Abrindo paginas sozinho

por Fuçador Ter 02 Set 2014, 23:39

Pc da minha sogra ta deixando ela doida relatorio do hijackthis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:37:45, on 25/8/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Arquivos de programas\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\MarkKit\MarkKit153.exe
C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Arquivos de programas\MarkKit\MarkKit_wd.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\SearchProtect\Main\bin\CltMngSvc.exe
C:\ARQUIV~1\SearchProtect\SearchProtect\bin\cltmng.exe
C:\ARQUIV~1\SearchProtect\UI\bin\cltmngui.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\vsnpstd.exe
C:\Arquivos de programas\Microsoft Security Client\msseces.exe
C:\Arquivos de programas\fst_br_307\fst_br_307.exe
C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\fst_br_307\upfst_br_307.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\PriceMeter\pricemeterw.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\PriceMeter\pricemeter.exe
C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\PriceMeter\pricemeter.exe
C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\PriceMeter\pricemeter.exe
C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\PriceMeter\pricemeter.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\PriceMeter\pricemeter.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\PriceMeter\pricemeter.exe
C:\Documents and Settings\cliente\Meus documentos\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:13828
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Arquivos de programas\IObit\IObit Uninstaller\UninstallExplorer32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Arquivos de programas\IObit\IObit Uninstaller\UninstallExplorer32.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [MSC] "c:\Arquivos de programas\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [fst_br_307] "C:\Arquivos de programas\fst_br_307\fst_br_307.exe"
O4 - HKLM\..\Run: [upfst_br_307.exe] C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\fst_br_307\upfst_br_307.exe -runhelper
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [PriceMeterW] "C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\PriceMeter\pricemeterw.exe"
O4 - HKCU\..\RunOnce: [lmpchpgemlpnbapjajinolkefniihpod Upgrader] "C:\DOCUME~1\cliente\CONFIG~1\Temp\lmp40.tmp\UPDATER.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\ARQUIV~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Search Protect Service (CltMngSvc) - Client Connect LTD - C:\ARQUIV~1\SearchProtect\Main\bin\CltMngSvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: MarkKit - Unknown owner - C:\Arquivos de programas\MarkKit\MarkKit153.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 9998 bytes

por **joram** Qua 03 Set 2014, 00:54

Bom Dia! Fuçador

|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... par Xplode )

|- Ao acessar,clique em "Download Now".
|- Ps: Se utilizar o navegador IE9,desabilite o filtro "[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]".
|- Salve-o no desktop!

< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >

|- Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Ps: Dê início ao scan,clicando em "Examinar".

< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >

|- Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
|- Copie o log ou clique "Relatório".
|- Poste: < C:\AdwCleaner\AdwCleaner[S0].txt >

|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "COMPLETA" e aguarde a conclusão!
|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

|- Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

|- Maiores informações: < |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| >

A+

por Fuçador Qua 03 Set 2014, 10:25

este é o relatorio do adnw cleaner

# AdwCleaner v3.309 - Relatório criado 03/09/2014 às 10:09:02
# Atualizado 02/09/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : cliente - CLIENTE-1C99C58
# Executando de : C:\Documents and Settings\cliente\Desktop\adwcleaner_3.309.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : CltMngSvc
[#] Serviço Deletada : MarkKit

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\SaveSenseLive
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\Windows Genuine Advantage
Pasta Deletada : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Freesofttoday
Pasta Deletada : C:\Arquivos de programas\Funmoods
Pasta Deletada : C:\Arquivos de programas\SaveSenseLive
Pasta Deletada : C:\Arquivos de programas\SearchProtect
Pasta Deletada : C:\Arquivos de programas\fst_br_307
Pasta Deletada : C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\PerformerSoft
Pasta Deletada : C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\PriceMeter
Pasta Deletada : C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\SaveSenseLive
Pasta Deletada : C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\SearchProtect
Pasta Deletada : C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\fst_br_307
Pasta Deletada : C:\Documents and Settings\cliente\Dados de aplicativos\7go
Pasta Deletada : C:\Documents and Settings\cliente\Dados de aplicativos\Babylon
Pasta Deletada : C:\Documents and Settings\cliente\Dados de aplicativos\baidu
Pasta Deletada : C:\Documents and Settings\cliente\Dados de aplicativos\file scout
Pasta Deletada : C:\Documents and Settings\cliente\Dados de aplicativos\Funmoods
Pasta Deletada : C:\Documents and Settings\cliente\Dados de aplicativos\PerformerSoft
Pasta Deletada : C:\Documents and Settings\cliente\Dados de aplicativos\SaveSense
Pasta Deletada : C:\Documents and Settings\cliente\Dados de aplicativos\SpeedAnalysis3
Pasta Deletada : C:\Documents and Settings\cliente\Dados de aplicativos\VOPackage
Pasta Deletada : C:\Documents and Settings\cliente\Menu Iniciar\Programas\PriceMeter
Pasta Deletada : C:\Documents and Settings\cliente\Menu Iniciar\Programas\VOPackage
Arquivo Deletada : C:\WINDOWS\system32\roboot.exe
Arquivo Deletada : C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\funmoods-speeddial.crx
Arquivo Deletada : C:\Documents and Settings\cliente\Dados de aplicativos\speedanalysis.ico
Arquivo Deletada : C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
Arquivo Deletada : C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
Arquivo Deletada : C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\hxxp_istart.webssearches.com_0.localstorage
Arquivo Deletada : C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\hxxp_istart.webssearches.com_0.localstorage-journal
Arquivo Deletada : C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Tarefas ] *****

Tarefa Deletedo : Driver Booster Update
Tarefa Deletedo : MarkKit Update
Tarefa Deletedo : MarkKit_wd
Tarefa Deletedo : pricemetertask
Tarefa Deletedo : pricemeterwatcher

***** [ Atalhos ] *****

***** [ Registro ] *****

Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [7go@7go.com]
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [7go@7go.com]
Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\gjajpkikblccgefaibcafkfbanllpefi
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PriceMeterW]
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [fst_br_307]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [upfst_br_307.exe]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{0771C34F-730F-4535-AD4C-37B74D27188E}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A66261FC-B82E-4EC7-9F6D-C2F36B871DF0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF103732-4528-4322-AA8B-F7849AB7776B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Chave Deletedo : HKCU\Software\BABSOLUTION
Chave Deletedo : HKCU\Software\filescout
Chave Deletedo : HKCU\Software\FreeSoftToday
Chave Deletedo : HKCU\Software\Funmoods
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\PriceMeter
Chave Deletedo : HKCU\Software\SaveSenseLive
Chave Deletedo : HKCU\Software\Tutorials
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKCU\Software\usyndication.com
Chave Deletedo : HKLM\SOFTWARE\DealPlyLive
Chave Deletedo : HKLM\SOFTWARE\FreeSoftToday
Chave Deletedo : HKLM\SOFTWARE\InstallCore
Chave Deletedo : HKLM\SOFTWARE\PriceMeterLiveUpdate
Chave Deletedo : HKLM\SOFTWARE\SaveSenseLive
Chave Deletedo : HKLM\SOFTWARE\SearchProtect
Chave Deletedo : HKLM\SOFTWARE\Tutorials
Chave Deletedo : HKLM\SOFTWARE\webssearchesSoftware
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Price Metar
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fst_br_307_is1
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Price Metar
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\ARQUIV~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v6.0.2900.5512

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]

-\\ Google Chrome v31.0.1650.57

[ Arquivo : C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]

Deletedo [Homepage] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : bbjciahceamgodcoidkjpchnokgfpphh
Deletedo [Extension] : cjpglkicenollcignonpgiafdgfeehoj

*************************

AdwCleaner[R0].txt - [10083 octets] - [03/09/2014 10:05:59]
AdwCleaner[S0].txt - [8688 octets] - [03/09/2014 10:09:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8748 octets] ##########

por **joram** Qua 03 Set 2014, 10:43

Olá!

|- Resta-lhe apenas,o de ZHPDiag. ( ZHPDiag.txt )

A+

por Fuçador Qua 03 Set 2014, 10:46

nao consegui criar o link no site frances mas postarei a resposta do relatorio do zhpdiag em duas partes de resposta

~ Relatório do ZHPDiag v2014.9.2.128 - Nicolas Coolman (2/9/2014)
~ Iniciado por cliente (3/9/2014 10:34:36)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Desativado pelo Utilizador
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found

---\\ Navegadores Internet
MSIE: Internet Explorer v6.0.2900.5512
GCIE: Google Chrome v31.0.1650.57 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ Softwares de proteçao do sistema
Microsoft Security Client v4.4.0304.0

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader X

---\\ Informações sobre o sistema
~ Processor: x86 Family 15 Model 44 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 991 MB (55% free)
System Restore: Activé (Enable)
System drive C: has 24 GB (64%) free of 37 GB

---\\ Modo de conexão ao sistema
~ Computer Name: CLIENTE-1C99C58
~ User Name: cliente
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, cliente, Administrador,
~ Unselected Option: None
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\cliente\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\cliente\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\cliente\Desktop\
~ %Favorites% : C:\Documents and Settings\cliente\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\cliente\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 24 Go of 37 Go)
D: Hard drive, Flash drive, Thumb drive (Free 22 Go of 37 Go)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
~ Security Center: 37 Scanned in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.DF6D0F37A71883BE3505DD517EB8AD83] - (.Microsoft Corporation - Internet Extensions para Win32.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\wininet.dll [668160]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.322D0E36693D6E24A2398BEE62A268CD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138112]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.72993EC81181111E25299B8058F58DF3] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456576]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 15:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 02s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/1109
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 1/1300
~ Mon Bureau (My Desktop) : 0/12
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 00mn 03s

---\\ Processos lançados
[MD5.B0F49DA36F30922F5DDC3B623B778FCE] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Arquivos de programas\Microsoft Security Client\MsMpEng.exe [22208] [PID.848]
[MD5.78073F606AE3B24F6C1F555759AA8511] - (.Nero AG - Nero BackItUp.) -- C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe [877864] [PID.1552]
[MD5.875E4E0661F3A5994DF9E5E3A0A4F96B] - (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) -- C:\WINDOWS\system32\IoctlSvc.exe [81920] [PID.1704]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [116648] [PID.1740]
[MD5.E715412E47D20EB0EBF77B65F9157343] - (...) -- ystem32\RunDll32.exe [0] [PID.844]
[MD5.38D198A2DD54A67120040566A38103BA] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [31016] [PID.948]
[MD5.3BE181BA79446F43457E2BCB8ED3FD0F] - (.No owner - CameraMonitor MFC Application.) -- C:\WINDOWS\vsnpstd.exe [339968] [PID.1100]
[MD5.58F7F8D02D438B5AAE4005FE81DE30CF] - (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe [1840424] [PID.1268]
[MD5.37A39E3271842BAE754540FE004D9CB5] - (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe [537896] [PID.2116]
[MD5.636D97B3BAF854511FF3F4093E895FED] - (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe [863184] [PID.2904]
[MD5.636DB59138F205B59FF0537A0A9E0FEF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8102400] [PID.1064]
~ Processes Running: Scanned in 00mn 03s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Arquivos de programas\Google\Update\1.3.21.165\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Arquivos de programas\Google\Update\1.3.21.165\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.4.) -- C:\Arquivos de programas\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\Facebook\Video\Skype\npFacebookVideoCalling.dll
~ Firefox Browser: 5 Scanned in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Skype Limited - Facebook Video Calling Plugin.) (No version) -- (.not file.)
~ IE Browser: 9 Scanned in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean) (19)
~ Hosts File: Scanned in 00mn 00s

