bordmelo 0 Denunciar post Postado Maio 5, 2015 O computador não consegue salvar nenhuma alteração. Desde programas instalados a documentos como fotos e escritos, após ele reiniciar some tudo. Estive fazendo uma pesquisa na internet e havia duas possibilidades malware ou deepfreeze porém não tenho deepfreeze instalado então encontrei o fórum espero que possam me ajudar, desde já estou muito agradecido a tentativa de alguém. Segue abaixo log do HiJackThis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:24:34, on 05/05/2015 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\PROGRA~1\GbPlugin\GbpSv.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskhost.exe C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Windows\system32\svchost.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Windows\system32\svchost.exe C:\Program Files\Diebold\Warsaw\core.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\svchost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\msiexec.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\HiJackThis\HiJackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll O4 - HKLM\..\Run: [Protecao SGDA Plus - Terminal] X:\ADVSIM\AGUARDIAN\QEB_HWT.EXE /REMOTE O4 - HKCU\..\Run: [bDE X Man] "C:\Program Files\Dr. Regener\BDE for Vista\BDEVTool.exe" check O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O15 - Trusted Zone: http://www.bb.com.br O15 - Trusted Zone: imagem.caixa.gov.br O15 - Trusted Zone: internetbanking.caixa.gov.br O15 - Trusted Zone: internetbankingpf.caixa.gov.br O15 - Trusted Zone: www.caixa.gov.br O15 - Trusted Zone: http://www.caixa.gov.br O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing) O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: DFServ - Unknown owner - C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe -- End of file - 7357 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Maio 5, 2015 Olá. Faça o download do < ZHPDiag > < > ( ... de Nicolas Coolman ) Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo: Para instalá-lo e executá-lo corretamente siga as dicas deste artigo: Tutorial de instalação e execução do aplicativo ZHPDiag * Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta. _____________________________________________________________________________ Obs: Caso o relatório do ZHPDiag fique muito grande e não couber na sua resposta, acesse o site Cjoint: http://cjoint.com Clique no botão Escolher arquivo > Selecione o arquivo do log (relatório) e clique no botão Abrir. Clique no botão Créer le lien Cjoint Copie o link que aparecerá ao lado da frase Le lien a été créé e poste este link em sua próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
bordmelo 0 Denunciar post Postado Maio 5, 2015 ---\\ Navegadores Internet MSIE: Internet Explorer v8.0.7600.16385 MFIE: Mozilla Firefox 36.0.1 GCIE: Google Chrome v42.0.2311.135 (Defaut) ---\\ Informações sobre os produtos Windows ~ Langage: Portugais Windows Server License Manager Script : OK Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK Windows 7 Ultimate, 32-bit (Build 7600) ---\\ Softwares de proteçao do sistema Windows Defender W7 (Activate) ---\\ Softwares d'optimização do sistema CCleaner v5.01 ---\\ Softwares de partilha do PeerToPeer (P2P) ---\\ Monitoramento dos softwares Adobe Flash Player 17 NPAPI Adobe Reader X - Português ---\\ Informações sobre o sistema ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3317 MB (48% free) System Restore: Activé (Enable) System drive C: has 266 GB (89%) free of 298 GB ---\\ Modo de conexão ao sistema ~ Computer Name: LAB01-PC12 ~ User Name: Atitude ~ All Users Names: Convidado, Atitude, Administrador, ~ Unselected Option: None Logged in as Administrator ---\\ As variáveis de ambiente ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Atitude\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Atitude\AppData\Roaming\ ~ %Desktop% : C:\Users\Atitude\Desktop\ ~ %Favorites% : C:\Users\Atitude\Favorites\ ~ %LocalAppData% : C:\Users\Atitude\AppData\Local\ ~ %StartMenu% : C:\Users\Atitude\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumeração das unidades dos discos A: Floppy drive, Flash card reader, USB Key (Not Inserted) C: Hard drive, Flash drive, Thumb drive (Free 266 Go of 298 Go) D: CD-ROM drive (Not Inserted) ---\\ Estado do Centro de Segurança do Windows [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: 41 Scanned in 00mn 00s ---\\ Pesquisa particular de ficheiros genéricos [MD5.15BC38A7492BEFE831966ADB477CF76F] - (.Microsoft Corporation - Windows Explorer.) (.13/07/2009 - 22:14:20.) -- C:\Windows\Explorer.exe [2613248] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.0D874F3BC751CC2198AF2E6783FB8B35] - (.Microsoft Corporation - Internet Extensions para Win32.) (.13/07/2009 - 22:16:19.) -- C:\Windows\System32\wininet.dll [977920] [MD5.8EC6A4AB12B8F3759E21F8E3A388F2CF] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Winlogon.exe [285696] [MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024] [MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 20:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 20:14:17.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.F4A054BE78AF7F410129C4B64B07DC9B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/07/2009 - 20:14:26.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392] [MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904] [MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.13/07/2009 - 22:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/07/2009 - 21:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240] [MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328] ~ Generic Processes: Scanned in 00mn 00s ---\\ Estatuto dos ficheiros ocultos (Oculto/Total) ~ Mes musiques (My Musics) : 1/3 ~ Mes Favoris (My Favorites) : 1/18 ~ Mes Documents (My Documents) : 2/35 ~ Mon Bureau (My Desktop) : 1/18 ~ Menu demarrer (Programs) : 1/33 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processos lançados [MD5.BA904003C01EF8845BF9C53C86C3EEF8] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe [565560] [PID.732] [MD5.1F79342D9EB530A48742F651E570983A] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176] [PID.1688] [MD5.E4938E0A376CF0B9D989EE5C0A146891] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520] [PID.1892] [MD5.A6A7AD767BF5141665F5C675F671B3E1] - (.Protexis Inc. - PsiService PsiService.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [185632] [PID.2040] [MD5.ED6BB091F7DCE95FEE74FE328DCB5053] - (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) -- C:\Program Files\Diebold\Warsaw\core.exe [507704] [PID.348] [MD5.F95FB090B54F423994214162D03D4969] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [312184] [PID.336] [MD5.0938EA32472368D9D1E43AC4748805D6] - (.Metodologia ADVANCE - Proteção da Metodologia ADVANCE.) -- X:\ADVSIM\AGUARDIAN\Qeb_hwt.exe [948224] [PID.1376] [MD5.027E278EAF348948A11C131B34E26C6D] - (.Metodologia ADVANCE - 2013 - SGDA Plus - Metodologia ADVANCE - 2013.) -- C:\Program Files\Metodologia ADVANCE\SGDA Plus\SGDA20.exe [39017472] [PID.1728] [MD5.0187BDAFBAFAF967BB91B4F2D8E33BC8] - (.Microsoft Corporation - Microsoft Office Excel.) -- C:\Program Files\Microsoft Office\Office12\EXCEL.exe [17891112] [PID.3868] [MD5.7EDA1D46618C2F5801E4A47D80AE89ED] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [812872] [PID.2944] [MD5.3E04F1E482357B1FC8B088197C3D9FF8] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152] [PID.1168] [MD5.CEAA5817A65E914AA178B28F12359A46] - (.Microsoft Corporation - Microsoft Office Word.) -- C:\Program Files\Microsoft Office\Office12\WINWORD.exe [347432] [PID.3216] [MD5.A299EA000386A57EBAA2699A95FB91E0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8207360] [PID.3016] [MD5.4C287F9069FEDBD791178876EE9DE536] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.3932] ~ Processes Running: Scanned in 00mn 03s ---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3) M2 - MFEP: RegExtension {87F8774F-B485-47E2-A755-A40A8A5E886D} . (...) -- M2 - MFEP: RegExtension {87F8774F-B485-47E2-A755-A40A8A5E886C} . (...) -- C:\Users\Atitude\AppData\Local\GAS Tecnologia\GBBD\bb\xpi (.not file.) P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\bing.xml P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\buscape.xml P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\ddg.xml P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\google.xml P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\mercadolivre.xml P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\twitter.xml P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\wikipedia-br.xml P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo-br.xml P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll P2 - FPN: [HKLM] [@java.com/DTPlugin,version=11.40.2] - (.Oracle Corporation - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=11.40.2] - (.Oracle Corporation - Next Generation Java Plug-in 11.40.2 for Mozilla browsers.) -- C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.30514.0.) -- c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Atitude\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll ~ Firefox Browser: 25 Scanned in 00mn 00s ---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.) R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1 ~ IE Browser: 11 Scanned in 00mn 00s ---\\ Internet Explorer, Gestão do Proxy (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redireção do ficheiro Hosts (01) ~ Le fichier hôte est sain (The hosts file is clean) (21) ~ Hosts File: Scanned in 00mn 00s ---\\ Browser Helper Objects do navegador (02) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java Platform SE binary.) -- C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Microsoft Corporation - Skype Click to Call IE Add-on.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehcef.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java Platform SE binary.) -- C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll ~ BHO: 14 Scanned in 00mn 00s ---\\ Aplicações iniciadas por registo & pastas (04) O4 - HKLM\..\Run: [Protecao SGDA Plus - Terminal] . (.Metodologia ADVANCE - Proteção da Metodologia ADVANCE.) -- X:\ADVSIM\AGUARDIAN\QEB_HWT.exe O4 - HKCU\..\Run: [bDE X Man] . (.GPSur Dr. Erhard Regener - BDE X Tool.) -- C:\Program Files\Dr. Regener\BDE for Vista\BDEVTool.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-1247583590-2966408015-1038971919-1000\..\Run: [bDE X Man] . (.GPSur Dr. Erhard Regener - BDE X Tool.) -- C:\Program Files\Dr. Regener\BDE for Vista\BDEVTool.exe ~ Application: Scanned in 00mn 00s ---\\ Icones das opções IE invisiveis no painel das configurações (05) O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no ~ IE Control Panel: 1 Scanned in 00mn 00s ---\\ Boutões da barra de ferramentas principal do Internet Explorer (09) O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Provedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\Windows\system32\mswsock.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Provedor de Correção de Nomeação de Emails.) -- C:\Windows\system32\napinsp.dll O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000007\Winsock LSP File . (.Apple Computer, Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll ~ Winsock: 7 Scanned in 00mn 00s ---\\ Site na zona confiavél do Internet Explorer (05) O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br O15 - Trusted Zone: [HKCU\...\Domains\www] http.bb.com.br O15 - Trusted Zone: [HKCU\...\Domains\www] http.caixa.gov.br ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Alteração Dominio/Clientes DNS (017) O17 - HKLM\System\CCS\Services\Tcpip\..\{33A8ABC8-DECC-4B62-A90A-ED43C76B4D3E}: DhcpNameServer = 192.168.2.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{C974E7F6-611B-4EFE-87DD-8B507EB2A667}: DhcpNameServer = 192.168.2.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{33A8ABC8-DECC-4B62-A90A-ED43C76B4D3E}: DhcpDomain = brazilfw.local O17 - HKLM\System\CCS\Services\Tcpip\..\{C974E7F6-611B-4EFE-87DD-8B507EB2A667}: DhcpDomain = brazilfw.local O17 - HKLM\System\CS1\Services\Tcpip\..\{33A8ABC8-DECC-4B62-A90A-ED43C76B4D3E}: DhcpNameServer = 192.168.2.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{C974E7F6-611B-4EFE-87DD-8B507EB2A667}: DhcpNameServer = 192.168.2.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{33A8ABC8-DECC-4B62-A90A-ED43C76B4D3E}: DhcpDomain = brazilfw.local O17 - HKLM\System\CS1\Services\Tcpip\..\{C974E7F6-611B-4EFE-87DD-8B507EB2A667}: DhcpDomain = brazilfw.local O17 - HKLM\System\CS2\Services\Tcpip\..\{33A8ABC8-DECC-4B62-A90A-ED43C76B4D3E}: DhcpNameServer = 192.168.2.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{C974E7F6-611B-4EFE-87DD-8B507EB2A667}: DhcpNameServer = 192.168.2.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{33A8ABC8-DECC-4B62-A90A-ED43C76B4D3E}: DhcpDomain = brazilfw.local O17 - HKLM\System\CS2\Services\Tcpip\..\{C974E7F6-611B-4EFE-87DD-8B507EB2A667}: DhcpDomain = brazilfw.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocolo adicional (018) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll O20 - Winlogon Notify: DfLogon . (...) -- Logondll.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. ~ SSODL: 1 Scanned in 00mn 00s ---\\ Lista dos serviços NT não Microsoft e não desativados (023) O23 - Service: DFServ (DFServ) . (...) - C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe (.not file.) O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) . (.Protexis Inc. - PsiService PsiService.) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Warsaw Technology (Warsaw Technology) . (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) - C:\Program Files\Diebold\Warsaw\core.exe ~ Services: 5 Scanned in 00mn 02s ---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024) O24 - Default MHTML Editor: Last - .(...) - (.not file.) ~ Desktop Component: 4 Scanned in 00mn 00s ---\\ Listagem dos dados do BootExecute (Bex) (034) O34 - HKLM BootExecute: (autocheck autochk /k:C *) - File not found ~ BEX: 1 Scanned in 00mn 00s ---\\ Tarefas planificadas automaticamente (039) [MD5.B04A4810C6CC205F9DC72DC22E4AB236] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [268464] [MD5.393F021E2A9FA19AC94BA4482E32FC6C] [APT] [AdobeAAMUpdater-1.0-LAB01-PC12-Atitude] (.Adobe Systems Incorporated.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608] [MD5.805210C8DB11D5799E7172923959BF98] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [5489944] [MD5.F172AD4E906D97ED8F071896FC6789DC] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [107912] [MD5.F172AD4E906D97ED8F071896FC6789DC] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [107912] [MD5.70D6EA378844CC762C57FA4B8AC63764] [APT] [update-S-1-5-21-1247583590-2966408015-1038971919-1000] (...) -- C:\Program Files\Skillbrains\Updater\Updater.exe [105728] =>PUP.SkillBrains [MD5.70D6EA378844CC762C57FA4B8AC63764] [APT] [update-sys] (...) -- C:\Program Files\Skillbrains\Updater\Updater.exe [105728] =>PUP.SkillBrains O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [902] O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902] O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1054] O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054] O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1058] O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1058] O39 - APT: update-S-1-5-21-1247583590-2966408015-1038971919-1000 - (...) -- C:\Windows\Tasks\update-S-1-5-21-1247583590-2966408015-1038971919-1000.job [380] O39 - APT: update-S-1-5-21-1247583590-2966408015-1038971919-1000 - (...) -- C:\Windows\System32\Tasks\update-S-1-5-21-1247583590-2966408015-1038971919-1000 [380] O39 - APT: update-sys - (...) -- C:\Windows\Tasks\update-sys.job [380] O39 - APT: update-sys - (...) -- C:\Windows\System32\Tasks\update-sys [380] ~ Scheduled Task: 13 Scanned in 00mn 01s ---\\ Componentes instalados (ActiveSetup Installed Components) (040) O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Identidade visual IEAK.) -- C:\Windows\System32\iedkcs32.dll O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll =>.Microsoft Corporation O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\Windows\System32\themeui.dll O40 - ASIC: Microsoft Windows - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe =>.Microsoft Corporation O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extensão shell da pasta FTP do Microsoft Internet Explorer.) -- C:\Windows\System32\msieftp.dll O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation O40 - ASIC: Vivaldi - {7D2B3E1D-D096-4594-9D8F-A6667F12E0AC} . (.Vivaldi Technologies AS - Vivaldi Installer.) -- C:\Program Files\Vivaldi\Application\1.0.118.19\Installer\chrmstp.exe O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\Windows\System32\shell32.dll O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll O40 - ASIC: Google Chrome - {8A69D345-D564-463c-AFF1-A69D9E530F96} . (.Google Inc. - Google Chrome Installer.) -- C:\Program Files\Google\Chrome\Application\42.0.2311.135\Installer\chrmstp.exe ~ Active Setup: 13 Scanned in 00mn 00s ---\\ Drivers lançados ao arranque do sistema (041) O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys O41 - Driver: C:\Windows\System32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\System32\DRIVERS\mssmbios.sys O41 - Driver: (ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Agendador de pacotes de serviço.) - C:\Windows\System32\DRIVERS\pacer.sys O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Driver do Subsistema de Buffer da Unidade R.) - C:\Windows\System32\DRIVERS\rdbss.sys O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys O41 - Driver: (Serial) . (.Microsoft Corporation - Driver de dispositivo serial.) - C:\Windows\System32\DRIVERS\serial.sys O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys ~ Drivers: 66 Scanned in 00mn 00s ---\\ Software instalados (042) O42 - Logiciel: ADV_Mao - (.UNKNOWN.) [HKLM] -- com.adobe.example.ADV-Mao.E3428356AB218ACE167EB27234FEE05B71EFE56C.1 O42 - Logiciel: ADV_Mao - (.UNKNOWN.) [HKLM] -- {EE7883D9-8887-B4F3-251D-7334B0C45D38} O42 - Logiciel: ActiveX e Flash Player - (.ADVANCE CCI.) [HKLM] -- ActiveX e Flash Player_is1 O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- Adobe AIR O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- {46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB} O42 - Logiciel: Adobe Anchor Service CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {90176341-0A8B-4CCC-A78D-F862228A6B95} O42 - Logiciel: Adobe Asset Services CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} O42 - Logiciel: Adobe Bridge CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {9C9824D9-9000-4373-A6A5-D0E5D4831394} =>.Adobe Systems Incorporated O42 - Logiciel: Adobe Bridge Start Meeting - (.Adobe Systems Incorporated.) [HKLM] -- {08B32819-6EEF-4057-AEDA-5AB681A36A23} =>.Adobe Systems Incorporated O42 - Logiciel: Adobe CMaps - (.Adobe Systems Incorporated.) [HKLM] -- {A2B242BD-FF8D-4840-9DAA-9170EABEC59C} O42 - Logiciel: Adobe Camera Raw 4.0 - (.Adobe Systems Incorporated.) [HKLM] -- {B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} O42 - Logiciel: Adobe Color - Photoshop Specific - (.Adobe Systems Incorporated.) [HKLM] -- {A2D81E70-2A98-4A08-A628-94388B063C5E} O42 - Logiciel: Adobe Color Common Settings - (.Adobe Systems Incorporated.) [HKLM] -- {DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} O42 - Logiciel: Adobe Color EU Extra Settings - (.Adobe Systems Incorporated.) [HKLM] -- {51846830-E7B2-4218-8968-B77F0FF475B8} O42 - Logiciel: Adobe Color EU Recommended Settings - (.Adobe Systems Incorporated.) [HKLM] -- {BD087F50-46B2-43E4-BD73-5DB3DC20B47C} O42 - Logiciel: Adobe Color JA Extra Settings - (.Adobe Systems