Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

bordmelo

[Arquivado] Impossível de salvar alterações.

Recommended Posts

O computador não consegue salvar nenhuma alteração. Desde programas instalados a documentos como fotos e escritos, após ele reiniciar some tudo. Estive fazendo uma pesquisa na internet e havia duas possibilidades malware ou deepfreeze porém não tenho deepfreeze instalado então encontrei o fórum espero que possam me ajudar, desde já estou muito agradecido a tentativa de alguém.

 

Segue abaixo log do HiJackThis:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:24:34, on 05/05/2015
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Diebold\Warsaw\core.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\HiJackThis\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Protecao SGDA Plus - Terminal] X:\ADVSIM\AGUARDIAN\QEB_HWT.EXE /REMOTE
O4 - HKCU\..\Run: [bDE X Man] "C:\Program Files\Dr. Regener\BDE for Vista\BDEVTool.exe" check
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O15 - Trusted Zone: http://www.caixa.gov.br
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: DFServ - Unknown owner - C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
--
End of file - 7357 bytes

 

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá.

 

Faça o download do < ZHPDiag > < NicolasCoolman.jpg> ( ... de Nicolas Coolman )

 

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

 

tutorial_do_zhpcleaner_2.jpg

 

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

 

Tutorial de instalação e execução do aplicativo ZHPDiag

 

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_____________________________________________________________________________

 

Obs: Caso o relatório do ZHPDiag fique muito grande e não couber na sua resposta, acesse o site Cjoint:

http://cjoint.com

 

Clique no botão Escolher arquivo > Selecione o arquivo do log (relatório) e clique no botão Abrir.

 

Clique no botão Créer le lien Cjoint

 

Copie o link que aparecerá ao lado da frase Le lien a été créé e poste este link em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

---\\ Navegadores Internet

MSIE: Internet Explorer v8.0.7600.16385

MFIE: Mozilla Firefox 36.0.1

GCIE: Google Chrome v42.0.2311.135 (Defaut)


---\\ Informações sobre os produtos Windows

~ Langage: Portugais

Windows Server License Manager Script : OK

Software Protection Service (Protection logicielle) : OK

Windows Automatic Updates : OK

Windows Activation Technologies : OK

Windows 7 Ultimate, 32-bit (Build 7600)


---\\ Softwares de proteçao do sistema

Windows Defender W7 (Activate)


---\\ Softwares d'optimização do sistema

CCleaner v5.01


---\\ Softwares de partilha do PeerToPeer (P2P)


---\\ Monitoramento dos softwares

Adobe Flash Player 17 NPAPI

Adobe Reader X - Português


---\\ Informações sobre o sistema

~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel

~ Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 3317 MB (48% free)

System Restore: Activé (Enable)

System drive C: has 266 GB (89%) free of 298 GB


---\\ Modo de conexão ao sistema

~ Computer Name: LAB01-PC12

~ User Name: Atitude

~ All Users Names: Convidado, Atitude, Administrador,

~ Unselected Option: None

Logged in as Administrator


---\\ As variáveis de ambiente

~ System Unit : C:\

~ %AppZHP% : C:\Users\Atitude\AppData\Roaming\ZHP\

~ %AppData% : C:\Users\Atitude\AppData\Roaming\

~ %Desktop% : C:\Users\Atitude\Desktop\

~ %Favorites% : C:\Users\Atitude\Favorites\

~ %LocalAppData% : C:\Users\Atitude\AppData\Local\

~ %StartMenu% : C:\Users\Atitude\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\


---\\ Enumeração das unidades dos discos

A: Floppy drive, Flash card reader, USB Key (Not Inserted)

C: Hard drive, Flash drive, Thumb drive (Free 266 Go of 298 Go)

D: CD-ROM drive (Not Inserted)




---\\ Estado do Centro de Segurança do Windows

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK

[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK

[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date

~ Security Center: 41 Scanned in 00mn 00s




---\\ Pesquisa particular de ficheiros genéricos

[MD5.15BC38A7492BEFE831966ADB477CF76F] - (.Microsoft Corporation - Windows Explorer.) (.13/07/2009 - 22:14:20.) -- C:\Windows\Explorer.exe [2613248]

[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]

[MD5.0D874F3BC751CC2198AF2E6783FB8B35] - (.Microsoft Corporation - Internet Extensions para Win32.) (.13/07/2009 - 22:16:19.) -- C:\Windows\System32\wininet.dll [977920]

[MD5.8EC6A4AB12B8F3759E21F8E3A388F2CF] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Winlogon.exe [285696]

[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]

[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 20:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944]

[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]

[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]

[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]

[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 20:14:17.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]

[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]

[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]

[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]

[MD5.F4A054BE78AF7F410129C4B64B07DC9B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/07/2009 - 20:14:26.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]

[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]

[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.13/07/2009 - 22:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]

[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]

[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]

[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/07/2009 - 21:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]

[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]

[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]

[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]

~ Generic Processes: Scanned in 00mn 00s




---\\ Estatuto dos ficheiros ocultos (Oculto/Total)

~ Mes musiques (My Musics) : 1/3

~ Mes Favoris (My Favorites) : 1/18

~ Mes Documents (My Documents) : 2/35

~ Mon Bureau (My Desktop) : 1/18

~ Menu demarrer (Programs) : 1/33

~ Hidden Files: Scanned in 00mn 00s




---\\ Processos lançados

[MD5.BA904003C01EF8845BF9C53C86C3EEF8] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe [565560] [PID.732]

[MD5.1F79342D9EB530A48742F651E570983A] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176] [PID.1688]

[MD5.E4938E0A376CF0B9D989EE5C0A146891] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520] [PID.1892]

[MD5.A6A7AD767BF5141665F5C675F671B3E1] - (.Protexis Inc. - PsiService PsiService.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [185632] [PID.2040]

[MD5.ED6BB091F7DCE95FEE74FE328DCB5053] - (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) -- C:\Program Files\Diebold\Warsaw\core.exe [507704] [PID.348]

[MD5.F95FB090B54F423994214162D03D4969] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [312184] [PID.336]

[MD5.0938EA32472368D9D1E43AC4748805D6] - (.Metodologia ADVANCE - Proteção da Metodologia ADVANCE.) -- X:\ADVSIM\AGUARDIAN\Qeb_hwt.exe [948224] [PID.1376]

[MD5.027E278EAF348948A11C131B34E26C6D] - (.Metodologia ADVANCE - 2013 - SGDA Plus - Metodologia ADVANCE - 2013.) -- C:\Program Files\Metodologia ADVANCE\SGDA Plus\SGDA20.exe [39017472] [PID.1728]

[MD5.0187BDAFBAFAF967BB91B4F2D8E33BC8] - (.Microsoft Corporation - Microsoft Office Excel.) -- C:\Program Files\Microsoft Office\Office12\EXCEL.exe [17891112] [PID.3868]

[MD5.7EDA1D46618C2F5801E4A47D80AE89ED] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [812872] [PID.2944]

[MD5.3E04F1E482357B1FC8B088197C3D9FF8] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152] [PID.1168]

[MD5.CEAA5817A65E914AA178B28F12359A46] - (.Microsoft Corporation - Microsoft Office Word.) -- C:\Program Files\Microsoft Office\Office12\WINWORD.exe [347432] [PID.3216]

[MD5.A299EA000386A57EBAA2699A95FB91E0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8207360] [PID.3016]

[MD5.4C287F9069FEDBD791178876EE9DE536] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.3932]

~ Processes Running: Scanned in 00mn 03s




---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)

M2 - MFEP: RegExtension {87F8774F-B485-47E2-A755-A40A8A5E886D} . (...) --

M2 - MFEP: RegExtension {87F8774F-B485-47E2-A755-A40A8A5E886C} . (...) -- C:\Users\Atitude\AppData\Local\GAS Tecnologia\GBBD\bb\xpi (.not file.)

P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\bing.xml

P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\buscape.xml

P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\ddg.xml

P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\google.xml

P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\mercadolivre.xml

P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\twitter.xml

P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\wikipedia-br.xml

P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo-br.xml

P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll

P2 - FPN: [HKLM] [@java.com/DTPlugin,version=11.40.2] - (.Oracle Corporation - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll

P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=11.40.2] - (.Oracle Corporation - Next Generation Java Plug-in 11.40.2 for Mozilla browsers.) -- C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll

P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.30514.0.) -- c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll

P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll

P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Atitude\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll

~ Firefox Browser: 25 Scanned in 00mn 00s




---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)

R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)

R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1

~ IE Browser: 11 Scanned in 00mn 00s




---\\ Internet Explorer, Gestão do Proxy (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s




---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Keys: Scanned in 00mn 00s




---\\ Redireção do ficheiro Hosts (01)

~ Le fichier hôte est sain (The hosts file is clean) (21)

~ Hosts File: Scanned in 00mn 00s




---\\ Browser Helper Objects do navegador (02)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java Platform SE binary.) -- C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Microsoft Corporation - Skype Click to Call IE Add-on.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehcef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java Platform SE binary.) -- C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll

~ BHO: 14 Scanned in 00mn 00s




---\\ Aplicações iniciadas por registo & pastas (04)

O4 - HKLM\..\Run: [Protecao SGDA Plus - Terminal] . (.Metodologia ADVANCE - Proteção da Metodologia ADVANCE.) -- X:\ADVSIM\AGUARDIAN\QEB_HWT.exe

O4 - HKCU\..\Run: [bDE X Man] . (.GPSur Dr. Erhard Regener - BDE X Tool.) -- C:\Program Files\Dr. Regener\BDE for Vista\BDEVTool.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

O4 - HKUS\S-1-5-21-1247583590-2966408015-1038971919-1000\..\Run: [bDE X Man] . (.GPSur Dr. Erhard Regener - BDE X Tool.) -- C:\Program Files\Dr. Regener\BDE for Vista\BDEVTool.exe

~ Application: Scanned in 00mn 00s




---\\ Icones das opções IE invisiveis no painel das configurações (05)

O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no

~ IE Control Panel: 1 Scanned in 00mn 00s




---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)

O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO

~ IE Extra Buttons: Scanned in 00mn 00s




---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Provedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\Windows\system32\mswsock.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll

O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Provedor de Correção de Nomeação de Emails.) -- C:\Windows\system32\napinsp.dll

O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000007\Winsock LSP File . (.Apple Computer, Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll

~ Winsock: 7 Scanned in 00mn 00s




---\\ Site na zona confiavél do Internet Explorer (05)

O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br

O15 - Trusted Zone: [HKCU\...\Domains\www] http.bb.com.br

O15 - Trusted Zone: [HKCU\...\Domains\www] http.caixa.gov.br

~ IE Zone Confiance: Scanned in 00mn 00s




---\\ Alteração Dominio/Clientes DNS (017)

O17 - HKLM\System\CCS\Services\Tcpip\..\{33A8ABC8-DECC-4B62-A90A-ED43C76B4D3E}: DhcpNameServer = 192.168.2.254

