUP.Optional.Iminent.A, C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_start.iminent.com_0.localstorage-journal, Quarantined, [7aff697fe695bd799ed7e86c31d359a7],
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633, Quarantined, [8dec37b1512a3ff7a0e780d836ce4db3],
PUP.Optional.Iminent.A, C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://www.google.com", "http://start.iminent.com/?appId=CF0DF3DB-53EF-4692-B380-2DEAA120D8DC", "http://search.iminent.com/?appId=CF0DF3DB-53EF-4692-B380-2DEAA120D8DC" ],), Replaced,[eb8eebfde2994beb539ce1397b8a59a7]
Physical Sectors: 0
(No malicious items detected)
(end)
Mariana7777- Iniciante
- Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014
Re: Como remover o blueseek?
Boa Tarde! Mariana7777
|- O log foi postado corretamente!
|- Ps: Já atualizou o Java e Flash Player?
|- Remova as ferramentas envolvidas na desinfecção ou resquícios das mesmas,com o DelFix.
-/-
|- Baixe: |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| ( ... de Xplode )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Estando na página,clique em Download Now.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Com as caixinhas marcadas,clique Executar!
|- Tudo OK?
Abs!
|- O log foi postado corretamente!
|- Ps: Já atualizou o Java e Flash Player?
|- Remova as ferramentas envolvidas na desinfecção ou resquícios das mesmas,com o DelFix.
-/-
|- Baixe: |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| ( ... de Xplode )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Estando na página,clique em Download Now.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Com as caixinhas marcadas,clique Executar!
|- Tudo OK?
Abs!
joram- Administrador
- Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Como remover o blueseek?
# DelFix v10.8 - Relatório criado 02/09/2014 às 13:25:46
# Atualizado 29/07/2014 por Xplode
# Usuário : Usuario - USUARIO-PC
# Sistema Operacional : Windows 7 Professional Service Pack 1 (64 bits)
~ Ativando UAC ... OK
~ Removendo ferramentas de desinfecção ...
Removido : C:\AdwCleaner
Removido : C:\Users\Usuario\AppData\Roaming\ZHP
Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Removido : C:\Program Files (x86)\ZHPDiag
Removido : C:\PhysicalDisk0_MBR.bin
Removido : C:\Users\Usuario\Desktop\ZHPDiag.lnk
Removido : C:\Users\Usuario\Desktop\ZHPDiag.txt
Removido : C:\Users\Usuario\Desktop\ZHPFix.lnk
Removido : C:\Users\Usuario\Desktop\ZHPFixReport.txt
Removido : C:\Users\Usuario\Downloads\adwcleaner_3.308 - Atalho.lnk
Removido : C:\Users\Usuario\Downloads\SecurityCheck.exe
Removido : C:\Users\Usuario\Downloads\ZHPDiag2.exe
Removido : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
~ Criando backup do registro ... OK
~ Limpando pontos da restauração do sistema ...
Removido : RP #56 [Instalador de Módulos do Windows | 05/24/2014 01:20:01]
Removido : RP #57 [Windows Update | 08/04/2014 01:07:28]
Removido : RP #58 [avast! antivirus system restore point | 08/06/2014 15:25:45]
Removido : RP #59 [Installed Java 7 Update 67 | 08/24/2014 16:42:24]
Removido : RP #61 [Windows Live Essentials | 08/27/2014 19:12:48]
Removido : RP #62 [Windows Live Essentials | 08/27/2014 19:18:10]
Removido : RP #63 [DirectX instalado | 08/27/2014 19:20:05]
Removido : RP #64 [DirectX instalado | 08/27/2014 19:21:33]
Removido : RP #65 [DirectX instalado | 08/27/2014 19:23:02]
Removido : RP #66 [WLSetup | 08/27/2014 19:26:06]
Removido : RP #67 [avast! antivirus system restore point | 08/31/2014 10:00:43]
Novo ponto de restauração criado !