Incorporated.) [HKLM] -- {D92B72E2-C854-4738-8ED6-4C3661CC17AE} O42 - Logiciel: Adobe Color NA Extra Settings - (.Adobe Systems Incorporated.) [HKLM] -- {6179A7D2-A668-4F1D-BC9A-DCC6A10C7871} O42 - Logiciel: Adobe Color NA Recommended Settings - (.Adobe Systems Incorporated.) [HKLM] -- {95655ED4-7CA5-46DF-907F-7144877A32E5} O42 - Logiciel: Adobe Community Help - (.Adobe Systems Incorporated..) [HKLM] -- chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 O42 - Logiciel: Adobe Community Help - (.Adobe Systems Incorporated..) [HKLM] -- {3521BDBD-D453-5D9F-AA55-44B75D214629} O42 - Logiciel: Adobe Default Language CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {B9B35331-B7E4-4E5C-BF4C-7BC87856124D} O42 - Logiciel: Adobe Device Central CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {8D2BA474-F406-4710-9AE4-D4F22D21F0DD} =>.Adobe Systems Incorporated O42 - Logiciel: Adobe Dreamweaver CS5.5 - (.Adobe Systems Incorporated.) [HKLM] -- {0215A652-E081-4B09-9333-DC85AAB67FFA} O42 - Logiciel: Adobe ExtendScript Toolkit 2 - (.Adobe Systems Incorporated.) [HKLM] -- {C2D69781-F392-4118-A5A7-C7E9C38DBFC2} =>.Adobe Systems Incorporated O42 - Logiciel: Adobe Flash Player 17 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Flash Player 17 NPAPI - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player NPAPI O42 - Logiciel: Adobe Flash Professional CS5.5 - (.Adobe Systems Incorporated.) [HKLM] -- {23E445D5-FD83-4C50-A211-EB26A2975317} O42 - Logiciel: Adobe Fonts All - (.Adobe Systems Incorporated.) [HKLM] -- {6ABE0BEE-D572-4FE8-B434-9E72A289431B} O42 - Logiciel: Adobe Help Viewer CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {7ACFB90E-8FD0-4397-AD3A-5195412623A3} O42 - Logiciel: Adobe InDesign CS3 - (.Adobe Systems Incorporated.) [HKLM] -- Adobe_dfa8fc0c7031e22ee645d3d042b75ba =>.Adobe Systems Incorporated O42 - Logiciel: Adobe InDesign CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {C6C372C8-8612-45C8-A7EF-1FDED1769A6E} =>.Adobe Systems Incorporated O42 - Logiciel: Adobe InDesign CS3 Icon Handler - (.Adobe Systems Incorporated.) [HKLM] -- {EA7B3CC4-366D-4CF6-8350-FD7A7034116E} =>.Adobe Systems Incorporated O42 - Logiciel: Adobe Linguistics CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {54793AA1-5001-42F4-ABB6-C364617C6078} O42 - Logiciel: Adobe PDF Library Files - (.Adobe Systems Incorporated.) [HKLM] -- {D2559B88-CC9D-4B48-81BB-F492BAA9C48C} O42 - Logiciel: Adobe Photoshop CS3 - (.Adobe Systems Incorporated.) [HKLM] -- Adobe_2ac78060bc5856b0c1cf873bb919b58 =>.Adobe Systems Incorporated O42 - Logiciel: Adobe Photoshop CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {0046FA01-C5B9-4985-BACB-398DC480FC05} =>.Adobe Systems Incorporated O42 - Logiciel: Adobe Reader X - Português - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1046-7B44-AA0000000001} O42 - Logiciel: Adobe SING CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {3F9B2FD2-1C83-4401-9967-C3636638E958} O42 - Logiciel: Adobe Setup - (.Adobe Systems Incorporated.) [HKLM] -- {847E2F71-5CA8-4459-B59D-0B5CAD73FCEB} O42 - Logiciel: Adobe Setup - (.Adobe Systems Incorporated.) [HKLM] -- {D1BB4446-AE9C-4256-9A7F-4D46604D2462} O42 - Logiciel: Adobe Stock Photos CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {29E5EA97-5F74-4A57-B8B2-D4F169117183} =>.Adobe Systems Incorporated O42 - Logiciel: Adobe Type Support - (.Adobe Systems Incorporated.) [HKLM] -- {8E6808E2-613D-4FCD-81A2-6C8FA8E03312} O42 - Logiciel: Adobe Update Manager CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {E69AE897-9E0B-485C-8552-7841F48D42D8} O42 - Logiciel: Adobe Version Cue CS3 Client - (.Adobe Systems Incorporated.) [HKLM] -- {D0DFF92A-492E-4C40-B862-A74A173C25C5} =>.Adobe Systems Incorporated O42 - Logiciel: Adobe Widget Browser - (.Adobe Systems Incorporated..) [HKLM] -- com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1 O42 - Logiciel: Adobe Widget Browser - (.Adobe Systems Incorporated..) [HKLM] -- {BDE646E8-86E0-50E1-37BC-0AEBB2185D76} O42 - Logiciel: Adobe WinSoft Linguistics Plugin - (.Adobe Systems Incorporated.) [HKLM] -- {184CE391-7E0E-4C63-9935-D7A10EDFD3C6} O42 - Logiciel: Adobe XMP Panels CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {802771A9-A856-4A41-ACF7-1450E523C923} O42 - Logiciel: Ashampoo Burning Studio 14 v.14.0.4 - (.Ashampoo GmbH & Co. KG.) [HKLM] -- {91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1 O42 - Logiciel: AutoCAD 2008 - English - (.Autodesk.) [HKLM] -- AutoCAD 2008 - English O42 - Logiciel: Autodesk DWF Viewer 7 - (.Autodesk, Inc..) [HKLM] -- {9A346205-EA92-4406-B1AB-50379DA3F057} O42 - Logiciel: BDE eXpress for Vista - (...) [HKLM] -- BDE eXpress for Vista O42 - Logiciel: Battle.net - (.Blizzard Entertainment.) [HKLM] -- Battle.net O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner O42 - Logiciel: Castle Crashers - (.The Behemoth.) [HKLM] -- Steam App 204360 O42 - Logiciel: CorelDRAW Graphics SUite X4 - ICA - (.Corel Corporation.) [HKLM] -- {7F05E704-30A6-421A-97A7-8EEB1C7FF010} O42 - Logiciel: CorelDRAW Graphics Suite X4 - (.Corel Corporation.) [HKLM] -- {44A27085-0616-4181-A0C3-81C7ECA17F73} O42 - Logiciel: CorelDRAW Graphics Suite X4 - Capture - (.Corel Corporation.) [HKLM] -- {7F05E704-30A6-421A-97A7-8EEB1C7FF012} O42 - Logiciel: CorelDRAW Graphics Suite X4 - Content - (.Corel Corporation.) [HKLM] -- {7F05E704-30A6-421A-97A7-8EEB1C7FF016} O42 - Logiciel: CorelDRAW Graphics Suite X4 - Draw - (.Corel Corporation.) [HKLM] -- {7F05E704-30A6-421A-97A7-8EEB1C7FF013} O42 - Logiciel: CorelDRAW Graphics Suite X4 - Filters - (.Corel Corporation.) [HKLM] -- {7F05E704-30A6-421A-97A7-8EEB1C7FF017} O42 - Logiciel: CorelDRAW Graphics Suite X4 - FontNav - (.Corel Corporation.) [HKLM] -- {7F05E704-30A6-421A-97A7-8EEB1C7FF019} O42 - Logiciel: CorelDRAW Graphics Suite X4 - IPM - (.Corel Corporation.) [HKLM] -- {9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A} O42 - Logiciel: CorelDRAW Graphics Suite X4 - Lang BR - (.Corel Corporation.) [HKLM] -- {1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF} O42 - Logiciel: CorelDRAW Graphics Suite X4 - PP - (.Corel Corporation.) [HKLM] -- {7F05E704-30A6-421A-97A7-8EEB1C7FF014} O42 - Logiciel: CorelDRAW Graphics Suite X4 - VBA - (.Corel Corporation.) [HKLM] -- {BF439B41-0252-48DE-8B8B-0430CB26A181} O42 - Logiciel: CorelDRAW® Graphics Suite X4 - (.Corel Corporation.) [HKLM] -- _{7F05E704-30A6-421A-97A7-8EEB1C7FF010} O42 - Logiciel: CorelDRAW® Graphics Suite X4 - Windows Shell Extension - (.Corel Corporation.) [HKLM] -- _{CE2DA11A-917F-4CF5-AB55-755EC115DD10} O42 - Logiciel: CorelDRAW® Graphics Suite X4 - Windows Shell Extension - (.Corel Corporation.) [HKLM] -- {CE2DA11A-917F-4CF5-AB55-755EC115DD10} O42 - Logiciel: FileZilla Client 3.10.2 - (.Tim Kosse.) [HKLM] -- FileZilla Client O42 - Logiciel: GBBD Caixa Economica Federal - (...) [HKLM] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1 O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} O42 - Logiciel: Hearthstone - (.Blizzard Entertainment.) [HKLM] -- Hearthstone O42 - Logiciel: Java 8 Update 40 - (.Oracle Corporation.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83218040F0} O42 - Logiciel: Last Inua - (.Glowforth.) [HKLM] -- Steam App 331980 O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} O42 - Logiciel: Microsoft Windows Media Video 9 VCM - (...) [HKLM] -- WMV9_VCM O42 - Logiciel: Microsoft XNA Framework Redistributable 3.0 - (.Microsoft Corporation.) [HKLM] -- {3898934B-05AE-41CD-96BE-70DA9BFBCE1F} O42 - Logiciel: Microsoft XNA Framework Redistributable 3.1 - (.Microsoft Corporation.) [HKLM] -- {19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20} O42 - Logiciel: Microsoft XNA Framework Redistributable 4.0 Refresh - (.Microsoft Corporation.) [HKLM] -- {D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F} O42 - Logiciel: Mozilla Firefox 36.0.1 (x86 pt-BR) - (.Mozilla.) [HKLM] -- Mozilla Firefox 36.0.1 (x86 pt-BR) O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] -- MozillaMaintenanceService O42 - Logiciel: PDF Settings - (.Adobe Systems Incorporated.) [HKLM] -- {AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} O42 - Logiciel: PDF Settings CS5 - (.Adobe Systems Incorporated.) [HKLM] -- {A78FE97A-C0C8-49CE-89D0-EDD524A17392} O42 - Logiciel: Skype Click to Call - (.Microsoft Corporation.) [HKLM] -- {6D1221A9-17BF-4EC0-81F2-27D30EC30701} O42 - Logiciel: Skype™ 7.4 - (.Skype Technologies S.A..) [HKLM] -- {24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7} O42 - Logiciel: Songr - (.Xamasoft.) [HKCU] -- Songr O42 - Logiciel: SpeedRunners - (.DoubleDutch Games.) [HKLM] -- Steam App 207140 O42 - Logiciel: Steam - (.Valve Corporation.) [HKLM] -- Steam O42 - Logiciel: Sublime Text 2.0.2 - (...) [HKLM] -- Sublime Text 2_is1 O42 - Logiciel: Super Hexagon - (.Terry Cavanagh.) [HKLM] -- Steam App 221640 O42 - Logiciel: Vivaldi - (.Vivaldi.) [HKLM] -- Vivaldi O42 - Logiciel: WYD XTS TzFah versão TzFah 755 - (.XTS, Inc..) [HKLM] -- {8BC628BC-3FE6-4AEC-AB7A-8164E111422D}_is1 O42 - Logiciel: WYD XTS versão 7.54 - (.wyd xts, Inc..) [HKLM] -- {0BC405D9-57F7-4734-9D54-125CEBA034C4}_is1 O42 - Logiciel: WYD XTS versão 755 - (.WYD XTS , Inc..) [HKLM] -- {0027F05B-36EC-4E67-899F-C2B286DA1366}_is1 O42 - Logiciel: Warsaw 1.5.1.8886 32 bits - (.GAS Tecnologia.) [HKLM] -- {20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1 O42 - Logiciel: WinRAR 4.20 (32-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU] -- uTorrent =>P2P.BitTorrent ~ Logic: 43 Scanned in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Adobe] [HKCU\Software\AppDataLow\Software\JavaSoft] [HKCU\Software\AppDataLow] [HKCU\Software\Ashampoo] [HKCU\Software\AutoHelpDesk] [HKCU\Software\Autodesk] [HKCU\Software\BitTorrent] =>P2P.BitTorrent [HKCU\Software\Blizzard Entertainment] [HKCU\Software\Borland] [HKCU\Software\Cheat