O17 - HKLM\System\CCS\Services\Tcpip\..\{C974E7F6-611B-4EFE-87DD-8B507EB2A667}: DhcpNameServer = 192.168.2.254

O17 - HKLM\System\CCS\Services\Tcpip\..\{33A8ABC8-DECC-4B62-A90A-ED43C76B4D3E}: DhcpDomain = brazilfw.local

O17 - HKLM\System\CCS\Services\Tcpip\..\{C974E7F6-611B-4EFE-87DD-8B507EB2A667}: DhcpDomain = brazilfw.local

O17 - HKLM\System\CS1\Services\Tcpip\..\{33A8ABC8-DECC-4B62-A90A-ED43C76B4D3E}: DhcpNameServer = 192.168.2.254

O17 - HKLM\System\CS1\Services\Tcpip\..\{C974E7F6-611B-4EFE-87DD-8B507EB2A667}: DhcpNameServer = 192.168.2.254

O17 - HKLM\System\CS1\Services\Tcpip\..\{33A8ABC8-DECC-4B62-A90A-ED43C76B4D3E}: DhcpDomain = brazilfw.local

O17 - HKLM\System\CS1\Services\Tcpip\..\{C974E7F6-611B-4EFE-87DD-8B507EB2A667}: DhcpDomain = brazilfw.local

O17 - HKLM\System\CS2\Services\Tcpip\..\{33A8ABC8-DECC-4B62-A90A-ED43C76B4D3E}: DhcpNameServer = 192.168.2.254

O17 - HKLM\System\CS2\Services\Tcpip\..\{C974E7F6-611B-4EFE-87DD-8B507EB2A667}: DhcpNameServer = 192.168.2.254

O17 - HKLM\System\CS2\Services\Tcpip\..\{33A8ABC8-DECC-4B62-A90A-ED43C76B4D3E}: DhcpDomain = brazilfw.local

O17 - HKLM\System\CS2\Services\Tcpip\..\{C974E7F6-611B-4EFE-87DD-8B507EB2A667}: DhcpDomain = brazilfw.local

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254

~ Domain: Scanned in 00mn 00s




---\\ Protocolo adicional (018)

O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation

~ Protocole Additionnel: Scanned in 00mn 00s




---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: DfLogon . (...) -- Logondll.dll

~ Winlogon: Scanned in 00mn 00s




---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

~ SSODL: 1 Scanned in 00mn 00s




---\\ Lista dos serviços NT não Microsoft e não desativados (023)

O23 - Service: DFServ (DFServ) . (...) - C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe (.not file.)

O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) . (.Protexis Inc. - PsiService PsiService.) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: Warsaw Technology (Warsaw Technology) . (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) - C:\Program Files\Diebold\Warsaw\core.exe

~ Services: 5 Scanned in 00mn 02s




---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)

O24 - Default MHTML Editor: Last - .(...) - (.not file.)

~ Desktop Component: 4 Scanned in 00mn 00s




---\\ Listagem dos dados do BootExecute (Bex) (034)

O34 - HKLM BootExecute: (autocheck autochk /k:C *) - File not found

~ BEX: 1 Scanned in 00mn 00s




---\\ Tarefas planificadas automaticamente (039)

[MD5.B04A4810C6CC205F9DC72DC22E4AB236] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [268464]

[MD5.393F021E2A9FA19AC94BA4482E32FC6C] [APT] [AdobeAAMUpdater-1.0-LAB01-PC12-Atitude] (.Adobe Systems Incorporated.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608]

[MD5.805210C8DB11D5799E7172923959BF98] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [5489944]

[MD5.F172AD4E906D97ED8F071896FC6789DC] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [107912]

[MD5.F172AD4E906D97ED8F071896FC6789DC] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [107912]

[MD5.70D6EA378844CC762C57FA4B8AC63764] [APT] [update-S-1-5-21-1247583590-2966408015-1038971919-1000] (...) -- C:\Program Files\Skillbrains\Updater\Updater.exe [105728] =>PUP.SkillBrains

[MD5.70D6EA378844CC762C57FA4B8AC63764] [APT] [update-sys] (...) -- C:\Program Files\Skillbrains\Updater\Updater.exe [105728] =>PUP.SkillBrains

O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [902]

O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]

O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1054]

O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054]

O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1058]

O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1058]

O39 - APT: update-S-1-5-21-1247583590-2966408015-1038971919-1000 - (...) -- C:\Windows\Tasks\update-S-1-5-21-1247583590-2966408015-1038971919-1000.job [380]

O39 - APT: update-S-1-5-21-1247583590-2966408015-1038971919-1000 - (...) -- C:\Windows\System32\Tasks\update-S-1-5-21-1247583590-2966408015-1038971919-1000 [380]

O39 - APT: update-sys - (...) -- C:\Windows\Tasks\update-sys.job [380]

O39 - APT: update-sys - (...) -- C:\Windows\System32\Tasks\update-sys [380]

~ Scheduled Task: 13 Scanned in 00mn 01s




---\\ Componentes instalados (ActiveSetup Installed Components) (040)

O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation

O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe

O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Identidade visual IEAK.) -- C:\Windows\System32\iedkcs32.dll

O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll =>.Microsoft Corporation

O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\Windows\System32\themeui.dll

O40 - ASIC: Microsoft Windows - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe =>.Microsoft Corporation

O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extensão shell da pasta FTP do Microsoft Internet Explorer.) -- C:\Windows\System32\msieftp.dll

O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation

O40 - ASIC: Vivaldi - {7D2B3E1D-D096-4594-9D8F-A6667F12E0AC} . (.Vivaldi Technologies AS - Vivaldi Installer.) -- C:\Program Files\Vivaldi\Application\1.0.118.19\Installer\chrmstp.exe

O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\Windows\System32\shell32.dll

O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe

O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll

O40 - ASIC: Google Chrome - {8A69D345-D564-463c-AFF1-A69D9E530F96} . (.Google Inc. - Google Chrome Installer.) -- C:\Program Files\Google\Chrome\Application\42.0.2311.135\Installer\chrmstp.exe

~ Active Setup: 13 Scanned in 00mn 00s




---\\ Drivers lançados ao arranque do sistema (041)

O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys

O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys

O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys

O41 - Driver: C:\Windows\System32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys

O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys

O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys

O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\System32\DRIVERS\mssmbios.sys

O41 - Driver: (ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys

O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys

O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys

O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys

O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Agendador de pacotes de serviço.) - C:\Windows\System32\DRIVERS\pacer.sys

O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Driver do Subsistema de Buffer da Unidade R.) - C:\Windows\System32\DRIVERS\rdbss.sys

O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys

O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys

O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys

O41 - Driver: (Serial) . (.Microsoft Corporation - Driver de dispositivo serial.) - C:\Windows\System32\DRIVERS\serial.sys

O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys

O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys

O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys

O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys

O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys

~ Drivers: 66 Scanned in 00mn 00s




---\\ Software instalados (042)

O42 - Logiciel: ADV_Mao - (.UNKNOWN.) [HKLM] -- com.adobe.example.ADV-Mao.E3428356AB218ACE167EB27234FEE05B71EFE56C.1

O42 - Logiciel: ADV_Mao - (.UNKNOWN.) [HKLM] -- {EE7883D9-8887-B4F3-251D-7334B0C45D38}

O42 - Logiciel: ActiveX e Flash Player - (.ADVANCE CCI.) [HKLM] -- ActiveX e Flash Player_is1

O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- Adobe AIR

O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- {46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}

O42 - Logiciel: Adobe Anchor Service CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {90176341-0A8B-4CCC-A78D-F862228A6B95}

O42 - Logiciel: Adobe Asset Services CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

O42 - Logiciel: Adobe Bridge CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {9C9824D9-9000-4373-A6A5-D0E5D4831394} =>.Adobe Systems Incorporated

O42 - Logiciel: Adobe Bridge Start Meeting - (.Adobe Systems Incorporated.) [HKLM] -- {08B32819-6EEF-4057-AEDA-5AB681A36A23} =>.Adobe Systems Incorporated

O42 - Logiciel: Adobe CMaps - (.Adobe Systems Incorporated.) [HKLM] -- {A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

O42 - Logiciel: Adobe Camera Raw 4.0 - (.Adobe Systems Incorporated.) [HKLM] -- {B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

O42 - Logiciel: Adobe Color - Photoshop Specific - (.Adobe Systems Incorporated.) [HKLM] -- {A2D81E70-2A98-4A08-A628-94388B063C5E}

O42 - Logiciel: Adobe Color Common Settings - (.Adobe Systems Incorporated.) [HKLM] -- {DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}

O42 - Logiciel: Adobe Color EU Extra Settings - (.Adobe Systems Incorporated.) [HKLM] -- {51846830-E7B2-4218-8968-B77F0FF475B8}

O42 - Logiciel: Adobe Color EU Recommended Settings - (.Adobe Systems Incorporated.) [HKLM] -- {BD087F50-46B2-43E4-BD73-5DB3DC20B47C}

O42 - Logiciel: Adobe Color JA Extra Settings - (.Adobe Systems Incorporated.) [HKLM] -- {D92B72E2-C854-4738-8ED6-4C3661CC17AE}

O42 - Logiciel: Adobe Color NA Extra Settings - (.Adobe Systems Incorporated.) [HKLM] -- {6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}

O42 - Logiciel: Adobe Color NA Recommended Settings - (.Adobe Systems Incorporated.) [HKLM] -- {95655ED4-7CA5-46DF-907F-7144877A32E5}

O42 - Logiciel: Adobe Community Help - (.Adobe Systems Incorporated..) [HKLM] -- chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

O42 - Logiciel: Adobe Community Help - (.Adobe Systems Incorporated..) [HKLM] -- {3521BDBD-D453-5D9F-AA55-44B75D214629}

O42 - Logiciel: Adobe Default Language CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

O42 - Logiciel: Adobe Device Central CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {8D2BA474-F406-4710-9AE4-D4F22D21F0DD} =>.Adobe Systems Incorporated

O42 - Logiciel: Adobe Dreamweaver CS5.5 - (.Adobe Systems Incorporated.) [HKLM] -- {0215A652-E081-4B09-9333-DC85AAB67FFA}

O42 - Logiciel: Adobe ExtendScript Toolkit 2 - (.Adobe Systems Incorporated.) [HKLM] -- {C2D69781-F392-4118-A5A7-C7E9C38DBFC2} =>.Adobe Systems Incorporated

O42 - Logiciel: Adobe Flash Player 17 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX

O42 - Logiciel: Adobe Flash Player 17 NPAPI - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player NPAPI

O42 - Logiciel: Adobe Flash Professional CS5.5 - (.Adobe Systems Incorporated.) [HKLM] -- {23E445D5-FD83-4C50-A211-EB26A2975317}