~ Redefinindo configurações do sistema ... OK
########## - EOF - ##########
# Atualizado 29/07/2014 por Xplode
# Usuário : Usuario - USUARIO-PC
# Sistema Operacional : Windows 7 Professional Service Pack 1 (64 bits)
~ Ativando UAC ... OK
~ Removendo ferramentas de desinfecção ...
Removido : C:\AdwCleaner
Removido : C:\Users\Usuario\AppData\Roaming\ZHP
Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Removido : C:\Program Files (x86)\ZHPDiag
Removido : C:\PhysicalDisk0_MBR.bin
Removido : C:\Users\Usuario\Desktop\ZHPDiag.lnk
Removido : C:\Users\Usuario\Desktop\ZHPDiag.txt
Removido : C:\Users\Usuario\Desktop\ZHPFix.lnk
Removido : C:\Users\Usuario\Desktop\ZHPFixReport.txt
Removido : C:\Users\Usuario\Downloads\adwcleaner_3.308 - Atalho.lnk
Removido : C:\Users\Usuario\Downloads\SecurityCheck.exe
Removido : C:\Users\Usuario\Downloads\ZHPDiag2.exe
Removido : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
~ Criando backup do registro ... OK
~ Limpando pontos da restauração do sistema ...
Removido : RP #56 [Instalador de Módulos do Windows | 05/24/2014 01:20:01]
Removido : RP #57 [Windows Update | 08/04/2014 01:07:28]
Removido : RP #58 [avast! antivirus system restore point | 08/06/2014 15:25:45]
Removido : RP #59 [Installed Java 7 Update 67 | 08/24/2014 16:42:24]
Removido : RP #61 [Windows Live Essentials | 08/27/2014 19:12:48]
Removido : RP #62 [Windows Live Essentials | 08/27/2014 19:18:10]
Removido : RP #63 [DirectX instalado | 08/27/2014 19:20:05]
Removido : RP #64 [DirectX instalado | 08/27/2014 19:21:33]
Removido : RP #65 [DirectX instalado | 08/27/2014 19:23:02]
Removido : RP #66 [WLSetup | 08/27/2014 19:26:06]
Removido : RP #67 [avast! antivirus system restore point | 08/31/2014 10:00:43]
Novo ponto de restauração criado !
~ Redefinindo configurações do sistema ... OK
########## - EOF - ##########
Mariana7777- Iniciante
- Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014
Re: Como remover o blueseek?
Olá! Mariana7777
|- Tudo Ok?
A+
|- Tudo Ok?
A+
_________________
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >> O que há de melhor,para desinfectar seu computador!
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >> Não deixem de conhecer!
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >> Tradição em informática!
joram- Administrador
- Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Como remover o blueseek?
Na verdade está do mesmo jeito,as propagandas continuam,sabe?
Mariana7777- Iniciante
- Mensagens : 23
Reputação : 0
Data de inscrição : 30/08/2014
Re: Como remover o blueseek?
Olá! Mariana7777Mariana7777 escreveu:Na verdade está do mesmo jeito,as propagandas continuam,sabe?
|- Vc já redefiniu os navegadores? Ou ocorre,especificamente,em um dos navegadores?
|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Nicolas Coolman )
|- Estando na página,clique [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Salve-a no desktop!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Para correções mais abrangentes,marque todas as opções disponíveis.
|- Clique Réparer.
|- Clique Rapport.
|- Poste o relatório!
A+
joram- Administrador
- Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Página 1 de 2 • 1, 2
Tópicos semelhantes
» Como remover um ícone do desktop?
» Não consigo remover o Blueseek
» Como tirar o BLUESEEK de meus navegadores?
» Como remover srv 123?
» como remover o YAC
» Não consigo remover o Blueseek
» Como tirar o BLUESEEK de meus navegadores?
» Como remover srv 123?
» como remover o YAC
Página 1 de 2
Permissões neste sub-fórum
Não podes responder a tópicos