Engine] [HKCU\Software\Chromium] [HKCU\Software\Classes] [HKCU\Software\Clients] [HKCU\Software\Corel] [HKCU\Software\Dr. Regener] [HKCU\Software\Enterbrain] [HKCU\Software\GbAs] [HKCU\Software\GbPlugin] [HKCU\Software\GetPrivate] [HKCU\Software\Glowforth] [HKCU\Software\Google] [HKCU\Software\IM Providers] [HKCU\Software\Macromedia] [HKCU\Software\MozillaPlugins] [HKCU\Software\Mozilla] [HKCU\Software\Netscape] [HKCU\Software\ODBC] [HKCU\Software\Piriform] [HKCU\Software\Policies] [HKCU\Software\RegisteredApplications] [HKCU\Software\SkillBrains] =>PUP.SkillBrains [HKCU\Software\Skype] [HKCU\Software\SourceForge] [HKCU\Software\South East Games] [HKCU\Software\Trend Micro] [HKCU\Software\Unity] [HKCU\Software\Valve] [HKCU\Software\Vivaldi] [HKCU\Software\WinRAR SFX] [HKCU\Software\WinRAR] [HKCU\Software\antiufo] [HKLM\Software\ATI Technologies] [HKLM\Software\Adobe] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Ashampoo] [HKLM\Software\Autodesk] [HKLM\Software\Blizzard Entertainment] [HKLM\Software\Borland] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\Corel] [HKLM\Software\Description] [HKLM\Software\EPSON] [HKLM\Software\Faronics] [HKLM\Software\FileZilla 3] [HKLM\Software\GetPrivate] [HKLM\Software\Google] [HKLM\Software\IM Providers] [HKLM\Software\Intel] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\Kodak] [HKLM\Software\Macromedia] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\ODBC] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Protexis] [HKLM\Software\RegisteredApplications] [HKLM\Software\Skillbrains] =>PUP.SkillBrains [HKLM\Software\Skype] [HKLM\Software\Sonic] [HKLM\Software\SteelSeries] [HKLM\Software\TeamViewer] [HKLM\Software\TrendMicro] [HKLM\Software\Valve] [HKLM\Software\WinRAR] [HKLM\Software\mozilla.org] ~ Key Software: 226 Scanned in 00mn 00s ---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 17/09/2014 - 14:31:47 - [] ----D C:\Program Files\Adobe O43 - CFD: 31/12/2007 - 23:34:12 - [] -SH-D C:\Program Files\Arquivos Comuns O43 - CFD: 24/02/2015 - 17:10:11 - [] ----D C:\Program Files\Ashampoo O43 - CFD: 17/09/2014 - 13:59:52 - [] ----D C:\Program Files\AutoCAD 2008 O43 - CFD: 17/09/2014 - 13:56:51 - [] ----D C:\Program Files\Autodesk O43 - CFD: 08/01/2015 - 13:38:45 - [] ----D C:\Program Files\Bonjour O43 - CFD: 08/01/2015 - 13:41:03 - [] ----D C:\Program Files\CCleaner O43 - CFD: 31/12/2007 - 23:39:06 - [] ----D C:\Program Files\Cleaner O43 - CFD: 24/04/2015 - 10:25:42 - [] ----D C:\Program Files\Common Files O43 - CFD: 17/09/2014 - 14:20:05 - [] ----D C:\Program Files\Corel O43 - CFD: 08/04/2015 - 08:23:00 - [] ----D C:\Program Files\Diebold O43 - CFD: 17/09/2014 - 13:51:22 - [] ----D C:\Program Files\Dr. Regener O43 - CFD: 29/07/2009 - 15:45:54 - [] ----D C:\Program Files\DVD Maker O43 - CFD: 23/02/2015 - 12:43:58 - [0] ----D C:\Program Files\epson O43 - CFD: 17/03/2015 - 18:39:17 - [] ----D C:\Program Files\FileZilla FTP Client O43 - CFD: 08/04/2015 - 08:23:00 - [] --H-D C:\Program Files\GAS Tecnologia O43 - CFD: 11/04/2015 - 07:48:24 - [] ---AD C:\Program Files\GbPlugin O43 - CFD: 23/02/2015 - 12:37:22 - [] ----D C:\Program Files\Google O43 - CFD: 25/03/2015 - 17:41:27 - [] ----D C:\Program Files\Hearthstone O43 - CFD: 30/01/2015 - 12:59:04 - [] ----D C:\Program Files\InstallShield Installation Information O43 - CFD: 29/07/2009 - 15:45:54 - [] ----D C:\Program Files\Internet Explorer O43 - CFD: 25/03/2015 - 19:18:44 - [] ----D C:\Program Files\Java O43 - CFD: 17/09/2014 - 13:52:05 - [] ----D C:\Program Files\Metodologia ADVANCE O43 - CFD: 14/07/2009 - 04:50:24 - [] ----D C:\Program Files\Microsoft Games O43 - CFD: 17/09/2014 - 14:39:30 - [] ----D C:\Program Files\Microsoft Office O43 - CFD: 27/01/2015 - 15:45:33 - [] ----D C:\Program Files\Microsoft Silverlight O43 - CFD: 31/12/2007 - 23:38:13 - [] ----D C:\Program Files\Microsoft SQL Server O43 - CFD: 17/09/2014 - 14:39:28 - [] ----D C:\Program Files\Microsoft Visual Studio O43 - CFD: 17/09/2014 - 14:38:26 - [] ----D C:\Program Files\Microsoft Visual Studio 8 O43 - CFD: 17/09/2014 - 14:39:34 - [] ----D C:\Program Files\Microsoft Works O43 - CFD: 07/01/2015 - 12:25:10 - [] ----D C:\Program Files\Microsoft XNA O43 - CFD: 06/01/2015 - 18:01:49 - [] ----D C:\Program Files\Microsoft.NET O43 - CFD: 08/04/2015 - 08:51:35 - [] ----D C:\Program Files\Mozilla Firefox O43 - CFD: 31/03/2015 - 07:42:11 - [] ----D C:\Program Files\Mozilla Maintenance Service O43 - CFD: 17/09/2014 - 14:39:32 - [] ----D C:\Program Files\MSBuild O43 - CFD: 09/03/2015 - 09:06:07 - [] ----D C:\Program Files\MSECache O43 - CFD: 14/07/2009 - 01:52:30 - [] ----D C:\Program Files\Reference Assemblies O43 - CFD: 09/04/2015 - 11:20:50 - [] ----D C:\Program Files\Skillbrains =>PUP.SkillBrains O43 - CFD: 24/04/2015 - 10:26:01 - [] R---D C:\Program Files\Skype O43 - CFD: 30/01/2015 - 12:59:04 - [] ----D C:\Program Files\Sony O43 - CFD: 24/04/2015 - 19:24:37 - [] ----D C:\Program Files\Steam O43 - CFD: 17/09/2014 - 14:37:15 - [] ----D C:\Program Files\Sublime Text 2 O43 - CFD: 14/07/2009 - 01:53:23 - [0] --H-D C:\Program Files\Uninstall Information O43 - CFD: 09/03/2015 - 14:38:34 - [] ----D C:\Program Files\Vivaldi O43 - CFD: 29/07/2009 - 15:45:54 - [] ----D C:\Program Files\Windows Defender O43 - CFD: 29/07/2009 - 15:45:54 - [] ----D C:\Program Files\Windows Journal O43 - CFD: 29/07/2009 - 15:45:54 - [] ----D C:\Program Files\Windows Mail =>.Microsoft Corporation O43 - CFD: 29/07/2009 - 15:45:54 - [] ----D C:\Program Files\Windows Media Player =>.Microsoft Corporation O43 - CFD: 31/12/2007 - 23:34:12 - [] ----D C:\Program Files\Windows NT O43 - CFD: 29/07/2009 - 15:45:54 - [] ----D C:\Program Files\Windows Photo Viewer O43 - CFD: 14/07/2009 - 01:52:32 - [] ----D C:\Program Files\Windows Portable Devices O43 - CFD: 29/07/2009 - 15:45:54 - [] ----D C:\Program Files\Windows Sidebar O43 - CFD: 31/12/2007 - 23:35:53 - [] ----D C:\Program Files\WinRAR O43 - CFD: 17/09/2014 - 13:51:44 - [] ----D C:\Program Files\WMV9_VCM O43 - CFD: 24/04/2015 - 12:41:54 - [] ----D C:\Program Files\WYD XTS O43 - CFD: 22/04/2015 - 18:29:12 - [] ----D C:\Program Files\WYD XTS TzFah O43 - CFD: 05/05/2015 - 16:46:03 - [] ----D C:\Program Files\ZHPDiag =>.Nicolas Coolman O43 - CFD: 17/09/2014 - 14:31:47 - [] ----D C:\Program Files\Common Files\Adobe O43 - CFD: 17/09/2014 - 14:23:44 - [] ----D C:\Program Files\Common Files\Adobe AIR O43 - CFD: 17/09/2014 - 14:00:09 - [] ----D C:\Program Files\Common Files\Autodesk Shared O43 - CFD: 05/01/2015 - 15:20:17 - [0] ----D C:\Program Files\Common Files\Blizzard Entertainment O43 - CFD: 31/12/2007 - 23:38:35 - [] ----D C:\Program Files\Common Files\Borland Shared O43 - CFD: 17/09/2014 - 14:04:50 - [] ----D C:\Program Files\Common Files\Control Panels O43 - CFD: 16/03/2015 - 17:17:58 - [] ----D C:\Program Files\Common Files\Corel O43 - CFD: 17/09/2014 - 14:36:31 - [] ----D C:\Program Files\Common Files\Designer O43 - CFD: 23/02/2015 - 12:34:24 - [] ----D C:\Program Files\Common Files\EPSON O43 - CFD: 17/09/2014 - 13:56:57 - [] ----D C:\Program Files\Common Files\InstallShield O43 - CFD: 30/01/2015 - 12:39:41 - [] ----D C:\Program Files\Common Files\Java O43 - CFD: 17/09/2014 - 14:02:18 - [] ----D C:\Program Files\Common Files\Macrovision Shared O43 - CFD: 08/01/2015 - 12:51:50 - [] ----D C:\Program Files\Common Files\microsoft shared O43 - CFD: 16/03/2015 - 17:18:58 - [] ----D C:\Program Files\Common Files\Protexis O43 - CFD: 13/07/2009 - 23:37:05 - [] ----D C:\Program Files\Common Files\Services O43 - CFD: 31/12/2007 - 23:34:12 - [] -SH-D C:\Program Files\Common Files\Sistema O43 - CFD: 24/04/2015 - 10:25:42 - [] ----D C:\Program Files\Common Files\Skype O43 - CFD: 13/07/2009 - 23:37:05 - [] ----D C:\Program Files\Common Files\SpeechEngines O43 - CFD: 06/01/2015 - 15:20:17 - [] ----D C:\Program Files\Common Files\Steam O43 - CFD: 17/09/2014 - 14:38:12 - [] ----D C:\Program Files\Common Files\System O43 - CFD: 18/02/2015 - 10:02:53 - [] ----D C:\Program Files\Common Files\Windows Live O43 - CFD: 12/03/2015 - 08:06:06 - [] ----D C:\ProgramData\Adobe O43 - CFD: 08/01/2015 - 16:07:15 - [] ----D C:\ProgramData\APN O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Application Data O43 - CFD: 24/02/2015 - 17:10:45 - [] ----D C:\ProgramData\Ashampoo O43 - CFD: 10/01/2015 - 09:21:44 - [] ----D C:\ProgramData\Autodesk O43 - CFD: 05/01/2015 - 15:15:45 - [] ----D C:\ProgramData\Battle.net O43 - CFD: 05/01/2015 - 15:17:46 - [] ----D C:\ProgramData\Blizzard Entertainment O43 - CFD: 16/03/2015 - 17:18:58 - [] ----D C:\ProgramData\Corel O43 - CFD: 31/12/2007 - 23:34:11 - [] -SH-D C:\ProgramData\Dados de aplicativos O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Desktop O43 - CFD: 31/12/2007 - 23:34:11 - [] -SH-D C:\ProgramData\Documentos O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Documents O43 - CFD: 23/02/2015 - 12:42:33 - [] ----D C:\ProgramData\EPSON O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Favorites O43 - CFD: 31/12/2007 - 23:34:11 - [] -SH-D C:\ProgramData\Favoritos O43 - CFD: 05/05/2015 - 14:31:24 - [] ----D C:\ProgramData\GbPlugin O43 - CFD: 31/12/2007 - 23:34:12 - [] -SH-D C:\ProgramData\Menu Iniciar O43 - CFD: 23/02/2015 - 12:34:58 - [] -S--D C:\ProgramData\Microsoft O43 - CFD: 14/03/2015 - 16:50:30 - [] ----D C:\ProgramData\Microsoft Help O43 - CFD: 31/12/2007 - 23:34:12 - [] -SH-D C:\ProgramData\Modelos O43 - CFD: 26/01/2015 - 15:14:23 - [] ----D C:\ProgramData\Mozilla O43 - CFD: 25/03/2015 - 19:18:49 - [] ----D C:\ProgramData\Oracle O43 - CFD: 08/01/2015 - 12:52:46 - [] ----D C:\ProgramData\Package Cache O43 - CFD: 21/03/2015 - 09:38:49 - [] ----D C:\ProgramData\regid.1986-12.com.adobe O43 - CFD: 24/04/2015 - 10:25:40 - [] ----D C:\ProgramData\Skype O43 - CFD: 30/01/2015 - 12:59:04 - [] ----D C:\ProgramData\Sony O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Start Menu O43 - CFD: 23/02/2015 - 12:34:58 - [] ----D C:\ProgramData\SteelSeries O43 - CFD: 30/01/2015 - 12:39:42 - [] ----D C:\ProgramData\Sun