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} . (.IObit - Uninstall for explorer.) -- C:\Arquivos de programas\IObit\IObit Uninstaller\UninstallExplorer32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
~ BHO: 6 Scanned in 00mn 00s

---\\ Barras do Internet Explorer (03))
O3 - Toolbar: ExplorerWnd Helper - [HKLM]{10921475-03CE-4E04-90CE-E2E7EF20C814} . (.IObit - Uninstall for explorer.) -- C:\Arquivos de programas\IObit\IObit Uninstaller\UninstallExplorer32.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Chave orfã
~ Toolbar: Scanned in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] . (.Nero AG - Nero BackItUp.) -- C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
O4 - HKLM\..\Run: [snpstd] . (.No owner - CameraMonitor MFC Application.) -- C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SiSPower] . (.Silicon Integrated Systems Corporation - Dynamic link library for setting Power Sche.) -- C:\WINDOWS\system32\SiSPower.dll
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Arquivos de programas\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [nwiz] . (...) -- C:\WINDOWS\system32\nwiz.exe
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\system32\NvMcTray.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\RunOnce: [lmpchpgemlpnbapjajinolkefniihpod Upgrader] . (.Mindspark Interactive Network - Chrome Search Updater.) -- C:\Documents and Settings\cliente\Configurações locais\Temp\lmp40.tmp\UPDATER.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DWTRIG20.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DWTRIG20.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1993962763-1770027372-682003330-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1993962763-1770027372-682003330-1003\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe
O4 - HKUS\S-1-5-21-1993962763-1770027372-682003330-1003\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1993962763-1770027372-682003330-1003\..\RunOnce: [lmpchpgemlpnbapjajinolkefniihpod Upgrader] . (.Mindspark Interactive Network - Chrome Search Updater.) -- C:\Documents and Settings\cliente\Configurações locais\Temp\lmp40.tmp\UPDATER.exe
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fornecedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fornecedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll
~ Winsock: 3 Scanned in 00mn 00s

---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0D74EE2-4773-4A50-8687-6BF9CBCCB7C4}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A0D74EE2-4773-4A50-8687-6BF9CBCCB7C4}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A0D74EE2-4773-4A50-8687-6BF9CBCCB7C4}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Monitor de sites da Web.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objeto de serviço do shell de Systray.) -- C:\WINDOWS\system32\stobject.dll
~ SSODL: 4 Scanned in 00mn 00s

---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Nero BackItUp Scheduler 3 (Nero BackItUp Scheduler 3) . (.Nero AG - Nero BackItUp.) - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 169.2.) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) - C:\WINDOWS\system32\IoctlSvc.exe
~ Services: 4 Scanned in 00mn 04s

---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Arquivos de programas\Microsoft Office\Office12\WINWORD.exe
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Scanned in 00mn 00s

---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ BEX: 1 Scanned in 00mn 00s

---\\ Tarefas planificadas automaticamente (039)
[MD5.3109B16A0939BA11696EEB04F345D099] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [257416]
[MD5.D8BD0EAB27DC379A0511EEB3A297224C] [APT] [At1] (...) -- C:\DOCUME~1\cliente\DADOSD~1\FUNMOO~1\UPDATE~1\UPDATE~1.exe [101376]
[MD5.00000000000000000000000000000000] [APT] [FacebookUpdateTaskUserS-1-5-21-1993962763-1770027372-682003330-1003Core] (...) -- C:\Documents and Settings\cliente\Configura‡äes locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [FacebookUpdateTaskUserS-1-5-21-1993962763-1770027372-682003330-1003UA] (...) -- C:\Documents and Settings\cliente\Configura‡äes locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe (.not file.) [0]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [116648]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [116648]
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job [902]
O39 - APT: At1 - (...) -- C:\WINDOWS\Tasks\At1.job [418]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-1993962763-1770027372-682003330-1003Core - (...) -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1993962763-1770027372-682003330-1003Core.job [1004]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-1993962763-1770027372-682003330-1003UA - (...) -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1993962763-1770027372-682003330-1003UA.job [1026]
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [1070]
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [1074]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job [422]
~ Scheduled Task: 14 Scanned in 00mn 00s

---\\ Componentes instalados (ActiveSetup Installed Components) (040)
O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Utilitário de Instalação do Microsoft Windows Media Player.) -- C:\WINDOWS\inf\unregmp2.exe =>.Microsoft Corporation
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Windows NT User Data Migration Tool.) -- C:\WINDOWS\system32\shmgrate.exe
O40 - ASIC: Outlook Express - >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} . (.Microsoft Corporation - Windows NT User Data Migration Tool.) -- C:\WINDOWS\system32\shmgrate.exe =>.Microsoft Corporation
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} . (.Microsoft Corporation - Windows Media 6.4 Player Shim.) -- C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media 6.4 Player Shim.) -- C:\WINDOWS\system32\wmpdxm.dll =>.Microsoft Corporation
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} . (.Microsoft Corporation - Mídia DirectX -- DirectAnimation.) -- C:\WINDOWS\system32\danim.dll
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Biblioteca de instalação do Outlook Express.) -- C:\Arquivos de programas\Outlook Express\setup50.exe =>.Microsoft Corporation
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (...) -- C:\WINDOWS\INF\msnetmtg.inf
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (...) -- C:\WINDOWS\INF\msmsgs.inf
O40 - ASIC: Recursos de navegação - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extensão shell da pasta FTP do Microsoft Internet Explorer.) -- C:\WINDOWS\system32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (...) -- C:\WINDOWS\INF\wmp.inf =>.Microsoft Corporation
O40 - ASIC: Catálogo de endereços 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} . (.Microsoft Corporation - Biblioteca de instalação do Outlook Express.) -- C:\Arquivos de programas\Outlook Express\setup50.exe =>.Microsoft Corporation
O40 - ASIC: Atualização da área de trabalho do Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll
O40 - ASIC: Internet Explorer 6 - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de instalação por usuário do Internet Explorer 5.) -- C:\WINDOWS\system32\ie4uinit.exe
O40 - ASIC: Google Chrome - {8A69D345-D564-463c-AFF1-A69D9E530F96} . (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
O40 - ASIC: Macromedia Shockwave Flash - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Macromedia, Inc. - Macromedia Flash Player 6.0 r79.) -- C:\WINDOWS\system32\macromed\flash\flash.ocx
O40 - ASIC: Installed Component - S-1-5-21-1993962763-1770027372-682003330-1003 - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -- Not Hexadécimal CLSID
~ Active Setup: 18 Scanned in 00mn 00s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys
O41 - Driver: (AmdK7) . (.Microsoft Corporation - Driver de dispositivo de processador.) - C:\WINDOWS\system32\DRIVERS\amdk7.sys
O41 - Driver: (AmdK8) . (.Advanced Micro Devices - AMD Processor Driver.) - C:\WINDOWS\system32\DRIVERS\AmdK8.sys
O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\WINDOWS\system32\DRIVERS\cdrom.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Driver de porta i8042.) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\WINDOWS\system32\DRIVERS\imapi.sys
O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Driver de classe teclado.) - C:\WINDOWS\system32\DRIVERS\kbdclass.sys
O41 - Driver: (kbdhid) . (.Microsoft Corporation - HID Mouse Filter Driver.) - C:\WINDOWS\system32\DRIVERS\kbdhid.sys
O41 - Driver: (Mouclass) . (.Microsoft Corporation - Driver de classe modem.) - C:\WINDOWS\system32\DRIVERS\mouclass.sys
O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
O41 - Driver: (redbook) . (.Microsoft Corporation - Redbook Audio Filter Driver.) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver: (Serial) . (.Microsoft Corporation - Driver de dispositivo serial.) - C:\WINDOWS\system32\DRIVERS\serial.sys
O41 - Driver: (SiSkp) . (.Silicon Integrated Systems Corporation - SiS VGA Driver Manager.) - C:\WINDOWS\system32\DRIVERS\srvkp.sys
O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\WINDOWS\system32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys
~ Drivers: 66 Scanned in 00mn 00s

---\\ Software instalados (042)
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader X (10.1.4) - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1033-7B44-AA1000000001}
O42 - Logiciel: C-Media WDM Audio Driver - (...) [HKLM] -- C-Media Audio Driver
O42 - Logiciel: D-Link CIF Webcam - (...) [HKLM] -- DSB-C110
O42 - Logiciel: Driver Booster - (.IObit.) [HKLM] -- Driver Booster_is1
O42 - Logiciel: Facebook Video Calling 3.1.0.521 - (.Skype Limited.) [HKLM] -- {2091F234-EB58-4B80-8C96-8EB78C808CF7}
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: IObit Uninstaller - (.IObit.) [HKLM] -- IObitUninstall
O42 - Logiciel: K-Lite Codec Pack 3.9.0 Standard - (...) [HKLM] -- KLiteCodecPack_is1
O42 - Logiciel: Microsoft Security Client - (.Microsoft Corporation.) [HKLM] -- {0CD47142-BA4F-46B0-AA92-2675864928B8}
O42 - Logiciel: Microsoft Security Essentials - (.Microsoft Corporation.) [HKLM] -- Microsoft Security Client
O42 - Logiciel: NVIDIA Drivers - (...) [HKLM] -- NVIDIA Drivers
O42 - Logiciel: Nero 8 - (.Nero AG.) [HKLM] -- {C9FFC925-E27E-436E-A2DF-652324D51046}
O42 - Logiciel: SiS 900 PCI Fast Ethernet Adapter Driver - (...) [HKLM] -- SiSLan
O42 - Logiciel: USB PC Camera (SN9C102) - (...) [HKLM] -- {57383270-6F61-4DC8-A9B8-C1745FC29F38}
O42 - Logiciel: VCRedistSetup - (.Nero AG.) [HKLM] -- {3921A67A-5AB1-4E48-9444-C71814CF3027}
O42 - Logiciel: WinRAR 5.10 (32-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Windows Media Format Runtime - (...) [HKLM] -- Windows Media Format Runtime
O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B}
~ Logic: 38 Scanned in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\77-Zip]
[HKCU\Software\Adobe]
[HKCU\Software\Ahe
T
F]
[HKCU\Software\Ahead]
[HKCU\Software\Baidu]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Cyberlink]
[HKCU\Software\Ester]
[HKCU\Software\Facebook]
[HKCU\Software\GNU]
[HKCU\Software\GSpot Appliance Corp]
[HKCU\Software\Gabest]
[HKCU\Software\Google]
[HKCU\Software\HaaliMkx]
[HKCU\Software\Haali]
[HKCU\Software\IM Providers]
[HKCU\Software\Intel]
[HKCU\Software\Jet]
[HKCU\Software\Licenses]
[HKCU\Software\Macromedia]
[HKCU\Software\MediaInfo]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\NVIDIA Corporation]
[HKCU\Software\NeroDigital]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\Policies]
[HKCU\Software\Sensaura]
[HKCU\Software\SkypeRS]
[HKCU\Software\Skype]
[HKCU\Software\USyndication] =>Trojan.USyndication
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\mark_kit]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Adobe]
[HKLM\Software\AdwCleaner]
[HKLM\Software\Ahead]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Audible]
[HKLM\Software\C07ft5Y]
[HKLM\Software\CA561A]
[HKLM\Software\Chicony]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Codec Tweak Tool]
[HKLM\Software\Cyberlink]
[HKLM\Software\GNU]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\HaaliMkx]
[HKLM\Software\IObit]
[HKLM\Software\Intel]
[HKLM\Software\KLCodecPack]
[HKLM\Software\Macromedia]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\NeroDigital]
[HKLM\Software\Nero]
[HKLM\Software\ODBC]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SPPDCOM] =>Rogue.PCSpeedUp
[HKLM\Software\Schlumberger]
[HKLM\Software\Secure]
[HKLM\Software\Skype]
[HKLM\Software\Sonix]
[HKLM\Software\TrendMicro]
[HKLM\Software\WinRAR]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Wow6432Node]
~ Key Software: 134 Scanned in 00mn 00s