O42 - Logiciel: Adobe Fonts All - (.Adobe Systems Incorporated.) [HKLM] -- {6ABE0BEE-D572-4FE8-B434-9E72A289431B}

O42 - Logiciel: Adobe Help Viewer CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {7ACFB90E-8FD0-4397-AD3A-5195412623A3}

O42 - Logiciel: Adobe InDesign CS3 - (.Adobe Systems Incorporated.) [HKLM] -- Adobe_dfa8fc0c7031e22ee645d3d042b75ba =>.Adobe Systems Incorporated

O42 - Logiciel: Adobe InDesign CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {C6C372C8-8612-45C8-A7EF-1FDED1769A6E} =>.Adobe Systems Incorporated

O42 - Logiciel: Adobe InDesign CS3 Icon Handler - (.Adobe Systems Incorporated.) [HKLM] -- {EA7B3CC4-366D-4CF6-8350-FD7A7034116E} =>.Adobe Systems Incorporated

O42 - Logiciel: Adobe Linguistics CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {54793AA1-5001-42F4-ABB6-C364617C6078}

O42 - Logiciel: Adobe PDF Library Files - (.Adobe Systems Incorporated.) [HKLM] -- {D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

O42 - Logiciel: Adobe Photoshop CS3 - (.Adobe Systems Incorporated.) [HKLM] -- Adobe_2ac78060bc5856b0c1cf873bb919b58 =>.Adobe Systems Incorporated

O42 - Logiciel: Adobe Photoshop CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {0046FA01-C5B9-4985-BACB-398DC480FC05} =>.Adobe Systems Incorporated

O42 - Logiciel: Adobe Reader X - Português - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1046-7B44-AA0000000001}

O42 - Logiciel: Adobe SING CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {3F9B2FD2-1C83-4401-9967-C3636638E958}

O42 - Logiciel: Adobe Setup - (.Adobe Systems Incorporated.) [HKLM] -- {847E2F71-5CA8-4459-B59D-0B5CAD73FCEB}

O42 - Logiciel: Adobe Setup - (.Adobe Systems Incorporated.) [HKLM] -- {D1BB4446-AE9C-4256-9A7F-4D46604D2462}

O42 - Logiciel: Adobe Stock Photos CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {29E5EA97-5F74-4A57-B8B2-D4F169117183} =>.Adobe Systems Incorporated

O42 - Logiciel: Adobe Type Support - (.Adobe Systems Incorporated.) [HKLM] -- {8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

O42 - Logiciel: Adobe Update Manager CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {E69AE897-9E0B-485C-8552-7841F48D42D8}

O42 - Logiciel: Adobe Version Cue CS3 Client - (.Adobe Systems Incorporated.) [HKLM] -- {D0DFF92A-492E-4C40-B862-A74A173C25C5} =>.Adobe Systems Incorporated

O42 - Logiciel: Adobe Widget Browser - (.Adobe Systems Incorporated..) [HKLM] -- com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1

O42 - Logiciel: Adobe Widget Browser - (.Adobe Systems Incorporated..) [HKLM] -- {BDE646E8-86E0-50E1-37BC-0AEBB2185D76}

O42 - Logiciel: Adobe WinSoft Linguistics Plugin - (.Adobe Systems Incorporated.) [HKLM] -- {184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

O42 - Logiciel: Adobe XMP Panels CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {802771A9-A856-4A41-ACF7-1450E523C923}

O42 - Logiciel: Ashampoo Burning Studio 14 v.14.0.4 - (.Ashampoo GmbH & Co. KG.) [HKLM] -- {91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1

O42 - Logiciel: AutoCAD 2008 - English - (.Autodesk.) [HKLM] -- AutoCAD 2008 - English

O42 - Logiciel: Autodesk DWF Viewer 7 - (.Autodesk, Inc..) [HKLM] -- {9A346205-EA92-4406-B1AB-50379DA3F057}

O42 - Logiciel: BDE eXpress for Vista - (...) [HKLM] -- BDE eXpress for Vista

O42 - Logiciel: Battle.net - (.Blizzard Entertainment.) [HKLM] -- Battle.net

O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner

O42 - Logiciel: Castle Crashers - (.The Behemoth.) [HKLM] -- Steam App 204360

O42 - Logiciel: CorelDRAW Graphics SUite X4 - ICA - (.Corel Corporation.) [HKLM] -- {7F05E704-30A6-421A-97A7-8EEB1C7FF010}

O42 - Logiciel: CorelDRAW Graphics Suite X4 - (.Corel Corporation.) [HKLM] -- {44A27085-0616-4181-A0C3-81C7ECA17F73}

O42 - Logiciel: CorelDRAW Graphics Suite X4 - Capture - (.Corel Corporation.) [HKLM] -- {7F05E704-30A6-421A-97A7-8EEB1C7FF012}

O42 - Logiciel: CorelDRAW Graphics Suite X4 - Content - (.Corel Corporation.) [HKLM] -- {7F05E704-30A6-421A-97A7-8EEB1C7FF016}

O42 - Logiciel: CorelDRAW Graphics Suite X4 - Draw - (.Corel Corporation.) [HKLM] -- {7F05E704-30A6-421A-97A7-8EEB1C7FF013}

O42 - Logiciel: CorelDRAW Graphics Suite X4 - Filters - (.Corel Corporation.) [HKLM] -- {7F05E704-30A6-421A-97A7-8EEB1C7FF017}

O42 - Logiciel: CorelDRAW Graphics Suite X4 - FontNav - (.Corel Corporation.) [HKLM] -- {7F05E704-30A6-421A-97A7-8EEB1C7FF019}

O42 - Logiciel: CorelDRAW Graphics Suite X4 - IPM - (.Corel Corporation.) [HKLM] -- {9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}

O42 - Logiciel: CorelDRAW Graphics Suite X4 - Lang BR - (.Corel Corporation.) [HKLM] -- {1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}

O42 - Logiciel: CorelDRAW Graphics Suite X4 - PP - (.Corel Corporation.) [HKLM] -- {7F05E704-30A6-421A-97A7-8EEB1C7FF014}

O42 - Logiciel: CorelDRAW Graphics Suite X4 - VBA - (.Corel Corporation.) [HKLM] -- {BF439B41-0252-48DE-8B8B-0430CB26A181}

O42 - Logiciel: CorelDRAW® Graphics Suite X4 - (.Corel Corporation.) [HKLM] -- _{7F05E704-30A6-421A-97A7-8EEB1C7FF010}

O42 - Logiciel: CorelDRAW® Graphics Suite X4 - Windows Shell Extension - (.Corel Corporation.) [HKLM] -- _{CE2DA11A-917F-4CF5-AB55-755EC115DD10}

O42 - Logiciel: CorelDRAW® Graphics Suite X4 - Windows Shell Extension - (.Corel Corporation.) [HKLM] -- {CE2DA11A-917F-4CF5-AB55-755EC115DD10}

O42 - Logiciel: FileZilla Client 3.10.2 - (.Tim Kosse.) [HKLM] -- FileZilla Client

O42 - Logiciel: GBBD Caixa Economica Federal - (...) [HKLM] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1

O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome

O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA}

O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

O42 - Logiciel: Hearthstone - (.Blizzard Entertainment.) [HKLM] -- Hearthstone

O42 - Logiciel: Java 8 Update 40 - (.Oracle Corporation.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83218040F0}

O42 - Logiciel: Last Inua - (.Glowforth.) [HKLM] -- Steam App 331980

O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

O42 - Logiciel: Microsoft Windows Media Video 9 VCM - (...) [HKLM] -- WMV9_VCM

O42 - Logiciel: Microsoft XNA Framework Redistributable 3.0 - (.Microsoft Corporation.) [HKLM] -- {3898934B-05AE-41CD-96BE-70DA9BFBCE1F}

O42 - Logiciel: Microsoft XNA Framework Redistributable 3.1 - (.Microsoft Corporation.) [HKLM] -- {19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}

O42 - Logiciel: Microsoft XNA Framework Redistributable 4.0 Refresh - (.Microsoft Corporation.) [HKLM] -- {D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}

O42 - Logiciel: Mozilla Firefox 36.0.1 (x86 pt-BR) - (.Mozilla.) [HKLM] -- Mozilla Firefox 36.0.1 (x86 pt-BR)

O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] -- MozillaMaintenanceService

O42 - Logiciel: PDF Settings - (.Adobe Systems Incorporated.) [HKLM] -- {AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

O42 - Logiciel: PDF Settings CS5 - (.Adobe Systems Incorporated.) [HKLM] -- {A78FE97A-C0C8-49CE-89D0-EDD524A17392}

O42 - Logiciel: Skype Click to Call - (.Microsoft Corporation.) [HKLM] -- {6D1221A9-17BF-4EC0-81F2-27D30EC30701}

O42 - Logiciel: Skype™ 7.4 - (.Skype Technologies S.A..) [HKLM] -- {24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}

O42 - Logiciel: Songr - (.Xamasoft.) [HKCU] -- Songr

O42 - Logiciel: SpeedRunners - (.DoubleDutch Games.) [HKLM] -- Steam App 207140

O42 - Logiciel: Steam - (.Valve Corporation.) [HKLM] -- Steam

O42 - Logiciel: Sublime Text 2.0.2 - (...) [HKLM] -- Sublime Text 2_is1

O42 - Logiciel: Super Hexagon - (.Terry Cavanagh.) [HKLM] -- Steam App 221640

O42 - Logiciel: Vivaldi - (.Vivaldi.) [HKLM] -- Vivaldi

O42 - Logiciel: WYD XTS TzFah versão TzFah 755 - (.XTS, Inc..) [HKLM] -- {8BC628BC-3FE6-4AEC-AB7A-8164E111422D}_is1

O42 - Logiciel: WYD XTS versão 7.54 - (.wyd xts, Inc..) [HKLM] -- {0BC405D9-57F7-4734-9D54-125CEBA034C4}_is1

O42 - Logiciel: WYD XTS versão 755 - (.WYD XTS , Inc..) [HKLM] -- {0027F05B-36EC-4E67-899F-C2B286DA1366}_is1

O42 - Logiciel: Warsaw 1.5.1.8886 32 bits - (.GAS Tecnologia.) [HKLM] -- {20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1

O42 - Logiciel: WinRAR 4.20 (32-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver

O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU] -- uTorrent =>P2P.BitTorrent

~ Logic: 43 Scanned in 00mn 00s




---\\ HKCU & HKLM Software Keys

[HKCU\Software\Adobe]

[HKCU\Software\AppDataLow\Software\JavaSoft]

[HKCU\Software\AppDataLow]

[HKCU\Software\Ashampoo]

[HKCU\Software\AutoHelpDesk]

[HKCU\Software\Autodesk]

[HKCU\Software\BitTorrent] =>P2P.BitTorrent

[HKCU\Software\Blizzard Entertainment]

[HKCU\Software\Borland]

[HKCU\Software\Cheat Engine]

[HKCU\Software\Chromium]

[HKCU\Software\Classes]

[HKCU\Software\Clients]

[HKCU\Software\Corel]

[HKCU\Software\Dr. Regener]

[HKCU\Software\Enterbrain]

[HKCU\Software\GbAs]

[HKCU\Software\GbPlugin]

[HKCU\Software\GetPrivate]

[HKCU\Software\Glowforth]

[HKCU\Software\Google]

[HKCU\Software\IM Providers]

[HKCU\Software\Macromedia]

[HKCU\Software\MozillaPlugins]

[HKCU\Software\Mozilla]

[HKCU\Software\Netscape]

[HKCU\Software\ODBC]

[HKCU\Software\Piriform]

[HKCU\Software\Policies]

[HKCU\Software\RegisteredApplications]

[HKCU\Software\SkillBrains] =>PUP.SkillBrains

[HKCU\Software\Skype]

[HKCU\Software\SourceForge]

[HKCU\Software\South East Games]

[HKCU\Software\Trend Micro]

[HKCU\Software\Unity]

[HKCU\Software\Valve]

[HKCU\Software\Vivaldi]

[HKCU\Software\WinRAR SFX]

[HKCU\Software\WinRAR]

[HKCU\Software\antiufo]

[HKLM\Software\ATI Technologies]

[HKLM\Software\Adobe]

[HKLM\Software\Apple Computer, Inc.]