O43 - CFD: 08/04/2015 - 10:51:18 - [] ----D C:\ProgramData\Temp O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Templates O43 - CFD: 31/12/2007 - 23:31:18 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 31/12/2007 - 23:31:24 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 17/09/2014 - 14:43:56 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe O43 - CFD: 03/02/2015 - 07:44:33 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio O43 - CFD: 24/02/2015 - 17:10:44 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo O43 - CFD: 17/09/2014 - 13:59:44 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk O43 - CFD: 17/09/2014 - 13:51:23 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BDE eXpress for Vista O43 - CFD: 08/01/2015 - 13:41:02 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner O43 - CFD: 23/02/2015 - 12:43:02 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON O43 - CFD: 17/03/2015 - 18:39:15 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client O43 - CFD: 31/12/2007 - 23:31:19 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games O43 - CFD: 23/02/2015 - 12:37:23 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome O43 - CFD: 25/03/2015 - 19:19:04 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java O43 - CFD: 14/07/2009 - 01:42:30 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 17/09/2014 - 13:52:05 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metodologia ADVANCE O43 - CFD: 23/02/2015 - 11:38:21 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office O43 - CFD: 27/01/2015 - 15:45:36 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight O43 - CFD: 25/03/2015 - 19:19:42 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCGEN O43 - CFD: 24/04/2015 - 10:25:42 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype O43 - CFD: 11/04/2015 - 17:52:36 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup O43 - CFD: 23/02/2015 - 12:34:58 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries O43 - CFD: 16/03/2015 - 17:18:29 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite de Aplicativos Gráficos CorelDRAW X4 O43 - CFD: 14/07/2009 - 04:48:45 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC O43 - CFD: 09/03/2015 - 14:38:32 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vivaldi O43 - CFD: 31/12/2007 - 23:35:53 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR O43 - CFD: 31/01/2015 - 17:11:59 - [0] ----D C:\Users\Atitude\AppData\Roaming\.minecraft O43 - CFD: 11/03/2015 - 15:48:36 - [] ----D C:\Users\Atitude\AppData\Roaming\Adobe O43 - CFD: 24/02/2015 - 17:11:34 - [] ----D C:\Users\Atitude\AppData\Roaming\Ashampoo O43 - CFD: 10/01/2015 - 09:21:44 - [] ----D C:\Users\Atitude\AppData\Roaming\Autodesk O43 - CFD: 05/01/2015 - 15:18:55 - [] ----D C:\Users\Atitude\AppData\Roaming\Battle.net O43 - CFD: 16/03/2015 - 17:50:40 - [] ----D C:\Users\Atitude\AppData\Roaming\Corel O43 - CFD: 16/01/2015 - 13:43:46 - [] ----D C:\Users\Atitude\AppData\Roaming\Dropbox O43 - CFD: 07/04/2015 - 14:08:45 - [] ----D C:\Users\Atitude\AppData\Roaming\FileZilla O43 - CFD: 31/12/2007 - 23:34:36 - [] ----D C:\Users\Atitude\AppData\Roaming\Identities O43 - CFD: 17/09/2014 - 14:22:44 - [] ----D C:\Users\Atitude\AppData\Roaming\Macromedia O43 - CFD: 14/07/2009 - 04:48:45 - [0] ----D C:\Users\Atitude\AppData\Roaming\Media Center Programs O43 - CFD: 05/05/2015 - 13:22:34 - [] -S--D C:\Users\Atitude\AppData\Roaming\Microsoft O43 - CFD: 26/01/2015 - 15:14:34 - [] ----D C:\Users\Atitude\AppData\Roaming\Mozilla O43 - CFD: 24/04/2015 - 19:02:24 - [] ----D C:\Users\Atitude\AppData\Roaming\Skype O43 - CFD: 13/02/2015 - 08:07:50 - [] ----D C:\Users\Atitude\AppData\Roaming\TeamViewer O43 - CFD: 08/01/2015 - 19:56:16 - [] ----D C:\Users\Atitude\AppData\Roaming\To the Moon - Freebird Games O43 - CFD: 24/02/2015 - 14:46:50 - [] ----D C:\Users\Atitude\AppData\Roaming\uTorrent =>P2P.µTorrent O43 - CFD: 31/12/2007 - 23:35:57 - [] ----D C:\Users\Atitude\AppData\Roaming\WinRAR O43 - CFD: 05/05/2015 - 16:47:29 - [] ----D C:\Users\Atitude\AppData\Roaming\ZHP =>.Nicolas Coolman O43 - CFD: 09/04/2015 - 08:04:55 - [] ----D C:\Users\Atitude\AppData\Local\Adobe O43 - CFD: 30/01/2015 - 14:00:25 - [0] ----D C:\Users\Atitude\AppData\Local\Android O43 - CFD: 21/02/2015 - 11:10:52 - [] ----D C:\Users\Atitude\AppData\Local\Apps O43 - CFD: 24/02/2015 - 17:11:36 - [] ----D C:\Users\Atitude\AppData\Local\ashampoo O43 - CFD: 17/09/2014 - 13:57:18 - [] ----D C:\Users\Atitude\AppData\Local\Autodesk O43 - CFD: 26/03/2015 - 20:32:27 - [] ----D C:\Users\Atitude\AppData\Local\Battle.net O43 - CFD: 05/01/2015 - 15:34:34 - [] ----D C:\Users\Atitude\AppData\Local\Blizzard O43 - CFD: 05/01/2015 - 15:18:14 - [] ----D C:\Users\Atitude\AppData\Local\Blizzard Entertainment O43 - CFD: 24/04/2015 - 19:34:39 - [0] ----D C:\Users\Atitude\AppData\Local\CrashDumps O43 - CFD: 31/12/2007 - 23:34:25 - [] -SH-D C:\Users\Atitude\AppData\Local\Dados de aplicativos O43 - CFD: 23/02/2015 - 13:30:29 - [0] ----D C:\Users\Atitude\AppData\Local\Deployment O43 - CFD: 08/04/2015 - 08:48:30 - [] ----D C:\Users\Atitude\AppData\Local\GAS Tecnologia O43 - CFD: 31/12/2007 - 23:39:25 - [] ----D C:\Users\Atitude\AppData\Local\Google O43 - CFD: 31/12/2007 - 23:34:25 - [] -SH-D C:\Users\Atitude\AppData\Local\Histórico O43 - CFD: 07/01/2015 - 12:25:31 - [] ----D C:\Users\Atitude\AppData\Local\IsolatedStorage O43 - CFD: 26/01/2015 - 15:15:17 - [] ----D C:\Users\Atitude\AppData\Local\Macromedia O43 - CFD: 08/04/2015 - 13:07:01 - [] ----D C:\Users\Atitude\AppData\Local\Microsoft O43 - CFD: 17/09/2014 - 14:38:02 - [0] ----D C:\Users\Atitude\AppData\Local\Microsoft Help O43 - CFD: 26/01/2015 - 15:14:34 - [] ----D C:\Users\Atitude\AppData\Local\Mozilla O43 - CFD: 25/03/2015 - 19:23:23 - [] ----D C:\Users\Atitude\AppData\Local\PCGen O43 - CFD: 09/01/2015 - 16:31:26 - [] ----D C:\Users\Atitude\AppData\Local\Programs O43 - CFD: 24/04/2015 - 10:25:51 - [] ----D C:\Users\Atitude\AppData\Local\Skype O43 - CFD: 22/04/2015 - 11:50:34 - [] ----D C:\Users\Atitude\AppData\Local\Songr O43 - CFD: 02/03/2015 - 16:39:44 - [] ----D C:\Users\Atitude\AppData\Local\Steam O43 - CFD: 21/02/2015 - 14:40:27 - [] ----D C:\Users\Atitude\AppData\Local\SteelSeries Engine 3 Client O43 - CFD: 05/05/2015 - 16:47:27 - [] ----D C:\Users\Atitude\AppData\Local\Temp O43 - CFD: 31/12/2007 - 23:34:25 - [] -SH-D C:\Users\Atitude\AppData\Local\Temporary Internet Files O43 - CFD: 31/12/2007 - 23:34:26 - [0] ----D C:\Users\Atitude\AppData\Local\VirtualStore O43 - CFD: 09/03/2015 - 14:40:02 - [] ----D C:\Users\Atitude\AppData\Local\Vivaldi O43 - CFD: 14/07/2009 - 01:42:04 - [] R---D C:\Users\Atitude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 31/12/2007 - 23:34:43 - [] R---D C:\Users\Atitude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 05/05/2015 - 13:22:34 - [] ----D C:\Users\Atitude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis O43 - CFD: 14/07/2009 - 01:37:42 - [] R---D C:\Users\Atitude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 17/09/2014 - 14:44:49 - [] ----D C:\Users\Atitude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Metodologia ADVANCE O43 - CFD: 25/03/2015 - 19:23:21 - [0] ----D C:\Users\Atitude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PCGen O43 - CFD: 23/02/2015 - 10:11:39 - [] ----D C:\Users\Atitude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony O43 - CFD: 24/04/2015 - 19:34:59 - [] R---D C:\Users\Atitude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup O43 - CFD: 31/12/2007 - 23:35:53 - [] ----D C:\Users\Atitude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR O43 - CFD: 17/09/2014 - 13:51:44 - [] ----D C:\Users\Atitude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WMV9 VCM ~ Program Folder: 192 Scanned in 00mn 00s ---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044) O44 - LFC:[MD5.F80C89F2ADD9802CC814FA8A601CA070] - 05/05/2015 - 13:15:22 ---A- . (...) -- C:\Windows\MEMORY.DMP [280043493] O44 - LFC:[MD5.A981067EB50AA082D51BF517391911F0] - 05/05/2015 - 13:15:36 ---A- . (...) -- C:\Windows\System32\FNTCACHE.DAT [1837720] O44 - LFC:[MD5.0F73F14E29F39B5EBAA9B39062B85EC5] - 05/05/2015 - 13:15:42 ---A- . (...) -- C:\Windows\setupact.log [9818] O44 - LFC:[MD5.EAE5260FAC8F77C47B95AC0AB1623D2C] - 05/05/2015 - 13:18:41 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1636995] O44 - LFC:[MD5.C18D88E2B72F7674B519C282CBCF2DB2] - 05/05/2015 - 13:20:23 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [1633534] O44 - LFC:[MD5.EBB6599DBD504B0A0C0D04D1ED42A505] - 05/05/2015 - 13:20:23 ---A- . (...) -- C:\Windows\System32\perfc009.dat [121398] O44 - LFC:[MD5.9C86CAC37984D5079CEE025D920365B8] - 05/05/2015 - 13:20:23 ---A- . (...) -- C:\Windows\System32\perfh009.dat [653526] O44 - LFC:[MD5.2756258E6767BAC792C60BA064323919] - 05/05/2015 - 13:20:23 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [146910] O44 - LFC:[MD5.48BEA645C4AEFD4B335E76CF16C993F0] - 05/05/2015 - 13:20:23 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [705070] O44 - LFC:[MD5.7E0A5F01FC4E096596C2853A6BDF3C66] - 23/04/2015 - 21:07:16 ---A- . (...) -- C:\Windows\PFRO.log [2960] ~ Files: 10 Scanned in 00mn 05s ---\\ Operações e funções ao arranque do Windows Explorer (046) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Negação do serviço (Local Security Authority) (048) O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\Windows\System32\scecli.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pacote de Segurança Kerberos.) -- C:\Windows\System32\kerberos.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll ~ LSA: 8 Scanned in 00mn 00s ---\\ Controlo do Modo de Segurança (CSB) (49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys ~ CSB: 13 Scanned in 00mn 00s ---\\ Chave do registo Shell MountPoints2 (MPSK) (O51) O51 - MPSK:{2de736fd-a08a-11e4-b19e-00e052f08ebf}\AutoRun\command. (...) -- E:\Startme.exe (.not file.) O51 - MPSK:{46ad18bb-b811-11dc-bcbe-806e6f6e6963}\AutoRun\command. (...) -- D:\setup.