por Fuçador Qua 03 Set 2014, 10:49

continuação do log do zhpdiag
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 7/9/2013 - 14:34:14 - [] ----D C:\Arquivos de programas\Adobe
O43 - CFD: 22/5/2014 - 20:47:37 - [] ----D C:\Arquivos de programas\Arquivos comuns
O43 - CFD: 1/5/2014 - 23:43:07 - [] ----D C:\Arquivos de programas\BeatTool
O43 - CFD: 7/9/2013 - 14:17:38 - [0] ----D C:\Arquivos de programas\ComPlus Applications
O43 - CFD: 30/12/2013 - 12:36:52 - [] ----D C:\Arquivos de programas\Google
O43 - CFD: 7/9/2013 - 15:35:29 - [] --H-D C:\Arquivos de programas\InstallShield Installation Information
O43 - CFD: 7/9/2013 - 14:19:12 - [] ----D C:\Arquivos de programas\Internet Explorer
O43 - CFD: 28/4/2014 - 20:38:47 - [] ----D C:\Arquivos de programas\IObit
O43 - CFD: 7/9/2013 - 14:22:00 - [] ----D C:\Arquivos de programas\K-Lite Codec Pack
O43 - CFD: 1/5/2014 - 23:37:38 - [] ----D C:\Arquivos de programas\MarkKit =>PUP.MarkkIt
O43 - CFD: 7/9/2013 - 14:17:10 - [] ----D C:\Arquivos de programas\Messenger
O43 - CFD: 7/9/2013 - 14:22:19 - [] ----D C:\Arquivos de programas\microsoft frontpage
O43 - CFD: 7/9/2013 - 15:00:03 - [] ----D C:\Arquivos de programas\Microsoft Office
O43 - CFD: 29/12/2013 - 20:30:05 - [] ----D C:\Arquivos de programas\Microsoft Security Client
O43 - CFD: 7/9/2013 - 14:59:23 - [] ----D C:\Arquivos de programas\Microsoft Visual Studio
O43 - CFD: 7/9/2013 - 15:00:59 - [] ----D C:\Arquivos de programas\Microsoft Works
O43 - CFD: 7/9/2013 - 14:19:05 - [] ----D C:\Arquivos de programas\Movie Maker
O43 - CFD: 7/9/2013 - 15:00:30 - [] ----D C:\Arquivos de programas\MSBuild
O43 - CFD: 7/9/2013 - 14:17:05 - [] ----D C:\Arquivos de programas\MSN Gaming Zone
O43 - CFD: 7/9/2013 - 15:15:00 - [] ----D C:\Arquivos de programas\Nero
O43 - CFD: 7/9/2013 - 14:19:18 - [] ----D C:\Arquivos de programas\NetMeeting
O43 - CFD: 7/9/2013 - 14:19:15 - [] ----D C:\Arquivos de programas\Outlook Express =>.Microsoft Corporation
O43 - CFD: 7/9/2013 - 14:19:51 - [] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 16/9/2013 - 00:55:30 - [] --H-D C:\Arquivos de programas\Uninstall Information
O43 - CFD: 7/9/2013 - 15:13:45 - [] ----D C:\Arquivos de programas\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 7/9/2013 - 14:16:55 - [] ----D C:\Arquivos de programas\Windows NT
O43 - CFD: 7/9/2013 - 14:19:56 - [0] --H-D C:\Arquivos de programas\WindowsUpdate
O43 - CFD: 25/8/2014 - 11:36:49 - [] ----D C:\Arquivos de programas\WinRAR
O43 - CFD: 7/9/2013 - 14:22:19 - [] ----D C:\Arquivos de programas\xerox
O43 - CFD: 3/9/2014 - 10:33:08 - [] ----D C:\Arquivos de programas\ZHPDiag =>.Nicolas Coolman
O43 - CFD: 7/9/2013 - 14:34:35 - [] ----D C:\Arquivos de programas\Arquivos comuns\Adobe
O43 - CFD: 7/9/2013 - 14:59:22 - [] ----D C:\Arquivos de programas\Arquivos comuns\DESIGNER
O43 - CFD: 7/9/2013 - 15:35:14 - [] ----D C:\Arquivos de programas\Arquivos comuns\InstallShield
O43 - CFD: 7/9/2013 - 15:00:43 - [] ----D C:\Arquivos de programas\Arquivos comuns\Microsoft Shared
O43 - CFD: 7/9/2013 - 14:19:13 - [] ----D C:\Arquivos de programas\Arquivos comuns\MSSoap
O43 - CFD: 7/9/2013 - 15:17:55 - [] ----D C:\Arquivos de programas\Arquivos comuns\Nero
O43 - CFD: 7/9/2013 - 10:25:04 - [] ----D C:\Arquivos de programas\Arquivos comuns\ODBC
O43 - CFD: 7/9/2013 - 14:19:17 - [] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 7/9/2013 - 15:37:28 - [] ----D C:\Arquivos de programas\Arquivos comuns\snpstd
O43 - CFD: 7/9/2013 - 10:25:00 - [] ----D C:\Arquivos de programas\Arquivos comuns\SpeechEngines
O43 - CFD: 7/9/2013 - 14:52:43 - [] ----D C:\Arquivos de programas\Arquivos comuns\System
O43 - CFD: 28/9/2013 - 22:31:58 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Adobe
O43 - CFD: 31/12/2013 - 12:35:13 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\AVAST Software
O43 - CFD: 28/4/2014 - 20:36:30 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\IObit
O43 - CFD: 29/12/2013 - 20:29:38 - [] -S--D C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft
O43 - CFD: 7/9/2013 - 15:02:46 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help
O43 - CFD: 7/9/2013 - 15:15:01 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Nero
O43 - CFD: 28/4/2014 - 20:36:30 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\ProductData
O43 - CFD: 22/5/2014 - 20:47:47 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Skype
O43 - CFD: 28/4/2014 - 20:06:41 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
O43 - CFD: 2/5/2014 - 23:40:57 - [] ----D C:\Documents and Settings\cliente\Dados de aplicativos\Adobe
O43 - CFD: 28/4/2014 - 20:06:57 - [] ----D C:\Documents and Settings\cliente\Dados de aplicativos\Apple Computer
O43 - CFD: 1/5/2014 - 23:39:29 - [] ----D C:\Documents and Settings\cliente\Dados de aplicativos\FunmoodsChat =>PUP.Funmoods
O43 - CFD: 28/10/2013 - 19:30:24 - [0] ----D C:\Documents and Settings\cliente\Dados de aplicativos\GetRightToGo
O43 - CFD: 7/9/2013 - 14:27:15 - [] ----D C:\Documents and Settings\cliente\Dados de aplicativos\Identities
O43 - CFD: 28/4/2014 - 20:13:20 - [] ----D C:\Documents and Settings\cliente\Dados de aplicativos\IObit
O43 - CFD: 2/5/2014 - 23:40:58 - [] ----D C:\Documents and Settings\cliente\Dados de aplicativos\Macromedia
O43 - CFD: 7/3/2014 - 00:52:25 - [] -S--D C:\Documents and Settings\cliente\Dados de aplicativos\Microsoft
O43 - CFD: 16/9/2013 - 00:53:49 - [] ----D C:\Documents and Settings\cliente\Dados de aplicativos\Mozilla
O43 - CFD: 7/9/2013 - 15:19:51 - [] ----D C:\Documents and Settings\cliente\Dados de aplicativos\Nero
O43 - CFD: 26/11/2013 - 23:33:28 - [] ----D C:\Documents and Settings\cliente\Dados de aplicativos\Skype
O43 - CFD: 15/9/2013 - 10:57:16 - [] ----D C:\Documents and Settings\cliente\Dados de aplicativos\WinRAR
O43 - CFD: 3/9/2014 - 10:34:52 - [] ----D C:\Documents and Settings\cliente\Dados de aplicativos\ZHP =>.Nicolas Coolman
O43 - CFD: 17/9/2013 - 21:31:22 - [] ----D C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\Ahead
O43 - CFD: 13/1/2014 - 20:39:10 - [] ----D C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\Facebook
O43 - CFD: 30/12/2013 - 12:20:51 - [] ----D C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\Google
O43 - CFD: 2/4/2014 - 17:41:06 - [0] ----D C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\Help
O43 - CFD: 29/4/2014 - 19:06:13 - [] ----D C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\Microsoft
O43 - CFD: 7/9/2013 - 14:37:29 - [0] ----D C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\Microsoft Help
O43 - CFD: 18/8/2014 - 12:00:07 - [0] ----D C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\Temp
O43 - CFD: 7/9/2013 - 14:27:18 - [] R---D C:\Documents and Settings\cliente\Menu Iniciar\Programas\Acessórios
O43 - CFD: 25/8/2014 - 11:21:33 - [] R---D C:\Documents and Settings\cliente\Menu Iniciar\Programas\Ferramentas administrativas
O43 - CFD: 7/9/2013 - 10:24:26 - [] R---D C:\Documents and Settings\cliente\Menu Iniciar\Programas\Inicializar
~ Program Folder: 73 Scanned in 00mn 00s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.065639773D8B03F33577F6CDAEA21063] - 20/8/2014 - 08:28:13 ---A- . (.Microsoft Corporation - Game Port Enumerator.) -- C:\WINDOWS\system32\Drivers\gameenum.sys [10624]
O44 - LFC:[MD5.CF9EBD105D0E1B2DE7A9172B3CB6D5BC] - 20/8/2014 - 08:29:06 ---A- . (.NVIDIA Corporation - NVIDIA Uninstaller Utility.) -- C:\WINDOWS\system32\nvudisp.exe [356352]
O44 - LFC:[MD5.CF9EBD105D0E1B2DE7A9172B3CB6D5BC] - 20/8/2014 - 08:29:07 ---A- . (.NVIDIA Corporation - NVIDIA Uninstaller Utility.) -- C:\WINDOWS\system32\nvuninst.exe [356352]
O44 - LFC:[MD5.4395B640A6D3DE3ABA27CA68C14801AE] - 20/8/2014 - 08:29:08 ---A- . (...) -- C:\WINDOWS\system32\nvdisp.nvu [17737]
O44 - LFC:[MD5.956FA7D4955F1E08F6FD4F9805127DB4] - 20/8/2014 - 08:29:09 ---A- . (...) -- C:\WINDOWS\system32\keystone.exe [425984]
O44 - LFC:[MD5.311210B0759086411C746B8814320921] - 20/8/2014 - 08:29:09 ---A- . (...) -- C:\WINDOWS\system32\nvappbar.exe [442368]
O44 - LFC:[MD5.5AC4C4ADC8D46EF34E98F96AEA46B46E] - 20/8/2014 - 08:29:09 ---A- . (.NVIDIA Corporation - NVIDIA NVIDIA Color Optimizer, Version 169..) -- C:\WINDOWS\system32\nvcolor.exe [147456]
O44 - LFC:[MD5.CC2CC51088599547F917B0E99CF6DA4A] - 20/8/2014 - 08:29:10 ---A- . (...) -- C:\WINDOWS\system32\nvdspsch.exe [1339392]
O44 - LFC:[MD5.86D5FFB295AF927A01FEBB04C2FB3C3C] - 20/8/2014 - 08:29:10 ---A- . (...) -- C:\WINDOWS\system32\nview.dll [1474560]
O44 - LFC:[MD5.BB4D5833F84B7470AFD0AB0B08DA3233] - 20/8/2014 - 08:29:11 ---A- . (...) -- C:\WINDOWS\system32\nvshell.dll [466944]
O44 - LFC:[MD5.4683C331A4D55600B9A267FA2EFDED85] - 20/8/2014 - 08:29:11 ---A- . (...) -- C:\WINDOWS\system32\nvtuicpl.cpl [73728]
O44 - LFC:[MD5.EED5C7A794681CFB09840B226DCACF8B] - 20/8/2014 - 08:29:11 ---A- . (...) -- C:\WINDOWS\system32\nvwdmcpl.dll [1703936]
O44 - LFC:[MD5.D24486769AA2B5D8BE52A82A6FC2EABF] - 20/8/2014 - 08:29:12 ---A- . (...) -- C:\WINDOWS\system32\nvwimg.dll [1019904]
O44 - LFC:[MD5.FEF01BB18CDE2D5D0F6621DFFB24EF4C] - 20/8/2014 - 08:29:12 ---A- . (...) -- C:\WINDOWS\system32\nwiz.exe [1626112]
O44 - LFC:[MD5.9A5E3B1F16B1CAC0BA0DF9E132D38874] - 20/8/2014 - 08:29:13 ---A- . (.NVIDIA Corporation - NVIDIA Brazilian Portuguese language resour.) -- C:\WINDOWS\system32\nvmccsrs.dll [45056]
O44 - LFC:[MD5.E18AFDEE0F2DA3DDE3D4CEBCC69E9B08] - 20/8/2014 - 08:29:14 ---A- . (.NVIDIA Corporation - NVIDIA Arabic language resource library.) -- C:\WINDOWS\system32\nvrsar.dll [327680]
O44 - LFC:[MD5.48A80FA36C0A1B5CB12CDD51C8F55BA6] - 20/8/2014 - 08:29:14 ---A- . (.NVIDIA Corporation - NVIDIA Control Panel Applet 1.5.30.38.) -- C:\WINDOWS\system32\nvcpl.cpl [413696]
O44 - LFC:[MD5.9435686830D2C38893E8948AD4C240C1] - 20/8/2014 - 08:29:14 ---A- . (.NVIDIA Corporation - NVIDIA Control Panel Application, 1.5.30.38.) -- C:\WINDOWS\system32\nvcplui.exe [753664]
O44 - LFC:[MD5.37C282F5827BD7D1C1CCAE0D135C5584] - 20/8/2014 - 08:29:14 ---A- . (.NVIDIA Corporation - NVIDIA Control Panel Interface Library 1.5..) -- C:\WINDOWS\system32\nvexpbar.dll [307200]
O44 - LFC:[MD5.E2856AC85C70009F9D1229AF8AA5F452] - 20/8/2014 - 08:29:14 ---A- . (.NVIDIA Corporation - NVIDIA Control Panel Resource Library, 1.5..) -- C:\WINDOWS\system32\nvcpluir.dll [1073152]
O44 - LFC:[MD5.5DAEC006D53A117F9DDD7406A1F5B871] - 20/8/2014 - 08:29:15 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrsar.dll [282624]
O44 - LFC:[MD5.97251BAFA5C776B698816FC179BFE9D1] - 20/8/2014 - 08:29:16 ---A- . (.NVIDIA Corporation - NVIDIA Czech language resource library.) -- C:\WINDOWS\system32\nvrscs.dll [249856]
O44 - LFC:[MD5.BAF499A711275726C5047D262E837F9E] - 20/8/2014 - 08:29:16 ---A- . (.NVIDIA Corporation - NVIDIA Danish language resource library.) -- C:\WINDOWS\system32\nvrsda.dll [253952]
O44 - LFC:[MD5.163BDE757C341DBF42FDA6888CE23303] - 20/8/2014 - 08:29:16 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrscs.dll [286720]
O44 - LFC:[MD5.80A41E985F863CA95D846F5B5654B338] - 20/8/2014 - 08:29:16 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrsda.dll [294912]