[HKLM\Software\Ashampoo]

[HKLM\Software\Autodesk]

[HKLM\Software\Blizzard Entertainment]

[HKLM\Software\Borland]

[HKLM\Software\Classes]

[HKLM\Software\Clients]

[HKLM\Software\Corel]

[HKLM\Software\Description]

[HKLM\Software\EPSON]

[HKLM\Software\Faronics]

[HKLM\Software\FileZilla 3]

[HKLM\Software\GetPrivate]

[HKLM\Software\Google]

[HKLM\Software\IM Providers]

[HKLM\Software\Intel]

[HKLM\Software\JavaSoft]

[HKLM\Software\JreMetrics]

[HKLM\Software\Kodak]

[HKLM\Software\Macromedia]

[HKLM\Software\MozillaPlugins]

[HKLM\Software\Mozilla]

[HKLM\Software\ODBC]

[HKLM\Software\Piriform]

[HKLM\Software\Policies]

[HKLM\Software\Protexis]

[HKLM\Software\RegisteredApplications]

[HKLM\Software\Skillbrains] =>PUP.SkillBrains

[HKLM\Software\Skype]

[HKLM\Software\Sonic]

[HKLM\Software\SteelSeries]

[HKLM\Software\TeamViewer]

[HKLM\Software\TrendMicro]

[HKLM\Software\Valve]

[HKLM\Software\WinRAR]

[HKLM\Software\mozilla.org]

~ Key Software: 226 Scanned in 00mn 00s




---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 17/09/2014 - 14:31:47 - [] ----D C:\Program Files\Adobe

O43 - CFD: 31/12/2007 - 23:34:12 - [] -SH-D C:\Program Files\Arquivos Comuns

O43 - CFD: 24/02/2015 - 17:10:11 - [] ----D C:\Program Files\Ashampoo

O43 - CFD: 17/09/2014 - 13:59:52 - [] ----D C:\Program Files\AutoCAD 2008

O43 - CFD: 17/09/2014 - 13:56:51 - [] ----D C:\Program Files\Autodesk

O43 - CFD: 08/01/2015 - 13:38:45 - [] ----D C:\Program Files\Bonjour

O43 - CFD: 08/01/2015 - 13:41:03 - [] ----D C:\Program Files\CCleaner

O43 - CFD: 31/12/2007 - 23:39:06 - [] ----D C:\Program Files\Cleaner

O43 - CFD: 24/04/2015 - 10:25:42 - [] ----D C:\Program Files\Common Files

O43 - CFD: 17/09/2014 - 14:20:05 - [] ----D C:\Program Files\Corel

O43 - CFD: 08/04/2015 - 08:23:00 - [] ----D C:\Program Files\Diebold

O43 - CFD: 17/09/2014 - 13:51:22 - [] ----D C:\Program Files\Dr. Regener

O43 - CFD: 29/07/2009 - 15:45:54 - [] ----D C:\Program Files\DVD Maker

O43 - CFD: 23/02/2015 - 12:43:58 - [0] ----D C:\Program Files\epson

O43 - CFD: 17/03/2015 - 18:39:17 - [] ----D C:\Program Files\FileZilla FTP Client

O43 - CFD: 08/04/2015 - 08:23:00 - [] --H-D C:\Program Files\GAS Tecnologia

O43 - CFD: 11/04/2015 - 07:48:24 - [] ---AD C:\Program Files\GbPlugin

O43 - CFD: 23/02/2015 - 12:37:22 - [] ----D C:\Program Files\Google

O43 - CFD: 25/03/2015 - 17:41:27 - [] ----D C:\Program Files\Hearthstone

O43 - CFD: 30/01/2015 - 12:59:04 - [] ----D C:\Program Files\InstallShield Installation Information

O43 - CFD: 29/07/2009 - 15:45:54 - [] ----D C:\Program Files\Internet Explorer

O43 - CFD: 25/03/2015 - 19:18:44 - [] ----D C:\Program Files\Java

O43 - CFD: 17/09/2014 - 13:52:05 - [] ----D C:\Program Files\Metodologia ADVANCE

O43 - CFD: 14/07/2009 - 04:50:24 - [] ----D C:\Program Files\Microsoft Games

O43 - CFD: 17/09/2014 - 14:39:30 - [] ----D C:\Program Files\Microsoft Office

O43 - CFD: 27/01/2015 - 15:45:33 - [] ----D C:\Program Files\Microsoft Silverlight

O43 - CFD: 31/12/2007 - 23:38:13 - [] ----D C:\Program Files\Microsoft SQL Server

O43 - CFD: 17/09/2014 - 14:39:28 - [] ----D C:\Program Files\Microsoft Visual Studio

O43 - CFD: 17/09/2014 - 14:38:26 - [] ----D C:\Program Files\Microsoft Visual Studio 8

O43 - CFD: 17/09/2014 - 14:39:34 - [] ----D C:\Program Files\Microsoft Works

O43 - CFD: 07/01/2015 - 12:25:10 - [] ----D C:\Program Files\Microsoft XNA

O43 - CFD: 06/01/2015 - 18:01:49 - [] ----D C:\Program Files\Microsoft.NET

O43 - CFD: 08/04/2015 - 08:51:35 - [] ----D C:\Program Files\Mozilla Firefox

O43 - CFD: 31/03/2015 - 07:42:11 - [] ----D C:\Program Files\Mozilla Maintenance Service

O43 - CFD: 17/09/2014 - 14:39:32 - [] ----D C:\Program Files\MSBuild

O43 - CFD: 09/03/2015 - 09:06:07 - [] ----D C:\Program Files\MSECache

O43 - CFD: 14/07/2009 - 01:52:30 - [] ----D C:\Program Files\Reference Assemblies

O43 - CFD: 09/04/2015 - 11:20:50 - [] ----D C:\Program Files\Skillbrains =>PUP.SkillBrains

O43 - CFD: 24/04/2015 - 10:26:01 - [] R---D C:\Program Files\Skype

O43 - CFD: 30/01/2015 - 12:59:04 - [] ----D C:\Program Files\Sony

O43 - CFD: 24/04/2015 - 19:24:37 - [] ----D C:\Program Files\Steam

O43 - CFD: 17/09/2014 - 14:37:15 - [] ----D C:\Program Files\Sublime Text 2

O43 - CFD: 14/07/2009 - 01:53:23 - [0] --H-D C:\Program Files\Uninstall Information

O43 - CFD: 09/03/2015 - 14:38:34 - [] ----D C:\Program Files\Vivaldi

O43 - CFD: 29/07/2009 - 15:45:54 - [] ----D C:\Program Files\Windows Defender

O43 - CFD: 29/07/2009 - 15:45:54 - [] ----D C:\Program Files\Windows Journal

O43 - CFD: 29/07/2009 - 15:45:54 - [] ----D C:\Program Files\Windows Mail =>.Microsoft Corporation

O43 - CFD: 29/07/2009 - 15:45:54 - [] ----D C:\Program Files\Windows Media Player =>.Microsoft Corporation

O43 - CFD: 31/12/2007 - 23:34:12 - [] ----D C:\Program Files\Windows NT

O43 - CFD: 29/07/2009 - 15:45:54 - [] ----D C:\Program Files\Windows Photo Viewer

O43 - CFD: 14/07/2009 - 01:52:32 - [] ----D C:\Program Files\Windows Portable Devices

O43 - CFD: 29/07/2009 - 15:45:54 - [] ----D C:\Program Files\Windows Sidebar

O43 - CFD: 31/12/2007 - 23:35:53 - [] ----D C:\Program Files\WinRAR

O43 - CFD: 17/09/2014 - 13:51:44 - [] ----D C:\Program Files\WMV9_VCM

O43 - CFD: 24/04/2015 - 12:41:54 - [] ----D C:\Program Files\WYD XTS

O43 - CFD: 22/04/2015 - 18:29:12 - [] ----D C:\Program Files\WYD XTS TzFah

O43 - CFD: 05/05/2015 - 16:46:03 - [] ----D C:\Program Files\ZHPDiag =>.Nicolas Coolman

O43 - CFD: 17/09/2014 - 14:31:47 - [] ----D C:\Program Files\Common Files\Adobe

O43 - CFD: 17/09/2014 - 14:23:44 - [] ----D C:\Program Files\Common Files\Adobe AIR

O43 - CFD: 17/09/2014 - 14:00:09 - [] ----D C:\Program Files\Common Files\Autodesk Shared

O43 - CFD: 05/01/2015 - 15:20:17 - [0] ----D C:\Program Files\Common Files\Blizzard Entertainment

O43 - CFD: 31/12/2007 - 23:38:35 - [] ----D C:\Program Files\Common Files\Borland Shared

O43 - CFD: 17/09/2014 - 14:04:50 - [] ----D C:\Program Files\Common Files\Control Panels

O43 - CFD: 16/03/2015 - 17:17:58 - [] ----D C:\Program Files\Common Files\Corel

O43 - CFD: 17/09/2014 - 14:36:31 - [] ----D C:\Program Files\Common Files\Designer

O43 - CFD: 23/02/2015 - 12:34:24 - [] ----D C:\Program Files\Common Files\EPSON

O43 - CFD: 17/09/2014 - 13:56:57 - [] ----D C:\Program Files\Common Files\InstallShield

O43 - CFD: 30/01/2015 - 12:39:41 - [] ----D C:\Program Files\Common Files\Java

O43 - CFD: 17/09/2014 - 14:02:18 - [] ----D C:\Program Files\Common Files\Macrovision Shared