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52) O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\Windows\System32\iccvid.dll O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm ~ TDSD: 3 Scanned in 00mn 00s ---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe O53 - SMSR:HKLM\...\startupreg\AdobeAAMUpdater-1.0 [Key] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated O53 - SMSR:HKLM\...\startupreg\AdobeCS5.5ServiceManager [Key] . (.Adobe Systems Incorporated - Adobe CS5.5 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe O53 - SMSR:HKLM\...\startupreg\CCleaner Monitoring [Key] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd O53 - SMSR:HKLM\...\startupreg\Diebold - Warsaw [Key] . (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) -- C:\Program Files\Diebold\Warsaw\core.exe O53 - SMSR:HKLM\...\startupreg\GrooveMonitor [Key] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe O53 - SMSR:HKLM\...\startupreg\Skype [Key] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O53 - SMSR:HKLM\...\startupreg\Steam [Key] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files\Steam\steam.exe O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched [Key] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O53 - SMSR:HKLM\...\startupreg\SwitchBoard [Key] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe ~ SMSR Keys: 11 Scanned in 00mn 00s ---\\ Enumeração das chaves do registo SecurityProviders (MCSP) (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll ~ MSCP: 2 Scanned in 00mn 00s ---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0 O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3 O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0 O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0 O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKCU\...\Policies\System] - "DisableTaskMgr"=0 ~ MWPS: 17 Scanned in 00mn 00s ---\\ Lista dos drivers do sistema (SDL) (O58) O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976] O58 - SDL:13/07/2009 - 22:26:17 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\Drivers\adpahci.sys [297552] O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\System32\Drivers\adpu320.sys [146512] O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\Drivers\aliide.sys [14400] O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\Drivers\amdsata.sys [79952] O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\System32\Drivers\amdsbs.sys [159312] O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\Drivers\amdxata.sys [23616] O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\Drivers\arc.sys [76368] O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\Drivers\arcsas.sys [86608] O58 - SDL:13/07/2009 - 19:02:49 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\System32\Drivers\b57nd60x.sys [229888] O58 - SDL:13/07/2009 - 19:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltLo.sys [13568] O58 - SDL:13/07/2009 - 19:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltUp.sys [5248] O58 - SDL:13/07/2009 - 21:57:25 ---A- . (.Brother Industries Ltd. - Brother Serial I/F Driver (WDM).) -- C:\Windows\System32\Drivers\BrSerId.sys [272128] O58 - SDL:13/07/2009 - 19:53:32 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\Drivers\BrSerWdm.sys [62336] O58 - SDL:13/07/2009 - 19:53:33 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\Drivers\BrUsbMdm.sys [12160] O58 - SDL:13/07/2009 - 19:53:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\Drivers\BrUsbSer.sys [11904] O58 - SDL:13/07/2009 - 19:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\Drivers\bxvbdx.sys [430080] O58 - SDL:13/07/2009 - 22:26:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\cmdide.sys [15952] O58 - SDL:08/02/2010 - 08:08:12 ---A- . (.Faronics Corporation - Deep Freeze 6.62 driver.) -- C:\Windows\System32\Drivers\DeepFrz.sys [152984] O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\System32\Drivers\djsvs.sys [70720] O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712] O58 - SDL:13/07/2009 - 19:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\Drivers\evbdx.sys [3100160] O58 - SDL:03/11/2014 - 02:47:40 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [46552] O58 - SDL:09/01/2015 - 16:31:56 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400] O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624] O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\System32\Drivers\HpSAMD.sys [67152] O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\Drivers\iaStorV.sys [332352] O58 - SDL:10/06/2009 - 18:19:30 ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\Drivers\igdkmd32.sys [4756480] O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\Drivers\iirsp.sys [41040] O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_fc.sys [95824] O58 - SDL:13/07/2009 - 22:20:37 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas.sys [89168] O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas2.sys [54864] O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_scsi.sys [96848] O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\Windows\System32\Drivers\megasas.sys [30800] O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\Drivers\MegaSR.sys [235584] O58 - SDL:13/07/2009 - 22:20:44 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\Drivers\nfrd960.sys [44624] O58 - SDL:13/07/2009 - 22:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce RAID Driver.) -- C:\Windows\System32\Drivers\nvraid.sys [117312] O58 - SDL:13/07/2009 - 22:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\System32\Drivers\nvstor.sys [142416] O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\Drivers\ql2300.sys [1383488] O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\Drivers\ql40xx.sys [106064] O58 - SDL:13/07/2009 - 19:02:52 ---A- . (.Realtek Corporation - Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver.) -- C:\Windows\System32\Drivers\Rt86win7.sys [139776] O58 - SDL:13/07/2009 - 19:02:52 ---A- . (.Realtek Semiconductor Corporation - Realtek 10/100 NDIS 5.1 Driver.) -- C:\Windows\System32\Drivers\Rtnicxp.sys [43008] O58 - SDL:13/07/2009 - 17:50:20 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\System32\Drivers\secdrv.sys [20480] O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid2.sys [40016] O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid4.sys [77888] O58 - SDL:02/01/2015 - 18:50:36 ---A- . (.SteelSeries ApS - SteelSeries Device Factory Driver.) -- C:\Windows\System32\Drivers\ssdevfactory.sys [13312] O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072] O58 - SDL:08/02/2010 - 08:08:18 ---A- . (.Faronics Corporation - Deep Freeze 6.62 driver.) -- C:\Windows\System32\Drivers\ThwSpace.sys [75800] O58 - SDL:13/07/2009 - 22:19:10 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\viaide.sys [16976] O58 - SDL:13/07/2009 - 22:19:11 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\Drivers\vsmraid.sys [141904] O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097] O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768] O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809] O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537] O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866] O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146] O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370] O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274] O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146] O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952] O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672] O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776] O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536] O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672] O58 - SDL:13/02/2015 - 15:47:22 ---A- . (.Basil's Projects - WinDivert network packet capture and (re)injection driver.) -- C:\Windows\System32\WinDivert32.sys [30936] ~ Drivers: 66 Scanned in 00mn 00s ---\\ Últimos ficheiros alterados ou criados (Utilizador) (061) O61 - LFC: 05/05/2015 - 16:47:41 ---A- . (...) -- C:\Users\Atitude\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin [108235] O61 - LFC: 05/05/2015 - 16:47:41 ---A- . (...) -- C:\Users\Atitude\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [1113849] O61 - LFC: 05/05/2015 - 16:47:42 ---A- . (.Nicolas Coolman.) -- C:\Users\Atitude\Downloads\ZHPDiag2.exe [6880620] =>.Nicolas Coolman O61 - LFC: 05/05/2015 - 16:47:42 R--A- . (.Trend Micro Inc..) -- C:\Users\Atitude\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe [388096] ~ 31 Fichiers temporaires (Temporary files) ~ 2 Fichiers cookies (Cookies files) ~ Files: 4 Scanned in 00mn 01s ---\\ Ficheiros Alternate Data Stream (ADS) (O62) O62 - ADS:Alternate Data Stream File - C:\Windows\System32\:8D6C0637_Bb.gbp O62 - ADS:Alternate Data Stream File - C:\Windows\System32\:8D6C0637_Cef.gbp O62 - ADS:Alternate Data Stream File - C:\Windows\System32\drivers\:GbpKmAp.lst O62 - ADS:Alternate Data Stream File - C:\Windows\System32\Drivers\:GbpKmAp.lst ~ ADS: Scanned in 00mn 00s ---\\ Lista das ferramentas de remoção de vírus (LAT) (063) O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7} ~ ADS: Scanned in 00mn 00s ---\\ Lista dos serviços Legacy du registo (064) O64 - Services: CurCS - 03/11/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM O64 - Services: CurCS - 09/01/2015 - C:\Windows\System32\DRIVERS\gbpndisrdn.sys (ndisrd) .(.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - LEGACY_NDISRD O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV O64 - Services: CurCS - 13/02/2015 - C:\Windows\system32\WinDivert32.sys (WinDivert1.1) .