[Resolvido] &nbspPC WIn 7 64bits Ultimate travando somente com jogos

Unholy0970 · Novembro 15, 2013

Prezados Srs.,

há cerca de dois dias meu PC trava logo após ter iniciado qualquer jogo. Ou sai do jogo, mostrando a clássica janela dizendo que o programa não está respondendo, ou da crash no jogo e simplesmente o fecha.

Nada de anormal ocorre usando quaisquer outros aplicativos e ocorre com todos os jogos que possuo (originais).

Suspeito de atualizações do Windows, pois não instalei nada antes que o problema iniciasse.

Grato por qualquer ajuda que puderem fornecer.

Abaixo o log do Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:33:11, on 14/11/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16736)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: DVDVideoSoft.WebPageAdjuster - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: wwws.realsecureweb.com.br
O15 - Trusted Zone: www.santander.com.br
O15 - Trusted Zone: www.santandernet.com.br
O15 - Trusted Zone: wwws.santandernet.com.br
O15 - Trusted Zone: www.secureweb.com.br
O16 - DPF: {8214B72E-B0CD-466E-A44D-1D54D926038D} (CV781Object Object) - http://192.168.1.5:8080/AVC_AX_724.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf Ltd - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16817 bytes

DigRam · Novembro 15, 2013

Boa Noite! Unholy0970

|- Baixe: < > ( ... by Farbar )

|- Baixe: < Farbar Recovery Scan Tool > ( ... by Farbar )

|- Ou aqui...

< Farbar Recovery Scan Tool 64-Bits > ( ... by Farbar )

|- Ou aqui,para sistemas 64bits!
|- Salve-o no desktop! (Área de trabalho ...)
|- Execute a ferramenta! Clique "Yes" >> "Scan".

|- Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
|- Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
|- Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
|- Poste os relatórios! (FRST.txt + Addition.txt)
|- Ps: Se os logs forem extensos,envie-os à Pjjoint.malekal.

|- Ou acesse: < >

|- Maiores informações: < |Link| >

A+

Unholy0970 · Novembro 15, 2013

Antes de tudo, obrigado DigRam pela rápida resposta.

Bem, os logs são extensos, portanto coloquei no CJOINT.

Abaixo os links:

http://cjoint.com/?3KpqcAF5ySy

http://cjoint.com/?3KpqdoOKsGv

Grato.

DigRam · Novembro 15, 2013

Boa Noite! Unholy0970

|- Desinstale: C:\Program Files (x86)\Spybot - Search & Destroy <<
#####

|- Software que encontra-se,atualmente,ultrapassado.

-/-

|- Baixe: < zoek > ( ... by Smeenk )

|- Ou aqui! < zoek.exe >

|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.

hijackthis;
iedefaults;
autoclean;
emptyalltemp;

|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script".

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

|- Surgirão estas informações,pedindo-lhe que aguarde o relatório.

|- Aceite e/ou confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<

-/-

|- Copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Salve-a com o nome fixlist.txt.
|- Salve-a no desktop! ( Área de trabalho ... )

start
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
BHO: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No File
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-x32: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No File
Toolbar: HKCU - No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
S3 ALSysIO; \??\C:\Users\Pessoal\AppData\Local\Temp\ALSysIO64.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
AlternateDataStreams: C:\ProgramData\TEMP:5A8F8A0C
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:5A8F8A0C
end

|- Execute FRST/FRST64 >> Clique "Fix". << Aguarde!
|- Poste o relatório! (Fixlog.txt)

A+

Unholy0970 · Novembro 15, 2013

Digram,

mais uma vez obrigado.

Pirmeiramente, com que substituo o Spybot Search&Destroy?

Lá vão os logs:

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2013
Ran by Pessoal at 2013-11-15 19:16:50 Run:1
Running from C:\Users\Pessoal\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
BHO: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No File
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-x32: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No File
Toolbar: HKCU - No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
S3 ALSysIO; \??\C:\Users\Pessoal\AppData\Local\Temp\ALSysIO64.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
AlternateDataStreams: C:\ProgramData\TEMP:5A8F8A0C
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:5A8F8A0C
end

*****************

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} => Key deleted successfully.
HKCR\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} => Value deleted successfully.
HKCR\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
ALSysIO => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
C:\ProgramData\TEMP => ":5A8F8A0C" ADS removed successfully.
"C:\Users\Todos os Usuários\TEMP" => ":5A8F8A0C" ADS not found.

==== End of Fixlog ====

Zoek:

Zoek.exe Version 4.0.0.5 Updated 14-November-2013
Tool run by Pessoal on 15/11/2013 at 18:58:45,59.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Pessoal\Desktop\zoek.exe [script inserted]

==== System Restore Info ======================

15/11/2013 19:00:49 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1953316214-1544306617-1991443265-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5941796D-A469-4752-8487-64D7BD6C1575} deleted successfully
HKEY_USERS\S-1-5-21-1953316214-1544306617-1991443265-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D7BC4794-ECF4-4300-BACA-D15C7AC860FD} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\GUM3AB4.tmp deleted
C:\PROGRA~2\GUM4440.tmp deleted
C:\PROGRA~2\GUM4FCA.tmp deleted
C:\PROGRA~2\GUM7CCD.tmp deleted
C:\PROGRA~2\Mozilla Firefox\user.js deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\PROGRA~2\vGrabber-software deleted
C:\Users\Pessoal\AppData\Roaming\burnaware.ini deleted
C:\Users\Pessoal\AppData\Roaming\DVDVideoSoftIEHelpers deleted
C:\Users\Pessoal\AppData\Roaming\JWSearch tool deleted
C:\ProgramData\Ask deleted
C:\ProgramData\APN deleted
C:\ProgramData\Babylon deleted
C:\ProgramData\Package Cache deleted
C:\user.js deleted
C:\Windows\Syswow64\tmp804F.tmp deleted
C:\Windows\Syswow64\tmp806F.tmp deleted
C:\Windows\Syswow64\tmpDED.tmp deleted
C:\Windows\Syswow64\tmpDEE.tmp deleted
"C:\Users\Pessoal\AppData\Roaming\mods" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{34712C68-7391-4c47-94F3-8F88D49AD632}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [15/01/2013 19:53]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[29/11/2012 20:35]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com.br/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com.br/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon deleted successfully

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: DVDVideoSoft.WebPageAdjuster - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: wwws.realsecureweb.com.br
O15 - Trusted Zone: www.santander.com.br
O15 - Trusted Zone: www.santandernet.com.br
O15 - Trusted Zone: wwws.santandernet.com.br
O15 - Trusted Zone: www.secureweb.com.br
O16 - DPF: {8214B72E-B0CD-466E-A44D-1D54D926038D} (CV781Object Object) - http://192.168.1.5:8080/AVC_AX_724.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf Ltd - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pessoal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pessoal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Pessoal\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 15/11/2013 at 19:12:10,20 ======================

DigRam · Novembro 15, 2013

Boa Noite! Unholy0970

Pirmeiramente, com que substituo o Spybot Search&Destroy?

|- Deixe sem antispyware! O Avira é um bom antivírus e preenche essa lacuna na proteção.

|- Baixe: < > ( ... par Xplode )

|- Ao acessar,clique na imagem: < >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como

|- Ps: Dê início à ferramenta,clicando em "Scan".
|- Ao concluir,clique "Clean" >> Clique "Report".
|- Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >

A+

Unholy0970 · Novembro 15, 2013

Lá vai o report:

# AdwCleaner v3.012 - Relatório criado 15/11/2013 às 19:51:34
# Atualizado 11/11/2013 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : Pessoal - DAVIDE
# Executando de : C:\Users\Pessoal\Desktop\adwcleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_tema-porsche-para-windows-7_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_tema-porsche-para-windows-7_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_tsunami-windows-7-theme_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_tsunami-windows-7-theme_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\StartSearch
Chave Deletedo : HKCU\Software\AppDataLow\Software\PriceGong
Chave Deletedo : HKLM\Software\Babylon
Chave Deletedo : HKLM\Software\Freeze.com