O43 - CFD: 08/01/2015 - 12:51:50 - [] ----D C:\Program Files\Common Files\microsoft shared

O43 - CFD: 16/03/2015 - 17:18:58 - [] ----D C:\Program Files\Common Files\Protexis

O43 - CFD: 13/07/2009 - 23:37:05 - [] ----D C:\Program Files\Common Files\Services

O43 - CFD: 31/12/2007 - 23:34:12 - [] -SH-D C:\Program Files\Common Files\Sistema

O43 - CFD: 24/04/2015 - 10:25:42 - [] ----D C:\Program Files\Common Files\Skype

O43 - CFD: 13/07/2009 - 23:37:05 - [] ----D C:\Program Files\Common Files\SpeechEngines

O43 - CFD: 06/01/2015 - 15:20:17 - [] ----D C:\Program Files\Common Files\Steam

O43 - CFD: 17/09/2014 - 14:38:12 - [] ----D C:\Program Files\Common Files\System

O43 - CFD: 18/02/2015 - 10:02:53 - [] ----D C:\Program Files\Common Files\Windows Live

O43 - CFD: 12/03/2015 - 08:06:06 - [] ----D C:\ProgramData\Adobe

O43 - CFD: 08/01/2015 - 16:07:15 - [] ----D C:\ProgramData\APN

O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Application Data

O43 - CFD: 24/02/2015 - 17:10:45 - [] ----D C:\ProgramData\Ashampoo

O43 - CFD: 10/01/2015 - 09:21:44 - [] ----D C:\ProgramData\Autodesk

O43 - CFD: 05/01/2015 - 15:15:45 - [] ----D C:\ProgramData\Battle.net

O43 - CFD: 05/01/2015 - 15:17:46 - [] ----D C:\ProgramData\Blizzard Entertainment

O43 - CFD: 16/03/2015 - 17:18:58 - [] ----D C:\ProgramData\Corel

O43 - CFD: 31/12/2007 - 23:34:11 - [] -SH-D C:\ProgramData\Dados de aplicativos

O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Desktop

O43 - CFD: 31/12/2007 - 23:34:11 - [] -SH-D C:\ProgramData\Documentos

O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Documents

O43 - CFD: 23/02/2015 - 12:42:33 - [] ----D C:\ProgramData\EPSON

O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Favorites

O43 - CFD: 31/12/2007 - 23:34:11 - [] -SH-D C:\ProgramData\Favoritos

O43 - CFD: 05/05/2015 - 14:31:24 - [] ----D C:\ProgramData\GbPlugin

O43 - CFD: 31/12/2007 - 23:34:12 - [] -SH-D C:\ProgramData\Menu Iniciar

O43 - CFD: 23/02/2015 - 12:34:58 - [] -S--D C:\ProgramData\Microsoft

O43 - CFD: 14/03/2015 - 16:50:30 - [] ----D C:\ProgramData\Microsoft Help

O43 - CFD: 31/12/2007 - 23:34:12 - [] -SH-D C:\ProgramData\Modelos

O43 - CFD: 26/01/2015 - 15:14:23 - [] ----D C:\ProgramData\Mozilla

O43 - CFD: 25/03/2015 - 19:18:49 - [] ----D C:\ProgramData\Oracle

O43 - CFD: 08/01/2015 - 12:52:46 - [] ----D C:\ProgramData\Package Cache

O43 - CFD: 21/03/2015 - 09:38:49 - [] ----D C:\ProgramData\regid.1986-12.com.adobe

O43 - CFD: 24/04/2015 - 10:25:40 - [] ----D C:\ProgramData\Skype

O43 - CFD: 30/01/2015 - 12:59:04 - [] ----D C:\ProgramData\Sony

O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Start Menu

O43 - CFD: 23/02/2015 - 12:34:58 - [] ----D C:\ProgramData\SteelSeries

O43 - CFD: 30/01/2015 - 12:39:42 - [] ----D C:\ProgramData\Sun

O43 - CFD: 08/04/2015 - 10:51:18 - [] ----D C:\ProgramData\Temp

O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Templates

O43 - CFD: 31/12/2007 - 23:31:18 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

O43 - CFD: 31/12/2007 - 23:31:24 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools

O43 - CFD: 17/09/2014 - 14:43:56 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe

O43 - CFD: 03/02/2015 - 07:44:33 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio

O43 - CFD: 24/02/2015 - 17:10:44 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo

O43 - CFD: 17/09/2014 - 13:59:44 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk

O43 - CFD: 17/09/2014 - 13:51:23 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BDE eXpress for Vista

O43 - CFD: 08/01/2015 - 13:41:02 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

O43 - CFD: 23/02/2015 - 12:43:02 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON

O43 - CFD: 17/03/2015 - 18:39:15 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client

O43 - CFD: 31/12/2007 - 23:31:19 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

O43 - CFD: 23/02/2015 - 12:37:23 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

O43 - CFD: 25/03/2015 - 19:19:04 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

O43 - CFD: 14/07/2009 - 01:42:30 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance

O43 - CFD: 17/09/2014 - 13:52:05 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metodologia ADVANCE

O43 - CFD: 23/02/2015 - 11:38:21 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

O43 - CFD: 27/01/2015 - 15:45:36 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

O43 - CFD: 25/03/2015 - 19:19:42 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCGEN

O43 - CFD: 24/04/2015 - 10:25:42 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

O43 - CFD: 11/04/2015 - 17:52:36 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

O43 - CFD: 23/02/2015 - 12:34:58 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries

O43 - CFD: 16/03/2015 - 17:18:29 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite de Aplicativos Gráficos CorelDRAW X4

O43 - CFD: 14/07/2009 - 04:48:45 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC

O43 - CFD: 09/03/2015 - 14:38:32 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vivaldi

O43 - CFD: 31/12/2007 - 23:35:53 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

O43 - CFD: 31/01/2015 - 17:11:59 - [0] ----D C:\Users\Atitude\AppData\Roaming\.minecraft

O43 - CFD: 11/03/2015 - 15:48:36 - [] ----D C:\Users\Atitude\AppData\Roaming\Adobe

O43 - CFD: 24/02/2015 - 17:11:34 - [] ----D C:\Users\Atitude\AppData\Roaming\Ashampoo

O43 - CFD: 10/01/2015 - 09:21:44 - [] ----D C:\Users\Atitude\AppData\Roaming\Autodesk

O43 - CFD: 05/01/2015 - 15:18:55 - [] ----D C:\Users\Atitude\AppData\Roaming\Battle.net

O43 - CFD: 16/03/2015 - 17:50:40 - [] ----D C:\Users\Atitude\AppData\Roaming\Corel

O43 - CFD: 16/01/2015 - 13:43:46 - [] ----D C:\Users\Atitude\AppData\Roaming\Dropbox

O43 - CFD: 07/04/2015 - 14:08:45 - [] ----D C:\Users\Atitude\AppData\Roaming\FileZilla

O43 - CFD: 31/12/2007 - 23:34:36 - [] ----D C:\Users\Atitude\AppData\Roaming\Identities

O43 - CFD: 17/09/2014 - 14:22:44 - [] ----D C:\Users\Atitude\AppData\Roaming\Macromedia

O43 - CFD: 14/07/2009 - 04:48:45 - [0] ----D C:\Users\Atitude\AppData\Roaming\Media Center Programs

O43 - CFD: 05/05/2015 - 13:22:34 - [] -S--D C:\Users\Atitude\AppData\Roaming\Microsoft

O43 - CFD: 26/01/2015 - 15:14:34 - [] ----D C:\Users\Atitude\AppData\Roaming\Mozilla

O43 - CFD: 24/04/2015 - 19:02:24 - [] ----D C:\Users\Atitude\AppData\Roaming\Skype

O43 - CFD: 13/02/2015 - 08:07:50 - [] ----D C:\Users\Atitude\AppData\Roaming\TeamViewer

O43 - CFD: 08/01/2015 - 19:56:16 - [] ----D C:\Users\Atitude\AppData\Roaming\To the Moon - Freebird Games

O43 - CFD: 24/02/2015 - 14:46:50 - [] ----D C:\Users\Atitude\AppData\Roaming\uTorrent =>P2P.µTorrent

O43 - CFD: 31/12/2007 - 23:35:57 - [] ----D C:\Users\Atitude\AppData\Roaming\WinRAR

O43 - CFD: 05/05/2015 - 16:47:29 - [] ----D C:\Users\Atitude\AppData\Roaming\ZHP =>.Nicolas Coolman

O43 - CFD: 09/04/2015 - 08:04:55 - [] ----D C:\Users\Atitude\AppData\Local\Adobe

O43 - CFD: 30/01/2015 - 14:00:25 - [0] ----D C:\Users\Atitude\AppData\Local\Android

O43 - CFD: 21/02/2015 - 11:10:52 - [] ----D C:\Users\Atitude\AppData\Local\Apps

O43 - CFD: 24/02/2015 - 17:11:36 - [] ----D C:\Users\Atitude\AppData\Local\ashampoo

O43 - CFD: 17/09/2014 - 13:57:18 - [] ----D C:\Users\Atitude\AppData\Local\Autodesk

O43 - CFD: 26/03/2015 - 20:32:27 - [] ----D C:\Users\Atitude\AppData\Local\Battle.net

O43 - CFD: 05/01/2015 - 15:34:34 - [] ----D C:\Users\Atitude\AppData\Local\Blizzard

O43 - CFD: 05/01/2015 - 15:18:14 - [] ----D C:\Users\Atitude\AppData\Local\Blizzard Entertainment

O43 - CFD: 24/04/2015 - 19:34:39 - [0] ----D C:\Users\Atitude\AppData\Local\CrashDumps

O43 - CFD: 31/12/2007 - 23:34:25 - [] -SH-D C:\Users\Atitude\AppData\Local\Dados de aplicativos

O43 - CFD: 23/02/2015 - 13:30:29 - [0] ----D C:\Users\Atitude\AppData\Local\Deployment

O43 - CFD: 08/04/2015 - 08:48:30 - [] ----D C:\Users\Atitude\AppData\Local\GAS Tecnologia

O43 - CFD: 31/12/2007 - 23:39:25 - [] ----D C:\Users\Atitude\AppData\Local\Google

O43 - CFD: 31/12/2007 - 23:34:25 - [] -SH-D C:\Users\Atitude\AppData\Local\Histórico

O43 - CFD: 07/01/2015 - 12:25:31 - [] ----D C:\Users\Atitude\AppData\Local\IsolatedStorage

O43 - CFD: 26/01/2015 - 15:15:17 - [] ----D C:\Users\Atitude\AppData\Local\Macromedia

O43 - CFD: 08/04/2015 - 13:07:01 - [] ----D C:\Users\Atitude\AppData\Local\Microsoft

O43 - CFD: 17/09/2014 - 14:38:02 - [0] ----D C:\Users\Atitude\AppData\Local\Microsoft Help