O44 - LFC:[MD5.54CB8579D155904423AEB24777360FBA] - 20/8/2014 - 08:29:17 ---A- . (.NVIDIA Corporation - NVIDIA German language resource library.) -- C:\WINDOWS\system32\nvrsde.dll [278528]
O44 - LFC:[MD5.AFBB1A8CA77F374D14B726FA7CD5DD68] - 20/8/2014 - 08:29:17 ---A- . (.NVIDIA Corporation - NVIDIA Greek language resource library.) -- C:\WINDOWS\system32\nvrsel.dll [282624]
O44 - LFC:[MD5.9B6BC0BB0EFFED3AE8D2431F6B36D114] - 20/8/2014 - 08:29:17 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrsde.dll [311296]
O44 - LFC:[MD5.72FC428D66F7C1CC95722E3924301C53] - 20/8/2014 - 08:29:17 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrsel.dll [335872]
O44 - LFC:[MD5.B7739E11F25825A225970B8FB2C5856B] - 20/8/2014 - 08:29:18 ---A- . (.NVIDIA Corporation - NVIDIA Spanish language resource library.) -- C:\WINDOWS\system32\nvrses.dll [282624]
O44 - LFC:[MD5.FA3B3ED77D64F3538AB9E4EBEF1E25FC] - 20/8/2014 - 08:29:18 ---A- . (.NVIDIA Corporation - NVIDIA UK English language resource library.) -- C:\WINDOWS\system32\nvrseng.dll [245760]
O44 - LFC:[MD5.05A5D3DF60693C73B28D449A43537FBD] - 20/8/2014 - 08:29:18 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrseng.dll [286720]
O44 - LFC:[MD5.56D5E7C8A1435A448B2F29D4BD6B0074] - 20/8/2014 - 08:29:18 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrses.dll [335872]
O44 - LFC:[MD5.39ED49099EE65F39B675FDB97C3DD091] - 20/8/2014 - 08:29:21 ---A- . (.NVIDIA Corporation - NVIDIA Finnish language resource library.) -- C:\WINDOWS\system32\nvrsfi.dll [249856]
O44 - LFC:[MD5.373080D245778FC2559D97372B3834D2] - 20/8/2014 - 08:29:21 ---A- . (.NVIDIA Corporation - NVIDIA Latin American Spanish language reso.) -- C:\WINDOWS\system32\nvrsesm.dll [274432]
O44 - LFC:[MD5.02C82011FD601C8B24765E28584AD119] - 20/8/2014 - 08:29:21 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrsesm.dll [327680]
O44 - LFC:[MD5.67EE86A00231722C6D068B3E4C5DC7C0] - 20/8/2014 - 08:29:21 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrsfi.dll [303104]
O44 - LFC:[MD5.DFD57B6D31F5057E12BF567F60CC86B3] - 20/8/2014 - 08:29:22 ---A- . (.NVIDIA Corporation - NVIDIA French language resource library.) -- C:\WINDOWS\system32\nvrsfr.dll [282624]
O44 - LFC:[MD5.798279BA68BC2C5DB8207AEB4B538FEE] - 20/8/2014 - 08:29:22 ---A- . (.NVIDIA Corporation - NVIDIA Hebrew language resource library.) -- C:\WINDOWS\system32\nvrshe.dll [327680]
O44 - LFC:[MD5.025F05E6AA09129DC93082842C2251C5] - 20/8/2014 - 08:29:22 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrsfr.dll [327680]
O44 - LFC:[MD5.AD3E216E6ADCE401E48B758BCCB45334] - 20/8/2014 - 08:29:22 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrshe.dll [278528]
O44 - LFC:[MD5.4282D1FE9A8E51B2A70AFB22BC781863] - 20/8/2014 - 08:29:23 ---A- . (.NVIDIA Corporation - NVIDIA Hungarian language resource library.) -- C:\WINDOWS\system32\nvrshu.dll [258048]
O44 - LFC:[MD5.49E233F2D6CEE3464BD23FA1898A1EC9] - 20/8/2014 - 08:29:23 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrshu.dll [315392]
O44 - LFC:[MD5.312DA578832D95ABC8F6FE13CB11C5EE] - 20/8/2014 - 08:29:24 ---A- . (.NVIDIA Corporation - NVIDIA Italian language resource library.) -- C:\WINDOWS\system32\nvrsit.dll [278528]
O44 - LFC:[MD5.C35250C03DE30C5FCDAF0D57A7274CE6] - 20/8/2014 - 08:29:24 ---A- . (.NVIDIA Corporation - NVIDIA Japanese language resource library.) -- C:\WINDOWS\system32\nvrsja.dll [266240]
O44 - LFC:[MD5.8F1ADAF71A431745203ABDBFB4F27D94] - 20/8/2014 - 08:29:24 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrsit.dll [323584]
O44 - LFC:[MD5.3E2CF7757F89A68CAD290609C474ACCD] - 20/8/2014 - 08:29:24 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrsja.dll [212992]
O44 - LFC:[MD5.A40636EDE0A9BDFF9FDE0F0A2ACFE63D] - 20/8/2014 - 08:29:25 ---A- . (.NVIDIA Corporation - NVIDIA Dutch language resource library.) -- C:\WINDOWS\system32\nvrsnl.dll [274432]
O44 - LFC:[MD5.20A7BDC362D23E2C16FB659B97DA9CE5] - 20/8/2014 - 08:29:25 ---A- . (.NVIDIA Corporation - NVIDIA Korean language resource library.) -- C:\WINDOWS\system32\nvrsko.dll [258048]
O44 - LFC:[MD5.E872377764BEC2DD14FDF5250C7BEEF0] - 20/8/2014 - 08:29:25 ---A- . (.NVIDIA Corporation - NVIDIA Norwegian language resource library.) -- C:\WINDOWS\system32\nvrsno.dll [253952]
O44 - LFC:[MD5.0F4047D1A6642070823A7BA1531F6277] - 20/8/2014 - 08:29:25 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrsko.dll [196608]
O44 - LFC:[MD5.8EABEEC24A67AAE2BD741DF165E8A845] - 20/8/2014 - 08:29:25 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrsnl.dll [319488]
O44 - LFC:[MD5.E1037FD6DD0104F20CD6D68DC7AA9C3E] - 20/8/2014 - 08:29:26 ---A- . (.NVIDIA Corporation - NVIDIA Polish language resource library.) -- C:\WINDOWS\system32\nvrspl.dll [253952]
O44 - LFC:[MD5.0F2AEE1CD2C96DF9DF3DD946AD1F5614] - 20/8/2014 - 08:29:26 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrsno.dll [299008]
O44 - LFC:[MD5.56EBF73F829D7A4CF337C4258C7E70E7] - 20/8/2014 - 08:29:26 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrspl.dll [294912]
O44 - LFC:[MD5.E0160D5501ADAD4FE593410A590E4D79] - 20/8/2014 - 08:29:27 ---A- . (.NVIDIA Corporation - NVIDIA Iberian Portuguese language resource.) -- C:\WINDOWS\system32\nvrspt.dll [274432]
O44 - LFC:[MD5.2DBFADA01E43317E248AC61FA68D46C9] - 20/8/2014 - 08:29:27 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrspt.dll [323584]
O44 - LFC:[MD5.DAA7A9CE145959C94FF7C0210B3BB358] - 20/8/2014 - 08:29:28 ---A- . (.NVIDIA Corporation - NVIDIA Portuguese (Brazilian) language reso.) -- C:\WINDOWS\system32\nvrsptb.dll [266240]
O44 - LFC:[MD5.A711B3E57F13B8C2EE763454AABB2394] - 20/8/2014 - 08:29:28 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrsptb.dll [319488]
O44 - LFC:[MD5.E51619F58349289CB22C72C5629A29A9] - 20/8/2014 - 08:29:29 ---A- . (.NVIDIA Corporation - NVIDIA Russian language resource library.) -- C:\WINDOWS\system32\nvrsru.dll [270336]
O44 - LFC:[MD5.DDBEE6554015BD5B1557250EC635E9A5] - 20/8/2014 - 08:29:29 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrsru.dll [315392]
O44 - LFC:[MD5.267E6B348EA390D9B23433A2729A7CB0] - 20/8/2014 - 08:29:30 ---A- . (.NVIDIA Corporation - NVIDIA Slovak language resource library.) -- C:\WINDOWS\system32\nvrssk.dll [258048]
O44 - LFC:[MD5.3F2F16ADFBB3C4CC5C66C74480E633B1] - 20/8/2014 - 08:29:30 ---A- . (.NVIDIA Corporation - NVIDIA Slovenian language resource library.) -- C:\WINDOWS\system32\nvrssl.dll [258048]
O44 - LFC:[MD5.4A869B06BF8EB74667EC1C523F2EF50D] - 20/8/2014 - 08:29:30 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrssk.dll [299008]
O44 - LFC:[MD5.7709A41B702F9894EBEEFA30EB0F8EE4] - 20/8/2014 - 08:29:30 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrssl.dll [303104]
O44 - LFC:[MD5.424205EF14960A936572CB686D46B482] - 20/8/2014 - 08:29:31 ---A- . (.NVIDIA Corporation - NVIDIA Swedish language resource library.) -- C:\WINDOWS\system32\nvrssv.dll [253952]
O44 - LFC:[MD5.579614C0152E43339E2E5CDEFF29E080] - 20/8/2014 - 08:29:31 ---A- . (.NVIDIA Corporation - NVIDIA Thai language resource library.) -- C:\WINDOWS\system32\nvrsth.dll [253952]
O44 - LFC:[MD5.BBF4FB9B93AD588FE2205AFD63E4D991] - 20/8/2014 - 08:29:31 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrssv.dll [294912]
O44 - LFC:[MD5.0682F01EEABCCA4714F50E8F551C9FD4] - 20/8/2014 - 08:29:31 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrsth.dll [290816]
O44 - LFC:[MD5.2BB2883DFCC54FEA05C0FDBDCBDAA54E] - 20/8/2014 - 08:29:33 ---A- . (.NVIDIA Corporation - NVIDIA Turkish language resource library.) -- C:\WINDOWS\system32\nvrstr.dll [258048]
O44 - LFC:[MD5.2FB7B6E7565E6F3BADBD5CD07D8529AB] - 20/8/2014 - 08:29:33 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrstr.dll [303104]
O44 - LFC:[MD5.9A667BE675E388D24450DEC1B6B15F62] - 20/8/2014 - 08:29:34 ---A- . (.NVIDIA Corporation - NVIDIA Simplified Chinese language resource.) -- C:\WINDOWS\system32\nvrszhc.dll [225280]
O44 - LFC:[MD5.87C328732B089AB26953661AC5B15949] - 20/8/2014 - 08:29:34 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrszhc.dll [163840]
O44 - LFC:[MD5.DED629D9C8A616E2C1238E90005415F9] - 20/8/2014 - 08:29:35 ---A- . (.NVIDIA Corporation - NVIDIA Chinese (Traditional) language resou.) -- C:\WINDOWS\system32\nvrszht.dll [126976]
O44 - LFC:[MD5.19D8072A2F8BDBB966C0E5246E35698F] - 20/8/2014 - 08:29:35 ---A- . (.NVIDIA Corporation - NVIDIA nView Desktop and Window Manager.) -- C:\WINDOWS\system32\nvwrszht.dll [167936]
O44 - LFC:[MD5.3B3EFCDA263B8AC14FDF9CBDD0791B2E] - 20/8/2014 - 08:30:00 ---A- . (.Microsoft Corporation - Generic PCI IDE Bus Driver.) -- C:\WINDOWS\system32\Drivers\viaide.sys [5376]
O44 - LFC:[MD5.26496F9DEE2D787FC3E61AD54821FFE6] - 20/8/2014 - 08:30:05 ---A- . (.Microsoft Corporation - UHCI USB Miniport Driver.) -- C:\WINDOWS\system32\Drivers\usbuhci.sys [20608]
O44 - LFC:[MD5.E9648254056BCE81A85380C0C3647DC4] - 20/8/2014 - 08:30:21 ---A- . (.VIA Technologies, Inc. - NDIS 5.0 miniport driver.) -- C:\WINDOWS\system32\Drivers\fetnd5.sys [27165]
O44 - LFC:[MD5.CCF82C5EC8A7326C3066DE870C06DAF1] - 20/8/2014 - 08:38:53 ---A- . (.Microsoft Corporation - USB Miniport Driver for Input Devices.) -- C:\WINDOWS\system32\Drivers\hidusb.sys [10368]
O44 - LFC:[MD5.605CB290C8B0294F22191F1313160D95] - 20/8/2014 - 08:39:27 ---A- . (...) -- C:\WINDOWS\setupact.log [191802]
O44 - LFC:[MD5.68D9A763447D5488E155579E2990C5AD] - 20/8/2014 - 08:39:28 ---A- . (.Microsoft Corporation - HID Mouse Filter Driver.) -- C:\WINDOWS\system32\Drivers\kbdhid.sys [14720]
O44 - LFC:[MD5.79E532E2521F36E385F1473BFD46939F] - 20/8/2014 - 08:39:49 ---A- . (.Microsoft Corporation - HID Audio Service.) -- C:\WINDOWS\system32\hidserv.dll [21504]
O44 - LFC:[MD5.1161D4588D30955D9FDA1555C6BD950F] - 20/8/2014 - 08:47:20 ---A- . (...) -- C:\WINDOWS\system32\nvapps.xml [163353]
O44 - LFC:[MD5.544E7A36105DE7810EC359557B353250] - 25/8/2014 - 09:38:30 ---A- . (...) -- C:\WINDOWS\setupapi.log [745229]
O44 - LFC:[MD5.C7BC96C3711C0D269DA26D1F0ECEC547] - 25/8/2014 - 10:05:02 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [69]
O44 - LFC:[MD5.6AFA7D88A9081383B342B6C6785FDAA0] - 3/9/2014 - 10:14:35 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [32540]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 3/9/2014 - 10:21:24 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.844464600BF36A968B6C5E120BE817C4] - 3/9/2014 - 10:21:26 ---A- . (...) -- C:\WINDOWS\system32\wpa.dbl [2206]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 3/9/2014 - 10:21:37 ---A- . (...) -- C:\WINDOWS\0.log [0]
O44 - LFC:[MD5.682514DDB03590542A77C39F9622215E] - 3/9/2014 - 10:21:37 ---A- . (...) -- C:\WINDOWS\wiaservc.log [48]
O44 - LFC:[MD5.26B1577AE04A6475FCADCADB735B32BC] - 3/9/2014 - 10:21:42 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.1E800A0BA7708EE6454BED9C1F54EE34] - 3/9/2014 - 10:22:44 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [1280148]
O44 - LFC:[MD5.33E47CBC6C59C46F8E732F38A678977F] - 3/9/2014 - 10:24:13 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [664]
~ Files: 94 Scanned in 00mn 20s