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16736

*************************

AdwCleaner[R0].txt - [4391 octets] - [15/11/2013 19:50:56]
AdwCleaner[s0].txt - [4110 octets] - [15/11/2013 19:51:34]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4170 octets] ##########

DigRam · Novembro 15, 2013

Boa Noite! Unholy0970

|- Baixe: < > ( ... by Oleg N. Scherbakov )
|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,clique direito em JRT.exe e execute-o ...
|- Aguarde a conclusão e poste o relatório. ( JRT.txt )

-/-

|- Baixe: < ZHPDiag2.exe > < > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Execute o ícone do pergaminho. ( ZHPDiag )

|- Clique: "CONFIGURE"

|- Clique: "Options" >> "All" >> OK

|- Clique: "CONFIGURE" >> "Full Analysis"
|- Aguarde a conclusão!
|- Caso ocorra travamentos e não possa obter o log,aborte a verificação completa e faça a customizada.
|- Volte a janela principal da ferramenta.

|- Clique "SEARCH" e aguarde a conclusão!
|- Ou clique "Options" >> "None".

|- Marque,apenas,a opção "Additional Scan (O88)".

~ Unselected Option:

O1,039,O40,O41,O42,O43,O44,O45,O46,O47,
O48,O49,O50,O51,O52,O53,O54,O55,O56,O57,
O58,O59,O60,O61,O62,O63,O64,O65,O66,O67,
O68,O69,O80,O81,O82,O83,O84,O85,O86,O87,
O89,O90,O91,O92
####

|- Desta forma,estas opções serão desabilitadas!

|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Se o log for extenso,envie-o à Pjjoint.malekal.

|- Ou acesse: < >

|- Maiores informações: < |Link| >

A+

Unholy0970 · Novembro 15, 2013

Relatórios:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by Pessoal on 15/11/2013 at 20:19:54,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish games"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/11/2013 at 20:23:48,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~ Relatório do ZHPDiag v2013.11.14.33 - Nicolas Coolman (14/11/2013)
~ Iniciado por Pessoal (15/11/2013 20:26:59)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : http://nicolascoolman.webs.com/apps/links/
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16736 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Avira Free Antivirus v13.0.0.4042
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.07 =>Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.1.3 =>P2P.µTorrent

---\\ Monitoramento dos softwares
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.0
Java 7 Update 45

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8171 MB (74% free)
System Restore: Activé (Enable)
System drive C: has 175 GB (18%) free of 931 GB

---\\ Modo de conexão ao sistema
~ Computer Name: DAVIDE
~ User Name: Pessoal
~ All Users Names: Pessoal, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: None
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Pessoal\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Pessoal\AppData\Roaming\
~ %Desktop% : C:\Users\Pessoal\Desktop\
~ %Favorites% : C:\Users\Pessoal\Favorites\
~ %LocalAppData% : C:\Users\Pessoal\AppData\Local\
~ %StartMenu% : C:\Users\Pessoal\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 175 Go of 931 Go)
D: CD-ROM drive (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9706C99DAEBE3FEAC811B239617E98C4] - (.Microsoft Corporation - Internet Extensions para Win32.) (.12/10/2013 - 05:45:20.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 10:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 08:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/22
~ Mes musiques (My Musics) : 1/7
~ Mes Videos (My Videos) : 2/33
~ Mes Favoris (My Favorites) : 1/1951
~ Mes Documents (My Documents) : 7/6349
~ Mon Bureau (My Desktop) : 3/5000
~ Menu demarrer (Programs) : 1/80
~ Hidden Files: Scanned in 00mn 05s

---\\ Processos lançados
[MD5.26D084203D9E20D7AA05D190A1CCA567] - (.No owner - RTSS.) -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe [166968] [PID.1660]
[MD5.CD1B32E07F728A4F6E868DAA63DFE2DA] - (.No owner - MSIAfterburner.) -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [425016] [PID.2084]
[MD5.17F3D3EEB1BD6E4A4384848D46145E59] - (.Overwolf - Overwolf.) -- C:\Program Files (x86)\Overwolf\Overwolf.exe [35256] [PID.1788]
[MD5.C98F79A726A1505812969CC4F3ECFA3F] - (.AMD - HydraDM.) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216] [PID.1480]
[MD5.4EE76D4CB055E8EC281177771345E8B3] - (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe [312376] [PID.3044]
[MD5.05A375EE92FBB4BB412DE477C465044C] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192] [PID.1152]
[MD5.48E6868781B4E8BF4B77DBEC7694BCE8] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295072] [PID.1168]
[MD5.51C8885B6A00904C0252704C9FB0F43A] - (.Renesas Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288] [PID.1052]
[MD5.0DCAC41EB58A45049BD7FF665C32D5F4] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736] [PID.1176]
[MD5.FBD06A45DB2D543EFD932768029EC5F2] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe [483328] [PID.3112]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3124]
[MD5.CAC3C59305A9C569656A27DFFF7592DE] - (.Microsoft - Overwolf.Helper.) -- C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe [26552] [PID.3352]
[MD5.D7D5768B8A697FCBAEE2CFE137070F02] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [770736] [PID.5784]
[MD5.6A8E0E72D390B95EFE3A7FFA17D5C504] - (.RealNetworks, Inc. - RealDownloader.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [232608] [PID.3564]
[MD5.A9B236A317FD2D8C9C9F43F33707667E] - (.Nicolas Coolman - ZHPDiag.) -- C:\ZHPDiag\ZHPDiag.exe [8216064] [PID.5248]
[MD5.B121E4EBB785D9EDCED4A36CC59843AE] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [451640] [PID.904]
[MD5.A663A2DD405DBC831AA1F4F2195D4748] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024] [PID.1596]
[MD5.01E45F75386A8B6207E6CCA31DFCD1B0] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088] [PID.1860]
[MD5.3DEBBECF665DCDDE3A95D9B902010817] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55144] [PID.1976]
[MD5.CDCA791AFA0483F44BBA576DBFAFD04D] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.exe [102400] [PID.2264]
[MD5.3A2E85F7D90D15460C337CE80C2E3B29] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [76888] [PID.2336]
[MD5.A0FF419B61AE47E26ADF3BB15DB4F2FE] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608] [PID.2360]
[MD5.AF7090488DB99607D5AADEA6298ACC54] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [326168] [PID.5900]
[MD5.4CE819AFF4608198957B375B3456751A] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2656280] [PID.6088]
~ Processes Running: Scanned in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense Banco Real [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehabn.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
~ BHO: 17 Legitimates Filtered in 00mn 00s