O43 - CFD: 26/01/2015 - 15:14:34 - [] ----D C:\Users\Atitude\AppData\Local\Mozilla

O43 - CFD: 25/03/2015 - 19:23:23 - [] ----D C:\Users\Atitude\AppData\Local\PCGen

O43 - CFD: 09/01/2015 - 16:31:26 - [] ----D C:\Users\Atitude\AppData\Local\Programs

O43 - CFD: 24/04/2015 - 10:25:51 - [] ----D C:\Users\Atitude\AppData\Local\Skype

O43 - CFD: 22/04/2015 - 11:50:34 - [] ----D C:\Users\Atitude\AppData\Local\Songr

O43 - CFD: 02/03/2015 - 16:39:44 - [] ----D C:\Users\Atitude\AppData\Local\Steam

O43 - CFD: 21/02/2015 - 14:40:27 - [] ----D C:\Users\Atitude\AppData\Local\SteelSeries Engine 3 Client

O43 - CFD: 05/05/2015 - 16:47:27 - [] ----D C:\Users\Atitude\AppData\Local\Temp

O43 - CFD: 31/12/2007 - 23:34:25 - [] -SH-D C:\Users\Atitude\AppData\Local\Temporary Internet Files

O43 - CFD: 31/12/2007 - 23:34:26 - [0] ----D C:\Users\Atitude\AppData\Local\VirtualStore

O43 - CFD: 09/03/2015 - 14:40:02 - [] ----D C:\Users\Atitude\AppData\Local\Vivaldi

O43 - CFD: 14/07/2009 - 01:42:04 - [] R---D C:\Users\Atitude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

O43 - CFD: 31/12/2007 - 23:34:43 - [] R---D C:\Users\Atitude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

O43 - CFD: 05/05/2015 - 13:22:34 - [] ----D C:\Users\Atitude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

O43 - CFD: 14/07/2009 - 01:37:42 - [] R---D C:\Users\Atitude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

O43 - CFD: 17/09/2014 - 14:44:49 - [] ----D C:\Users\Atitude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Metodologia ADVANCE

O43 - CFD: 25/03/2015 - 19:23:21 - [0] ----D C:\Users\Atitude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PCGen

O43 - CFD: 23/02/2015 - 10:11:39 - [] ----D C:\Users\Atitude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony

O43 - CFD: 24/04/2015 - 19:34:59 - [] R---D C:\Users\Atitude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

O43 - CFD: 31/12/2007 - 23:35:53 - [] ----D C:\Users\Atitude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

O43 - CFD: 17/09/2014 - 13:51:44 - [] ----D C:\Users\Atitude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WMV9 VCM

~ Program Folder: 192 Scanned in 00mn 00s




---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)

O44 - LFC:[MD5.F80C89F2ADD9802CC814FA8A601CA070] - 05/05/2015 - 13:15:22 ---A- . (...) -- C:\Windows\MEMORY.DMP [280043493]

O44 - LFC:[MD5.A981067EB50AA082D51BF517391911F0] - 05/05/2015 - 13:15:36 ---A- . (...) -- C:\Windows\System32\FNTCACHE.DAT [1837720]

O44 - LFC:[MD5.0F73F14E29F39B5EBAA9B39062B85EC5] - 05/05/2015 - 13:15:42 ---A- . (...) -- C:\Windows\setupact.log [9818]

O44 - LFC:[MD5.EAE5260FAC8F77C47B95AC0AB1623D2C] - 05/05/2015 - 13:18:41 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1636995]

O44 - LFC:[MD5.C18D88E2B72F7674B519C282CBCF2DB2] - 05/05/2015 - 13:20:23 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [1633534]

O44 - LFC:[MD5.EBB6599DBD504B0A0C0D04D1ED42A505] - 05/05/2015 - 13:20:23 ---A- . (...) -- C:\Windows\System32\perfc009.dat [121398]

O44 - LFC:[MD5.9C86CAC37984D5079CEE025D920365B8] - 05/05/2015 - 13:20:23 ---A- . (...) -- C:\Windows\System32\perfh009.dat [653526]

O44 - LFC:[MD5.2756258E6767BAC792C60BA064323919] - 05/05/2015 - 13:20:23 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [146910]

O44 - LFC:[MD5.48BEA645C4AEFD4B335E76CF16C993F0] - 05/05/2015 - 13:20:23 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [705070]

O44 - LFC:[MD5.7E0A5F01FC4E096596C2853A6BDF3C66] - 23/04/2015 - 21:07:16 ---A- . (...) -- C:\Windows\PFRO.log [2960]

~ Files: 10 Scanned in 00mn 05s




---\\ Operações e funções ao arranque do Windows Explorer (046)

O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL

O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll

O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll

~ ShellExecuteHooks: Scanned in 00mn 00s




---\\ Negação do serviço (Local Security Authority) (048)

O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll

O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\Windows\System32\scecli.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pacote de Segurança Kerberos.) -- C:\Windows\System32\kerberos.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll

~ LSA: 8 Scanned in 00mn 00s




---\\ Controlo do Modo de Segurança (CSB) (49)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys

~ CSB: 13 Scanned in 00mn 00s




---\\ Chave do registo Shell MountPoints2 (MPSK) (O51)

O51 - MPSK:{2de736fd-a08a-11e4-b19e-00e052f08ebf}\AutoRun\command. (...) -- E:\Startme.exe (.not file.)

O51 - MPSK:{46ad18bb-b811-11dc-bcbe-806e6f6e6963}\AutoRun\command. (...) -- D:\setup.exe (.not file.)

~ Keys: Scanned in 00mn 00s




---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\Windows\System32\iccvid.dll

O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

~ TDSD: 3 Scanned in 00mn 00s




---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)

O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated

O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe

O53 - SMSR:HKLM\...\startupreg\AdobeAAMUpdater-1.0 [Key] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated

O53 - SMSR:HKLM\...\startupreg\AdobeCS5.5ServiceManager [Key] . (.Adobe Systems Incorporated - Adobe CS5.5 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe

O53 - SMSR:HKLM\...\startupreg\CCleaner Monitoring [Key] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd

O53 - SMSR:HKLM\...\startupreg\Diebold - Warsaw [Key] . (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) -- C:\Program Files\Diebold\Warsaw\core.exe

O53 - SMSR:HKLM\...\startupreg\GrooveMonitor [Key] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

O53 - SMSR:HKLM\...\startupreg\Skype [Key] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.

O53 - SMSR:HKLM\...\startupreg\Steam [Key] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files\Steam\steam.exe

O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched [Key] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation

O53 - SMSR:HKLM\...\startupreg\SwitchBoard [Key] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

~ SMSR Keys: 11 Scanned in 00mn 00s




---\\ Enumeração das chaves do registo SecurityProviders (MCSP) (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll

~ MSCP: 2 Scanned in 00mn 00s




---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3

O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1

O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0

O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0

O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

O55 - MWPS:[HKCU\...\Policies\System] - "DisableTaskMgr"=0

~ MWPS: 17 Scanned in 00mn 00s




---\\ Lista dos drivers do sistema (SDL) (O58)

O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]

O58 - SDL:13/07/2009 - 22:26:17 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\Drivers\adpahci.sys [297552]

O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\System32\Drivers\adpu320.sys [146512]

O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\Drivers\aliide.sys [14400]

O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\Drivers\amdsata.sys [79952]

O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\System32\Drivers\amdsbs.sys [159312]

O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\Drivers\amdxata.sys [23616]

O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\Drivers\arc.sys [76368]

O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\Drivers\arcsas.sys [86608]

O58 - SDL:13/07/2009 - 19:02:49 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\System32\Drivers\b57nd60x.sys [229888]

O58 - SDL:13/07/2009 - 19:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltLo.sys [13568]

O58 - SDL:13/07/2009 - 19:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltUp.sys [5248]

O58 - SDL:13/07/2009 - 21:57:25 ---A- . (.Brother Industries Ltd. - Brother Serial I/F Driver (WDM).) -- C:\Windows\System32\Drivers\BrSerId.sys [272128]

O58 - SDL:13/07/2009 - 19:53:32 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\Drivers\BrSerWdm.sys [62336]

O58 - SDL:13/07/2009 - 19:53:33 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\Drivers\BrUsbMdm.sys [12160]

O58 - SDL:13/07/2009 - 19:53:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\Drivers\BrUsbSer.sys [11904]

O58 - SDL:13/07/2009 - 19:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\Drivers\bxvbdx.sys [430080]

O58 - SDL:13/07/2009 - 22:26:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\cmdide.sys [15952]

O58 - SDL:08/02/2010 - 08:08:12 ---A- . (.Faronics Corporation - Deep Freeze 6.62 driver.) -- C:\Windows\System32\Drivers\DeepFrz.sys [152984]

O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\System32\Drivers\djsvs.sys [70720]

O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]

O58 - SDL:13/07/2009 - 19:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\Drivers\evbdx.sys [3100160]

O58 - SDL:03/11/2014 - 02:47:40 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [46552]

O58 - SDL:09/01/2015 - 16:31:56 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]

O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]

O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\System32\Drivers\HpSAMD.sys [67152]

O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\Drivers\iaStorV.sys [332352]

O58 - SDL:10/06/2009 - 18:19:30 ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\Drivers\igdkmd32.sys [4756480]

O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\Drivers\iirsp.sys [41040]

O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_fc.sys [95824]

O58 - SDL:13/07/2009 - 22:20:37 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas.sys [89168]

O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas2.sys [54864]

O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_scsi.sys [96848]

O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\Windows\System32\Drivers\megasas.sys [30800]

O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\Drivers\MegaSR.sys [235584]

O58 - SDL:13/07/2009 - 22:20:44 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\Drivers\nfrd960.sys [44624]

O58 - SDL:13/07/2009 - 22:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce RAID Driver.) -- C:\Windows\System32\Drivers\nvraid.sys [117312]

O58 - SDL:13/07/2009 - 22:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\System32\Drivers\nvstor.sys [142416]

O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\Drivers\ql2300.sys [1383488]

O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\Drivers\ql40xx.sys [106064]

O58 - SDL:13/07/2009 - 19:02:52 ---A- . (.Realtek Corporation - Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver.) -- C:\Windows\System32\Drivers\Rt86win7.sys [139776]

O58 - SDL:13/07/2009 - 19:02:52 ---A- . (.Realtek Semiconductor Corporation - Realtek 10/100 NDIS 5.1 Driver.) -- C:\Windows\System32\Drivers\Rtnicxp.sys [43008]

O58 - SDL:13/07/2009 - 17:50:20 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\System32\Drivers\secdrv.sys [20480]

O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid2.sys [40016]

O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid4.sys [77888]

O58 - SDL:02/01/2015 - 18:50:36 ---A- . (.SteelSeries ApS - SteelSeries Device Factory Driver.) -- C:\Windows\System32\Drivers\ssdevfactory.sys [13312]

O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]