---\\ Últimos arquivos criados no Windows Prefetcher (045)
O45 - LFCP:[MD5.6EFCCAD81A685FC487059DA76E95CC37] - 25/8/2014 - 11:15:11 ---A- - C:\WINDOWS\Prefetch\FREESOFTTODAY.EXE-2D2FC06F.pf =>Adware.FreeSoftToday
O45 - LFCP:[MD5.E33DDD5ED605D9D2180FB0A0DCF03366] - 25/8/2014 - 11:15:16 ---A- - C:\WINDOWS\Prefetch\FREESOFTTODAY.TMP-054FE92D.pf =>Adware.FreeSoftToday
O45 - LFCP:[MD5.703C4B6AE817D2879F58CE40B4F2BB39] - 26/8/2014 - 09:46:31 ---A- - C:\WINDOWS\Prefetch\MARKKIT153.EXE-3730BA23.pf =>PUP.MarkkIt
O45 - LFCP:[MD5.B5451A31BC211A636732ACC481AE990D] - 25/8/2014 - 11:40:10 ---A- - C:\WINDOWS\Prefetch\MUVIC_SOFT_PARTNER.EXE-11C62B38.pf =>Hijacker.SmartBar
O45 - LFCP:[MD5.499FE6A2BF64CAF58415974B10321C0D] - 25/8/2014 - 11:37:29 ---A- - C:\WINDOWS\Prefetch\PACKAGE_MUVIC_INSTALLER_MULTI-22C0B481.pf =>Hijacker.SmartBar
O45 - LFCP:[MD5.032898F786D08628394322774FFFB87D] - 25/8/2014 - 11:37:27 ---A- - C:\WINDOWS\Prefetch\PACKAGE_MUVIC_INSTALLER_MULTI-32E9B6DC.pf =>Hijacker.SmartBar
O45 - LFCP:[MD5.50BAC70AD632272B319527988A6875FE] - 26/8/2014 - 09:45:54 ---A- - C:\WINDOWS\Prefetch\PRICEMETER.EXE-23263DE4.pf =>PUP.PriceMeter
O45 - LFCP:[MD5.EE925E9F379A691D5E1379F03511DB23] - 26/8/2014 - 09:42:44 ---A- - C:\WINDOWS\Prefetch\PRICEMETER.EXE-3A6617A4.pf =>PUP.PriceMeter
O45 - LFCP:[MD5.F4C2CAECC720EF74575F16DDC1CF1DA0] - 3/9/2014 - 10:06:37 ---A- - C:\WINDOWS\Prefetch\PRICEMETER.EXE-62854233.pf =>PUP.PriceMeter
O45 - LFCP:[MD5.27026CFC8BD988812C68C8A020395814] - 26/8/2014 - 09:46:56 ---A- - C:\WINDOWS\Prefetch\PRICEMETER.EXE-6B65C4EF.pf =>PUP.PriceMeter
O45 - LFCP:[MD5.986D2768AB95BE038DDCC28DD9F23B88] - 26/8/2014 - 09:42:31 ---A- - C:\WINDOWS\Prefetch\PRICEMETERW.EXE-2B28B214.pf =>PUP.PriceMeter
O45 - LFCP:[MD5.A4F2C7AD49E5FD9BCE529CF8F5A6B245] - 25/8/2014 - 11:14:29 ---A- - C:\WINDOWS\Prefetch\VOPACKAGE.EXE-1B870013.pf =>Adware.Downware
O45 - LFCP:[MD5.4FE1507255290D4D9E288325B50EB958] - 25/8/2014 - 11:15:12 ---A- - C:\WINDOWS\Prefetch\VOPACKAGE.EXE-249C327F.pf =>Adware.Downware
~ Prefetcher: 13 Scanned in 00mn 00s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE" [Enabled] .(.Microsoft Corporation.) -- C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.exe
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE" [Enabled] .(.Microsoft Corporation.) -- C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.exe
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE" [Enabled] .(.Microsoft Corporation.) -- C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.exe
O47 - AAKE:Key Export SP - "C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\Facebook\Video\Skype\FacebookVideoCalling.exe" [Enabled] .(.Skype Limited.) -- C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\Facebook\Video\Skype\FacebookVideoCalling.exe
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation.) -- C:\WINDOWS\system32\sessmgr.exe
~ Keys Export: 8 Scanned in 00mn 00s

---\\ Negação do serviço (Local Security Authority) (048)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\system32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\WINDOWS\system32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Kerberos Security Package.) -- C:\WINDOWS\system32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\system32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\WINDOWS\system32\wdigest.dll
~ LSA: 6 Scanned in 00mn 00s

---\\ Controlo do Modo de Segurança (CSB) (49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager I/O Driver.) -- C:\WINDOWS\system32\Drivers\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys . (.Microsoft Corporation - Driver de filtro do sistema de arquivos da restauração do sistema.) -- C:\WINDOWS\system32\Drivers\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager I/O Driver.) -- C:\WINDOWS\system32\Drivers\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys . (.Microsoft Corporation - IPv6 Windows Firewall Driver.) -- C:\WINDOWS\system32\Drivers\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\system32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\WINDOWS\system32\Drivers\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys . (...) -- C:\WINDOWS\system32\Drivers\rdpdd.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys . (.Microsoft Corporation - RDP Terminal Stack Driver (US/Canada Only, Not for Export).) -- C:\WINDOWS\system32\Drivers\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys . (.Microsoft Corporation - Driver de filtro do sistema de arquivos da restauração do sistema.) -- C:\WINDOWS\system32\Drivers\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys . (.Microsoft Corporation - Named Pipe Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys . (.Microsoft Corporation - TCP Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.)
~ CSB: 21 Scanned in 00mn 00s

---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s

---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec de áudio DSP Group TrueSpeech(TM) para MSACM V3.50.) -- C:\WINDOWS\system32\tssoft32.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\system32\iccvid.dll
O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\system32\ir41_32.ax
O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm
O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\system32\ir50_32.dll
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
~ TDSD: 12 Scanned in 00mn 01s

---\\ Enumeração das chaves do registo SecurityProviders (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Cliente DPA para plataformas de 32 bits.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Digest SSPI Authentication Package.) -- C:\WINDOWS\system32\digest.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Cliente DPA para plataformas de 32 bits.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Digest SSPI Authentication Package.) -- C:\WINDOWS\system32\digest.dll
~ MSCP: 6 Scanned in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
~ MWPS: 5 Scanned in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145
~ MWPE Keys: 1 Scanned in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:2/7/2008 - 18:22:22 ---A- . (.Advanced Micro Devices - AMD Processor Driver.) -- C:\WINDOWS\system32\Drivers\AmdK8.sys [36864]
O58 - SDL:13/4/2008 - 18:52:04 ---A- . (.ATI Technologies Inc. - ATI RAGE 128 Miniport Driver.) -- C:\WINDOWS\system32\Drivers\ati2mtag.sys [701440]
O58 - SDL:6/5/2003 - 00:35:08 R--A- . (.No owner - PC Camera driver.) -- C:\WINDOWS\system32\Drivers\cccp106.sys [227200]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:2/7/2008 - 19:23:39 ---A- . (.C-Media Inc - C-Media Audio WDM Driver.) -- C:\WINDOWS\system32\Drivers\cmuda.sys [1372992]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\Drivers\cpqdap01.sys [11776]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (.Microsoft Corp., Veritas Software - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmboot.sys [800000]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (.Microsoft Corp., Veritas Software - NT Disk Manager I/O Driver.) -- C:\WINDOWS\system32\Drivers\dmio.sys [153984]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys [5888]
O58 - SDL:17/8/2001 - 20:13:08 ---A- . (.VIA Technologies, Inc. - NDIS 5.0 miniport driver.) -- C:\WINDOWS\system32\Drivers\fetnd5.sys [27165]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:8/6/2008 - 08:37:46 ---A- . (.Ahead Software AG - NERO IMAGEDRIVE SCSI miniport.) -- C:\WINDOWS\system32\Drivers\imagedrv.sys [11304]
O58 - SDL:8/6/2008 - 08:37:56 ---A- . (.Ahead Software AG - Nero Image Server.) -- C:\WINDOWS\system32\Drivers\imagesrv.sys [132904]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\Drivers\nikedrv.sys [12032]
O58 - SDL:2/7/2008 - 18:26:55 ---A- . (.NVIDIA Corporation - NVIDIA Compatible Windows 2000 Miniport Driver, Version 169.21.) -- C:\WINDOWS\system32\Drivers\nv4_mini.sys [7435392]
O58 - SDL:2/7/2008 - 19:18:26 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) MPU401 Driver.) -- C:\WINDOWS\system32\Drivers\nvmpu401.sys [10240]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\Drivers\rio8drv.sys [12032]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\Drivers\riodrv.sys [12032]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\Drivers\secdrv.sys [20480]
O58 - SDL:28/4/2014 - 20:28:16 ---A- . (.Silicon Integrated Systems Corporation - SiS AGPv3.5 Filter.) -- C:\WINDOWS\system32\Drivers\SISAGPX.SYS [35712]
O58 - SDL:17/8/2001 - 20:50:48 ---A- . (.Silicon Integrated Systems Corporation - SiS Compatible Super VGA Driver.) -- C:\WINDOWS\system32\Drivers\sisgrp.sys [104064]
O58 - SDL:2/7/2008 - 19:07:08 ---A- . (.SiS Corporation - SiS PCI Fast Ethernet Adapter Driver.) -- C:\WINDOWS\system32\Drivers\sisnicxp.sys [32768]
O58 - SDL:2/7/2008 - 19:10:15 ---A- . (.Silicon Integrated Systems - SiS RAID Miniport Driver.) -- C:\WINDOWS\system32\Drivers\SiSRaid.sys [46464]
O58 - SDL:3/5/2006 - 15:40:42 ---A- . (.No owner - PC Camera driver.) -- C:\WINDOWS\system32\Drivers\snpstd.sys [390784]
O58 - SDL:30/9/2002 - 20:38:58 R--A- . (.SP - Universal Serial Bus Camera Driver.) -- C:\WINDOWS\system32\Drivers\SPCA561.SYS [119798]
O58 - SDL:2/7/2008 - 18:47:00 ---A- . (.Silicon Integrated Systems Corporation - SiS VGA Driver Manager.) -- C:\WINDOWS\system32\Drivers\srvkp.sys [18944]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\Drivers\tsbvcap.sys [21376]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:2/7/2008 - 18:22:21 ---A- . (.VIA Technologies, Inc. - VIA NT AGP Filter.) -- C:\WINDOWS\system32\Drivers\VIAAGP1.SYS [27904]
O58 - SDL:2/7/2008 - 19:23:13 ---A- . (.VIA Technologies, Inc. - Vinyl AC'97 Codec Combo WDM Driver.) -- C:\WINDOWS\system32\Drivers\vinyl97.sys [207488]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 46 Scanned in 00mn 03s