---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: ArmA II Launcher.lnk . (.Spirited Machine - ArmA II Launcher.) -- C:\Program Files (x86)\Spirited Machine\ArmA II Launcher\ARMA2 Launcher.exe
O4 - GS\Desktop [Public]: CalcTape.lnk . (.SFR Software GmbH - CalcTape.) -- C:\Program Files (x86)\CalcTape\CalcTape.exe
O4 - GS\Desktop [Public]: DreamScene Seven.lnk . (...) -- C:\Program Files (x86)\DreamScene Seven\dreamsceneseven.exe
O4 - GS\Desktop [Public]: Launch ARMA 2 Operation Arrowhead.lnk . (.Bohemia Interactive - ArmA 2 OA.) -- C:\Program Files (x86)\Bohemia Interactive\ArmA 2 - Cópia\Bohemia Interactive\ArmA 2 Operation Arrowhead\arma2OA.exe
O4 - GS\Desktop [Public]: O Mundo das Cores.lnk . (.Comfyware - No Comment.) -- C:\Program Files (x86)\Comfyware\WorldOfColors\WorldOfColors.exe
O4 - GS\Desktop [Public]: Overwolf.lnk . (...) -- C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
O4 - GS\Desktop [Public]: Primeiros Passos.lnk . (.ComfyWare - No Comment.) -- C:\Program Files (x86)\ComfyWare\Primeiros Passos\FirstSteps.exe
O4 - GS\Desktop [Public]: Six Updater.lnk . (.Flexera Software LLC - InstallShield.) -- C:\Windows\Installer\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}\_5AA5102D71C8479F906361ADEEF79C8A.exe
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\QuickLaunch [Pessoal]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Pessoal]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [Pessoal]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Pessoal]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Pessoal]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Pessoal]: ArmA II - CO.lnk . (...) -- C:\Program Files (x86)\Bohemia Interactive\ArmA 2\ArmA II Launcher.exe
O4 - GS\Desktop [Pessoal]: ArmA II Launcher - Atalho.lnk . (...) -- C:\Program Files (x86)\Bohemia Interactive\ArmA 2\ArmA II Launcher.exe
O4 - GS\Desktop [Pessoal]: Docs Sítio - Atalho.lnk . (...) -- C:\Davide\Docs Sítio
O4 - GS\Desktop [Pessoal]: Escola 2013.lnk . (...) -- C:\Davide\João Guilherme\7º ano
O4 - GS\Desktop [Pessoal]: Fotos problemas casa - Atalho.lnk . (...) -- C:\Davide\Fotos problemas casa
O4 - GS\Desktop [Pessoal]: Google Talk.lnk . (.Google - Google Talk.) -- C:\Users\Pessoal\AppData\Roaming\Google\Google Talk\googletalk.exe
O4 - GS\Desktop [Pessoal]: Gui - Atalho.lnk . (...) -- C:\Davide\João Guilherme\Gui
O4 - GS\Desktop [Pessoal]: Intellectus - Pagamentos.lnk . (...) -- C:\Davide\Intellectus
O4 - GS\Desktop [Pessoal]: IR2013 - Atalho.lnk . (...) -- C:\Davide\Misc\IR2013
O4 - GS\Desktop [Pessoal]: Manuais - Atalho.lnk . (...) -- C:\Davide\Misc\Manuais
O4 - GS\Desktop [Pessoal]: Misc.lnk . (...) -- C:\Davide\Misc
O4 - GS\Desktop [Pessoal]: New Job.lnk . (...) -- C:\Davide\New Job
O4 - GS\Desktop [Pessoal]: Planilha consumos Grand Livina - Atalho.lnk . (...) -- C:\Davide\Misc\Planilha consumos Grand Livina.xlsx
O4 - GS\Desktop [Pessoal]: Processos 2013 - Atalho.lnk . (...) -- C:\Davide\Processos 2013
O4 - GS\Desktop [Pessoal]: ScreenHunter 6.0 Free.lnk . (.Wisdom Software Inc. - ScreenHunter 6.0 Free.) -- C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
O4 - GS\Desktop [Pessoal]: T&T - Atalho.lnk . (...) -- C:\Davide\T&T\T&T
O4 - GS\Desktop [Pessoal]: Tablet - Atalho.lnk . (...) -- C:\Davide\Misc\Tablet
O4 - GS\Desktop [Pessoal]: TeamSpeak 3 Client.lnk . (...) -- C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win64.exe (.not file.)
O4 - GS\Desktop [Pessoal]: Trabalho Gui - Atalho.lnk . (...) -- C:\Davide\João Guilherme\Trabalho Gui
O4 - GS\Desktop [Pessoal]: VideoViewer.lnk . (...) -- C:\Program Files (x86)\VideoViewer\VideoViewer.exe
O4 - GS\Desktop [Pessoal]: VueScan.lnk . (.Hamrick Software - VueScan.) -- C:\VueScan\vuescan.exe
~ Global Startup: 117 Legitimates Filtered in 00mn 02s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Public]: Adobe Acrobat Speed Launcher.lnk . (...) -- C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
O4 - HKLM\..\Run: [ESET-Phase2] . (...) -- C:\ProgramData\ESET\ESET-phase2.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKCU\..\Run: [skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Overwolf] . (.Overwolf - Overwolf.) -- C:\Program Files (x86)\Overwolf\Overwolf.exe
O4 - HKCU\..\Run: [steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files (x86)\Steam\Steam.exe
O4 - HKCU\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [HydraVisionDesktopManager] . (.AMD - HydraDM.) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKLM\..\Wow6432Node\Run: [PWRISOVM.EXE] . (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe
O4 - HKLM\..\Wow6432Node\Run: [bCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- c:\program files (x86)\real\realplayer\Update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Wow6432Node\Run: [switchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Wow6432Node\Run: [NUSB3MON] . (.Renesas Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [Acrobat Assistant 7.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
O4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [startCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1953316214-1544306617-1991443265-1000\..\Run: [skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1953316214-1544306617-1991443265-1000\..\Run: [Overwolf] . (.Overwolf - Overwolf.) -- C:\Program Files (x86)\Overwolf\Overwolf.exe
O4 - HKUS\S-1-5-21-1953316214-1544306617-1991443265-1000\..\Run: [steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files (x86)\Steam\Steam.exe
O4 - HKUS\S-1-5-21-1953316214-1544306617-1991443265-1000\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-1953316214-1544306617-1991443265-1000\..\Run: [HydraVisionDesktopManager] . (.AMD - HydraDM.) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
O9 - Extra button: Free YouTube Download [64Bits] - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -- C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\dvdvideosoft.ico (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.secureweb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C0C9A16-2C1D-41B0-B46C-CB3923B33670}: DhcpNameServer = 186.223.160.24 186.223.160.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E28DDCF-32CC-4CE8-985A-887A5F97CCBA}: DhcpNameServer = 186.223.160.24 186.223.160.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C0C9A16-2C1D-41B0-B46C-CB3923B33670}: DhcpNameServer = 186.223.160.24 186.223.160.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{6E28DDCF-32CC-4CE8-985A-887A5F97CCBA}: DhcpNameServer = 186.223.160.24 186.223.160.21
O17 - HKLM\System\CS2\Services\Tcpip\..\{4C0C9A16-2C1D-41B0-B46C-CB3923B33670}: DhcpNameServer = 186.223.160.24 186.223.160.21
O17 - HKLM\System\CS2\Services\Tcpip\..\{6E28DDCF-32CC-4CE8-985A-887A5F97CCBA}: DhcpNameServer = 186.223.160.24 186.223.160.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 186.223.160.24 186.223.160.21
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: Intel® Management and Security Applica (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
~ Services: 13 Legitimates Filtered in 00mn 03s

---\\ Tarefas planificadas automaticamente (039)
[MD5.CD1B32E07F728A4F6E868DAA63DFE2DA] [APT] [MSIAfterburner] (...) -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [425016]
[MD5.26D084203D9E20D7AA05D190A1CCA567] [APT] [RTSS] (...) -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe [166968]
[MD5.00000000000000000000000000000000] [APT] [{771C2C5F-322C-44E4-B9AF-861B9666D249}] (...) -- C:\Users\Pessoal\Desktop\googletalk-setup-pt-BR.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B47F16CF-F7B2-402C-9FAE-D6BA2C1F8A2B}] (...) -- C:\Jogos\Arma II OA\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E7AE7CCC-149A-4E7F-803C-C286C1E4756F}] (...) -- C:\Instaladores\Epson drivers\SCX4900_x86_6.1aS_GM.exe (.not file.) [0]
~ Scheduled Task: 24 Legitimates Filtered in 00mn 03s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (HWiNFO32) . (.REALiX - HWiNFO AMD64 Kernel Driver.) - C:\Windows\system32\drivers\HWiNFO64A.sys
~ Drivers: 72 Legitimates Filtered in 00mn 00s

---\\ Software instalados (042)
O42 - Logiciel: CarrierCommand Uninstall - (...) [HKLM][64Bits] -- CarrierCommand
O42 - Logiciel: Como Elaborar um Plano de Negócio - (.Sebrae MG.) [HKLM][64Bits] -- {961F1DB1-E8BD-4B91-ABDE-DDB87EB81E7B}
O42 - Logiciel: DCS A-10C - (...) [HKLM][64Bits] -- DCS A-10C_is1
O42 - Logiciel: Iron Front : Liberation 1944 - (.X1 Software.) [HKLM][64Bits] -- Steam App 91330
O42 - Logiciel: MilViz - Northrop T-38 Talon - (.The SW.) [HKLM][64Bits] -- MilViz - Northrop T-38 Talon1.1 Full
O42 - Logiciel: O Mundo das Cores - (.Comfyware.) [HKLM][64Bits] -- {8C62CFC8-0289-4DB0-8F4C-792DE361A7FB}
O42 - Logiciel: PCmover OEM Express - (.Nome de sua empresa:.) [HKLM][64Bits] -- {1EE14CC2-ED85-4EEA-8714-A31C86AF3769}
O42 - Logiciel: Primeiros Passos - (.ComfyWare.) [HKLM][64Bits] -- {AC69C994-F34B-4080-ACCC-B932A19DC617}
O42 - Logiciel: Video Viewer - (...) [HKLM][64Bits] -- Video Viewer
~ Logic: 219 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Evolved]
[HKCU\Software\Kukouri]
[HKCU\Software\Kungsoft]
[HKCU\Software\SetupFactory]
[HKCU\Software\Spearit]
[HKCU\Software\SprocketDownloader]
[HKLM\Software\Laplink]
[HKLM\Software\Wow6432Node\A4]
[HKLM\Software\Wow6432Node\ComfyWare]
[HKLM\Software\Wow6432Node\Laplink]
[HKLM\Software\Wow6432Node\Spearit]
[HKLM\Software\Wow6432Node\ThirdWire]
~ Key Software: 330 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 24/03/2013 - 13:50:11 - [12,436] ----D C:\Program Files (x86)\CalcTape
O43 - CFD: 14/02/2013 - 12:00:15 - [428,565] ----D C:\Program Files (x86)\ComfyWare
O43 - CFD: 08/02/2013 - 15:19:24 - [-162,800] ----D C:\Program Files (x86)\FarCry 3
O43 - CFD: 26/08/2013 - 20:50:54 - [943,268] ----D C:\Program Files (x86)\Hello Games
O43 - CFD: 03/02/2012 - 03:34:18 - [24,081] ----D C:\Program Files (x86)\Laplink
O43 - CFD: 01/04/2013 - 15:58:15 - [0] ----D C:\Program Files (x86)\London 2012 The Official Video Game of the Olympic Games
O43 - CFD: 29/06/2013 - 16:33:24 - [2,957] ----D C:\Program Files (x86)\Sebrae MG
O43 - CFD: 13/09/2013 - 19:43:00 - [0] ----D C:\Program Files (x86)\Star Trek
O43 - CFD: 07/08/2012 - 18:38:53 - [-1182,035] ----D C:\Program Files (x86)\ThirdWire
O43 - CFD: 04/11/2013 - 14:57:13 - [22,326] ----D C:\Program Files (x86)\VideoViewer
O43 - CFD: 03/02/2012 - 03:34:18 - [0,244] ----D C:\Program Files (x86)\Common Files\Laplink
O43 - CFD: 02/11/2013 - 13:26:07 - [31,114] ----D C:\Users\Pessoal\AppData\Roaming\bin
O43 - CFD: 02/11/2013 - 13:26:07 - [5,829] ----D C:\Users\Pessoal\AppData\Roaming\bin - Cópia
O43 - CFD: 23/04/2013 - 19:36:05 - [94,464] ----D C:\Users\Pessoal\AppData\Roaming\CameraCraftTemp
O43 - CFD: 23/04/2013 - 19:36:52 - [0,916] ----D C:\Users\Pessoal\AppData\Roaming\config
O43 - CFD: 23/04/2013 - 19:09:30 - [0] ----D C:\Users\Pessoal\AppData\Roaming\coremods
O43 - CFD: 23/04/2013 - 19:36:53 - [0,473] ----D C:\Users\Pessoal\AppData\Roaming\coremods - Cópia
O43 - CFD: 23/04/2013 - 19:36:55 - [1,241] ----D C:\Users\Pessoal\AppData\Roaming\crash-reports
O43 - CFD: 23/04/2013 - 19:37:04 - [2,165] ----D C:\Users\Pessoal\AppData\Roaming\Flan
O43 - CFD: 25/08/2013 - 19:54:28 - [16,803] ----D C:\Users\Pessoal\AppData\Roaming\Mod Intalers
O43 - CFD: 23/04/2013 - 19:37:42 - [47,479] ----D C:\Users\Pessoal\AppData\Roaming\mods - Cópia
O43 - CFD: 23/04/2013 - 19:38:48 - [119,777] ----D C:\Users\Pessoal\AppData\Roaming\resources
O43 - CFD: 25/08/2013 - 19:54:29 - [695,535] ----D C:\Users\Pessoal\AppData\Roaming\saves do Gui
O43 - CFD: 11/08/2013 - 19:11:39 - [0,068] ----D C:\Users\Pessoal\AppData\Roaming\StarTrekPC
O43 - CFD: 28/11/2012 - 12:43:10 - [0] ----D C:\Users\Pessoal\AppData\Local\2012
O43 - CFD: 15/11/2013 - 19:41:42 - [9,923] ----D C:\Users\Pessoal\AppData\Local\Ironfront
O43 - CFD: 25/10/2013 - 17:40:13 - [0,002] ----D C:\Users\Pessoal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AWAR
O43 - CFD: 29/06/2013 - 16:33:25 - [0,003] ----D C:\Users\Pessoal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Como Elaborar um Plano de Negócio
O43 - CFD: 29/02/2012 - 17:20:20 - [0,002] ----D C:\Users\Pessoal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MilViz - Northrop T-38 Talon
O43 - CFD: 08/08/2012 - 09:26:31 - [0,030] ----D C:\Users\Pessoal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ThirdWire
O43 - CFD: 05/11/2012 - 10:58:30 - [0] ----D C:\Users\Pessoal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoViewer
~ Program Folder: 346 Legitimates Filtered in 02mn 03s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 04/11/2013 - 13:53:26 ---A- . (...) -- C:\DebugTraceNormal.log [0]
O44 - LFC:[MD5.8C67DEF03C0B6671850EEDC7A5006A33] - 13/11/2013 - 16:39:18 ---A- . (...) -- C:\Windows\DirectX.log [10967]
O44 - LFC:[MD5.8C047669942FA6AEDC4731944C5AD490] - 13/11/2013 - 17:07:57 ---A- . (...) -- C:\Windows\ntbtlog.txt [188774]
O44 - LFC:[MD5.9945AF7C421F99449BC80EBDC36DA5A8] - 14/11/2013 - 08:46:23 ---A- . (...) -- C:\Windows\IE11_main.log [4490]
O44 - LFC:[MD5.FC3A96F0AD1D75365C5DFC01EE68178F] - 15/11/2013 - 08:58:50 ---A- . (...) -- C:\Windows\SysNative\prfc0416.dat [147638]
O44 - LFC:[MD5.7010D3F043B09A64A707F8DBAA72AA69] - 15/11/2013 - 08:58:50 ---A- . (...) -- C:\Windows\SysNative\prfh0416.dat [705798]
O44 - LFC:[MD5.FC3A96F0AD1D75365C5DFC01EE68178F] - 15/11/2013 - 08:58:50 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147638]
O44 - LFC:[MD5.7010D3F043B09A64A707F8DBAA72AA69] - 15/11/2013 - 08:58:50 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [705798]
O44 - LFC:[MD5.02940D6C7722E91342A32CFF5C60F4E4] - 15/11/2013 - 17:58:13 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.A63661CDB6B4A8C06E79046848F5222E] - 15/11/2013 - 18:12:10 ---A- . (...) -- C:\zoek-results.log [20402]
~ Files: 119 Legitimates Filtered in 00mn 40s

---\\ Últimos ficheiros criados no Windows Prefetch (045)
O45 - LFCP:[MD5.8A65E9ED4A8A22E1B2A7EEAA648FD493] - 15/11/2013 - 19:01:55 ---A- - C:\Windows\Prefetch\A TERRA DE NOITE.SCR-5D85A2C9.pf
O45 - LFCP:[MD5.0AC8EA098CB471B1722AF3DB4FE4F29A] - 15/11/2013 - 19:19:48 ---A- - C:\Windows\Prefetch\WGET.DAT-9AFB73CE.pf
O45 - LFCP:[MD5.145905BA5839543EDD8AB986A5F4F587] - 15/11/2013 - 19:19:57 ---A- - C:\Windows\Prefetch\JRT.EXE-B0AF7FE2.pf
O45 - LFCP:[MD5.1B2FC2FB0C80E53516F68625D6009AF5] - 15/11/2013 - 19:23:05 ---A- - C:\Windows\Prefetch\FC.EXE-F6221E79.pf
O45 - LFCP:[MD5.9E4571910BB7D1C85C5F4B8E9D3479DD] - 15/11/2013 - 19:23:15 ---A- - C:\Windows\Prefetch\CUT.DAT-1AC66C3F.pf
O45 - LFCP:[MD5.EB01D50EC68BC8DA3640D8F34EDD89D5] - 15/11/2013 - 19:23:32 ---A- - C:\Windows\Prefetch\FIND.EXE-9AADDA11.pf
O45 - LFCP:[MD5.A989470CCC4392C145E2742F25F10AD8] - 15/11/2013 - 19:23:32 ---A- - C:\Windows\Prefetch\SHORTCUT.DAT-01EA68AF.pf
O45 - LFCP:[MD5.35AF274008E3A0E225EDC5C103766176] - 15/11/2013 - 19:23:48 ---A- - C:\Windows\Prefetch\NIRCMD.DAT-71ADC894.pf
~ Prefetcher: 76 Legitimates Filtered in 00mn 00s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\BigDog305 [Key] . (.VM305SNAP - VM305SNAP.) -- C:\Windows\VM305_STI.exe
~ SMSR Keys: 9 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.6F34FD8453EBA4F55D74BA33A43445B0] - 15/10/2012 - 14:52:36 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\GbpKm.sys [46016]
~ Drivers: 18 Legitimates Filtered in 00mn 00s

---\\ Últimos ficheiros alterados ou criados (Utilizador) (061)
O61 - LFC: 12/11/2013 - 20:32:44 ---A- . (...) -- C:\Users\Pessoal\Documents\ArmA 2 Other Profiles\Unholy\Saved\bwmod_missions\sp\sp_ksk_1.Chernarus\save.ArmA2OASave [20969206]
O61 - LFC: 12/11/2013 - 20:32:44 ---A- . (...) -- C:\Users\Pessoal\Documents\ArmA 2 Other Profiles\Unholy\Saved\bwmod_missions\sp\sp_ksk_1.Chernarus\save2.ArmA2OASave [20316509]
O61 - LFC: 13/11/2013 - 20:30:12 ---A- . (...) -- C:\Users\Pessoal\AppData\Local\ArmA 2 OA\squads\EAP\logo.paa [87559]
O61 - LFC: 13/11/2013 - 20:30:19 ---A- . (...) -- C:\Users\Pessoal\AppData\Local\SIX_Projects\Six_Updater_GUI.exe_Url_yu5sx5m4s2mrklafhbatpeseupurhjlw\2.9.7.38\user.config [4347]
O61 - LFC: 13/11/2013 - 20:32:40 ---A- . (...) -- C:\Users\Pessoal\AppData\Roaming\six-updater\db\production.stash [800452]
O61 - LFC: 13/11/2013 - 20:32:40 ---A- . (...) -- C:\Users\Pessoal\AppData\Roaming\six-updater\db\production.stash.back [548388]
O61 - LFC: 13/11/2013 - 20:32:40 ---A- . (...) -- C:\Users\Pessoal\AppData\Roaming\six-updater\families.yml [245]
O61 - LFC: 13/11/2013 - 20:32:40 ---A- . (...) -- C:\Users\Pessoal\AppData\Roaming\six-updater\six-updater.yml [5011]
O61 - LFC: 13/11/2013 - 20:32:43 ---A- . (...) -- C:\Users\Pessoal\Documents\ArmA 2\ArmA2OA.cfg [7986]
O61 - LFC: 13/11/2013 - 20:32:45 ---A- . (...) -- C:\Users\Pessoal\Documents\cc_20131113_182101.reg [640]
O61 - LFC: 13/11/2013 - 20:32:47 ---A- . (...) -- C:\Users\Pessoal\Documents\Iron Front Other Profiles\Unholy\Saved\missions_DE_LIB\campaign\continue.IFSave [27272922]
O61 - LFC: 14/11/2013 - 20:30:12 ---A- . (...) -- C:\Users\Pessoal\AppData\Local\ArmA 2 OA\arma2OA.bidmp [11306]
O61 - LFC: 14/11/2013 - 20:30:12 ---A- . (...) -- C:\Users\Pessoal\AppData\Local\ArmA 2 OA\arma2OA.mdmp [6015180]
O61 - LFC: 14/11/2013 - 20:30:12 ---A- . (...) -- C:\Users\Pessoal\AppData\Local\ArmA 2 OA\arma2oa.RPT [2215563]
O61 - LFC: 14/11/2013 - 20:30:19 ---A- . (...) -- C:\Users\Pessoal\AppData\Local\Spirited_Machine\ARMA2_Launcher.exe_Url_vlsgy5l43ejn32wzk3p5tzecmrqrgakf\1.4.1.0\user.config [1289]
O61 - LFC: 14/11/2013 - 20:32:40 ---A- . (...) -- C:\Users\Pessoal\AppData\Roaming\Spirited Machine\ArmA II Launcher\1.4.1.0\Profiles\Armapoint\Addon_Order.xml [8435]
O61 - LFC: 14/11/2013 - 20:32:40 ---A- . (...) -- C:\Users\Pessoal\AppData\Roaming\Spirited Machine\ArmA II Launcher\1.4.1.0\Profiles\Armapoint\Addon_Structure.xml [11036]
O61 - LFC: 14/11/2013 - 20:32:40 ---A- . (...) -- C:\Users\Pessoal\AppData\Roaming\Spirited Machine\ArmA II Launcher\1.4.1.0\Profiles\Armapoint\LaunchOptions.xml [1028]
O61 - LFC: 14/11/2013 - 20:32:44 ---A- . (...) -- C:\Users\Pessoal\Documents\ArmA 2 Other Profiles\Unholy\Saved\ca\missions\scenarios\SP_EyeForEye.Chernarus\weapons.cfg [3742]
O61 - LFC: 14/11/2013 - 20:32:44 ---A- . (...) -- C:\Users\Pessoal\Documents\ArmA 2 Other Profiles\Unholy\Unholy.ArmA2OAProfile [9771]
O61 - LFC: 15/11/2013 - 20:30:15 ---A- . (...) -- C:\Users\Pessoal\AppData\Local\Ironfront\ironfront.RPT [2209036]
O61 - LFC: 15/11/2013 - 20:32:32 ---A- . (...) -- C:\Users\Pessoal\AppData\Roaming\Microsoft\IdentityCRL\Production\MetaConfig.xml [163]
O61 - LFC: 15/11/2013 - 20:32:41 ---A- . (...) -- C:\Users\Pessoal\AppData\Roaming\ZHP\Log.txt [21700] =>.Nicolas Coolman
O61 - LFC: 15/11/2013 - 20:32:41 ---A- . (...) -- C:\Users\Pessoal\AppData\Roaming\ZHP\TestsZHPDiag.txt [2849] =>.Nicolas Coolman
O61 - LFC: 15/11/2013 - 20:32:47 ---A- . (...) -- C:\Users\Pessoal\Documents\Iron Front Other Profiles\Unholy\Saved\LIB_DLC_SPmissions\[sP]omaxa.Colleville\continue.IFSave [13736645]
O61 - LFC: 15/11/2013 - 20:32:47 ---A- . (...) -- C:\Users\Pessoal\Documents\Iron Front Other Profiles\Unholy\Saved\LIB_DLC_SPmissions\[sP]omaxa.Colleville\weapons.cfg [38134]
O61 - LFC: 15/11/2013 - 20:32:47 ---A- . (...) -- C:\Users\Pessoal\Documents\Iron Front Other Profiles\Unholy\Unholy.IFProfile [9384]
O61 - LFC: 15/11/2013 - 20:32:47 ---A- . (...) -- C:\Users\Pessoal\Documents\Iron Front\IF.cfg [626]
~ 4 Fichiers temporaires (Temporary files)
~ Files: 138 Legitimates Filtered in 03mn 16s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 23/01/2013 - C:\Program Files (x86)\MSI Afterburner\RTCore64.sys (RTCore64) .(...) - LEGACY_RTCORE64
~ Legacy: 74 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <htmlfile>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s

---\\ Listagem dos ficheiros Crack & Keygen (CKF) (O82)
C:\Davide\HD velho\1 FAT32\AppleII\star_fleet_one_cracked.zip
C:\Davide\HD velho\1 FAT32\AppleII\two\star_fleet_one_cracked.zip
C:\Program Files (x86)\SIX Projects\Six Updater\tools\bin\ssh-keygen.exe
C:\Users\Pessoal\AppData\Local\Play withSIX\tools\mingw\bin\ssh-keygen.exe
C:\Users\Pessoal\AppData\Roaming\.minecraft - Cópia (2)\Minecraft Cracked.exe
C:\Users\Pessoal\AppData\Roaming\.minecraft - Cópia (2) MoCreatures\Minecraft Cracked.exe
C:\Users\Pessoal\AppData\Roaming\.minecraft - Cópia (4)\Minecraft Cracked.exe
C:\Users\Pessoal\AppData\Roaming\.minecraft - Cópia (4) - 1,.2.5 completo\Minecraft Cracked.exe
C:\Users\Pessoal\AppData\Roaming\.minecraft - Cópia (4) - 1.2.5 com Aether\Minecraft Cracked.exe
C:\Users\Pessoal\AppData\Roaming\.minecraft - Cópia (4) - 1.2.5 completo\Minecraft Cracked.exe
C:\Users\Pessoal\AppData\Roaming\.minecraft - Cópia (4) - 1.2.5 limpo zero\Minecraft Cracked.exe
C:\Users\Pessoal\AppData\Roaming\.minecraft - Cópia (4) - BuildCraft\Minecraft Cracked.exe
C:\Users\Pessoal\AppData\Roaming\.minecraft - Cópia (4) - Recente\Minecraft Cracked.exe
C:\Users\Pessoal\AppData\Roaming\.minecraft - Cópia (5) - 1.3.1 com modloader\Minecraft Cracked.exe
C:\Users\Pessoal\AppData\Roaming\.minecraft - Cópia (7) - BuildCraft\Minecraft Cracked.exe
C:\Users\Pessoal\AppData\Roaming\.minecraft - Cópia - 1.2.5 completo\Minecraft Cracked.exe
C:\Users\Pessoal\AppData\Roaming\.minecraft - Cópia - antes de mods\Minecraft Cracked.exe
C:\Users\Pessoal\AppData\Roaming\.minecraft - Cópia - Mapas\Minecraft Cracked.exe
C:\Users\Pessoal\AppData\Roaming\.minecraft - Cópia 1.3.2 com FML\Minecraft Cracked.exe
C:\Users\Pessoal\AppData\Roaming\.minecraft - Cópia 1.3.2 com FML novo\Minecraft Cracked.exe
C:\Users\Pessoal\AppData\Roaming\uTorrent\Minecraft_Cracked_v1.2.5.zip.torrent =>P2P.µTorrent
C:\Users\Pessoal\AppData\Roaming\uTorrent\Minecraft_Cracked_v1.3.1.zip.torrent =>P2P.µTorrent
C:\Users\Pessoal\Desktop\Jogos\Minecraft mods\Minecraft_Cracked_v1.2.5\Minecraft_Cracked_v1.2.5.exe
C:\Users\Pessoal\Desktop\Jogos\Minecraft mods\Minecraft_Cracked_v1.2.5.zip
C:\Users\Pessoal\Desktop\Jogos\Minecraft mods\Para1.3.2\Minecraft_Cracked_v1.3.1.zip
C:\Users\Pessoal\Downloads\Minecraft_Cracked_v1.2.5\Minecraft_Cracked_v1.2.5.exe
~ Files: Scanned in 01mn 12s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.378189889438568FEF3D98588283B3A5] [sPRF][10/11/2013] (...) -- C:\Users\Pessoal\AppData\Local\Temp\Quarantine.exe [350377]
[MD5.9812917FE2FCDEA2FD800573D7842E5D] [sPRF][15/11/2013] (...) -- C:\Users\Pessoal\Desktop\adwcleaner.exe [1085542]
[MD5.DFDB1CCC2B67BA1B9C04AA806CDE65CD] [sPRF][10/04/2013] (...) -- C:\Users\Pessoal\Desktop\chromehtml.reg [774]
[MD5.597A1990D98702D80E0F5CB33B585D0D] [sPRF][13/11/2013] (...) -- C:\Users\Pessoal\Desktop\RestoreBlbdriveWindows7.bat [68]
[MD5.7CCDB06729E2731AF9D0DFBD86B437DE] [sPRF][25/09/2013] (.Beepa Pty Ltd - Fraps Installer.) -- C:\Users\Pessoal\Desktop\setup.exe [2326976]
[MD5.9BA4F8D8650CA5E4DA7B74CF6BB54DEC] [sPRF][30/05/2013] (.RJL Software, Inc. - Displays your installed Windows Product Key.) -- C:\Users\Pessoal\Desktop\winproductkey.exe [535040]
[MD5.90BD324DA65A123553AB4759378B6596] [sPRF][04/11/2013] (...) -- C:\Users\Pessoal\Desktop\zoek.com [1394331]
[MD5.254EBC33BEA62A9AB96F3DDE2BF79CB0] [sPRF][01/11/2013] (...) -- C:\Users\Pessoal\Desktop\zoek.exe [1269760]
~ Files: 15 Legitimates Filtered in 00mn 03s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{B2CC999B-B541-4FD6-A1A5-3A24E1211750}" | In - None - P17 - TRUE | .(.Laplink Software Inc. - PCmover.) -- C:\Program Files (x86)\Laplink\PCmover\pcmover.exe
O87 - FAEL: "TCP Query User{8B719518-F992-438E-BD29-028DA9AC9500}C:\program files (x86)\videoviewer\videoviewer.exe" | In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\videoviewer\videoviewer.exe
O87 - FAEL: "UDP Query User{CA16F9A4-A565-4564-BB6A-C0CD50EAC970}C:\program files (x86)\videoviewer\videoviewer.exe" | In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\videoviewer\videoviewer.exe
O87 - FAEL: "TCP Query User{51E413A1-A8B6-4116-8BBB-8774B104C21E}C:\users\pessoal\appdata\local\play withsix\tools\mingw\bin\rsync.exe" | In - Private - P6 - TRUE | .(...) -- C:\users\pessoal\appdata\local\play withsix\tools\mingw\bin\rsync.exe
O87 - FAEL: "UDP Query User{290EB67C-D99B-4355-993F-6163C9465BC2}C:\users\pessoal\appdata\local\play withsix\tools\mingw\bin\rsync.exe" | In - Private - P17 - TRUE | .(...) -- C:\users\pessoal\appdata\local\play withsix\tools\mingw\bin\rsync.exe
~ Firewall: 282 Legitimates Filtered in 00mn 03s

---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "2CC41EE158DEAEE478413AC168FA7396" . (.PCmover OEM Express.) -- C:\Windows\Installer\{1EE14CC2-ED85-4EEA-8714-A31C86AF3769}\ARPPRODUCTICON.exe
O90 - PUC: "33C1F2ECBFC0DE34CB28CDB161DA3864" . (.Carrier Strike Force for FSX.) -- C:\Windows\Installer\{CE2F1C33-0CFB-43ED-BC82-DC1B16AD8346}\ARPPRODUCTICON.exe
O90 - PUC: "4C581B44665283F44A1F90F2DCBB155A" . (.CalcTape.) -- C:\Windows\Installer\{44B185C4-2566-4F38-A4F1-092FCDBB51A5}\CalcTape_0001.ico
O90 - PUC: "724E6DACAF7503D4BBCA28B7BB8A3A5F" . (..) -- C:\Windows\Installer\{CAD6E427-57FA-4D30-BBAC-827BBBA8A3F5}\ARPPRODUCTICON.exe
O90 - PUC: "DAEE3F7DC381ED74DB5C95539375F379" . (.Play withSIX.) -- C:\Windows\Installer\{D7F3EEAD-183C-47DE-BDC5-593539573F97}\ARPPRODUCTICON.exe
~ Update Products: 200 Legitimates Filtered in 00mn 00s

---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.A8599AB1ED26F84E736A5C422B4DE193] [WIS][24/01/2011] (.Spirited Machine - ArmA II Launcher.) -- C:\Windows\Installer\251eedf.msi [1286656]
[MD5.E26BBFD430B526C4CA7E4E7C08C96FB2] [WIS][14/11/2013] (.Trend Micro Inc. - Trend Micro's HiJackThis.) -- C:\Windows\Installer\2e747d.msi [1402880]
[MD5.C827B4F6B0D02A78012288BD6BB2F28D] [WIS][03/02/2012] (.Laplink Software, Inc. - Laplink PCmover OEM Express.) -- C:\Windows\Installer\aa2e5.msi [30560256]
[MD5.E80ADAA9FB78A6D9066CAD331E5A7EBA] [WIS][22/09/2013] (.SIX Networks - Play withSIX.) -- C:\Windows\Installer\c78aa9.msi [11308032]
~ WIS: 209 Legitimates Filtered in 00mn 24s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 12/02/2012 69632 | (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
SS - | Demand 12/07/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 08/10/2013 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 10/09/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 10/09/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 24/10/2011 55144 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Disabled 02/02/2011 18656 | (Autodesk Content Service) . (...) - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Disabled 26/03/2013 23552 | (CronService) . (.Fork Ltd..) - C:\Prey\platform\windows\cronsvc.exe
SR - | Auto 18/04/2006 102400 | (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.exe
SS - | Demand 12/02/2012 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 03/03/2012 1431888 | (FLEXnet Licensing Service 64) . (.Flexera Software, Inc..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SR - | Auto 25/09/2013 451640 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SS - | Auto 07/11/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 07/11/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Demand 16/01/2012 934760 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 24/01/2011 326168 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
SS - | Demand 23/10/2013 18360 | (OverwolfUpdaterService) . (.Overwolf Ltd.) - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
SR - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 29/11/2012 38608 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 30/10/2013 566696 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 24/01/2011 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 25s

---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBR) (080)
Run by Pessoal at 15/11/2013 20:35:51
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBRCheck) (080)
Written by ad13, http://ad13.geekstog
Run by Pessoal at 15/11/2013 20:35:53

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

---\\ Scâner Aditional (088)
Database Version : 12994 - (14/11/2013)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 794877 Items scanned in 00mn 15s

---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 15s

~ 1885 Legitimates filtered by white list
End of the scan (645 lines in 09mn 09s)(26)

DigRam · Novembro 15, 2013

Boa Noite! Unholy0970

|- Execute este script na ferramenta ZHPFix.
|- Copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c
|- À seguir,minimize o Bloco de Notas.

script zhpfix

[MD5.378189889438568FEF3D98588283B3A5] [sPRF][10/11/2013] (...) -- C:\Users\Pessoal\AppData\Local\Temp\Quarantine.exe [350377]
[MD5.00000000000000000000000000000000] [APT] [{771C2C5F-322C-44E4-B9AF-861B9666D249}] (...) -- C:\Users\Pessoal\Desktop\googletalk-setup-pt-BR.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B47F16CF-F7B2-402C-9FAE-D6BA2C1F8A2B}] (...) -- C:\Jogos\Arma II OA\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E7AE7CCC-149A-4E7F-803C-C286C1E4756F}] (...) -- C:\Instaladores\Epson drivers\SCX4900_x86_6.1aS_GM.exe (.not file.) [0]
O43 - CFD: 28/11/2012 - 12:43:10 - [0] ----D C:\Users\Pessoal\AppData\Local\2012
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 04/11/2013 - 13:53:26 ---A- . (...) -- C:\DebugTraceNormal.log [0]
O44 - LFC:[MD5.8C67DEF03C0B6671850EEDC7A5006A33] - 13/11/2013 - 16:39:18 ---A- . (...) -- C:\Windows\DirectX.log [10967]
O44 - LFC:[MD5.9945AF7C421F99449BC80EBDC36DA5A8] - 14/11/2013 - 08:46:23 ---A- . (...) -- C:\Windows\IE11_main.log [4490]
O44 - LFC:[MD5.A63661CDB6B4A8C06E79046848F5222E] - 15/11/2013 - 18:12:10 ---A- . (...) -- C:\zoek-results.log [20402]
O45 - LFCP:[MD5.8A65E9ED4A8A22E1B2A7EEAA648FD493] - 15/11/2013 - 19:01:55 ---A- - C:\Windows\Prefetch\A TERRA DE NOITE.SCR-5D85A2C9.pf
O45 - LFCP:[MD5.0AC8EA098CB471B1722AF3DB4FE4F29A] - 15/11/2013 - 19:19:48 ---A- - C:\Windows\Prefetch\WGET.DAT-9AFB73CE.pf
O45 - LFCP:[MD5.145905BA5839543EDD8AB986A5F4F587] - 15/11/2013 - 19:19:57 ---A- - C:\Windows\Prefetch\JRT.EXE-B0AF7FE2.pf
O45 - LFCP:[MD5.1B2FC2FB0C80E53516F68625D6009AF5] - 15/11/2013 - 19:23:05 ---A- - C:\Windows\Prefetch\FC.EXE-F6221E79.pf
O45 - LFCP:[MD5.9E4571910BB7D1C85C5F4B8E9D3479DD] - 15/11/2013 - 19:23:15 ---A- - C:\Windows\Prefetch\CUT.DAT-1AC66C3F.pf
O45 - LFCP:[MD5.EB01D50EC68BC8DA3640D8F34EDD89D5] - 15/11/2013 - 19:23:32 ---A- - C:\Windows\Prefetch\FIND.EXE-9AADDA11.pf
O45 - LFCP:[MD5.A989470CCC4392C145E2742F25F10AD8] - 15/11/2013 - 19:23:32 ---A- - C:\Windows\Prefetch\SHORTCUT.DAT-01EA68AF.pf
O45 - LFCP:[MD5.35AF274008E3A0E225EDC5C103766176] - 15/11/2013 - 19:23:48 ---A- - C:\Windows\Prefetch\NIRCMD.DAT-71ADC894.pf
C:\Davide\HD velho\1 FAT32\AppleII\star_fleet_one_cracked.zip
C:\Davide\HD velho\1 FAT32\AppleII\two\star_fleet_one_cracked.zip
C:\Program Files (x86)\SIX Projects\Six Updater\tools\bin\ssh-keygen.exe
C:\Users\Pessoal\AppData\Local\Play withSIX\tools\mingw\bin\ssh-keygen.exe
firewallraz
emptytemp
emptyflash
emptyclsid

|- Abra a ferramenta ZHPFix. < >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!

A+

Unholy0970 · Novembro 16, 2013

Relatório:

Rapport de ZHPFix 2013.11.14.5 par Nicolas Coolman, Update du 14/11/2013
Fichier d'export Registre :
Run by Pessoal at 15/11/2013 22:06:41
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 03s)

========== Processo memória ==========
ELIMINÉ: Memory Process: C:\Users\Pessoal\AppData\Local\Temp\Quarantine.exe
ELIMINÉ: Memory Process: C:\Program Files (x86)\SIX Projects\Six Updater\tools\bin\ssh-keygen.exe
ELIMINÉ: Memory Process: C:\Users\Pessoal\AppData\Local\Play withSIX\tools\mingw\bin\ssh-keygen.exe

========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\debugtracenormal.log
ELIMINÉ: c:\windows\directx.log
ELIMINÉ: c:\windows\ie11_main.log
ELIMINÉ: c:\zoek-results.log
ELIMINÉ: c:\windows\prefetch\a terra de noite.scr-5d85a2c9.pf
ELIMINÉ: c:\windows\prefetch\wget.dat-9afb73ce.pf
ELIMINÉ: c:\windows\prefetch\jrt.exe-b0af7fe2.pf
ELIMINÉ: c:\windows\prefetch\fc.exe-f6221e79.pf
ELIMINÉ: c:\windows\prefetch\cut.dat-1ac66c3f.pf
ELIMINÉ: c:\windows\prefetch\find.exe-9aadda11.pf
ELIMINÉ: c:\windows\prefetch\shortcut.dat-01ea68af.pf
ELIMINÉ: c:\windows\prefetch\nircmd.dat-71adc894.pf
ELIMINÉ: C:\Davide\HD velho\1 FAT32\AppleII\star_fleet_one_cracked.zip
ELIMINÉ: C:\Davide\HD velho\1 FAT32\AppleII\two\star_fleet_one_cracked.zip
ELIMINÉ Temporários windows (159) (1.925.737 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {771C2C5F-322C-44E4-B9AF-861B9666D249}
ELIMINÉ: {B47F16CF-F7B2-402C-9FAE-D6BA2C1F8A2B}
ELIMINÉ: {E7AE7CCC-149A-4E7F-803C-C286C1E4756F}

========== Recapitulativo ==========
3 : Processo memória
2 : Valores do Registo
1 : Pastas
16 : Ficheiros
3 : Tarefa planificada

End of clean in 00mn 08s

========== Caminho do ficheiro do relatório ==========
C:\Users\Pessoal\AppData\Roaming\ZHP\ZHPFix[R1].txt - 15/11/2013 22:06:44 [2046]

DigRam · Novembro 16, 2013

Boa Noite! Unholy0970

|- Remova as ferramentas que foram empregadas na desinfecção do PC.

-/-

|- Baixe: |DelFix| ( ... de Xplode )

|- Estando na página,clique na seta verde para o download.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.

|- Execute-a!
|- Com as 3 checkbox marcadas!
|- Clique "Run".

-/-

|- Otimize a RAM e limpe o registro com a JetClean.

|- Baixe: < JetClean 1.5.0 > ( ... by BlueSprig.com )

< Maiores informações! > << Leia aqui!

|- Salve-o em Arquivos de programas. ( jetclean-setup.exe )

|- Instale o software e na guia "1-Click",escolha a opção "Registry Clean".
|- Vá em "Scan Now" e escolha: Shut down PC after Repair

|- Ou escolhendo a opção "Scan & Repair",sem o reboot do PC.
|- Tudo Ok?

Abs!

Unholy0970 · Novembro 16, 2013

Boa noite DigRam.

Agradeço todo o trabalho que teve. Com certeza me ajudou a fazer uma limpeza em meu PC como eu nunca havia feito.

Porém, os problemas persistem.

Particularmente com jogos como Arma 2 Operation Arrowhead e Iron Front.

Logo no início dos jogos, depois dos menus iniciais, já na tela "gráfica", o HD lê muito, depois pára e lê aos poucos, com o led " piscando" ou até fica sem ler, com a máquina travada (mas Caps Lock e Num Lock respondendo normalmente). Nestes momentos, o PC não aceita Alt+Tab nem muito menos Ctrl+Alt+Del.

Depois aparece a clássica janelinha do Windows dizendo que aplicativo não responde e propondo fechar o aplicativo ou aguardar resposta do mesmo. Uma vez fechado o aplicativo, a máquina volta ao normal. Não dá nenhum sintoma com os aplicativos Office, Adobe, etc..

Estava jogando com tranquilidade até poucos dias, não consigo entender o que causa o problema.

Monitoro temperatura de placa de vídeo, CPU, fans, etc.. Nada de anormal... sei lá!

De qualquer forma, muito obrigado mesmo pela ajuda.

Abraços.

DigRam · Novembro 16, 2013

Bom Dia! Unholy0970

< Requisitos de Sistema para ARMA II Operation Arrowhead >

Requisitos Recomendados

• Processador: Intel Core 2 Duo 2.4Ghz ou AMD Dual-Core equivalente
• Memória RAM: 2 GB
• Memória de Vídeo: 896 MB
• Chipset de vídeo: NVIDIA GTX 260
• Direct3D: Sim
• Versão do DirectX: 9.0c
• Sistemas Operacionas: Windows XP, Windows Vista, Windows 7,
• Espaço: 10 GB livres em disco

-/-

|- Provavelmente,seu PC não possui alguma dessas configurações que são exigidas pelo jogo.

--\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8171 MB (74% free)
System Restore: Activé (Enable)
System drive C: has 175 GB (18%) free of 931 GB
######
######

|- Estas informações no relatório de ZHPDiag,são pouco decisivas e atendem a alguns pontos.

A+

Unholy0970 · Novembro 16, 2013

Bom dia DIgRam,

minha configuração:

CPU Intel i5 2500K

8 Gb RAM

1 TB HD

Video ASUS EAH 6850

De qualquer forma, repito, sempre joguei estes mesmos jogos há meses até 4 dias atrás, sem nenhum problema, com a máxima fluidez.

Pode ser problema de memória? Tem alguma ferramenta que você possa me aconselhar para verificar problemas hardware em HD, memória e placa de vídeo?

Grato.

DigRam · Novembro 16, 2013

Bom Dia! Unholy0970

< http://www.youtube.com/watch?v=hDA2vxEL6ZU'>PC CHECK >

|- Este vídeo possui um bom tutorial para o teste de Hardware,utilizando o Hirens Boot CD,que é gravado no formato ISO.
|- Boa Sorte!

Abs!

Unholy0970 · Novembro 16, 2013

Muito obrigado por tudo.

Abs!

DigRam · Novembro 16, 2013

Muito obrigado por tudo.

Abs!

Bom Dia! Unholy0970

|- Caso venha a corrigir o problema,retorne a este Tópico e relate a solução para que sirva de ótimo elemento de pesquisa e possa ajudar outros usuários que tenham o mesmo problema.

Abs!

Unholy0970 · Novembro 17, 2013

Bom dia DigRam,

não faltarei em comunicar se conseguir corrigir o problema, mas, atualmente estou pensando em formatação do HD...

Abs.

Unholy0970 · Novembro 17, 2013

Boa tarde DigRam,

tenho uma novidade: no visualizador de eventos do Windows, tenho uma grande quantidade de erros atapi.

Resumo dos eventos administrativos: tipo de evento: erro / identificação do evento:11 / Fonte: atapi/ Log: sistema

O driver detectou um erro de controlador em \Device\Ide\IdePort1

Na última hora foram 30 erros, nas últimas 24 horas 382 erros, nos últimos 7 dias 454 erros.

Acho que meu problema está aí. Pode me dar alguma dica em mérito?

Arquivado

[Resolvido] &nbspPC WIn 7 64bits Ultimate travando somente com jogos

Recommended Posts

Unholy0970 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

Unholy0970 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

Unholy0970 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

Unholy0970 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

Unholy0970 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

Unholy0970 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

Unholy0970 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

Unholy0970 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

Unholy0970 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

Unholy0970 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Unholy0970 0