O58 - SDL:08/02/2010 - 08:08:18 ---A- . (.Faronics Corporation - Deep Freeze 6.62 driver.) -- C:\Windows\System32\Drivers\ThwSpace.sys [75800]

O58 - SDL:13/07/2009 - 22:19:10 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\viaide.sys [16976]

O58 - SDL:13/07/2009 - 22:19:11 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\Drivers\vsmraid.sys [141904]

O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]

O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]

O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]

O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]

O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]

O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]

O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]

O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]

O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]

O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]

O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]

O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]

O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]

O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]

O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]

O58 - SDL:13/02/2015 - 15:47:22 ---A- . (.Basil's Projects - WinDivert network packet capture and (re)injection driver.) -- C:\Windows\System32\WinDivert32.sys [30936]

~ Drivers: 66 Scanned in 00mn 00s




---\\ Últimos ficheiros alterados ou criados (Utilizador) (061)

O61 - LFC: 05/05/2015 - 16:47:41 ---A- . (...) -- C:\Users\Atitude\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin [108235]

O61 - LFC: 05/05/2015 - 16:47:41 ---A- . (...) -- C:\Users\Atitude\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [1113849]

O61 - LFC: 05/05/2015 - 16:47:42 ---A- . (.Nicolas Coolman.) -- C:\Users\Atitude\Downloads\ZHPDiag2.exe [6880620] =>.Nicolas Coolman

O61 - LFC: 05/05/2015 - 16:47:42 R--A- . (.Trend Micro Inc..) -- C:\Users\Atitude\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe [388096]

~ 31 Fichiers temporaires (Temporary files)

~ 2 Fichiers cookies (Cookies files)

~ Files: 4 Scanned in 00mn 01s




---\\ Ficheiros Alternate Data Stream (ADS) (O62)

O62 - ADS:Alternate Data Stream File - C:\Windows\System32\:8D6C0637_Bb.gbp

O62 - ADS:Alternate Data Stream File - C:\Windows\System32\:8D6C0637_Cef.gbp

O62 - ADS:Alternate Data Stream File - C:\Windows\System32\drivers\:GbpKmAp.lst

O62 - ADS:Alternate Data Stream File - C:\Windows\System32\Drivers\:GbpKmAp.lst

~ ADS: Scanned in 00mn 00s




---\\ Lista das ferramentas de remoção de vírus (LAT) (063)

O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman

O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}

~ ADS: Scanned in 00mn 00s




---\\ Lista dos serviços Legacy du registo (064)

O64 - Services: CurCS - 03/11/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM

O64 - Services: CurCS - 09/01/2015 - C:\Windows\System32\DRIVERS\gbpndisrdn.sys (ndisrd) .(.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - LEGACY_NDISRD

O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV

O64 - Services: CurCS - 13/02/2015 - C:\Windows\system32\WinDivert32.sys (WinDivert1.1) .(.Basil's Projects - WinDivert network packet capture and (re)in.) - LEGACY_WINDIVERT1.1

~ Legacy: 67 Scanned in 00mn 00s




---\\ Associações Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\System32\eventvwr.exe

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <ChromeHTML>[HKLM\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

O67 - Shell Spawning: <.js> <jsfile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe

O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)

O67 - Shell Spawning: <.scr> <AutoCADScriptFile>[HKCU\..\open\Command] (.Microsoft Corporation - Bloco de notas.) -- C:\Windows\system32\notepad.exe

~ FASS Keys: 12 Scanned in 00mn 00s




---\\ Menu de inicialização Internet (068)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O68 - StartMenuInternet: <Vivaldi> <Vivaldi>[HKLM\..\Shell\open\Command] (.Vivaldi Technologies AS - Vivaldi.) -- C:\Program Files\Vivaldi\Application\vivaldi.exe

~ Keys: Scanned in 00mn 00s




---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com

O69 - SBI: SearchScopes [HKCU] {5214AF81-E998-4271-B981-CF98BFA50D98} [DefaultScope] - (Google) - http://www.google.com

~ Keys: Scanned in 00mn 00s




---\\ Listagem dos serviços iniciados pelo Svchost (SSS) (O83)

O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Serviço de Experiência com Aplicativo.) -- C:\Windows\System32\aelupsvc.dll [62464]

O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [67584]

O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [67584]

O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll [168448]

O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Cliente da Diretiva de Grupo.) -- C:\Windows\System32\gpsvc.dll [591360]

O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\System32\ikeext.dll [667136]

O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Serviço de Áudio do Windows.) -- C:\Windows\System32\Audiosrv.dll [473088]

O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gerenciador de Discagem Automática de Acesso Remoto.) -- C:\Windows\System32\rasauto.dll [90624]

O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\System32\rasmans.dll [285184]

O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gerenciador de Interface Dinâmica.) -- C:\Windows\System32\mprdim.dll [75264]

O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistema (SENS).) -- C:\Windows\System32\sens.dll [49664]

O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\System32\ipnathlp.dll [300544]

O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft® Windows.) -- C:\Windows\System32\tapisrv.dll [241664]

O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gerenciador de Conexões Remotas do Servidor Host da Sessão da Área de.) -- C:\Windows\System32\termsrv.dll [543232]

O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [1933848]

O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de plano de fundo.) -- C:\Windows\System32\qmgr.dll [589312]

O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\System32\shsvcs.dll [328192]

O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 em uma rede IPv4..) -- C:\Windows\System32\iphlpsvc.dll [497152]

O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\Windows\system32\seclogon.dll [21504]

O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações de Aplicativos.) -- C:\Windows\System32\appinfo.dll [46592]

O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Descoberta iSCSI.) -- C:\Windows\System32\iscsiexe.dll [114688]

O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Serviço Agendador de Classes de Multimídia.) -- C:\Windows\System32\mmcss.dll [49664]

O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\System32\wercplsupport.dll [61440]

O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Serviço Microsoft EAPHost.) -- C:\Windows\System32\eapsvc.dll [98304]

O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [162816]

O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll [743424]

O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\Windows\System32\kmsvc.dll [71168]

O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração da Área de Trabalho Remota.) -- C:\Windows\System32\sessenv.dll [99328]

O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [168960]

O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\System32\browser.dll [102400]

O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\System32\themeservice.dll [37376]

O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Serviço BDE.) -- C:\Windows\System32\bdesvc.dll [76800]

O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Serviço de instalação do software.) -- C:\Windows\System32\appmgmts.dll [149504]

~ Services: 33 Scanned in 00mn 00s




---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)

[MD5.27DB904F15FF6F1DE284452A493BA1E4] [sPRF][11/04/2015] (...) -- C:\ProgramData\CB672F7E71.sys [88]

[MD5.CFE7336ED14CF72B8CC7EAC362FC0C69] [sPRF][11/04/2015] (...) -- C:\ProgramData\KGyGaAvL.sys [2828]

[MD5.BDB9978FD51DD8871235FBED634395C2] [sPRF][08/04/2015] (...) -- C:\Users\Atitude\AppData\Roaming\unins000.dat [17560]

[MD5.169180F02ABCECA5DE72FC5EEBC861BB] [sPRF][08/04/2015] (.No owner - Setup/Uninstall.) -- C:\Users\Atitude\AppData\Roaming\unins000.exe [730322]

[MD5.92149D7FC2B90B189F8AEECC2F9DDCEE] [sPRF][12/02/2007] (.Autodesk, Inc. - Autodesk i-drop control.) -- C:\Windows\Downloaded Program Files\IDropENU.dll [114792]

~ Files: 5 Scanned in 00mn 00s




---\\ Lista das exceções do FireWall (FirewallRules) (O87)

O87 - FAEL: "{C1812F90-BD8B-46A8-A2E4-97F11996B497}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Atitude\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

O87 - FAEL: "{B49BE786-DEDE-4894-A5CD-6E9F2C9BE954}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Atitude\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

~ Firewall: 2 Scanned in 00mn 01s




---\\ Listagem dos dados da chave NameSpace (MNS) (O92)

O92 - MNS: Pastas da Web - {BDEADF00-C265-11D0-BCED-00A0C90AB50F}

~ MNS: 1 Scanned in 00mn 00s




---\\ Search Tracing Registry Key (O100)

HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent

HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent

~ BTK: 169 Scanned in 00mn 00s




---\\ Search CLSID Registry Key (O101)

[HKCR\CLSID\{206DAA08-0036-11D5-80D8-0050DA5F08E3}] (Groove WebBrowserView2) =>PUP.CrossRider

[HKCR\CLSID\{9f16ef61-b17a-408c-ac1c-d9347ce4531f}] (SectionViewpointCmd Object) =>Adware.MetaStream

~ BCK: 7912 Scanned in 00mn 14s




---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)

SS - | Demand 16/04/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

SS - | Demand 17/09/2014 85096 | (Autodesk Licensing Service) . (.Autodesk.) - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

SS - | Auto 22/07/1658 0 | (DFServ) . (...) - C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe

SS - | Demand 17/09/2014 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

SS - | Auto 05/01/2015 107912 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe

SS - | Demand 05/01/2015 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe

SS - | Demand 23/03/2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

SS - | Auto 18/02/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe

SS - | Demand 07/02/2014 569024 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files\Common Files\Steam\SteamService.exe

SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

SR - | Auto 20/01/2015 565560 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe

SR - | Auto 24/07/2007 185632 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

SR - | Auto 13/02/2015 507704 | (Warsaw Technology) . (.GAS Tecnologia LTDA.) - C:\Program Files\Diebold\Warsaw\core.exe

SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 14s




---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBR) (080)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

~ MBR: 1 Scanned in 00mn 02s




---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBRCheck) (080)

Written by ad13, http://ad13.geekstog

Run by Atitude at 05/05/2015 16:48:26

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s




---\\ Scâner Aditional (088)

Database Version : 13008 - (05/05/2015)

Clés trouvées (Keys found) : 1

Valeurs trouvées (Values found) : 0

Dossiers trouvés (Folders found) : 2

Fichiers trouvés (Files found) : 6


[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent] =>P2P.BitTorrent^

C:\Program Files\Skillbrains =>PUP.SkillBrains^

C:\Users\Atitude\AppData\Roaming\uTorrent =>P2P.µTorrent^

C:\Program Files\Skillbrains\Updater\Updater.exe =>PUP.SkillBrains^

[HKCU\Software\BitTorrent] =>P2P.BitTorrent^

[HKCU\Software\SkillBrains] =>PUP.SkillBrains^

[HKLM\Software\Skillbrains] =>PUP.SkillBrains^

[HKCR\CLSID\{206DAA08-0036-11D5-80D8-0050DA5F08E3}] (Groove WebBrowserView2) =>PUP.CrossRider^

[HKCR\CLSID\{9f16ef61-b17a-408c-ac1c-d9347ce4531f}] (SectionViewpointCmd Object) =>Adware.MetaStream^

~ Additionnel Scan: 376768 Items scanned in 00mn 16s




---\\ Informações complémentaires do módulos

~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Gestão do Proxy (R5)

~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects do navegador (02)

~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Aplicações iniciadas por registo & pastas (04)

~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Chave do registo Shell MountPoints2 (MPSK) (O51)

~ AMI: 4 Scanned in 00mn 00s




---\\ Sumário das deteções encontradas na sua estação




~ MSI: 3 link(s) detected in 00mn 00s




End of the scan (1179 lines in 01mn 34s)(0.6)


Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu antivírus para evitar conflitos.

 

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:

http://www.hijackthis.nl/smeenk/

 

*Clique com o botão direito do mouse no Zoek.exe e selecione 8vq7ma.jpg

 

* Selecione e copie todo este texto destacado em vermelho abaixo e cole-o no espaço em branco do Zoek:

 

createsrpoint;

C:\Windows\Tasks\update-S-1-5-21-1247583590-2966408015-1038971919-1000.job;virustotal

C:\Windows\System32\Tasks\update-S-1-5-21-1247583590-2966408015-1038971919-1000;virustotal

C:\Windows\Tasks\update-sys.job;virustotal

C:\Windows\System32\Tasks\update-sys;virustotal

C:\ProgramData\CB672F7E71.sys;virustotal

C:\ProgramData\KGyGaAvL.sys;virustotal

C:\Program Files\Faronics;fs

C:\Windows\System32\Drivers\DeepFrz.sys;f

C:\Windows\System32\Drivers\ThwSpace.sys;f

Faronics;z

Faronics;a

Deep Freeze;z

Deep Freeze;a

DFStd;z

DFStd;a

autoclean;

emptyalltemp;

iedefaults;

resetieproxy;

resethosts;

shortcutfix;

ffdefaults;

firefoxlook;

reset chrome;

chrdefaults;

chromelook;

emptyfolderscheck;delete

 

*Clique [Run Script]

 

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

 

ndqs.png

 

*Caso a reinicialização do PC seja solicitada, clique [OK]

 

* O log do Zoek estará em C:\zoek-results.txt em sua próxima resposta.

_________________________________________________________________________________________

 

:seta: Selecione e copie todo o texto destacado em vermelho abaixo (começando em script zhpfix e indo até emptyclsid)

 

script zhpfix

SysRestore

O23 - Service: DFServ (DFServ) . (...) - C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe (.not file.)

[MD5.70D6EA378844CC762C57FA4B8AC63764] [APT] [update-S-1-5-21-1247583590-2966408015-1038971919-1000] (...) -- C:\Program Files\Skillbrains\Updater\Updater.exe [105728] =>PUP.SkillBrains

[MD5.70D6EA378844CC762C57FA4B8AC63764] [APT] [update-sys] (...) -- C:\Program Files\Skillbrains\Updater\Updater.exe [105728] =>PUP.SkillBrains

[HKCU\Software\GetPrivate]

[HKCU\Software\SkillBrains] =>PUP.SkillBrains

[HKLM\Software\GetPrivate]

[HKLM\Software\Skillbrains] =>PUP.SkillBrains

O43 - CFD: 09/04/2015 - 11:20:50 - [] ----D C:\Program Files\Skillbrains =>PUP.SkillBrains

O43 - CFD: 08/01/2015 - 16:07:15 - [] ----D C:\ProgramData\APN

O58 - SDL:08/02/2010 - 08:08:12 ---A- . (.Faronics Corporation - Deep Freeze 6.62 driver.) -- C:\Windows\System32\Drivers\DeepFrz.sys [152984]

O58 - SDL:08/02/2010 - 08:08:18 ---A- . (.Faronics Corporation - Deep Freeze 6.62 driver.) -- C:\Windows\System32\Drivers\ThwSpace.sys [75800]

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com

O69 - SBI: SearchScopes [HKCU] {5214AF81-E998-4271-B981-CF98BFA50D98} [DefaultScope] - (Google) - http://www.google.com

[MD5.169180F02ABCECA5DE72FC5EEBC861BB] [sPRF][08/04/2015] (.No owner - Setup/Uninstall.) -- C:\Users\Atitude\AppData\Roaming\unins000.exe [730322]

[HKCR\CLSID\{206DAA08-0036-11D5-80D8-0050DA5F08E3}] (Groove WebBrowserView2) =>PUP.CrossRider

[HKCR\CLSID\{9f16ef61-b17a-408c-ac1c-d9347ce4531f}] (SectionViewpointCmd Object) =>Adware.MetaStream

SS - | Auto 22/07/1658 0 | (DFServ) . (...) - C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe

C:\Program Files\Skillbrains =>PUP.SkillBrains^

C:\Program Files\Skillbrains\Updater\Updater.exe =>PUP.SkillBrains^

[HKCU\Software\SkillBrains] =>PUP.SkillBrains^

[HKLM\Software\Skillbrains] =>PUP.SkillBrains^

[HKCR\CLSID\{206DAA08-0036-11D5-80D8-0050DA5F08E3}] (Groove WebBrowserView2) =>PUP.CrossRider^

[HKCR\CLSID\{9f16ef61-b17a-408c-ac1c-d9347ce4531f}] (SectionViewpointCmd Object) =>Adware.MetaStream^

ShortcutFix

EmptyTemp

EmptyFlash

emptyclsid

_____________________________________________________________________________________________

 

:seta: Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

 

Copie este relatório e poste em sua próxima resposta juntamente com log do Zoek que estará em C:\zoek-results.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Zoek.exe v5.0.0.0 Updated 04-May-2015

Tool run by Atitude on 07/05/2015 at 17:26:30,95.

Microsoft Windows 7 Ultimate 6.1.7600 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Atitude\Downloads\zoek.exe [scan all users] [script inserted]


==== System Restore Info ======================


07/05/2015 17:27:09 Zoek.exe System Restore Point Created Successfully.


==== VirusTotal Scan ======================


C:\Windows\Tasks\update-S-1-5-21-1247583590-2966408015-1038971919-1000.job



C:\Windows\System32\Tasks\update-S-1-5-21-1247583590-2966408015-1038971919-1000








==== Reset Hosts File ======================


# Copyright © 1993-2006 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host


# localhost name resolution is handled within DNS itself.

127.0.0.1 localhost

::1 localhost


==== Empty Folders Check ======================


C:\Program Files\epson deleted successfully

C:\Program Files\Common Files\Blizzard Entertainment deleted successfully

C:\Users\Atitude\AppData\Roaming\.minecraft deleted successfully

C:\Users\Atitude\AppData\Local\Android deleted successfully

C:\Users\Atitude\AppData\Local\CrashDumps deleted successfully

C:\Users\Atitude\AppData\Local\VirtualStore deleted successfully


Rapport de ZHPFix 2015.4.9.5 par Nicolas Coolman, Update du 18/03/2015

Fichier d'export Registre :

Run by Atitude at 07/05/2015 17:33:21

High Elevated Privileges : OK

Windows 7 Ultimate Edition, 32-bit (Build 7600)


Reciclagem vazia (00mn 06s)

Reparação de atalhos do navegador


========== Processo memória ==========

ELIMINÉ: Memory Process: C:\Users\Atitude\AppData\Roaming\unins000.exe


========== Chaves do Registo ==========

ELIMINÉ: Service: DFServ

ELIMINÉ: HKCU\Software\GetPrivate

ELIMINÉ: HKCU\Software\SkillBrains

ELIMINÉ: HKLM\Software\GetPrivate

ELIMINÉ: HKLM\Software\Skillbrains

ELIMINÉ: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

ELIMINÉ: SearchScopes :{5214AF81-E998-4271-B981-CF98BFA50D98}

ELIMINÉ: HKCR\CLSID\{206DAA08-0036-11D5-80D8-0050DA5F08E3}

ELIMINÉ: HKCR\CLSID\{9f16ef61-b17a-408c-ac1c-d9347ce4531f}


========== Pastas ==========

Nenhuma pasta CLSID local utilizador vazia


========== Ficheiros ==========

ELIMINÉ: c:\windows\system32\drivers\deepfrz.sys

ELIMINÉ: c:\windows\system32\drivers\thwspace.sys

ELIMINÉ Temporários windows (94) (145.296.705 octets)

ELIMINÉ Flash Cookies (0) (0 octets)


========== Tarefa planificada ==========

ELIMINÉ: update-S-1-5-21-1247583590-2966408015-1038971919-1000

ELIMINÉ: update-sys


========== Restauração Sistema ==========

Ponto de restauro do sistema criado com sucesso



========== Recapitulativo ==========

1 : Processo memória

9 : Chaves do Registo

1 : Pastas

4 : Ficheiros

2 : Tarefa planificada

1 : Restauração Sistema



End of clean in 00mn 40s


========== Caminho do ficheiro do relatório ==========

C:\Users\Atitude\AppData\Roaming\ZHP\ZHPFix[R1].txt - 07/05/2015 17:33:27 [1638]

Compartilhar este post


Link para o post
Compartilhar em outros sites

No seu PC está constando o Deep Freeze instalado, certamente ele é que está causando esta questão de não salvar as alterações. No tutorial abaixo é mostrado como se desinstala o Deep Freeze:

https://www.youtube.com/watch?v=xV9O_sUYYQM

 

É em espanhol, mas é fácil de entender.

_______________________________________________________________

 

Se não for possível desinstalá-lo pelo método acima, por não estar instalado por completo no seu PC, você poderia baixar o Deep Freeze no site oficial dele e reinstalá-lo e depois desinstalá-lo como mostra no tutorial que te passei acima.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Esta mensagem está confirmando que o Deep Freeze está instalado em seu PC.

:seta: Pressione as teclas Ctrl (Control) + Alt + Shift + F6 conjuntamente.

Isto deverá abrir a tela do Deep Freeze. Aí com ele aberto, clique na aba Status > Marque a opção Boot Thawed e clique no botão Ok.

Depois disto, reinicie o PC > Abra o instalador do Deep Freeze e lá deverá ter a opção de desinstalar ele, desinstale-o.

Depois nos diga se ele foi removido.


Compartilhar este post


Link para o post
Compartilhar em outros sites

Eu conheço o programa e consigo desabilita-lo. O problema é que mesmo com a tecla de atalho ou na bandeja de tarefas não consta nada ou seja como se não tivesse instalado, já entrei no painel de controle e também não tem nada lá. Sendo assim se eu abrir o instalador ele fala que já está instalado mas não me da a opção de desinstalar.

Eu também já dei uma olhada no gerenciador de tarefas e não há nenhum processo do deepfreeze.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Creio que a solução mais efetiva neste caso seria você fazer um backup das coisas que considera importante e depois disto formatar e reinstalar o Windows.

Compartilhar este post


Link para o post
Compartilhar em outros sites

No seu serviço talvez haja um profissional que cuida da manutenção e segurança dos computadores, seria bom relatar o caso a ele e solicitar que ele cuide desta situação.

 

Um abraço!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.