---\\ Últimos ficheiros alterados ou criados (Utilizador) (061)
O61 - LFC: 1/9/2014 - 10:35:37 ---A- . (...) -- C:\Documents and Settings\cliente\Configurações locais\Temp\is-4ISBB.tmp\gentlemjfst_ibr.exe [2157304]
O61 - LFC: 1/9/2014 - 10:35:37 ---A- . (.Software.) -- C:\Documents and Settings\cliente\Configurações locais\Temp\is-GPG1G.tmp\package_muvic_installer_multilang.exe [426384] =>Hijacker.SmartBar
O61 - LFC: 1/9/2014 - 10:35:37 ---A- . (.Software.) -- C:\Documents and Settings\cliente\Configurações locais\Temp\is-GPG1G.tmp\package_secureprotect_installer_multilang.exe [426472]
O61 - LFC: 2/9/2014 - 10:35:37 ----- . (...) -- C:\Documents and Settings\cliente\Configurações locais\Temp\is45637729\256251_stp\Generic_vo.exe [173058]
O61 - LFC: 2/9/2014 - 10:35:39 ---A- . (...) -- C:\Documents and Settings\cliente\Configurações locais\Temp\Quarantine.exe [377099]
O61 - LFC: 27/8/2014 - 10:35:37 ----- . (...) -- C:\Documents and Settings\cliente\Configurações locais\Temp\is45637729\256359_stp\icc.dll [229376]
O61 - LFC: 3/9/2014 - 10:35:44 ---A- . (...) -- C:\Documents and Settings\cliente\Desktop\adwcleaner_3.309.exe [1370467]
O61 - LFC: 3/9/2014 - 10:35:44 ---A- . (...) -- C:\Documents and Settings\cliente\Meus documentos\Downloads\adwcleaner_3.309.exe [1370467]
O61 - LFC: 3/9/2014 - 10:35:44 ---A- . (.Nicolas Coolman.) -- C:\Documents and Settings\cliente\Desktop\ZHPDiag2.exe [6859048] =>.Nicolas Coolman
~ 30 Fichiers cookies (Cookies files)
~ Files: 9 Scanned in 00mn 16s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\drivers\dmload.sys (dmload) .(.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) - LEGACY_DMLOAD
O64 - Services: CurCS - 2/12/2008 - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe (Nero BackItUp Scheduler 3) .(.Nero AG - Nero BackItUp.) - LEGACY_NERO_BACKITUP_SCHEDULER_3
O64 - Services: CurCS - 25/3/2009 - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe (NMIndexingService) .(.Nero AG - Nero Home.) - LEGACY_NMINDEXINGSERVICE
O64 - Services: CurCS - 19/12/2006 - C:\WINDOWS\system32\IoctlSvc.exe (PLFlash DeviceIoControl Service) .(.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) - LEGACY_PLFLASH_DEVICEIOCONTROL_SERVICE
O64 - Services: CurCS - 28/4/2014 - C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (SISAGP) .(.Silicon Integrated Systems Corporation - SiS AGPv3.5 Filter.) - LEGACY_SISAGP
O64 - Services: CurCS - 2/7/2008 - C:\WINDOWS\system32\DRIVERS\viaagp1.sys (viaagp1) .(.VIA Technologies, Inc. - VIA NT AGP Filter.) - LEGACY_VIAAGP1
~ Legacy: 126 Scanned in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <ChromeHTML>[HKLM\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\WINDOWS\regedit.exe
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Scanned in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Listagem dos serviços iniciados pelo Svchost (SSS) (O83)
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Serviço de instalação do software.) -- C:\WINDOWS\system32\appmgmts.dll [172032]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\WINDOWS\system32\audiosrv.dll [42496]
O83 - Search Svchost Services: Browser (Browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\system32\browser.dll [77824]
O83 - Search Svchost Services: CryptSvc (CryptSvc) . (.Microsoft Corporation - Cryptographic Services.) -- C:\WINDOWS\system32\cryptsvc.dll [62464]
O83 - Search Svchost Services: DMServer (DMServer) . (.Microsoft Corp. - Dll do serviço do Gerenciador de discos lógicos.) -- C:\WINDOWS\system32\dmserver.dll [23552]
O83 - Search Svchost Services: DHCP (DHCP) . (.Microsoft Corporation - Serviço do Cliente DHCP.) -- C:\WINDOWS\system32\dhcpcsvc.dll [126976]
O83 - Search Svchost Services: ERSvc (ERSvc) . (.Microsoft Corporation - Windows Error Reporting Service.) -- C:\WINDOWS\system32\ersvc.dll [23040]
O83 - Search Svchost Services: EventSystem (EventSystem) . (.Microsoft Corporation - No Comment.) -- C:\WINDOWS\system32\es.dll [246272]
O83 - Search Svchost Services: FastUserSwitchingCompatibility (FastUserSwitchingCompatibility) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\WINDOWS\system32\shsvcs.dll [135168]
O83 - Search Svchost Services: HidServ (HidServ) . (.Microsoft Corporation - HID Audio Service.) -- C:\WINDOWS\system32\hidserv.dll [21504]
O83 - Search Svchost Services: LanmanServer (LanmanServer) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\system32\srvsvc.dll [96768]
O83 - Search Svchost Services: LanmanWorkstation (LanmanWorkstation) . (.Microsoft Corporation - Workstation Service DLL.) -- C:\WINDOWS\system32\wkssvc.dll [132096]
O83 - Search Svchost Services: Messenger (Messenger) . (.Microsoft Corporation - NT Messenger Service.) -- C:\WINDOWS\system32\msgsvc.dll [33792]
O83 - Search Svchost Services: Netman (Netman) . (.Microsoft Corporation - Gerenciador de conexões de rede.) -- C:\WINDOWS\system32\netman.dll [198144]
O83 - Search Svchost Services: Nla (Nla) . (.Microsoft Corporation - Fornecedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll [247808]
O83 - Search Svchost Services: Ntmssvc (Ntmssvc) . (.Microsoft Corporation - Gerenciador de armazenamento removível.) -- C:\WINDOWS\system32\ntmssvc.dll [437248]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\system32\rasauto.dll [88576]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\system32\rasmans.dll [186368]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\WINDOWS\system32\mprdim.dll [53248]
O83 - Search Svchost Services: Schedule (Schedule) . (.Microsoft Corporation - Mecanismo do 'Agendador de tarefas'.) -- C:\WINDOWS\system32\schedsvc.dll [193536]
O83 - Search Svchost Services: Seclogon (Seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\WINDOWS\system32\seclogon.dll [18944]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\system32\sens.dll [39424]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\WINDOWS\system32\ipnathlp.dll [331264]
O83 - Search Svchost Services: SRService (SRService) . (.Microsoft Corporation - Serviço de restauração do sistema.) -- C:\WINDOWS\system32\srsvc.dll [171520]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft(R) Windows(TM).) -- C:\WINDOWS\system32\tapisrv.dll [249856]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\WINDOWS\system32\shsvcs.dll [135168]
O83 - Search Svchost Services: TrkWks (TrkWks) . (.Microsoft Corporation - Distributed Link Tracking Client.) -- C:\WINDOWS\system32\trkwks.dll [90112]
O83 - Search Svchost Services: W32Time (W32Time) . (.Microsoft Corporation - Windows Time Service.) -- C:\WINDOWS\system32\w32time.dll [176128]
O83 - Search Svchost Services: WZCSVC (WZCSVC) . (.Microsoft Corporation - Serviço de configuração zero sem fio.) -- C:\WINDOWS\system32\wzcsvc.dll [483840]
O83 - Search Svchost Services: Wmi (Wmi) . (.Microsoft Corporation - API de base do Windows 32 avançada.) -- C:\WINDOWS\system32\advapi32.dll [683520]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\WMIsvc.dll [145408]
O83 - Search Svchost Services: wscsvc (wscsvc) . (.Microsoft Corporation - Windows Security Center Service.) -- C:\WINDOWS\system32\wscsvc.dll [80896]
O83 - Search Svchost Services: xmlprov (xmlprov) . (.Microsoft Corporation - Network Provisioning Service.) -- C:\WINDOWS\system32\xmlprov.dll [129024]
O83 - Search Svchost Services: napagent (napagent) . (.Microsoft Corporation - Tempo de Execução de Serviço de Agente de Quarentena.) -- C:\WINDOWS\system32\qagentrt.dll [292864]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\WINDOWS\system32\kmsvc.dll [61440]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de plano de fundo.) -- C:\WINDOWS\system32\qmgr.dll [409088]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update AutoUpdate Service.) -- C:\WINDOWS\system32\wuauserv.dll [6656]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\WINDOWS\system32\shsvcs.dll [135168]
O83 - Search Svchost Services: helpsvc (helpsvc) . (.Microsoft Corporation - Microsoft PCHealth Service Holder.) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400]
O83 - Search Svchost Services: WmdmPmSN (WmdmPmSN) . (.Microsoft Corporation - Microsoft Media Device Service Provider.) -- C:\WINDOWS\system32\MsPMSNSv.dll [25088]
~ Services: 40 Scanned in 00mn 02s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.13EC9896CB74B8BD8F6C92135DFACD20] [SPRF][3/9/2014] (...) -- C:\Documents and Settings\cliente\Desktop\adwcleaner_3.309.exe [1370467]
[MD5.1E927676B4D61559F00B814D5C220921] [SPRF][3/9/2014] (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Documents and Settings\cliente\Desktop\ZHPDiag2.exe [6859048]
~ Files: 2 Scanned in 00mn 01s

---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS: Nero Scout - {3d6be802-fc0d-4595-a304-e611f97089dc}
O92 - MNS: Web Folders - {BDEADF00-C265-11D0-BCED-00A0C90AB50F}
~ MNS: 2 Scanned in 00mn 00s

---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{88b9e8fe-08c8-4345-b2cc-3d7a0b4f0462}] (NMBAppGlobalSettingsExtensionTVWizard Class) =>PUP.TVWizard
~ BCK: 4738 Scanned in 00mn 13s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 23/9/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 14/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 7/9/2013 116648 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 7/9/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Auto 2/7/2008 155716 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SR - | Auto 23/10/2013 22208 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Arquivos de programas\Microsoft Security Client\MsMpEng.exe
SR - | Auto 2/12/2008 877864 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
SR - | Demand 25/3/2009 537896 | (NMIndexingService) . (.Nero AG.) - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
SR - | Auto 19/12/2006 81920 | (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\WINDOWS\system32\IoctlSvc.exe
~ Services: Scanned in 00mn 14s

---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBR) (080)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Run by cliente at 3/9/2014 10:36:59
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
1 ntkrnlpa!IofCallDriver[0x804EE120] >> \Device\Harddisk0\DR0[0x85F96AB8]
3 CLASSPNP[0xF74DCFD7] >> ntkrnlpa!IofCallDriver[0x804EE120] >> \Device\00000057[0x85F98F18]
5 ACPI[0xF7363620] >> ntkrnlpa!IofCallDriver[0x804EE120] >> \Device\Ide\IdeDeviceP0T0L0-4[0x85FC9940]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Scanned in 00mn 02s

---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBRCheck) (080)
Written by ad13, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Run by cliente at 3/9/2014 10:37:01
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s

---\\ Scâner Aditional (088)
Database Version : 13026 - (2/9/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 2

[HKCU\AppEvents\Schemes\Apps\Explorer\Navigating\Old_Current] =>PUP.MediaFinder
[HKCU\Software\USyndication] =>Trojan.USyndication
C:\Arquivos de programas\MarkKit =>PUP.MarkkIt^
C:\Documents and Settings\cliente\Dados de aplicativos\FunmoodsChat =>PUP.Funmoods^
[HKLM\Software\SPPDCOM] =>Rogue.PCSpeedUp^
[HKCR\CLSID\{88b9e8fe-08c8-4345-b2cc-3d7a0b4f0462}] (NMBAppGlobalSettingsExtensionTVWizard Class) =>PUP.TVWizard^
~ Additionnel Scan: 151764 Items scanned in 00mn 23s

---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Image File Execution Options (IFEO) (O50)
~ AMI: 5 Scanned in 00mn 00s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.USyndication
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Rogue.PCSpeedUp
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.MarkkIt
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Funmoods
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.FreeSoftToday
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.SmartBar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.PriceMeter
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Downware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.TVWizard
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.MediaFinder
~ MSI: 10 link(s) detected in 00mn 00s

End of the scan (1053 lines in 02mn 53s)(0)

por Fuçador Qua 03 Set 2014, 11:26

ja parou de ficar abrindo paginas sozinho

por **joram** Qua 03 Set 2014, 11:30

Bom Dia! Fuçador

|- Execute este script na ferramenta ZHPFix.
|- Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
|- À seguir,minimize o Bloco de Notas.

Script ZHPFix
ShortcutFix
[MD5.D8BD0EAB27DC379A0511EEB3A297224C] [APT] [At1] (...) -- C:\DOCUME~1\cliente\DADOSD~1\FUNMOO~1\UPDATE~1\UPDATE~1.exe   [101376]
[MD5.E715412E47D20EB0EBF77B65F9157343] - (...) -- ystem32\RunDll32.exe   [0] [PID.844]
[MD5.00000000000000000000000000000000] [APT] [FacebookUpdateTaskUserS-1-5-21-1993962763-1770027372-682003330-1003Core] (...) -- C:\Documents and Settings\cliente\Configura‡äes locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [FacebookUpdateTaskUserS-1-5-21-1993962763-1770027372-682003330-1003UA] (...) -- C:\Documents and Settings\cliente\Configura‡äes locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe (.not file.)   [0]
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Chave orfã
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O39 - APT: FacebookUpdateTaskUserS-1-5-21-1993962763-1770027372-682003330-1003Core - (...) -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1993962763-1770027372-682003330-1003Core.job   [1004]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-1993962763-1770027372-682003330-1003UA - (...) -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1993962763-1770027372-682003330-1003UA.job   [1026]
O39 - APT: At1 - (...) -- C:\WINDOWS\Tasks\At1.job   [418]
O43 - CFD: 1/5/2014 - 23:37:38 - [] ----D C:\Arquivos de programas\MarkKit =>PUP.MarkkIt
O43 - CFD: 1/5/2014 - 23:39:29 - [] ----D C:\Documents and Settings\cliente\Dados de aplicativos\FunmoodsChat =>PUP.Funmoods
O45 - LFCP:[MD5.6EFCCAD81A685FC487059DA76E95CC37] - 25/8/2014 - 11:15:11 ---A- - C:\WINDOWS\Prefetch\FREESOFTTODAY.EXE-2D2FC06F.pf =>Adware.FreeSoftToday
O45 - LFCP:[MD5.E33DDD5ED605D9D2180FB0A0DCF03366] - 25/8/2014 - 11:15:16 ---A- - C:\WINDOWS\Prefetch\FREESOFTTODAY.TMP-054FE92D.pf =>Adware.FreeSoftToday
O45 - LFCP:[MD5.703C4B6AE817D2879F58CE40B4F2BB39] - 26/8/2014 - 09:46:31 ---A- - C:\WINDOWS\Prefetch\MARKKIT153.EXE-3730BA23.pf =>PUP.MarkkIt
O45 - LFCP:[MD5.B5451A31BC211A636732ACC481AE990D] - 25/8/2014 - 11:40:10 ---A- - C:\WINDOWS\Prefetch\MUVIC_SOFT_PARTNER.EXE-11C62B38.pf =>Hijacker.SmartBar
O45 - LFCP:[MD5.499FE6A2BF64CAF58415974B10321C0D] - 25/8/2014 - 11:37:29 ---A- - C:\WINDOWS\Prefetch\PACKAGE_MUVIC_INSTALLER_MULTI-22C0B481.pf =>Hijacker.SmartBar
O45 - LFCP:[MD5.032898F786D08628394322774FFFB87D] - 25/8/2014 - 11:37:27 ---A- - C:\WINDOWS\Prefetch\PACKAGE_MUVIC_INSTALLER_MULTI-32E9B6DC.pf =>Hijacker.SmartBar
O45 - LFCP:[MD5.50BAC70AD632272B319527988A6875FE] - 26/8/2014 - 09:45:54 ---A- - C:\WINDOWS\Prefetch\PRICEMETER.EXE-23263DE4.pf =>PUP.PriceMeter
O45 - LFCP:[MD5.EE925E9F379A691D5E1379F03511DB23] - 26/8/2014 - 09:42:44 ---A- - C:\WINDOWS\Prefetch\PRICEMETER.EXE-3A6617A4.pf =>PUP.PriceMeter
O45 - LFCP:[MD5.F4C2CAECC720EF74575F16DDC1CF1DA0] - 3/9/2014 - 10:06:37 ---A- - C:\WINDOWS\Prefetch\PRICEMETER.EXE-62854233.pf =>PUP.PriceMeter
O45 - LFCP:[MD5.27026CFC8BD988812C68C8A020395814] - 26/8/2014 - 09:46:56 ---A- - C:\WINDOWS\Prefetch\PRICEMETER.EXE-6B65C4EF.pf =>PUP.PriceMeter
O45 - LFCP:[MD5.986D2768AB95BE038DDCC28DD9F23B88] - 26/8/2014 - 09:42:31 ---A- - C:\WINDOWS\Prefetch\PRICEMETERW.EXE-2B28B214.pf =>PUP.PriceMeter
O45 - LFCP:[MD5.A4F2C7AD49E5FD9BCE529CF8F5A6B245] - 25/8/2014 - 11:14:29 ---A- - C:\WINDOWS\Prefetch\VOPACKAGE.EXE-1B870013.pf =>Adware.Downware
O45 - LFCP:[MD5.4FE1507255290D4D9E288325B50EB958] - 25/8/2014 - 11:15:12 ---A- - C:\WINDOWS\Prefetch\VOPACKAGE.EXE-249C327F.pf =>Adware.Downware
O61 - LFC: 1/9/2014 - 10:35:37 ---A- . (.Software.) -- C:\Documents and Settings\cliente\Configurações locais\Temp\is-GPG1G.tmp\package_muvic_installer_multilang.exe   [426384] =>Hijacker.SmartBar
[HKCU\Software\Baidu]
[HKCU\Software\USyndication] =>Trojan.USyndication
[HKCU\Software\mark_kit]
[HKLM\Software\SPPDCOM] =>Rogue.PCSpeedUp
[HKCR\CLSID\{88b9e8fe-08c8-4345-b2cc-3d7a0b4f0462}] (NMBAppGlobalSettingsExtensionTVWizard Class) =>PUP.TVWizard
[HKCU\AppEvents\Schemes\Apps\Explorer\Navigating\Old_Current]   =>PUP.MediaFinder
[HKCU\Software\USyndication]   =>Trojan.USyndication
[HKLM\Software\SPPDCOM]   =>Rogue.PCSpeedUp^
[HKCR\CLSID\{88b9e8fe-08c8-4345-b2cc-3d7a0b4f0462}] (NMBAppGlobalSettingsExtensionTVWizard Class)   =>PUP.TVWizard^
C:\Arquivos de programas\MarkKit   =>PUP.MarkkIt^
C:\Documents and Settings\cliente\Dados de aplicativos\FunmoodsChat   =>PUP.Funmoods^
FirewallRaz
EmptyPrefetch
EmptyFlash
EmptyClsid
EmptyTemp
IfeoFix

|- Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!

A+

por Fuçador Qua 03 Set 2014, 11:34

Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by cliente at 3/9/2014 11:33:42
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)

Reciclagem vazia (00mn 08s)
Prefetcher vazio
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}]
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}]
ELIMINÉ: CLSID Extra Buttons: {e2e2dd38-d088-4134-82b7-f2ba38496583}
ELIMINÉ: HKCU\Software\Baidu
ELIMINÉ: HKCU\Software\USyndication
ELIMINÉ: HKCU\Software\mark_kit
ELIMINÉ: HKLM\Software\SPPDCOM
ELIMINÉ: HKCR\CLSID\{88b9e8fe-08c8-4345-b2cc-3d7a0b4f0462}
ELIMINÉ: HKCU\AppEvents\Schemes\Apps\Explorer\Navigating\Old_Current
Ramo Base de Registos IFEO não infetado !
[HKLM\SOFTWARE\Microsoft\...\Image File Execution Options\Your Image File Name Here without a path]ELIMINÉ (Your Image File Name Here without a path)

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {01E04581-4EEE-11D0-BFE9-00AA005B4383}
ELIMINÉ: Toolbar: {0E5CBF21-D15F-11D0-8301-00AA005B4383}
ELIMINÉ RunValue: KernelFaultCheck
Nenhum valor presente na chave de exceções do registo (FirewallRaz)

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Temporários windows (570)

========== Ficheiros ==========
ELIMINÉ: c:\windows\prefetch\freesofttoday.exe-2d2fc06f.pf
ELIMINÉ: c:\windows\prefetch\freesofttoday.tmp-054fe92d.pf
ELIMINÉ: c:\windows\prefetch\markkit153.exe-3730ba23.pf
ELIMINÉ: c:\windows\prefetch\muvic_soft_partner.exe-11c62b38.pf
ELIMINÉ: c:\windows\prefetch\package_muvic_installer_multi-22c0b481.pf
ELIMINÉ: c:\windows\prefetch\package_muvic_installer_multi-32e9b6dc.pf
ELIMINÉ: c:\windows\prefetch\pricemeter.exe-23263de4.pf
ELIMINÉ: c:\windows\prefetch\pricemeter.exe-3a6617a4.pf
ELIMINÉ: c:\windows\prefetch\pricemeter.exe-62854233.pf
ELIMINÉ: c:\windows\prefetch\pricemeter.exe-6b65c4ef.pf
ELIMINÉ: c:\windows\prefetch\pricemeterw.exe-2b28b214.pf
ELIMINÉ: c:\windows\prefetch\vopackage.exe-1b870013.pf
ELIMINÉ: c:\windows\prefetch\vopackage.exe-249c327f.pf
ELIMINÉ: c:\documents and settings\cliente\configurações locais\temp\is-gpg1g.tmp\package_muvic_installer_multilang.exe
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINÉ Temporários windows (4501) (2.159.646.200 octets)

========== Tarefa planificada ==========
ELIMINÉ: At1
ELIMINÉ: FacebookUpdateTaskUserS-1-5-21-1993962763-1770027372-682003330-1003Core
ELIMINÉ: FacebookUpdateTaskUserS-1-5-21-1993962763-1770027372-682003330-1003UA

========== Recapitulativo ==========
11 : Chaves do Registo
4 : Valores do Registo
2 : Pastas
16 : Ficheiros
3 : Tarefa planificada

End of clean in 00mn 43s

========== Caminho do ficheiro do relatório ==========
C:\Documents and Settings\cliente\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 3/9/2014 11:33:51 [2897]

por **joram** Qua 03 Set 2014, 11:54

Bom Dia! Fuçador

|- Seus logs estão limpos!

-/-

|- Baixe: |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| ( ... de Xplode )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Estando na página,clique em Download Now.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Com as caixinhas marcadas,clique Executar!
|- Desmarque ativar UAC.

|- Tudo Ok?

A+

por **joram** Sex 03 Out 2014, 06:00

Caso Resolvido

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.

por Conteúdo patrocinado

Abrindo paginas sozinho

Abrindo paginas sozinho

Re: Abrindo paginas sozinho

Re: Abrindo paginas sozinho

Re: Abrindo paginas sozinho

Re: Abrindo paginas sozinho

Re: Abrindo paginas sozinho

Re: Abrindo paginas sozinho

Re: Abrindo paginas sozinho

Re: Abrindo paginas sozinho

Re: Abrindo paginas sozinho

Re: Abrindo paginas sozinho

Re: Abrindo paginas sozinho

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30