(.Basil's Projects - WinDivert network packet capture and (re)in.) - LEGACY_WINDIVERT1.1 ~ Legacy: 67 Scanned in 00mn 00s ---\\ Associações Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\System32\eventvwr.exe O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <ChromeHTML>[HKLM\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O67 - Shell Spawning: <.js> <jsfile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.scr> <AutoCADScriptFile>[HKCU\..\open\Command] (.Microsoft Corporation - Bloco de notas.) -- C:\Windows\system32\notepad.exe ~ FASS Keys: 12 Scanned in 00mn 00s ---\\ Menu de inicialização Internet (068) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: <Vivaldi> <Vivaldi>[HKLM\..\Shell\open\Command] (.Vivaldi Technologies AS - Vivaldi.) -- C:\Program Files\Vivaldi\Application\vivaldi.exe ~ Keys: Scanned in 00mn 00s ---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {5214AF81-E998-4271-B981-CF98BFA50D98} [DefaultScope] - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Listagem dos serviços iniciados pelo Svchost (SSS) (O83) O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Serviço de Experiência com Aplicativo.) -- C:\Windows\System32\aelupsvc.dll [62464] O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [67584] O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [67584] O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll [168448] O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Cliente da Diretiva de Grupo.) -- C:\Windows\System32\gpsvc.dll [591360] O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\System32\ikeext.dll [667136] O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Serviço de Áudio do Windows.) -- C:\Windows\System32\Audiosrv.dll [473088] O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gerenciador de Discagem Automática de Acesso Remoto.) -- C:\Windows\System32\rasauto.dll [90624] O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\System32\rasmans.dll [285184] O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gerenciador de Interface Dinâmica.) -- C:\Windows\System32\mprdim.dll [75264] O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistema (SENS).) -- C:\Windows\System32\sens.dll [49664] O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\System32\ipnathlp.dll [300544] O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft® Windows.) -- C:\Windows\System32\tapisrv.dll [241664] O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gerenciador de Conexões Remotas do Servidor Host da Sessão da Área de.) -- C:\Windows\System32\termsrv.dll [543232] O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [1933848] O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de plano de fundo.) -- C:\Windows\System32\qmgr.dll [589312] O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\System32\shsvcs.dll [328192] O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 em uma rede IPv4..) -- C:\Windows\System32\iphlpsvc.dll [497152] O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\Windows\system32\seclogon.dll [21504] O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações de Aplicativos.) -- C:\Windows\System32\appinfo.dll [46592] O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Descoberta iSCSI.) -- C:\Windows\System32\iscsiexe.dll [114688] O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Serviço Agendador de Classes de Multimídia.) -- C:\Windows\System32\mmcss.dll [49664] O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\System32\wercplsupport.dll [61440] O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Serviço Microsoft EAPHost.) -- C:\Windows\System32\eapsvc.dll [98304] O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [162816] O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll [743424] O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\Windows\System32\kmsvc.dll [71168] O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração da Área de Trabalho Remota.) -- C:\Windows\System32\sessenv.dll [99328] O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [168960] O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\System32\browser.dll [102400] O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\System32\themeservice.dll [37376] O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Serviço BDE.) -- C:\Windows\System32\bdesvc.dll [76800] O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Serviço de instalação do software.) -- C:\Windows\System32\appmgmts.dll [149504] ~ Services: 33 Scanned in 00mn 00s ---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84) [MD5.27DB904F15FF6F1DE284452A493BA1E4] [sPRF][11/04/2015] (...) -- C:\ProgramData\CB672F7E71.sys [88] [MD5.CFE7336ED14CF72B8CC7EAC362FC0C69] [sPRF][11/04/2015] (...) -- C:\ProgramData\KGyGaAvL.sys [2828] [MD5.BDB9978FD51DD8871235FBED634395C2] [sPRF][08/04/2015] (...) -- C:\Users\Atitude\AppData\Roaming\unins000.dat [17560] [MD5.169180F02ABCECA5DE72FC5EEBC861BB] [sPRF][08/04/2015] (.No owner - Setup/Uninstall.) -- C:\Users\Atitude\AppData\Roaming\unins000.exe [730322] [MD5.92149D7FC2B90B189F8AEECC2F9DDCEE] [sPRF][12/02/2007] (.Autodesk, Inc. - Autodesk i-drop control.) -- C:\Windows\Downloaded Program Files\IDropENU.dll [114792] ~ Files: 5 Scanned in 00mn 00s ---\\ Lista das exceções do FireWall (FirewallRules) (O87) O87 - FAEL: "{C1812F90-BD8B-46A8-A2E4-97F11996B497}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Atitude\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O87 - FAEL: "{B49BE786-DEDE-4894-A5CD-6E9F2C9BE954}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Atitude\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent ~ Firewall: 2 Scanned in 00mn 01s ---\\ Listagem dos dados da chave NameSpace (MNS) (O92) O92 - MNS: Pastas da Web - {BDEADF00-C265-11D0-BCED-00A0C90AB50F} ~ MNS: 1 Scanned in 00mn 00s ---\\ Search Tracing Registry Key (O100) HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent ~ BTK: 169 Scanned in 00mn 00s ---\\ Search CLSID Registry Key (O101) [HKCR\CLSID\{206DAA08-0036-11D5-80D8-0050DA5F08E3}] (Groove WebBrowserView2) =>PUP.CrossRider [HKCR\CLSID\{9f16ef61-b17a-408c-ac1c-d9347ce4531f}] (SectionViewpointCmd Object) =>Adware.MetaStream ~ BCK: 7912 Scanned in 00mn 14s ---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados) SS - | Demand 16/04/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 17/09/2014 85096 | (Autodesk Licensing Service) . (.Autodesk.) - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe SS - | Auto 22/07/1658 0 | (DFServ) . (...) - C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe SS - | Demand 17/09/2014 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe SS - | Auto 05/01/2015 107912 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 05/01/2015 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 23/03/2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 18/02/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SS - | Demand 07/02/2014 569024 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files\Common Files\Steam\SteamService.exe SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe SR - | Auto 20/01/2015 565560 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe SR - | Auto 24/07/2007 185632 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe SR - | Auto 13/02/2015 507704 | (Warsaw Technology) . (.GAS Tecnologia LTDA.) - C:\Program Files\Diebold\Warsaw\core.exe SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 14s ---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBR) (080) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net ~ MBR: 1 Scanned in 00mn 02s ---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBRCheck) (080) Written by ad13, http://ad13.geekstog Run by Atitude at 05/05/2015 16:48:26 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ---\\ Scâner Aditional (088) Database Version : 13008 - (05/05/2015) Clés trouvées (Keys found) : 1 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 2 Fichiers trouvés (Files found) : 6 [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent] =>P2P.BitTorrent^ C:\Program Files\Skillbrains =>PUP.SkillBrains^ C:\Users\Atitude\AppData\Roaming\uTorrent =>P2P.µTorrent^ C:\Program Files\Skillbrains\Updater\Updater.exe =>PUP.SkillBrains^ [HKCU\Software\BitTorrent] =>P2P.BitTorrent^ [HKCU\Software\SkillBrains] =>PUP.SkillBrains^ [HKLM\Software\Skillbrains] =>PUP.SkillBrains^ [HKCR\CLSID\{206DAA08-0036-11D5-80D8-0050DA5F08E3}] (Groove WebBrowserView2) =>PUP.CrossRider^ [HKCR\CLSID\{9f16ef61-b17a-408c-ac1c-d9347ce4531f}] (SectionViewpointCmd Object) =>Adware.MetaStream^ ~ Additionnel Scan: 376768 Items scanned in 00mn 16s ---\\ Informações complémentaires do módulos ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Gestão do Proxy (R5) ~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects do navegador (02) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Aplicações iniciadas por registo & pastas (04) ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Chave do registo Shell MountPoints2 (MPSK) (O51) ~ AMI: 4 Scanned in 00mn 00s ---\\ Sumário das deteções encontradas na sua estação http://www.nicolascoolman.fr/blog/ =>PUP.SkillBrains http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider http://nicolascoolman.fr/adware-metastream =>Adware.MetaStream ~ MSI: 3 link(s) detected in 00mn 00s End of the scan (1179 lines in 01mn 34s)(0.6) Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Maio 6, 2015 Desative temporariamente seu antivírus para evitar conflitos. Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe: http://www.hijackthis.nl/smeenk/ *Clique com o botão direito do mouse no Zoek.exe e selecione * Selecione e copie todo este texto destacado em vermelho abaixo e cole-o no espaço em branco do Zoek: createsrpoint; C:\Windows\Tasks\update-S-1-5-21-1247583590-2966408015-1038971919-1000.job;virustotal C:\Windows\System32\Tasks\update-S-1-5-21-1247583590-2966408015-1038971919-1000;virustotal C:\Windows\Tasks\update-sys.job;virustotal C:\Windows\System32\Tasks\update-sys;virustotal C:\ProgramData\CB672F7E71.sys;virustotal C:\ProgramData\KGyGaAvL.sys;virustotal C:\Program Files\Faronics;fs C:\Windows\System32\Drivers\DeepFrz.sys;f C:\Windows\System32\Drivers\ThwSpace.sys;f Faronics;z Faronics;a Deep Freeze;z Deep Freeze;a DFStd;z DFStd;a autoclean; emptyalltemp; iedefaults; resetieproxy; resethosts; shortcutfix; ffdefaults; firefoxlook; reset chrome; chrdefaults; chromelook; emptyfolderscheck;delete *Clique [Run Script] *Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar! *Caso a reinicialização do PC seja solicitada, clique [OK] * O log do Zoek estará em C:\zoek-results.txt em sua próxima resposta. _________________________________________________________________________________________ :seta: Selecione e copie todo o texto destacado em vermelho abaixo (começando em script zhpfix e indo até emptyclsid) script zhpfix SysRestore O23 - Service: DFServ (DFServ) . (...) - C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe (.not file.) [MD5.70D6EA378844CC762C57FA4B8AC63764] [APT] [update-S-1-5-21-1247583590-2966408015-1038971919-1000] (...) -- C:\Program Files\Skillbrains\Updater\Updater.exe [105728] =>PUP.SkillBrains [MD5.70D6EA378844CC762C57FA4B8AC63764] [APT] [update-sys] (...) -- C:\Program Files\Skillbrains\Updater\Updater.exe [105728] =>PUP.SkillBrains [HKCU\Software\GetPrivate] [HKCU\Software\SkillBrains] =>PUP.SkillBrains [HKLM\Software\GetPrivate] [HKLM\Software\Skillbrains] =>PUP.SkillBrains O43 - CFD: 09/04/2015 - 11:20:50 - [] ----D C:\Program Files\Skillbrains =>PUP.SkillBrains O43 - CFD: 08/01/2015 - 16:07:15 - [] ----D C:\ProgramData\APN O58 - SDL:08/02/2010 - 08:08:12 ---A- . (.Faronics Corporation - Deep Freeze 6.62 driver.) -- C:\Windows\System32\Drivers\DeepFrz.sys [152984] O58 - SDL:08/02/2010 - 08:08:18 ---A- . (.Faronics Corporation - Deep Freeze 6.62 driver.) -- C:\Windows\System32\Drivers\ThwSpace.sys [75800] O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {5214AF81-E998-4271-B981-CF98BFA50D98} [DefaultScope] - (Google) - http://www.google.com [MD5.169180F02ABCECA5DE72FC5EEBC861BB] [sPRF][08/04/2015] (.No owner - Setup/Uninstall.) -- C:\Users\Atitude\AppData\Roaming\unins000.exe [730322] [HKCR\CLSID\{206DAA08-0036-11D5-80D8-0050DA5F08E3}] (Groove WebBrowserView2) =>PUP.CrossRider [HKCR\CLSID\{9f16ef61-b17a-408c-ac1c-d9347ce4531f}] (SectionViewpointCmd Object) =>Adware.MetaStream SS - | Auto 22/07/1658 0 | (DFServ) . (...) - C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe C:\Program Files\Skillbrains =>PUP.SkillBrains^ C:\Program Files\Skillbrains\Updater\Updater.exe =>PUP.SkillBrains^ [HKCU\Software\SkillBrains] =>PUP.SkillBrains^ [HKLM\Software\Skillbrains] =>PUP.SkillBrains^ [HKCR\CLSID\{206DAA08-0036-11D5-80D8-0050DA5F08E3}] (Groove WebBrowserView2) =>PUP.CrossRider^ [HKCR\CLSID\{9f16ef61-b17a-408c-ac1c-d9347ce4531f}] (SectionViewpointCmd Object) =>Adware.MetaStream^ ShortcutFix EmptyTemp EmptyFlash emptyclsid _____________________________________________________________________________________________ :seta: Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta juntamente com log do Zoek que estará em C:\zoek-results.txt Compartilhar este post Link para o post Compartilhar em outros sites
bordmelo 0 Denunciar post Postado Maio 7, 2015 Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Atitude on 07/05/2015 at 17:26:30,95. Microsoft Windows 7 Ultimate 6.1.7600 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Atitude\Downloads\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 07/05/2015 17:27:09 Zoek.exe System Restore Point Created Successfully. ==== VirusTotal Scan ====================== C:\Windows\Tasks\update-S-1-5-21-1247583590-2966408015-1038971919-1000.job https://www.virustotal.com/file/4407F7A9298D30FFF754C6EAC0ABF693E4E8A60B9BE9161E5715C761508E514F/analysis/ C:\Windows\System32\Tasks\update-S-1-5-21-1247583590-2966408015-1038971919-1000 https://www.virustotal.com/file/992BF20A876F432FD23614E45DB1A1EF03A2C9C10307C0442B36E523FC9513BB/analysis/ C:\Windows\Tasks\update-sys.job https://www.virustotal.com/file/E942D17E4FA6F99B3C59A327C750CBE7278878A2EC31C712E3334455988C6145/analysis/ C:\Windows\System32\Tasks\update-sys https://www.virustotal.com/file/3539AE9E6B0E086DB0A2FA9AB2271F9DC16EFB7B6008BB0DADBD43B13F205875/analysis/ C:\ProgramData\CB672F7E71.sys https://www.virustotal.com/file/36241DAC26BF654712757C4A26AE97F804DEFAE919DBB454E7F854B0EF29B84F/analysis/ C:\ProgramData\KGyGaAvL.sys https://www.virustotal.com/file/E401411EE3F5E59A88F288460A672A45F1BDE02119EB9EC39255B6053DD992C5/analysis/ ==== Reset Hosts File ====================== # Copyright © 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. 127.0.0.1 localhost ::1 localhost ==== Empty Folders Check ====================== C:\Program Files\epson deleted successfully C:\Program Files\Common Files\Blizzard Entertainment deleted successfully C:\Users\Atitude\AppData\Roaming\.minecraft deleted successfully C:\Users\Atitude\AppData\Local\Android deleted successfully C:\Users\Atitude\AppData\Local\CrashDumps deleted successfully C:\Users\Atitude\AppData\Local\VirtualStore deleted successfully Rapport de ZHPFix 2015.4.9.5 par Nicolas Coolman, Update du 18/03/2015 Fichier d'export Registre : Run by Atitude at 07/05/2015 17:33:21 High Elevated Privileges : OK Windows 7 Ultimate Edition, 32-bit (Build 7600) Reciclagem vazia (00mn 06s) Reparação de atalhos do navegador ========== Processo memória ========== ELIMINÉ: Memory Process: C:\Users\Atitude\AppData\Roaming\unins000.exe ========== Chaves do Registo ========== ELIMINÉ: Service: DFServ ELIMINÉ: HKCU\Software\GetPrivate ELIMINÉ: HKCU\Software\SkillBrains ELIMINÉ: HKLM\Software\GetPrivate ELIMINÉ: HKLM\Software\Skillbrains ELIMINÉ: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A} ELIMINÉ: SearchScopes :{5214AF81-E998-4271-B981-CF98BFA50D98} ELIMINÉ: HKCR\CLSID\{206DAA08-0036-11D5-80D8-0050DA5F08E3} ELIMINÉ: HKCR\CLSID\{9f16ef61-b17a-408c-ac1c-d9347ce4531f} ========== Pastas ========== Nenhuma pasta CLSID local utilizador vazia ========== Ficheiros ========== ELIMINÉ: c:\windows\system32\drivers\deepfrz.sys ELIMINÉ: c:\windows\system32\drivers\thwspace.sys ELIMINÉ Temporários windows (94) (145.296.705 octets) ELIMINÉ Flash Cookies (0) (0 octets) ========== Tarefa planificada ========== ELIMINÉ: update-S-1-5-21-1247583590-2966408015-1038971919-1000 ELIMINÉ: update-sys ========== Restauração Sistema ========== Ponto de restauro do sistema criado com sucesso ========== Recapitulativo ========== 1 : Processo memória 9 : Chaves do Registo 1 : Pastas 4 : Ficheiros 2 : Tarefa planificada 1 : Restauração Sistema End of clean in 00mn 40s ========== Caminho do ficheiro do relatório ========== C:\Users\Atitude\AppData\Roaming\ZHP\ZHPFix[R1].txt - 07/05/2015 17:33:27 [1638] Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Maio 7, 2015 O relatório do Zoek ficou incompleto, copie este relatório inteiro por gentileza e poste aqui. Compartilhar este post Link para o post Compartilhar em outros sites
bordmelo 0 Denunciar post Postado Maio 8, 2015 Quando eu faço o relatório do Zoek ele pede reinicialização do sistema, sendo assim ele apaga tudo e não salva o relatório. Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Maio 8, 2015 No seu PC está constando o Deep Freeze instalado, certamente ele é que está causando esta questão de não salvar as alterações. No tutorial abaixo é mostrado como se desinstala o Deep Freeze: https://www.youtube.com/watch?v=xV9O_sUYYQM É em espanhol, mas é fácil de entender. _______________________________________________________________ Se não for possível desinstalá-lo pelo método acima, por não estar instalado por completo no seu PC, você poderia baixar o Deep Freeze no site oficial dele e reinstalá-lo e depois desinstalá-lo como mostra no tutorial que te passei acima. Compartilhar este post Link para o post Compartilhar em outros sites
bordmelo 0 Denunciar post Postado Maio 9, 2015 Ele não consta instalado no computador, quando eu tento instalar aparece essa mensagem: Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Maio 9, 2015 Esta mensagem está confirmando que o Deep Freeze está instalado em seu PC. :seta: Pressione as teclas Ctrl (Control) + Alt + Shift + F6 conjuntamente.Isto deverá abrir a tela do Deep Freeze. Aí com ele aberto, clique na aba Status > Marque a opção Boot Thawed e clique no botão Ok.Depois disto, reinicie o PC > Abra o instalador do Deep Freeze e lá deverá ter a opção de desinstalar ele, desinstale-o.Depois nos diga se ele foi removido. Compartilhar este post Link para o post Compartilhar em outros sites
bordmelo 0 Denunciar post Postado Maio 13, 2015 Eu conheço o programa e consigo desabilita-lo. O problema é que mesmo com a tecla de atalho ou na bandeja de tarefas não consta nada ou seja como se não tivesse instalado, já entrei no painel de controle e também não tem nada lá. Sendo assim se eu abrir o instalador ele fala que já está instalado mas não me da a opção de desinstalar. Eu também já dei uma olhada no gerenciador de tarefas e não há nenhum processo do deepfreeze. Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Maio 13, 2015 Creio que a solução mais efetiva neste caso seria você fazer um backup das coisas que considera importante e depois disto formatar e reinstalar o Windows. Compartilhar este post Link para o post Compartilhar em outros sites
bordmelo 0 Denunciar post Postado Maio 13, 2015 É então pensei nessa solução porém essa maquina é do meu serviço acho melhor deixar assim. Obrigado pela ajuda Max! Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Maio 14, 2015 No seu serviço talvez haja um profissional que cuida da manutenção e segurança dos computadores, seria bom relatar o caso a ele e solicitar que ele cuide desta situação. Um abraço! Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Maio 14, 2015 Tópico Arquivado Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites