cjoint

Publicité


Publicité

Commentaire : ~ Relatório do ZHPDiag v2015.4.6.36 - Nicolas Coolman (29/03/2015) ~ Iniciado por Elzirene (28/05/2016 23:53:05) ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ Endereço do Webforum : http://forum.nicolascoolman.fr ~ Tradução pelo utilizador ~ Estatuto da versão : Nova Versão disponivel ~ Lista Branca : Desativado pelo Utilizador ~ Elevação dos Privilégios : OK ~ Controle de Conta de Utilizador : Deactivate by program ---\\ Navegadores Internet MSIE: Internet Explorer v10.0.9200.17116 MFIE: Mozilla Firefox 46.0.1 (Defaut) GCIE: Google Chrome v50.0.2661.102 ---\\ Informações sobre os produtos Windows ~ Langage: Portugais Windows Server License Manager Script : OK Software Protection Service (Protection logicielle) : OK Key Management Service client information : KO Windows Automatic Updates : OK Windows Activation Technologies : OK Windows 8, 64-bit (Build 9200) ---\\ Softwares de proteçao do sistema Avast Free Antivirus v11.2.2262 Windows Defender W8 (Deactivate) ---\\ Softwares d'optimização do sistema ---\\ Softwares de partilha do PeerToPeer (P2P) ---\\ Monitoramento dos softwares Adobe Flash Player 21 NPAPI ---\\ Informações sobre o sistema ~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 3969 MB (67% free) System Restore: Activé (Enable) System drive C: has 149 GB (67%) free of 221 GB ---\\ Modo de conexão ao sistema ~ Computer Name: ELZIRENE ~ User Name: Elzirene ~ All Users Names: HomeGroupUser$, Elzirene, Convidado, Administrador, ~ Unselected Option: None Logged in as Administrator ---\\ As variáveis de ambiente ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Elzirene\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Elzirene\AppData\Roaming\ ~ %Desktop% : C:\Users\Elzirene\Desktop\ ~ %Favorites% : C:\Users\Elzirene\Favorites\ ~ %LocalAppData% : C:\Users\Elzirene\AppData\Local\ ~ %StartMenu% : C:\Users\Elzirene\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumeração das unidades dos discos C: Hard drive, Flash drive, Thumb drive (Free 149 Go of 221 Go) D: Hard drive, Flash drive, Thumb drive (Free 244 Go of 244 Go) E: CD-ROM drive (Not Inserted) ---\\ Estado do Centro de Segurança do Windows [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: 41 Scanned in 00mn 00s ---\\ Pesquisa particular de ficheiros genéricos [MD5.928791755FDDEA721B053535EF84FA17] - (.Microsoft Corporation - Explorador do Windows.) (.26/07/2012 - 01:49:13.) -- C:\Windows\Explorer.exe [2380440] [MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicação de Arranque do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608] [MD5.949C61BEF8501BD244C50A7F182CEC74] - (.Microsoft Corporation - Extensões da Internet para Win32.) (.20/09/2014 - 02:17:42.) -- C:\Windows\System32\wininet.dll [2236928] [MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Aplicação de início de sessão do Windows.) (.12/04/2014 - 06:10:31.) -- C:\Windows\System32\Winlogon.exe [578048] [MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408] [MD5.FE7FB9612D354EB41DF4F0FF5D6FB259] - (.Microsoft Corporation - Controlador de Função Auxiliar para Winsock.) (.29/05/2014 - 19:24:46.) -- C:\Windows\system32\Drivers\AFD.sys [576512] [MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840] [MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544] [MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080] [MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.25/07/2012 - 23:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784] [MD5.8D6810577E9C4F56DCB8E9BACAC7287B] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.25/07/2012 - 23:27:36.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168] [MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Controlador de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640] [MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920] [MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.05/02/2013 - 19:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688] [MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776] [MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Controlador de Sistema de Ficheiros NT.) (.02/02/2013 - 07:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544] [MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Controlador de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984] [MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928] [MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712] [MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248] [MD5.2FB3CDFD5EAF4CD9D4AFAF96877D13AE] - (.Microsoft Corporation - Controlador de cópia sombra do volume.) (.26/07/2012 - 01:57:09.) -- C:\Windows\system32\Drivers\volsnap.sys [332016] ~ Generic Processes: Scanned in 00mn 00s ---\\ Estatuto dos ficheiros ocultos (Oculto/Total) ~ Mes images (My Pictures) : 2/62 ~ Mes musiques (My Musics) : 1/923 ~ Mes Videos (My Videos) : 1/182 ~ Mes Favoris (My Favorites) : 1/8 ~ Mes Documents (My Documents) : 2/180 ~ Mon Bureau (My Desktop) : 4/5238 ~ Menu demarrer (Programs) : 1/60 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processos lançados [MD5.ECE648CDC3A09421E996DFFDA76F5C53] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136] [PID.2556] [MD5.BB72A4FD979EB45499CCC6BEF467889A] - (.IObit - No Comment.) -- C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe [1540928] [PID.2564] [MD5.CC436BB2A26391F3DEBE316F6FB0474F] - (.© 2015 Microsoft Corporation - Microsoft Bing Service.) -- C:\Users\Elzirene\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008] [PID.2772] [MD5.B920AAF7ABEA489AC415DD38AD7B76CD] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1209904] [PID.4264] [MD5.36F4C7EF5BFB395CE24F57507F66CE09] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [7400576] [PID.4824] [MD5.E96DD1ABAC2BE889CF521EA2192BFD1D] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8196608] [PID.5960] [MD5.7DF8845A1CF92C227E81DBBC6F6434DF] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [392136] [PID.3664] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2) C:\Users\Elzirene\AppData\Local\Google\Chrome\User Data\Default\Preferences ---\\ Pasta de extensão do Google Chrome G2 - EXT: C:\Users\Elzirene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [__MSG_appName__] G2 - EXT: C:\Users\Elzirene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [__MSG_appName__] G2 - EXT: C:\Users\Elzirene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [__MSG_appName__] G2 - EXT: C:\Users\Elzirene\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [Avast SafePrice] G2 - EXT: C:\Users\Elzirene\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [__MSG_ExtnName__] G2 - EXT: C:\Users\Elzirene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [__MSG_extName__] G2 - EXT: C:\Users\Elzirene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim [dregol New Tab] G2 - EXT: C:\Users\Elzirene\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [Skype] G2 - EXT: C:\Users\Elzirene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [__MSG_APP_NAME__] G2 - EXT: C:\Users\Elzirene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [__MSG_appName__] ~ Google Lines Browser: 20 Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3) C:\Users\Elzirene\AppData\Roaming\Mozilla\Firefox\Profiles\aw3ei7fk.default\prefs.js M3 - MFPP: Plugins - [Elzirene] -- C:\Users\Elzirene\AppData\Roaming\Mozilla\Firefox\Profiles\aw3ei7fk.default\searchplugins\google-avast.xml M3 - MFPP: Plugins - [Elzirene] -- C:\Users\Elzirene\AppData\Roaming\Mozilla\Firefox\Profiles\aw3ei7fk.default\searchplugins\Search Provided by Yahoo.xml M3 - MFPP: Plugins - [Elzirene] -- C:\Users\Elzirene\AppData\Roaming\Mozilla\Firefox\Profiles\aw3ei7fk.default\searchplugins\webssearches.xml =>Hijacker.WebsSearches P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll ~ Firefox Browser: 5 Scanned in 00mn 00s ---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.search.yahoo.comDzztG0E0A0B0A0D0FyD0F0DzztAzy2QtN0A0LzuyE%26cr%3D1009639397%26a%3Dwbf_popjar_16_21_ssg02%26os_ver%3D6.2%26os%3DWindows%2B8 R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.search.yahoo.comDzztG0E0A0B0A0D0FyD0F0DzztAzy2QtN0A0LzuyE%26cr%3D1009639397%26a%3Dwbf_popjar_16_21_ssg02%26os_ver%3D6.2%26os%3DWindows%2B8 R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://br.search.yahoo.comDzztG0E0A0B0A0D0FyD0F0DzztAzy2QtN0A0LzuyE%26cr%3D1009639397%26a%3Dwbf_popjar_16_21_ssg02%26os_ver%3D6.2%26os%3DWindows%2B8 R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://minilua.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com =>PUP.DoSearches R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com =>PUP.DoSearches R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = about:newtab R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://minilua.com R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minilua.com R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search,SearchAssistant = http://minilua.com R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Browser.) (10.00.9200.16384 (win8_rtm.120725-1247)) -- C:\Windows\SysWOW64\ieframe.dll ~ IE Browser: 18 Scanned in 00mn 00s ---\\ Internet Explorer, Gestão do Proxy (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080;https=127.0.0.1:8080 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redireção do ficheiro Hosts (01) ~ Le fichier hôte est sain (The hosts file is clean) (31) ~ Hosts File: Scanned in 00mn 00s ---\\ Browser Helper Objects do navegador (02) O2 - BHO: (no name) [64Bits] - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Chave orfã O2 - BHO: (no name) [64Bits] - {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} Chave orfã O2 - BHO: search maven 1.0.0.6 [64Bits] - {5996b4a3-5007-4a35-bfd3-70bd47abd749} Chave orfã O2 - BHO: Sale Charger [64Bits] - {7a38e53c-e000-41e4-9b5a-47447db81c2b} Chave orfã O2 - BHO: (no name) [64Bits] - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} Chave orfã O2 - BHO: avast! Online Security [64Bits] - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: SkypeIEPluginBHO [64Bits] - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Microsoft Corporation - Skype Click to Call IE Add-on.) -- C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: URLRedirectionBHO [64Bits] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.dll O2 - BHO: Movies Search App (Dist. by Bandoo Media, Inc.) [64Bits] - {c0caa5fe-7c9c-4dca-a265-63cf55379d1a} Chave orfã =>Adware.Bandoo O2 - BHO: ShopperProBHO [64Bits] - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} Chave orfã =>PUP.ShopperPro O2 - BHO: YTAHelperBHO [64Bits] - {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} Chave orfã =>PUP.Goobzo ~ BHO: 30 Scanned in 00mn 00s ---\\ Barras do Internet Explorer (03)) O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41545534-5350-2D4D-4544-7A786E7484D7} Chave orfã ~ Toolbar: Scanned in 00mn 00s ---\\ Outras conexões do utilizador (04) O4 - GS\QuickLaunch [Elzirene]: iLivid.lnk . (...) -- C:\Users\Elzirene\AppData\Local\iLivid\iLivid.exe (.not file.) =>Adware.Bandoo O4 - GS\QuickLaunch [Elzirene]: speed browser.lnk . (...) -- C:\Program Files (x86)\speed browser\Application\browser.exe (.not file.) =>PUP.SpeedBrowser O4 - GS\Program [Elzirene]: iLivid.lnk . (...) -- C:\Users\Elzirene\AppData\Local\iLivid\iLivid.exe (.not file.) =>Adware.Bandoo ~ Global Startup: 3 Scanned in 00mn 00s ---\\ Aplicações iniciadas por registo & pastas (04) O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe O4 - HKCU\..\Run: [BingSvc] . (.© 2015 Microsoft Corporation - Microsoft Bing Service.) -- C:\Users\Elzirene\AppData\Local\Microsoft\BingSvc\BingSvc.exe O4 - HKCU\..\Run: [CrashService] C:\Users\Elzirene\AppData\Local\1stBrowser\Application\crash_service.exe (.not file.) O4 - HKCU\..\Run: [1stbrowser] C:\Users\Elzirene\AppData\Local\1stBrowser\Application\1stbrowser.exe (.not file.) O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe O4 - HKUS\S-1-5-21-503934411-1333821644-1509641271-1001\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe O4 - HKUS\S-1-5-21-503934411-1333821644-1509641271-1001\..\Run: [BingSvc] . (.© 2015 Microsoft Corporation - Microsoft Bing Service.) -- C:\Users\Elzirene\AppData\Local\Microsoft\BingSvc\BingSvc.exe O4 - HKUS\S-1-5-21-503934411-1333821644-1509641271-1001\..\Run: [CrashService] C:\Users\Elzirene\AppData\Local\1stBrowser\Application\crash_service.exe (.not file.) O4 - HKUS\S-1-5-21-503934411-1333821644-1509641271-1001\..\Run: [1stbrowser] C:\Users\Elzirene\AppData\Local\1stBrowser\Application\1stbrowser.exe (.not file.) ~ Application: Scanned in 00mn 00s ---\\ Icones das opções IE invisiveis no painel das configurações (05) O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no ~ IE Control Panel: 1 Scanned in 00mn 00s ---\\ Boutões da barra de ferramentas principal do Internet Explorer (09) O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fornecedor de Correções de Compatibilidade de Nomenclatura de Correio Ele.) -- C:\Windows\system32\napinsp.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fornecedor de Espaço de Nomes PNRP.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fornecedor de Espaço de Nomes PNRP.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fornecedor de serviços de Microsoft Windows Sockets 2.0.) -- C:\Windows\system32\mswsock.dll O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\system32\wshbth.dll ~ Winsock: 7 Scanned in 00mn 00s ---\\ Alteração Dominio/Clientes DNS (017) O17 - HKLM\System\CCS\Services\Tcpip\..\{4F5118BB-9051-4D89-BCFC-0A77F8B6FB62}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{C772D1BF-0857-4527-A1B8-584A2BB2F76E}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{4F5118BB-9051-4D89-BCFC-0A77F8B6FB62}: DhcpDomain = domain.name O17 - HKLM\System\CCS\Services\Tcpip\..\{C772D1BF-0857-4527-A1B8-584A2BB2F76E}: DhcpDomain = domain.name O17 - HKLM\System\CS1\Services\Tcpip\..\{4F5118BB-9051-4D89-BCFC-0A77F8B6FB62}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{C772D1BF-0857-4527-A1B8-584A2BB2F76E}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{4F5118BB-9051-4D89-BCFC-0A77F8B6FB62}: DhcpDomain = domain.name O17 - HKLM\System\CS1\Services\Tcpip\..\{C772D1BF-0857-4527-A1B8-584A2BB2F76E}: DhcpDomain = domain.name O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocolo adicional (018) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. ~ SSODL: 1 Scanned in 00mn 00s ---\\ Lista dos serviços NT não Microsoft e não desativados (023) O23 - Service: AtherosSvc (AtherosSvc) . (.Atheros Commnucations - AdminService Application.) - C:\Windows\System32\AdminService.exe O23 - Service: Avast Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Serviço Google Update (gupdate) (gupdate) . (.Google Inc. - Instalador do Google.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) . (.Intel Corporation - igfxCUIService Module.) - C:\Windows\System32\igfxCUIService.exe O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe O23 - Service: Refresh Keyboard (midityjezbt) . (...) - C:\Program Files (x86)\63A9D0CC-1464210093-19DE-80F8-5D39BF27DA9A\knsh128.tmp O23 - Service: Net.Tcp Service Handler (NetTcpHandler) . (...) - C:\Users\Elzirene\AppData\Roaming\NetService\netservice.exe O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: (SkypeUpdateEx) . (.skype.cog.cc - SkypeUpdateEx.) - C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe O23 - Service: StartMenu8 Service (StartMenuService) . (.IObit - StartMenu8 Services.) - C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe O23 - Service: SW Update Service (SWUpdateService) . (.Samsung Electronics CO., LTD. - SW Update Agent.) - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe O23 - Service: The Calendar Service (TheCalendarService) . (.No owner - The Calendar Service.) - C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe O23 - Service: update service (update_service) . (...) - C:\Program Files (x86)\updateservice\updateservice.exe O23 - Service: Windows Net Proxy Auto Service (WinNetSvc) . (...) - C:\Users\Elzirene\AppData\Roaming\WinNetSvc\WinNetSvc.exe O23 - Service: Windows Media Player Network Access Service (WMPNetworkAcSvc) . (...) - C:\Users\Elzirene\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe =>.Microsoft Corporation ~ Services: 15 Scanned in 00mn 03s ---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024) O24 - Default MHTML Editor: Last - .(...) - (.not file.) ~ Desktop Component: 4 Scanned in 00mn 00s ---\\ Listagem dos dados do BootExecute (Bex) (034) O34 - HKLM BootExecute: (autocheck autochk *) - File not found ~ BEX: 1 Scanned in 00mn 00s ---\\ Tarefas planificadas automaticamente (039) [MD5.00000000000000000000000000000000] [APT] [1stbrowser] (...) -- C:\Users\Elzirene\AppData\Local\1stBrowser\Application\1stbrowser.exe (.not file.) [0] [MD5.6A050671F2C76FB48131F12786802807] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [269504] [MD5.1282F8C897DBF180BCF3F6F6968DE2C3] [APT] [avast! Emergency Update] (.AVAST Software.) -- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [1517200] [MD5.00000000000000000000000000000000] [APT] [crash_service] (...) -- C:\Users\Elzirene\AppData\Local\1stBrowser\Application\crash_service.exe (.not file.) [0] [MD5.DD7423ABBE2913E70D50E9318AD57EE4] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200] [MD5.DD7423ABBE2913E70D50E9318AD57EE4] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200] [MD5.00000000000000000000000000000000] [APT] [NetEngine] (...) -- C:\ProgramData\NetEngine\bin\D10\netengine.exe (.not file.) [0] =>PUP.NetEngine [MD5.2E696C90B2D1DD842F59E38FD212D225] [APT] [SafeZone scheduled Autoupdate 1462097065] (.Avast Software.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe [735736] [MD5.F0D63994F39C95259B06F70811F41833] [APT] [SAgent] (.Samsung Electronics CO., LTD..) -- C:\Program Files\Samsung\S Agent\CommonAgent.exe [2975056] [MD5.45BCD6113DE37F0C839731352B84CB24] [APT] [StartMenuAutoupdate] (.IObit.) -- C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [827680] [MD5.C6F268F8A91671D163028D16495AE244] [APT] [{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}] (...) -- C:\Users\Elzirene\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe [1188328] [MD5.91685926CA2361F4D1BB101F3A140B28] [APT] [{2A75E130-E0AE-40d1-B479-E583A0419691}] (...) -- C:\Program Files (x86)\updateservice\updateservice.exe [43008] [MD5.00000000000000000000000000000000] [APT] [{64DEA17D-0519-47E6-9D78-37A58266C6E7}] (...) -- C:\Program Files (x86)\baidu\Baidu Browser\uninst.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{6DB74B7B-6976-482A-981B-A76E0F6A9C5A}] (...) -- C:\Program Files (x86)\baidu\Baidu Browser\uninst.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{82C15761-BA1F-4098-9D33-24F7B4D8FDEC}] (...) -- C:\ProgramData\TVTime\uninstall.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{906553F6-2267-4D99-B782-3E41D6776624}] (...) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_245_pepper.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{C3835365-7902-46C0-9114-AABC723475CE}] (...) -- C:\Users\Elzirene\AppData\Roaming\do-search\UninstallManager.exe (.not file.) [0] =>PUP.DoSearches [MD5.7068D0DC90FD95505A2BEEF5C2F6320E] [APT] [{FF2F182C-3E91-4027-8552-A90822E213C2}] (...) -- C:\Program Files (x86)\ToolsAssist\toolserv.exe [202872] [MD5.224EFC8B50E88D79DCEB19D658D5C41B] [APT] [Avast settings backup] (.AVAST Software.) -- C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [652816] O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [830] O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830] O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1030] O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1030] O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1034] O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1034] O39 - APT: {2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} - (...) -- C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job [694] O39 - APT: {2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} - (...) -- C:\Windows\System32\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} [694] O39 - APT: {2A75E130-E0AE-40d1-B479-E583A0419691} - (...) -- C:\Windows\Tasks\{2A75E130-E0AE-40d1-B479-E583A0419691}.job [308] O39 - APT: {2A75E130-E0AE-40d1-B479-E583A0419691} - (...) -- C:\Windows\System32\Tasks\{2A75E130-E0AE-40d1-B479-E583A0419691} [308] O39 - APT: {FF2F182C-3E91-4027-8552-A90822E213C2} - (...) -- C:\Windows\Tasks\{FF2F182C-3E91-4027-8552-A90822E213C2}.job [330] O39 - APT: {FF2F182C-3E91-4027-8552-A90822E213C2} - (...) -- C:\Windows\System32\Tasks\{FF2F182C-3E91-4027-8552-A90822E213C2} [330] ~ Scheduled Task: 62 Scanned in 00mn 02s ---\\ Componentes instalados (ActiveSetup Installed Components) (040) O40 - ASIC: Microsoft Windows Media Player [64Bits] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\SysWOW64\wmpdxm.dll =>.Microsoft Corporation O40 - ASIC: Themes Setup [64Bits] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\Windows\System32\themeui.dll O40 - ASIC: Microsoft Windows [64Bits] - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe =>.Microsoft Corporation O40 - ASIC: Browsing Enhancements [64Bits] - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extensão da shell da pasta de FTP do Microsoft Internet Explore.) -- C:\Windows\System32\msieftp.dll O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation O40 - ASIC: Windows Desktop Update [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum da shell do Windows.) -- C:\Windows\System32\shell32.dll O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por utilizador do IE.) -- C:\Windows\System32\ie4uinit.exe O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\System32\mscories.dll O40 - ASIC: Google Chrome [64Bits] - {8A69D345-D564-463c-AFF1-A69D9E530F96} . (.Google Inc. - Google Chrome Installer.) -- C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe ~ Active Setup: 10 Scanned in 00mn 00s ---\\ Drivers lançados ao arranque do sistema (041) O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Controlador de Função Auxiliar para Winsock.) - C:\Windows\system32\drivers\afd.sys O41 - Driver: (aswKbd) . (.AVAST Software - avast! Keyboard Filter Driver.) - C:\Windows\system32\drivers\aswKbd.sys O41 - Driver: (aswRdr) . (.AVAST Software - avast! WFP Redirect Driver.) - C:\Windows\system32\drivers\aswRdr2.sys O41 - Driver: (aswSnx) . (.AVAST Software - avast! Virtualization Driver.) - C:\Windows\system32\drivers\aswSnx.sys O41 - Driver: (aswSP) . (.AVAST Software - avast! self protection module.) - C:\Windows\system32\drivers\aswSP.sys O41 - Driver: (BasicDisplay) . (.Microsoft Corporation - Microsoft Basic Display Driver.) - C:\Windows\system32\drivers\BasicDisplay.sys O41 - Driver: (BasicRender) . (.Microsoft Corporation - Microsoft Basic Render Driver.) - C:\Windows\system32\drivers\BasicRender.sys O41 - Driver: cdrom.inf (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys O41 - Driver: C:\Windows\System32\drivers\dam.sys (dam) . (.Microsoft Corporation - DAM Kernel Driver.) - C:\Windows\System32\drivers\dam.sys O41 - Driver: C:\Windows\System32\wkssvc.dll (Dfsc) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys O41 - Driver: mssmbios.inf (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys O41 - Driver: netnb.inf (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys O41 - Driver: npsvctrig.inf (npsvctrig) . (.Microsoft Corporation - Named pipe service triggers.) - C:\Windows\system32\drivers\npsvctrig.sys O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Agendador de pacotes QoS.) - C:\Windows\system32\DRIVERS\pacer.sys O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Controlador de Subsistema de Colocação em M.) - C:\Windows\System32\DRIVERS\rdbss.sys O41 - Driver: (tbfd_1_10_0_16) . (. - .) - C:\Windows\System32\drivers\tbfd_1_10_0_16.sys (.not file.) O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys O41 - Driver: C:\Windows\System32\drivers\vwififlt.sys (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\system32\DRIVERS\vwififlt.sys O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys ~ Drivers: 44 Scanned in 00mn 00s ---\\ Software instalados (042) O42 - Logiciel: Adobe Flash Player 21 NPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player NPAPI O42 - Logiciel: Advanced Calendar 2.0.0.11189 - (.MEIXIAN XIE.) [HKLM][64Bits] -- {D9BAB2C9-5236-48c3-AF02-67E799F09BBD} O42 - Logiciel: Avast Free Antivirus - (.AVAST Software.) [HKLM][64Bits] -- Avast O42 - Logiciel: Dic Michaelis - UOL - (...) [HKLM][64Bits] -- WDIC O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM][64Bits] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] -- {409CB30E-E457-4008-9B1A-ED1B9EA21140} O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] -- {5017D82E-6F1C-478B-9941-D6FD93DB9909} O42 - Logiciel: K-Lite Codec Pack 9.9.5 (Full) - (...) [HKLM][64Bits] -- KLiteCodecPack_is1 O42 - Logiciel: Mozilla Firefox 46.0.1 (x86 pt-BR) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 46.0.1 (x86 pt-BR) O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService O42 - Logiciel: Nero 7 Essentials - (.Nero AG.) [HKLM][64Bits] -- {66EBD70F-A42C-475F-AEDF-277378152070} O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5 O42 - Logiciel: S Agent - (.Samsung Electronics CO., LTD..) [HKLM][64Bits] -- {00692554-EDF4-4514-878F-A1C527EED296} O42 - Logiciel: SafeZone Stable 1.48.2066.101 - (.Avast Software.) [HKLM][64Bits] -- SafeZone 1.48.2066.101 O42 - Logiciel: Skype Click to Call - (.Microsoft Corporation.) [HKLM][64Bits] -- {6D1221A9-17BF-4EC0-81F2-27D30EC30701} O42 - Logiciel: Skype™ 7.22 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {FC965A47-4839-40CA-B618-18F486F042C6} O42 - Logiciel: Start Menu 8 - (.IObit.) [HKLM][64Bits] -- IObit_StartMenu8_is1 O42 - Logiciel: Tools Assist - (.Jinju Wang.) [HKLM][64Bits] -- {3CA099AA-D173-49e0-B3EA-145D67934BB5} O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM][64Bits] -- VLC media player =>.VideoLAN O42 - Logiciel: WinRAR 5.31 (64-bit) - (.win.rar GmbH.) [HKLM][64Bits] -- WinRAR archiver O42 - Logiciel: Windows Sales Application - (.PopDeals.) [HKLM][64Bits] -- PopDeals O42 - Logiciel: aTube Catcher versão 3.8 - (.DsNET Corp.) [HKLM][64Bits] -- {D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1 O42 - Logiciel: iLivid - (.Bandoo Media Inc.) [HKCU][64Bits] -- iLivid =>Adware.Bandoo O42 - Logiciel: neroxml - (.Nero AG.) [HKLM][64Bits] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B} O42 - Logiciel: speed browser - (.Smart Applications.) [HKLM][64Bits] -- speed browser =>PUP.SpeedBrowser O42 - Logiciel: swMSM - (.Adobe Systems, Inc.) [HKLM][64Bits] -- {612C34C7-5E90-47D8-9B5C-0F717DD82726} ~ Logic: 52 Scanned in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\APN PIP] [HKCU\Software\APNDTX] =>Toolbar.Ask [HKCU\Software\AVAST Software] [HKCU\Software\Adobe] [HKCU\Software\Ahead] [HKCU\Software\Amigo Mouse] [HKCU\Software\App Lid-nv-ie] [HKCU\Software\AppDataLow\Software\Adobe] [HKCU\Software\AppDataLow\Software\DynConIE] =>PUP.DynConIE [HKCU\Software\AppDataLow\Software\JavaSoft] [HKCU\Software\AppDataLow\Software\ilividbandoomoviestoolbar] =>Adware.Bandoo [HKCU\Software\AppDataLow] [HKCU\Software\Baidu Security] [HKCU\Software\Baidu] [HKCU\Software\Browser] [HKCU\Software\CalendarTool] [HKCU\Software\Caphyon] [HKCU\Software\Chromium] [HKCU\Software\Classes] [HKCU\Software\Clients] [HKCU\Software\GNU] [HKCU\Software\Gabest] [HKCU\Software\Gameo] =>PUP.Gameo [HKCU\Software\Goobzo] =>PUP.Goobzo [HKCU\Software\Google] [HKCU\Software\Haali] [HKCU\Software\IM Providers] [HKCU\Software\Icaros] [HKCU\Software\Intel] [HKCU\Software\JavaSoft] [HKCU\Software\Macromedia] [HKCU\Software\MediaInfo] [HKCU\Software\Megacubo] [HKCU\Software\Mine] [HKCU\Software\MozillaPlugins] [HKCU\Software\Mozilla] [HKCU\Software\Netscape] [HKCU\Software\Nico Mak Computing] [HKCU\Software\ODBC] [HKCU\Software\Opera Software] [HKCU\Software\Policies] [HKCU\Software\ProductSetup] =>Adware.InstallCore [HKCU\Software\Realtek] [HKCU\Software\RegisteredApplications] [HKCU\Software\Samsung] [HKCU\Software\Skype] [HKCU\Software\SourceForge] [HKCU\Software\ToolsAssist] [HKCU\Software\Trolltech] [HKCU\Software\Tuguu] =>PUP.VAFPlayer [HKCU\Software\VB and VBA Program Settings] [HKCU\Software\Wargaming.net] [HKCU\Software\WinRAR SFX] [HKCU\Software\WinRAR] [HKCU\Software\Wow6432Node] [HKCU\Software\YBR] [HKCU\Software\ZebHelpProcess Helper] [HKCU\Software\csastats] [HKCU\Software\globalUpdate] =>PUP.GlobalUpdate [HKCU\Software\ilividbandoomoviestoolbar] =>Adware.Bandoo [HKCU\Software\madshi] [HKCU\Software\roxio] [HKCU\Software\search maven] [HKCU\Software\teras games] [HKCU\Software\undefined] [HKLM\Software\ATI Technologies] [HKLM\Software\Atheros] [HKLM\Software\Baidu Security] [HKLM\Software\CalendarTool] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\Clocker] [HKLM\Software\DTS] [HKLM\Software\Dolby] [HKLM\Software\DtsEncodeTools] [HKLM\Software\Google] [HKLM\Software\IM Providers] [HKLM\Software\Iminent] =>Adware.IMBooster [HKLM\Software\Intel] [HKLM\Software\JavaSoft] [HKLM\Software\Khronos] [HKLM\Software\Knowles] [HKLM\Software\Macromedia] [HKLM\Software\Megacubo] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\Nuance] [HKLM\Software\ODBC] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\SRS Labs] [HKLM\Software\Sakura] [HKLM\Software\ShopperPro] =>PUP.ShopperPro [HKLM\Software\SonicFocus] [HKLM\Software\TrendMicro] [HKLM\Software\WWS] [HKLM\Software\Waves Audio] [HKLM\Software\WinRAR] [HKLM\Software\Wow6432Node\AVAST Software] [HKLM\Software\Wow6432Node\Adobe] [HKLM\Software\Wow6432Node\Ahead] [HKLM\Software\Wow6432Node\AppDataLow] [HKLM\Software\Wow6432Node\Audible] [HKLM\Software\Wow6432Node\Baidu Security] [HKLM\Software\Wow6432Node\Chromium] [HKLM\Software\Wow6432Node\Classes] [HKLM\Software\Wow6432Node\Clients] [HKLM\Software\Wow6432Node\Data Fellows] [HKLM\Software\Wow6432Node\Datamngr] =>PUP.Datamngr [HKLM\Software\Wow6432Node\EVP] [HKLM\Software\Wow6432Node\F-Secure] [HKLM\Software\Wow6432Node\FFPluginHp] [HKLM\Software\Wow6432Node\GNU] [HKLM\Software\Wow6432Node\GlobalUpdate] =>PUP.GlobalUpdate [HKLM\Software\Wow6432Node\Goobzo] =>PUP.Goobzo [HKLM\Software\Wow6432Node\Google] [HKLM\Software\Wow6432Node\HaaliMkx] [HKLM\Software\Wow6432Node\IHProtect] =>Adware.AgentODR [HKLM\Software\Wow6432Node\IM Providers] [HKLM\Software\Wow6432Node\IObit] [HKLM\Software\Wow6432Node\Icaros] [HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Intel] [HKLM\Software\Wow6432Node\JavaSoft] [HKLM\Software\Wow6432Node\JreMetrics] [HKLM\Software\Wow6432Node\KLCodecPack] [HKLM\Software\Wow6432Node\Khronos] [HKLM\Software\Wow6432Node\LAV] [HKLM\Software\Wow6432Node\Licenses] [HKLM\Software\Wow6432Node\Macromedia] [HKLM\Software\Wow6432Node\MozillaPlugins] [HKLM\Software\Wow6432Node\Mozilla] [HKLM\Software\Wow6432Node\Nero] [HKLM\Software\Wow6432Node\NetTcpHandler] [HKLM\Software\Wow6432Node\NtIObits] [HKLM\Software\Wow6432Node\NtSvcHandler] [HKLM\Software\Wow6432Node\Nuance] [HKLM\Software\Wow6432Node\ODBC] [HKLM\Software\Wow6432Node\Opera Software] [HKLM\Software\Wow6432Node\Policies] [HKLM\Software\Wow6432Node\Realtek Semiconductor Corp.] [HKLM\Software\Wow6432Node\Realtek] [HKLM\Software\Wow6432Node\RegisteredApplications] [HKLM\Software\Wow6432Node\Sakura] [HKLM\Software\Wow6432Node\Samsung] [HKLM\Software\Wow6432Node\SkypeUpdateEx] [HKLM\Software\Wow6432Node\Skype] [HKLM\Software\Wow6432Node\SpeedBrowser] =>PUP.SpeedBrowser [HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab [HKLM\Software\Wow6432Node\TermBlazer_1.10.0.16] [HKLM\Software\Wow6432Node\ToolsAssist] [HKLM\Software\Wow6432Node\TrendMicro] [HKLM\Software\Wow6432Node\VideoLAN] [HKLM\Software\Wow6432Node\Volatile] [HKLM\Software\Wow6432Node\WMPNetworkAcSvc] [HKLM\Software\Wow6432Node\WinNetSvc] [HKLM\Software\Wow6432Node\baidu] [HKLM\Software\Wow6432Node\delta-homesSoftware] =>Hijacker.DeltaHomes [HKLM\Software\Wow6432Node\do-searchSoftware] =>PUP.DoSearches [HKLM\Software\Wow6432Node\im-dosearch] [HKLM\Software\Wow6432Node\mozilla.org] [HKLM\Software\Wow6432Node\mystartsearchSoftware] =>PUP.StartSearch [HKLM\Software\Wow6432Node\navegaki] [HKLM\Software\Wow6432Node\search maven] [HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab [HKLM\Software\Wow6432Node\supWindowsMangerProtect] =>PUP.Fuyu [HKLM\Software\Wow6432Node\yoursearchingSoftware] [HKLM\Software\Wow6432Node] [HKLM\Software\im-dosearch] [HKLM\Software\navegaki] ~ Key Software: 257 Scanned in 00mn 00s ---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 26/05/2016 - 16:43:39 - [] ----D C:\Program Files (x86)\63A9D0CC-1464210093-19DE-80F8-5D39BF27DA9A O43 - CFD: 02/02/2016 - 21:06:18 - [0] ----D C:\Program Files (x86)\Adobe O43 - CFD: 18/03/2016 - 12:29:46 - [] ----D C:\Program Files (x86)\CalendarTool O43 - CFD: 25/05/2016 - 21:29:25 - [] ----D C:\Program Files (x86)\CleanBrowser O43 - CFD: 13/04/2016 - 23:13:42 - [] ----D C:\Program Files (x86)\Common Files O43 - CFD: 19/08/2015 - 14:26:49 - [] ----D C:\Program Files (x86)\DsNET Corp O43 - CFD: 25/05/2016 - 21:09:59 - [] ----D C:\Program Files (x86)\Google O43 - CFD: 03/03/2015 - 05:11:09 - [] --H-D C:\Program Files (x86)\InstallJammer Registry O43 - CFD: 09/11/2014 - 20:03:39 - [] --H-D C:\Program Files (x86)\InstallShield Installation Information O43 - CFD: 09/11/2014 - 15:37:43 - [] ----D C:\Program Files (x86)\Intel O43 - CFD: 09/11/2014 - 16:41:38 - [] ----D C:\Program Files (x86)\Internet Explorer O43 - CFD: 09/11/2014 - 14:02:52 - [] ----D C:\Program Files (x86)\IObit O43 - CFD: 09/11/2014 - 14:03:33 - [] ----D C:\Program Files (x86)\K-Lite Codec Pack O43 - CFD: 09/11/2014 - 14:29:26 - [] ----D C:\Program Files (x86)\Microsoft Analysis Services O43 - CFD: 09/11/2014 - 14:29:19 - [] ----D C:\Program Files (x86)\Microsoft Office O43 - CFD: 09/11/2014 - 14:31:35 - [] ----D C:\Program Files (x86)\Microsoft.NET O43 - CFD: 07/05/2016 - 11:01:41 - [] ----D C:\Program Files (x86)\Mozilla Firefox O43 - CFD: 07/05/2016 - 15:54:30 - [] ----D C:\Program Files (x86)\Mozilla Maintenance Service O43 - CFD: 09/11/2014 - 17:44:04 - [] ----D C:\Program Files (x86)\Nero O43 - CFD: 03/03/2015 - 05:11:02 - [] ----D C:\Program Files (x86)\Programas RFB O43 - CFD: 09/11/2014 - 20:03:39 - [] ----D C:\Program Files (x86)\Realtek O43 - CFD: 08/11/2015 - 19:24:47 - [] ----D C:\Program Files (x86)\search maven O43 - CFD: 28/05/2016 - 21:07:59 - [] R---D C:\Program Files (x86)\Skype O43 - CFD: 25/05/2016 - 21:03:09 - [] ----D C:\Program Files (x86)\SkypeUpdateEx O43 - CFD: 09/11/2014 - 20:07:39 - [0] --H-D C:\Program Files (x86)\Temp O43 - CFD: 03/03/2015 - 16:23:52 - [0] ----D C:\Program Files (x86)\TipTv O43 - CFD: 11/12/2015 - 22:09:11 - [] ----D C:\Program Files (x86)\ToolsAssist O43 - CFD: 25/05/2016 - 21:02:15 - [] ----D C:\Program Files (x86)\updateservice O43 - CFD: 09/11/2014 - 17:30:20 - [] ----D C:\Program Files (x86)\VideoLAN O43 - CFD: 09/11/2014 - 16:42:48 - [] ----D C:\Program Files (x86)\Windows Defender O43 - CFD: 26/07/2012 - 08:00:30 - [] ----D C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation O43 - CFD: 09/11/2014 - 16:40:10 - [] ----D C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation O43 - CFD: 26/07/2012 - 05:13:01 - [] ----D C:\Program Files (x86)\Windows Multimedia Platform O43 - CFD: 26/07/2012 - 05:12:59 - [] ----D C:\Program Files (x86)\Windows NT O43 - CFD: 09/11/2014 - 16:40:45 - [] ----D C:\Program Files (x86)\Windows Photo Viewer O43 - CFD: 26/07/2012 - 05:13:01 - [] ----D C:\Program Files (x86)\Windows Portable Devices O43 - CFD: 26/07/2012 - 05:12:59 - [] -SH-D C:\Program Files (x86)\Windows Sidebar O43 - CFD: 28/05/2016 - 23:04:59 - [] ----D C:\Program Files (x86)\ZHPDiag =>.Nicolas Coolman O43 - CFD: 02/02/2016 - 21:06:13 - [] ----D C:\Program Files (x86)\Common Files\Adobe O43 - CFD: 09/11/2014 - 17:44:29 - [] ----D C:\Program Files (x86)\Common Files\Ahead O43 - CFD: 03/12/2015 - 17:53:03 - [] ----D C:\Program Files (x86)\Common Files\AV O43 - CFD: 09/11/2014 - 20:03:34 - [] ----D C:\Program Files (x86)\Common Files\InstallShield O43 - CFD: 09/11/2014 - 15:37:34 - [] ----D C:\Program Files (x86)\Common Files\Intel O43 - CFD: 20/05/2015 - 03:47:26 - [] ----D C:\Program Files (x86)\Common Files\Microsoft Shared O43 - CFD: 26/07/2012 - 05:13:01 - [] ----D C:\Program Files (x86)\Common Files\Services O43 - CFD: 13/04/2016 - 23:13:42 - [] ----D C:\Program Files (x86)\Common Files\Skype O43 - CFD: 26/07/2012 - 08:00:30 - [] ----D C:\Program Files (x86)\Common Files\System O43 - CFD: 02/02/2016 - 20:05:58 - [] ----D C:\ProgramData\Adobe O43 - CFD: 02/09/2015 - 22:19:38 - [] ----D C:\ProgramData\Aeusuliite O43 - CFD: 09/11/2014 - 13:51:04 - [] -SH-D C:\ProgramData\Ambiente de Trabalho O43 - CFD: 19/08/2015 - 14:27:12 - [] ----D C:\ProgramData\APN O43 - CFD: 01/04/2016 - 02:36:51 - [] ----D C:\ProgramData\AppData O43 - CFD: 26/07/2012 - 04:22:08 - [] -SH-D C:\ProgramData\Application Data O43 - CFD: 01/05/2016 - 07:00:57 - [] ----D C:\ProgramData\AVAST Software O43 - CFD: 11/12/2015 - 22:10:58 - [] ----D C:\ProgramData\Baidu O43 - CFD: 26/01/2015 - 17:37:03 - [0] ----D C:\ProgramData\Baidu Security O43 - CFD: 27/03/2015 - 06:23:09 - [] ----D C:\ProgramData\Datamngr =>PUP.Datamngr O43 - CFD: 26/07/2012 - 04:22:08 - [] -SH-D C:\ProgramData\Desktop O43 - CFD: 09/11/2014 - 13:51:04 - [] -SH-D C:\ProgramData\Documentos O43 - CFD: 26/07/2012 - 04:22:08 - [] -SH-D C:\ProgramData\Documents O43 - CFD: 03/04/2016 - 23:36:52 - [] ----D C:\ProgramData\F-Secure O43 - CFD: 20/05/2015 - 03:47:33 - [] ----D C:\ProgramData\Hunter O43 - CFD: 02/02/2015 - 15:45:53 - [] ----D C:\ProgramData\IHProtectUpDate =>Adware.AgentODR O43 - CFD: 11/05/2016 - 07:11:48 - [] ----D C:\ProgramData\Intel O43 - CFD: 09/11/2014 - 14:02:56 - [] ----D C:\ProgramData\IObit O43 - CFD: 09/11/2014 - 13:51:04 - [] -SH-D C:\ProgramData\Menu Iniciar O43 - CFD: 11/05/2016 - 07:11:36 - [] -S--D C:\ProgramData\Microsoft O43 - CFD: 09/11/2014 - 14:34:00 - [] ----D C:\ProgramData\Microsoft Help O43 - CFD: 09/11/2014 - 13:51:04 - [] -SH-D C:\ProgramData\Modelos O43 - CFD: 09/11/2014 - 17:44:04 - [] ----D C:\ProgramData\Nero O43 - CFD: 06/08/2015 - 20:11:51 - [] ----D C:\ProgramData\Package Cache O43 - CFD: 09/11/2014 - 13:54:41 - [] ----D C:\ProgramData\PRICache O43 - CFD: 17/04/2015 - 04:46:13 - [] ----D C:\ProgramData\Radio O43 - CFD: 26/07/2012 - 08:02:42 - [] ----D C:\ProgramData\regid.1991-06.com.microsoft O43 - CFD: 10/11/2014 - 08:14:08 - [] ----D C:\ProgramData\Samsung O43 - CFD: 13/04/2016 - 23:13:39 - [] ----D C:\ProgramData\Skype O43 - CFD: 26/07/2012 - 04:22:08 - [] -SH-D C:\ProgramData\Start Menu O43 - CFD: 16/04/2015 - 09:41:14 - [] ----D C:\ProgramData\Sun O43 - CFD: 07/04/2015 - 10:19:57 - [0] ----D C:\ProgramData\T122078ED O43 - CFD: 16/04/2015 - 09:42:09 - [0] ---AD C:\ProgramData\TEMP O43 - CFD: 26/07/2012 - 04:22:08 - [] -SH-D C:\ProgramData\Templates O43 - CFD: 29/03/2016 - 16:26:15 - [] ----D C:\ProgramData\ToolsAssist O43 - CFD: 28/05/2016 - 21:59:54 - [] ----D C:\ProgramData\Windows Security O43 - CFD: 05/06/2015 - 22:01:41 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu O43 - CFD: 03/05/2016 - 20:52:46 - [0] ----D C:\ProgramData\WinZip O43 - CFD: 26/07/2012 - 05:13:01 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility O43 - CFD: 09/11/2014 - 16:41:54 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 26/07/2012 - 05:13:01 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 03/05/2016 - 20:44:19 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher O43 - CFD: 25/08/2015 - 09:14:56 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software O43 - CFD: 25/05/2016 - 20:18:10 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware O43 - CFD: 09/11/2014 - 14:04:17 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dic Michaelis - UOL O43 - CFD: 09/11/2014 - 14:03:35 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack O43 - CFD: 26/07/2012 - 05:13:01 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 09/11/2014 - 14:32:57 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office O43 - CFD: 09/11/2014 - 17:48:05 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials O43 - CFD: 03/03/2015 - 05:11:05 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB O43 - CFD: 13/04/2016 - 23:13:43 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype O43 - CFD: 23/03/2015 - 20:23:08 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\speed browser =>PUP.SpeedBrowser O43 - CFD: 09/11/2014 - 14:02:54 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8 O43 - CFD: 20/05/2016 - 00:49:07 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp O43 - CFD: 26/07/2012 - 05:13:01 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools O43 - CFD: 26/07/2012 - 08:02:42 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC O43 - CFD: 09/11/2014 - 17:30:26 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN O43 - CFD: 13/04/2016 - 23:10:25 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR O43 - CFD: 28/05/2016 - 23:04:58 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP =>.Nicolas Coolman O43 - CFD: 03/03/2015 - 16:28:51 - [] ----D C:\Users\Elzirene\AppData\Roaming\.ACEStream O43 - CFD: 12/03/2016 - 14:47:07 - [] ----D C:\Users\Elzirene\AppData\Roaming\Adobe O43 - CFD: 09/11/2014 - 17:44:54 - [] ----D C:\Users\Elzirene\AppData\Roaming\Ahead O43 - CFD: 09/11/2014 - 18:08:02 - [] ----D C:\Users\Elzirene\AppData\Roaming\AVAST Software O43 - CFD: 11/12/2015 - 22:10:54 - [] ----D C:\Users\Elzirene\AppData\Roaming\Baidu O43 - CFD: 28/05/2016 - 22:32:06 - [] ----D C:\Users\Elzirene\AppData\Roaming\CalendarTool O43 - CFD: 15/12/2015 - 19:18:46 - [] ----D C:\Users\Elzirene\AppData\Roaming\dvdcss O43 - CFD: 29/11/2015 - 09:05:03 - [] ----D C:\Users\Elzirene\AppData\Roaming\Google O43 - CFD: 13/09/2015 - 09:51:40 - [] ----D C:\Users\Elzirene\AppData\Roaming\Identities O43 - CFD: 19/01/2015 - 10:47:06 - [] ----D C:\Users\Elzirene\AppData\Roaming\IObit O43 - CFD: 13/03/2016 - 16:25:27 - [] ----D C:\Users\Elzirene\AppData\Roaming\Macromedia O43 - CFD: 26/11/2014 - 19:25:07 - [] ----D C:\Users\Elzirene\AppData\Roaming\Media Player Classic O43 - CFD: 21/04/2016 - 15:12:32 - [] -S--D C:\Users\Elzirene\AppData\Roaming\Microsoft O43 - CFD: 09/11/2014 - 14:08:07 - [] ----D C:\Users\Elzirene\AppData\Roaming\Mozilla O43 - CFD: 19/08/2015 - 14:11:56 - [] ----D C:\Users\Elzirene\AppData\Roaming\NetService O43 - CFD: 01/12/2015 - 21:22:37 - [] ----D C:\Users\Elzirene\AppData\Roaming\Opera Software O43 - CFD: 03/03/2015 - 16:33:12 - [] ----D C:\Users\Elzirene\AppData\Roaming\RoxTemp O43 - CFD: 25/05/2016 - 18:32:25 - [] ----D C:\Users\Elzirene\AppData\Roaming\RunDir O43 - CFD: 04/06/2015 - 02:53:01 - [] ----D C:\Users\Elzirene\AppData\Roaming\Run_dregol O43 - CFD: 14/05/2016 - 20:39:39 - [0] ----D C:\Users\Elzirene\AppData\Roaming\sc O43 - CFD: 16/04/2015 - 11:31:22 - [0] ----D C:\Users\Elzirene\AppData\Roaming\searchult O43 - CFD: 20/05/2016 - 21:39:32 - [] ----D C:\Users\Elzirene\AppData\Roaming\shortCutStore O43 - CFD: 14/04/2016 - 00:41:57 - [] ----D C:\Users\Elzirene\AppData\Roaming\Skype O43 - CFD: 20/05/2015 - 03:47:33 - [] ----D C:\Users\Elzirene\AppData\Roaming\theHunter O43 - CFD: 03/03/2015 - 16:19:19 - [] ----D C:\Users\Elzirene\AppData\Roaming\Tiptv O43 - CFD: 29/03/2016 - 16:26:43 - [] ----D C:\Users\Elzirene\AppData\Roaming\updateservice O43 - CFD: 02/02/2015 - 15:52:24 - [] ----D C:\Users\Elzirene\AppData\Roaming\VDownloader O43 - CFD: 20/05/2016 - 09:23:11 - [] ----D C:\Users\Elzirene\AppData\Roaming\vlc O43 - CFD: 17/12/2015 - 07:48:15 - [] ----D C:\Users\Elzirene\AppData\Roaming\WinNetSvc O43 - CFD: 09/11/2014 - 18:46:41 - [] ----D C:\Users\Elzirene\AppData\Roaming\WinRAR O43 - CFD: 28/05/2016 - 23:43:16 - [] ----D C:\Users\Elzirene\AppData\Roaming\WMPNetworkAcSvc O43 - CFD: 11/12/2015 - 22:40:20 - [0] ----D C:\Users\Elzirene\AppData\Roaming\yoursearching O43 - CFD: 28/05/2016 - 23:54:33 - [] ----D C:\Users\Elzirene\AppData\Roaming\ZHP =>.Nicolas Coolman O43 - CFD: 04/06/2015 - 02:47:01 - [] ----D C:\Users\Elzirene\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F} O43 - CFD: 03/02/2016 - 21:36:34 - [0] --H-D C:\Users\Elzirene\AppData\Local\17b946a9045e0952 O43 - CFD: 19/11/2015 - 23:30:16 - [] ----D C:\Users\Elzirene\AppData\Local\1stBrowser O43 - CFD: 03/02/2016 - 00:38:52 - [] ----D C:\Users\Elzirene\AppData\Local\Adobe O43 - CFD: 09/11/2014 - 17:48:06 - [] ----D C:\Users\Elzirene\AppData\Local\Ahead O43 - CFD: 09/11/2014 - 13:53:53 - [] -SH-D C:\Users\Elzirene\AppData\Local\Application Data O43 - CFD: 04/05/2016 - 01:26:42 - [] ----D C:\Users\Elzirene\AppData\Local\assembly O43 - CFD: 20/05/2016 - 21:52:52 - [] ----D C:\Users\Elzirene\AppData\Local\CrashDumps O43 - CFD: 16/04/2015 - 09:37:07 - [] ----D C:\Users\Elzirene\AppData\Local\CrashRpt O43 - CFD: 20/05/2016 - 01:16:27 - [] ----D C:\Users\Elzirene\AppData\Local\Diagnostics O43 - CFD: 25/05/2016 - 20:18:38 - [] ----D C:\Users\Elzirene\AppData\Local\dine O43 - CFD: 11/12/2015 - 22:37:37 - [] ----D C:\Users\Elzirene\AppData\Local\ElevatedDiagnostics O43 - CFD: 04/04/2016 - 07:30:17 - [0] ----D C:\Users\Elzirene\AppData\Local\FSDART O43 - CFD: 16/04/2015 - 09:26:56 - [] ----D C:\Users\Elzirene\AppData\Local\Gameo =>PUP.Gameo O43 - CFD: 02/02/2015 - 15:45:51 - [] ----D C:\Users\Elzirene\AppData\Local\globalUpdate =>PUP.GlobalUpdate O43 - CFD: 28/01/2016 - 21:10:04 - [] ----D C:\Users\Elzirene\AppData\Local\Google O43 - CFD: 09/11/2014 - 13:53:53 - [] -SH-D C:\Users\Elzirene\AppData\Local\Histórico O43 - CFD: 16/04/2015 - 09:37:16 - [] ----D C:\Users\Elzirene\AppData\Local\Installer O43 - CFD: 09/11/2014 - 17:20:00 - [] ----D C:\Users\Elzirene\AppData\Local\Macromedia O43 - CFD: 04/04/2016 - 13:20:10 - [] ----D C:\Users\Elzirene\AppData\Local\Microsoft O43 - CFD: 01/09/2015 - 00:06:40 - [] ----D C:\Users\Elzirene\AppData\Local\Microsoft Help O43 - CFD: 11/12/2015 - 22:09:21 - [] ----D C:\Users\Elzirene\AppData\Local\MiniService O43 - CFD: 09/11/2014 - 14:08:02 - [] ----D C:\Users\Elzirene\AppData\Local\Mozilla O43 - CFD: 11/12/2015 - 22:39:44 - [0] ----D C:\Users\Elzirene\AppData\Local\Opera Software O43 - CFD: 09/11/2014 - 13:54:36 - [] ----D C:\Users\Elzirene\AppData\Local\Packages O43 - CFD: 09/11/2014 - 14:03:24 - [] ----D C:\Users\Elzirene\AppData\Local\Programs O43 - CFD: 04/06/2015 - 02:53:04 - [] ----D C:\Users\Elzirene\AppData\Local\remi O43 - CFD: 03/03/2015 - 16:34:52 - [] ----D C:\Users\Elzirene\AppData\Local\ROX Player O43 - CFD: 09/11/2014 - 20:54:12 - [] ----D C:\Users\Elzirene\AppData\Local\Samsung O43 - CFD: 04/06/2015 - 02:53:06 - [] ----D C:\Users\Elzirene\AppData\Local\Setup27788187 O43 - CFD: 20/05/2016 - 21:52:49 - [] ----D C:\Users\Elzirene\AppData\Local\Setup4911328 O43 - CFD: 25/05/2016 - 20:18:38 - [] ----D C:\Users\Elzirene\AppData\Local\Setup7848296 O43 - CFD: 25/05/2016 - 20:18:41 - [] ----D C:\Users\Elzirene\AppData\Local\Setup7851078 O43 - CFD: 13/04/2016 - 23:13:41 - [0] ----D C:\Users\Elzirene\AppData\Local\Skype O43 - CFD: 23/03/2015 - 20:23:11 - [] ----D C:\Users\Elzirene\AppData\Local\speed browser =>PUP.SpeedBrowser O43 - CFD: 28/05/2016 - 23:53:37 - [] ----D C:\Users\Elzirene\AppData\Local\Temp O43 - CFD: 09/11/2014 - 13:53:53 - [] -SH-D C:\Users\Elzirene\AppData\Local\Temporary Internet Files O43 - CFD: 14/09/2015 - 20:45:12 - [] ----D C:\Users\Elzirene\AppData\Local\TVTime O43 - CFD: 16/11/2015 - 19:49:55 - [] ----D C:\Users\Elzirene\AppData\Local\VirtualStore O43 - CFD: 25/05/2016 - 20:18:38 - [] ----D C:\Users\Elzirene\AppData\Local\{4737716B-639F-1DD3-0E07-383B2A6FC4A3} O43 - CFD: 26/07/2012 - 05:13:00 - [] R---D C:\Users\Elzirene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility O43 - CFD: 26/07/2012 - 05:13:00 - [] R---D C:\Users\Elzirene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 09/11/2014 - 16:48:09 - [] R---D C:\Users\Elzirene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 09/11/2014 - 14:04:17 - [0] ----D C:\Users\Elzirene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dic Michaelis - UOL O43 - CFD: 26/07/2012 - 05:13:00 - [] ----D C:\Users\Elzirene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 09/11/2014 - 16:48:09 - [] R---D C:\Users\Elzirene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup O43 - CFD: 26/07/2012 - 05:13:00 - [] R---D C:\Users\Elzirene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools O43 - CFD: 13/04/2016 - 23:10:25 - [] ----D C:\Users\Elzirene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR ~ Program Folder: 187 Scanned in 00mn 00s ---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044) O44 - LFC:[MD5.6738B22AF2D1ABB797DC0D76E3BBF75D] - 25/05/2016 - 21:29:25 ---A- . (...) -- C:\Windows\PFRO.log [239268] O44 - LFC:[MD5.9AE848DB3AC6855B3C8AB5FC131BAC14] - 27/05/2016 - 16:52:15 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [1696874] O44 - LFC:[MD5.470B916AAF060B2A1C0FE0CCC9294B7D] - 27/05/2016 - 16:52:15 ---A- . (...) -- C:\Windows\System32\perfc009.dat [124834] O44 - LFC:[MD5.B70E95242F05ED30F38C802CBEA13383] - 27/05/2016 - 16:52:15 ---A- . (...) -- C:\Windows\System32\perfh009.dat [674948] O44 - LFC:[MD5.47BCE44713083AFF0342F30A2C37849B] - 27/05/2016 - 16:52:15 ---A- . (...) -- C:\Windows\System32\prfc0816.dat [152194] O44 - LFC:[MD5.8B6CAF901534DE5EDCE34B0A6048A042] - 27/05/2016 - 16:52:15 ---A- . (...) -- C:\Windows\System32\prfh0816.dat [741758] O44 - LFC:[MD5.E49549A1C0BF4BD6FB2ECAF73C3C5D14] - 28/05/2016 - 23:39:18 -S-A- . (...) -- C:\Windows\bootstat.dat [67584] O44 - LFC:[MD5.71384084241F761B1A1312E31A9CF5D9] - 28/05/2016 - 23:49:30 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [512] O44 - LFC:[MD5.88BE06358ED372EDA81062D8DDF90164] - 28/05/2016 - 23:51:37 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1190767] ~ Files: 9 Scanned in 00mn 02s ---\\ Negação do serviço (Local Security Authority) (048) O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Motor cliente do editor de configuração de proteção do Windows.) -- C:\Windows\System32\scecli.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pacote de segurança Kerberos.) -- C:\Windows\System32\kerberos.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Fornecedor de Segurança TLS/SSL.) -- C:\Windows\System32\schannel.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Live Security Package.) -- C:\Windows\System32\livessp.dll ~ LSA: 9 Scanned in 00mn 00s ---\\ Controlo do Modo de Segurança (CSB) (49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\828A9A2D.sys . (.Kaspersky Lab ZAO - Kaspersky Unified Driver.) -- C:\Windows\System32\Drivers\828A9A2D.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\BasicDisplay.sys . (.Microsoft Corporation - Microsoft Basic Display Driver.) -- C:\Windows\System32\Drivers\BasicDisplay.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\BasicRender.sys . (.Microsoft Corporation - Microsoft Basic Render Driver.) -- C:\Windows\System32\Drivers\BasicRender.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dxgkrnl.sys . (.Microsoft Corporation - DirectX Graphics Kernel.) -- C:\Windows\System32\Drivers\dxgkrnl.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\FsDepends.sys . (.Microsoft Corporation - File System Dependency Manager Mini Filter Driver.) -- C:\Windows\System32\Drivers\FsDepends.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Controlador de filtro de rato série.) -- C:\Windows\System32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Controlador de Extensão do Gestor de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\828A9A2D.sys . (.Kaspersky Lab ZAO - Kaspersky Unified Driver.) -- C:\Windows\System32\Drivers\828A9A2D.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\BasicDisplay.sys . (.Microsoft Corporation - Microsoft Basic Display Driver.) -- C:\Windows\System32\Drivers\BasicDisplay.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\BasicRender.sys . (.Microsoft Corporation - M

Format du document : text/plain

Prévisualisation

~ Relatório do ZHPDiag v2015.4.6.36 - Nicolas Coolman (29/03/2015)
~ Iniciado por Elzirene (29/05/2016 00:17:19)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Endereço do Webforum : http://forum.nicolascoolman.fr
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Desativado pelo Utilizador
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.17116
MFIE: Mozilla Firefox 46.0.1 (Defaut)
GCIE: Google Chrome v50.0.2661.102

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 8, 64-bit (Build 9200)

---\\ Softwares de proteçao do sistema
Avast Free Antivirus v11.2.2262
Windows Defender W8 (Deactivate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 21 NPAPI

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3969 MB (63% free)
System Restore: Activé (Enable)
System drive C: has 148 GB (67%) free of 221 GB

---\\ Modo de conexão ao sistema
~ Computer Name: ELZIRENE
~ User Name: Elzirene
~ All Users Names: HomeGroupUser$, Elzirene, Convidado, Administrador,
~ Unselected Option: None
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Elzirene\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Elzirene\AppData\Roaming\
~ %Desktop% : C:\Users\Elzirene\Desktop\
~ %Favorites% : C:\Users\Elzirene\Favorites\
~ %LocalAppData% : C:\Users\Elzirene\AppData\Local\
~ %StartMenu% : C:\Users\Elzirene\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 148 Go of 221 Go)
D: Hard drive, Flash drive, Thumb drive (Free 244 Go of 244 Go)
E: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 41 Scanned in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.928791755FDDEA721B053535EF84FA17] - (.Microsoft Corporation - Explorador do Windows.) (.26/07/2012 - 01:49:13.) -- C:\Windows\Explorer.exe [2380440]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicação de Arranque do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.949C61BEF8501BD244C50A7F182CEC74] - (.Microsoft Corporation - Extensões da Internet para Win32.) (.20/09/2014 - 02:17:42.) -- C:\Windows\System32\wininet.dll [2236928]
[MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Aplicação de início de sessão do Windows.) (.12/04/2014 - 06:10:31.) -- C:\Windows\System32\Winlogon.exe [578048]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.FE7FB9612D354EB41DF4F0FF5D6FB259] - (.Microsoft Corporation - Controlador de Função Auxiliar para Winsock.) (.29/05/2014 - 19:24:46.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.25/07/2012 - 23:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.8D6810577E9C4F56DCB8E9BACAC7287B] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.25/07/2012 - 23:27:36.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Controlador de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.05/02/2013 - 19:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Controlador de Sistema de Ficheiros NT.) (.02/02/2013 - 07:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Controlador de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.2FB3CDFD5EAF4CD9D4AFAF96877D13AE] - (.Microsoft Corporation - Controlador de cópia sombra do volume.) (.26/07/2012 - 01:57:09.) -- C:\Windows\system32\Drivers\volsnap.sys [332016]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/62
~ Mes musiques (My Musics) : 1/923
~ Mes Videos (My Videos) : 1/91
~ Mes Favoris (My Favorites) : 1/4
~ Mes Documents (My Documents) : 2/90
~ Mon Bureau (My Desktop) : 4/2619
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.ECE648CDC3A09421E996DFFDA76F5C53] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136] [PID.2556]
[MD5.BB72A4FD979EB45499CCC6BEF467889A] - (.IObit - No Comment.) -- C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe [1540928] [PID.2564]
[MD5.CC436BB2A26391F3DEBE316F6FB0474F] - (.© 2015 Microsoft Corporation - Microsoft Bing Service.) -- C:\Users\Elzirene\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008] [PID.2772]
[MD5.B920AAF7ABEA489AC415DD38AD7B76CD] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1209904] [PID.4264]
[MD5.36F4C7EF5BFB395CE24F57507F66CE09] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [7400576] [PID.4824]
[MD5.7DF8845A1CF92C227E81DBBC6F6434DF] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [392136] [PID.3664]
[MD5.2F7F595945B6F2E23D1B1423AF8C5186] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [276936] [PID.3052]
[MD5.65C301B21772EC0F3824AF53E6C615AD] - (.Adobe Systems, Inc. - Adobe Flash Player 21.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe [3448000] [PID.4052]
[MD5.E96DD1ABAC2BE889CF521EA2192BFD1D] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8196608] [PID.2864]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Elzirene\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Pasta de extensão do Google Chrome
G2 - EXT: C:\Users\Elzirene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [__MSG_appName__]
G2 - EXT: C:\Users\Elzirene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [__MSG_appName__]
G2 - EXT: C:\Users\Elzirene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [__MSG_appName__]
G2 - EXT: C:\Users\Elzirene\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [Avast SafePrice]
G2 - EXT: C:\Users\Elzirene\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [__MSG_ExtnName__]
G2 - EXT: C:\Users\Elzirene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [__MSG_extName__]
G2 - EXT: C:\Users\Elzirene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim [dregol New Tab]
G2 - EXT: C:\Users\Elzirene\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [Skype]
G2 - EXT: C:\Users\Elzirene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [__MSG_APP_NAME__]
G2 - EXT: C:\Users\Elzirene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [__MSG_appName__]
~ Google Lines Browser: 20 Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Elzirene\AppData\Roaming\Mozilla\Firefox\Profiles\aw3ei7fk.default\prefs.js
M3 - MFPP: Plugins - [Elzirene] -- C:\Users\Elzirene\AppData\Roaming\Mozilla\Firefox\Profiles\aw3ei7fk.default\searchplugins\google-avast.xml
M3 - MFPP: Plugins - [Elzirene] -- C:\Users\Elzirene\AppData\Roaming\Mozilla\Firefox\Profiles\aw3ei7fk.default\searchplugins\Search Provided by Yahoo.xml
M3 - MFPP: Plugins - [Elzirene] -- C:\Users\Elzirene\AppData\Roaming\Mozilla\Firefox\Profiles\aw3ei7fk.default\searchplugins\webssearches.xml =>Hijacker.WebsSearches
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll
~ Firefox Browser: 5 Scanned in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.search.yahoo.comDzztG0E0A0B0A0D0FyD0F0DzztAzy2QtN0A0LzuyE%26cr%3D1009639397%26a%3Dwbf_popjar_16_21_ssg02%26os_ver%3D6.2%26os%3DWindows%2B8
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.search.yahoo.comDzztG0E0A0B0A0D0FyD0F0DzztAzy2QtN0A0LzuyE%26cr%3D1009639397%26a%3Dwbf_popjar_16_21_ssg02%26os_ver%3D6.2%26os%3DWindows%2B8
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://br.search.yahoo.comDzztG0E0A0B0A0D0FyD0F0DzztAzy2QtN0A0LzuyE%26cr%3D1009639397%26a%3Dwbf_popjar_16_21_ssg02%26os_ver%3D6.2%26os%3DWindows%2B8
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://minilua.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com =>PUP.DoSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com =>PUP.DoSearches
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = about:newtab
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://minilua.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minilua.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search,SearchAssistant = http://minilua.com
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Browser.) (10.00.9200.16384 (win8_rtm.120725-1247)) -- C:\Windows\SysWOW64\ieframe.dll
~ IE Browser: 18 Scanned in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080;https=127.0.0.1:8080
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean) (31)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: (no name) [64Bits] - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Chave orfã
O2 - BHO: (no name) [64Bits] - {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} Chave orfã
O2 - BHO: search maven 1.0.0.6 [64Bits] - {5996b4a3-5007-4a35-bfd3-70bd47abd749} Chave orfã
O2 - BHO: Sale Charger [64Bits] - {7a38e53c-e000-41e4-9b5a-47447db81c2b} Chave orfã
O2 - BHO: (no name) [64Bits] - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} Chave orfã
O2 - BHO: avast! Online Security [64Bits] - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO [64Bits] - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Microsoft Corporation - Skype Click to Call IE Add-on.) -- C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO [64Bits] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.dll
O2 - BHO: Movies Search App (Dist. by Bandoo Media, Inc.) [64Bits] - {c0caa5fe-7c9c-4dca-a265-63cf55379d1a} Chave orfã =>Adware.Bandoo
O2 - BHO: ShopperProBHO [64Bits] - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} Chave orfã =>PUP.ShopperPro
O2 - BHO: YTAHelperBHO [64Bits] - {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} Chave orfã =>PUP.Goobzo
~ BHO: 15 Scanned in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41545534-5350-2D4D-4544-7A786E7484D7} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Elzirene]: iLivid.lnk . (...) -- C:\Users\Elzirene\AppData\Local\iLivid\iLivid.exe (.not file.) =>Adware.Bandoo
O4 - GS\QuickLaunch [Elzirene]: speed browser.lnk . (...) -- C:\Program Files (x86)\speed browser\Application\browser.exe (.not file.) =>PUP.SpeedBrowser
O4 - GS\Program [Elzirene]: iLivid.lnk . (...) -- C:\Users\Elzirene\AppData\Local\iLivid\iLivid.exe (.not file.) =>Adware.Bandoo
~ Global Startup: 3 Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [BingSvc] . (.© 2015 Microsoft Corporation - Microsoft Bing Service.) -- C:\Users\Elzirene\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [CrashService] C:\Users\Elzirene\AppData\Local\1stBrowser\Application\crash_service.exe (.not file.)
O4 - HKCU\..\Run: [1stbrowser] C:\Users\Elzirene\AppData\Local\1stBrowser\Application\1stbrowser.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-21-503934411-1333821644-1509641271-1001\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-503934411-1333821644-1509641271-1001\..\Run: [BingSvc] . (.© 2015 Microsoft Corporation - Microsoft Bing Service.) -- C:\Users\Elzirene\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKUS\S-1-5-21-503934411-1333821644-1509641271-1001\..\Run: [CrashService] C:\Users\Elzirene\AppData\Local\1stBrowser\Application\crash_service.exe (.not file.)
O4 - HKUS\S-1-5-21-503934411-1333821644-1509641271-1001\..\Run: [1stbrowser] C:\Users\Elzirene\AppData\Local\1stBrowser\Application\1stbrowser.exe (.not file.)
~ Application: Scanned in 00mn 00s



---\\ Icones das opções IE invisiveis no painel das configurações (05)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ IE Control Panel: 1 Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fornecedor de Correções de Compatibilidade de Nomenclatura de Correio Ele.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fornecedor de Espaço de Nomes PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fornecedor de Espaço de Nomes PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fornecedor de serviços de Microsoft Windows Sockets 2.0.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\system32\wshbth.dll
~ Winsock: 7 Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F5118BB-9051-4D89-BCFC-0A77F8B6FB62}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C772D1BF-0857-4527-A1B8-584A2BB2F76E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F5118BB-9051-4D89-BCFC-0A77F8B6FB62}: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\..\{C772D1BF-0857-4527-A1B8-584A2BB2F76E}: DhcpDomain = domain.name
O17 - HKLM\System\CS1\Services\Tcpip\..\{4F5118BB-9051-4D89-BCFC-0A77F8B6FB62}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C772D1BF-0857-4527-A1B8-584A2BB2F76E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4F5118BB-9051-4D89-BCFC-0A77F8B6FB62}: DhcpDomain = domain.name
O17 - HKLM\System\CS1\Services\Tcpip\..\{C772D1BF-0857-4527-A1B8-584A2BB2F76E}: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ SSODL: 1 Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: AtherosSvc (AtherosSvc) . (.Atheros Commnucations - AdminService Application.) - C:\Windows\System32\AdminService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço Google Update (gupdate) (gupdate) . (.Google Inc. - Instalador do Google.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) . (.Intel Corporation - igfxCUIService Module.) - C:\Windows\System32\igfxCUIService.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe
O23 - Service: Refresh Keyboard (midityjezbt) . (...) - C:\Program Files (x86)\63A9D0CC-1464210093-19DE-80F8-5D39BF27DA9A\knsh128.tmp
O23 - Service: Net.Tcp Service Handler (NetTcpHandler) . (...) - C:\Users\Elzirene\AppData\Roaming\NetService\netservice.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: (SkypeUpdateEx) . (.skype.cog.cc - SkypeUpdateEx.) - C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe
O23 - Service: StartMenu8 Service (StartMenuService) . (.IObit - StartMenu8 Services.) - C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
O23 - Service: SW Update Service (SWUpdateService) . (.Samsung Electronics CO., LTD. - SW Update Agent.) - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
O23 - Service: The Calendar Service (TheCalendarService) . (.No owner - The Calendar Service.) - C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe
O23 - Service: update service (update_service) . (...) - C:\Program Files (x86)\updateservice\updateservice.exe
O23 - Service: Windows Net Proxy Auto Service (WinNetSvc) . (...) - C:\Users\Elzirene\AppData\Roaming\WinNetSvc\WinNetSvc.exe
O23 - Service: Windows Media Player Network Access Service (WMPNetworkAcSvc) . (...) - C:\Users\Elzirene\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe =>.Microsoft Corporation
O23 - Service: Double Spaced Firewall (zigipyro) . (...) - C:\Users\Elzirene\AppData\Local\63A9D0CC-1464480646-19DE-80F8-5D39BF27DA9A\qnsbF58B.tmp
~ Services: 16 Scanned in 00mn 03s



---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Desktop Component: 4 Scanned in 00mn 00s



---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ BEX: 1 Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [1stbrowser] (...) -- C:\Users\Elzirene\AppData\Local\1stBrowser\Application\1stbrowser.exe (.not file.) [0]
[MD5.6A050671F2C76FB48131F12786802807] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [269504]
[MD5.1282F8C897DBF180BCF3F6F6968DE2C3] [APT] [avast! Emergency Update] (.AVAST Software.) -- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [1517200]
[MD5.00000000000000000000000000000000] [APT] [crash_service] (...) -- C:\Users\Elzirene\AppData\Local\1stBrowser\Application\crash_service.exe (.not file.) [0]
[MD5.DD7423ABBE2913E70D50E9318AD57EE4] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200]
[MD5.DD7423ABBE2913E70D50E9318AD57EE4] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200]
[MD5.00000000000000000000000000000000] [APT] [NetEngine] (...) -- C:\ProgramData\NetEngine\bin\D10\netengine.exe (.not file.) [0] =>PUP.NetEngine
[MD5.2E696C90B2D1DD842F59E38FD212D225] [APT] [SafeZone scheduled Autoupdate 1462097065] (.Avast Software.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe [735736]
[MD5.F0D63994F39C95259B06F70811F41833] [APT] [SAgent] (.Samsung Electronics CO., LTD..) -- C:\Program Files\Samsung\S Agent\CommonAgent.exe [2975056]
[MD5.45BCD6113DE37F0C839731352B84CB24] [APT] [StartMenuAutoupdate] (.IObit.) -- C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [827680]
[MD5.C6F268F8A91671D163028D16495AE244] [APT] [{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}] (...) -- C:\Users\Elzirene\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe [1188328]
[MD5.91685926CA2361F4D1BB101F3A140B28] [APT] [{2A75E130-E0AE-40d1-B479-E583A0419691}] (...) -- C:\Program Files (x86)\updateservice\updateservice.exe [43008]
[MD5.00000000000000000000000000000000] [APT] [{64DEA17D-0519-47E6-9D78-37A58266C6E7}] (...) -- C:\Program Files (x86)\baidu\Baidu Browser\uninst.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6DB74B7B-6976-482A-981B-A76E0F6A9C5A}] (...) -- C:\Program Files (x86)\baidu\Baidu Browser\uninst.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{82C15761-BA1F-4098-9D33-24F7B4D8FDEC}] (...) -- C:\ProgramData\TVTime\uninstall.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{906553F6-2267-4D99-B782-3E41D6776624}] (...) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_245_pepper.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C3835365-7902-46C0-9114-AABC723475CE}] (...) -- C:\Users\Elzirene\AppData\Roaming\do-search\UninstallManager.exe (.not file.) [0] =>PUP.DoSearches
[MD5.7068D0DC90FD95505A2BEEF5C2F6320E] [APT] [{FF2F182C-3E91-4027-8552-A90822E213C2}] (...) -- C:\Program Files (x86)\ToolsAssist\toolserv.exe [202872]
[MD5.224EFC8B50E88D79DCEB19D658D5C41B] [APT] [Avast settings backup] (.AVAST Software.) -- C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [652816]
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [830]
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1030]
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1030]
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1034]
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1034]
O39 - APT: {2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} - (...) -- C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job [694]
O39 - APT: {2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} - (...) -- C:\Windows\System32\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} [694]
O39 - APT: {2A75E130-E0AE-40d1-B479-E583A0419691} - (...) -- C:\Windows\Tasks\{2A75E130-E0AE-40d1-B479-E583A0419691}.job [308]
O39 - APT: {2A75E130-E0AE-40d1-B479-E583A0419691} - (...) -- C:\Windows\System32\Tasks\{2A75E130-E0AE-40d1-B479-E583A0419691} [308]
O39 - APT: {FF2F182C-3E91-4027-8552-A90822E213C2} - (...) -- C:\Windows\Tasks\{FF2F182C-3E91-4027-8552-A90822E213C2}.job [330]
O39 - APT: {FF2F182C-3E91-4027-8552-A90822E213C2} - (...) -- C:\Windows\System32\Tasks\{FF2F182C-3E91-4027-8552-A90822E213C2} [330]
~ Scheduled Task: 31 Scanned in 00mn 02s



---\\ Componentes instalados (ActiveSetup Installed Components) (040)
O40 - ASIC: Microsoft Windows Media Player [64Bits] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\SysWOW64\wmpdxm.dll =>.Microsoft Corporation
O40 - ASIC: Themes Setup [64Bits] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\Windows\System32\themeui.dll
O40 - ASIC: Microsoft Windows [64Bits] - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe =>.Microsoft Corporation
O40 - ASIC: Browsing Enhancements [64Bits] - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extensão da shell da pasta de FTP do Microsoft Internet Explore.) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Windows Desktop Update [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum da shell do Windows.) -- C:\Windows\System32\shell32.dll
O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por utilizador do IE.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\System32\mscories.dll
O40 - ASIC: Google Chrome [64Bits] - {8A69D345-D564-463c-AFF1-A69D9E530F96} . (.Google Inc. - Google Chrome Installer.) -- C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
~ Active Setup: 10 Scanned in 00mn 00s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Controlador de Função Auxiliar para Winsock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (aswKbd) . (.AVAST Software - avast! Keyboard Filter Driver.) - C:\Windows\system32\drivers\aswKbd.sys
O41 - Driver: (aswRdr) . (.AVAST Software - avast! WFP Redirect Driver.) - C:\Windows\system32\drivers\aswRdr2.sys
O41 - Driver: (aswSnx) . (.AVAST Software - avast! Virtualization Driver.) - C:\Windows\system32\drivers\aswSnx.sys
O41 - Driver: (aswSP) . (.AVAST Software - avast! self protection module.) - C:\Windows\system32\drivers\aswSP.sys
O41 - Driver: (BasicDisplay) . (.Microsoft Corporation - Microsoft Basic Display Driver.) - C:\Windows\system32\drivers\BasicDisplay.sys
O41 - Driver: (BasicRender) . (.Microsoft Corporation - Microsoft Basic Render Driver.) - C:\Windows\system32\drivers\BasicRender.sys
O41 - Driver: cdrom.inf (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys
O41 - Driver: C:\Windows\System32\drivers\dam.sys (dam) . (.Microsoft Corporation - DAM Kernel Driver.) - C:\Windows\System32\drivers\dam.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (Dfsc) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: mssmbios.inf (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys
O41 - Driver: netnb.inf (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: npsvctrig.inf (npsvctrig) . (.Microsoft Corporation - Named pipe service triggers.) - C:\Windows\system32\drivers\npsvctrig.sys
O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Agendador de pacotes QoS.) - C:\Windows\system32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Controlador de Subsistema de Colocação em M.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: (tbfd_1_10_0_16) . (. - .) - C:\Windows\System32\drivers\tbfd_1_10_0_16.sys (.not file.)
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys
O41 - Driver: C:\Windows\System32\drivers\vwififlt.sys (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\system32\DRIVERS\vwififlt.sys
O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys
~ Drivers: 44 Scanned in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Adobe Flash Player 21 NPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player NPAPI
O42 - Logiciel: Advanced Calendar 2.0.0.11189 - (.MEIXIAN XIE.) [HKLM][64Bits] -- {D9BAB2C9-5236-48c3-AF02-67E799F09BBD}
O42 - Logiciel: Avast Free Antivirus - (.AVAST Software.) [HKLM][64Bits] -- Avast
O42 - Logiciel: Body Text Feathering - (.Body Text Feathering.) [HKLM][64Bits] -- PopupProduct
O42 - Logiciel: Dic Michaelis - UOL - (...) [HKLM][64Bits] -- WDIC
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM][64Bits] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] -- {409CB30E-E457-4008-9B1A-ED1B9EA21140}
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] -- {5017D82E-6F1C-478B-9941-D6FD93DB9909}
O42 - Logiciel: K-Lite Codec Pack 9.9.5 (Full) - (...) [HKLM][64Bits] -- KLiteCodecPack_is1
O42 - Logiciel: Mozilla Firefox 46.0.1 (x86 pt-BR) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 46.0.1 (x86 pt-BR)
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService
O42 - Logiciel: Nero 7 Essentials - (.Nero AG.) [HKLM][64Bits] -- {66EBD70F-A42C-475F-AEDF-277378152070}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: S Agent - (.Samsung Electronics CO., LTD..) [HKLM][64Bits] -- {00692554-EDF4-4514-878F-A1C527EED296}
O42 - Logiciel: SafeZone Stable 1.48.2066.101 - (.Avast Software.) [HKLM][64Bits] -- SafeZone 1.48.2066.101
O42 - Logiciel: Skype Click to Call - (.Microsoft Corporation.) [HKLM][64Bits] -- {6D1221A9-17BF-4EC0-81F2-27D30EC30701}
O42 - Logiciel: Skype™ 7.22 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {FC965A47-4839-40CA-B618-18F486F042C6}
O42 - Logiciel: Start Menu 8 - (.IObit.) [HKLM][64Bits] -- IObit_StartMenu8_is1
O42 - Logiciel: Tools Assist - (.Jinju Wang.) [HKLM][64Bits] -- {3CA099AA-D173-49e0-B3EA-145D67934BB5}
O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM][64Bits] -- VLC media player =>.VideoLAN
O42 - Logiciel: WinRAR 5.31 (64-bit) - (.win.rar GmbH.) [HKLM][64Bits] -- WinRAR archiver
O42 - Logiciel: Windows Sales Application - (.PopDeals.) [HKLM][64Bits] -- PopDeals
O42 - Logiciel: aTube Catcher versão 3.8 - (.DsNET Corp.) [HKLM][64Bits] -- {D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1
O42 - Logiciel: iLivid - (.Bandoo Media Inc.) [HKCU][64Bits] -- iLivid =>Adware.Bandoo
O42 - Logiciel: neroxml - (.Nero AG.) [HKLM][64Bits] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B}
O42 - Logiciel: speed browser - (.Smart Applications.) [HKLM][64Bits] -- speed browser =>PUP.SpeedBrowser
O42 - Logiciel: swMSM - (.Adobe Systems, Inc.) [HKLM][64Bits] -- {612C34C7-5E90-47D8-9B5C-0F717DD82726}
~ Logic: 53 Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\APNDTX] =>Toolbar.Ask
[HKCU\Software\AVAST Software]
[HKCU\Software\Adobe]
[HKCU\Software\Ahead]
[HKCU\Software\Amigo Mouse]
[HKCU\Software\App Lid-nv-ie]
[HKCU\Software\AppDataLow\Software\Adobe]
[HKCU\Software\AppDataLow\Software\DynConIE] =>PUP.DynConIE
[HKCU\Software\AppDataLow\Software\JavaSoft]
[HKCU\Software\AppDataLow\Software\ilividbandoomoviestoolbar] =>Adware.Bandoo
[HKCU\Software\AppDataLow]
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKCU\Software\Browser]
[HKCU\Software\CalendarTool]
[HKCU\Software\Caphyon]
[HKCU\Software\Chromium]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\GNU]
[HKCU\Software\Gabest]
[HKCU\Software\Gameo] =>PUP.Gameo
[HKCU\Software\Goobzo] =>PUP.Goobzo
[HKCU\Software\Google]
[HKCU\Software\Haali]
[HKCU\Software\IM Providers]
[HKCU\Software\Icaros]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\Macromedia]
[HKCU\Software\MediaInfo]
[HKCU\Software\Megacubo]
[HKCU\Software\Mine]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\Nico Mak Computing]
[HKCU\Software\ODBC]
[HKCU\Software\Opera Software]
[HKCU\Software\Policies]
[HKCU\Software\ProductSetup] =>Adware.InstallCore
[HKCU\Software\Realtek]
[HKCU\Software\RegisteredApplications]
[HKCU\Software\Samsung]
[HKCU\Software\Skype]
[HKCU\Software\SourceForge]
[HKCU\Software\ToolsAssist]
[HKCU\Software\Trolltech]
[HKCU\Software\Tuguu] =>PUP.VAFPlayer
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\Wargaming.net]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Wow6432Node]
[HKCU\Software\YBR]
[HKCU\Software\ZebHelpProcess Helper]
[HKCU\Software\csastats]
[HKCU\Software\globalUpdate] =>PUP.GlobalUpdate
[HKCU\Software\ilividbandoomoviestoolbar] =>Adware.Bandoo
[HKCU\Software\madshi]
[HKCU\Software\roxio]
[HKCU\Software\search maven]
[HKCU\Software\teras games]
[HKCU\Software\undefined]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Atheros]
[HKLM\Software\Baidu Security]
[HKLM\Software\CalendarTool]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Clocker]
[HKLM\Software\DTS]
[HKLM\Software\Dolby]
[HKLM\Software\DtsEncodeTools]
[HKLM\Software\Google]
[HKLM\Software\IM Providers]
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\Khronos]
[HKLM\Software\Knowles]
[HKLM\Software\Macromedia]
[HKLM\Software\Megacubo]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Nuance]
[HKLM\Software\ODBC]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SRS Labs]
[HKLM\Software\Sakura]
[HKLM\Software\ShopperPro] =>PUP.ShopperPro
[HKLM\Software\SonicFocus]
[HKLM\Software\TrendMicro]
[HKLM\Software\WWS]
[HKLM\Software\Waves Audio]
[HKLM\Software\WinRAR]
[HKLM\Software\Wow6432Node\AVAST Software]
[HKLM\Software\Wow6432Node\Adobe]
[HKLM\Software\Wow6432Node\Ahead]
[HKLM\Software\Wow6432Node\AppDataLow]
[HKLM\Software\Wow6432Node\Audible]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Chromium]
[HKLM\Software\Wow6432Node\Classes]
[HKLM\Software\Wow6432Node\Clients]
[HKLM\Software\Wow6432Node\Data Fellows]
[HKLM\Software\Wow6432Node\Datamngr] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\EVP]
[HKLM\Software\Wow6432Node\F-Secure]
[HKLM\Software\Wow6432Node\FFPluginHp]
[HKLM\Software\Wow6432Node\GNU]
[HKLM\Software\Wow6432Node\GlobalUpdate] =>PUP.GlobalUpdate
[HKLM\Software\Wow6432Node\Goobzo] =>PUP.Goobzo
[HKLM\Software\Wow6432Node\Google]
[HKLM\Software\Wow6432Node\HaaliMkx]
[HKLM\Software\Wow6432Node\IHProtect] =>Adware.AgentODR
[HKLM\Software\Wow6432Node\IM Providers]
[HKLM\Software\Wow6432Node\IObit]
[HKLM\Software\Wow6432Node\Icaros]
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Intel]
[HKLM\Software\Wow6432Node\JavaSoft]
[HKLM\Software\Wow6432Node\JreMetrics]
[HKLM\Software\Wow6432Node\KLCodecPack]
[HKLM\Software\Wow6432Node\Khronos]
[HKLM\Software\Wow6432Node\LAV]
[HKLM\Software\Wow6432Node\Licenses]
[HKLM\Software\Wow6432Node\Macromedia]
[HKLM\Software\Wow6432Node\MozillaPlugins]
[HKLM\Software\Wow6432Node\Mozilla]
[HKLM\Software\Wow6432Node\Nero]
[HKLM\Software\Wow6432Node\NetTcpHandler]
[HKLM\Software\Wow6432Node\NtIObits]
[HKLM\Software\Wow6432Node\NtSvcHandler]
[HKLM\Software\Wow6432Node\Nuance]
[HKLM\Software\Wow6432Node\ODBC]
[HKLM\Software\Wow6432Node\Opera Software]
[HKLM\Software\Wow6432Node\Policies]
[HKLM\Software\Wow6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\Wow6432Node\Realtek]
[HKLM\Software\Wow6432Node\RegisteredApplications]
[HKLM\Software\Wow6432Node\Sakura]
[HKLM\Software\Wow6432Node\Samsung]
[HKLM\Software\Wow6432Node\SkypeUpdateEx]
[HKLM\Software\Wow6432Node\Skype]
[HKLM\Software\Wow6432Node\SpeedBrowser] =>PUP.SpeedBrowser
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab
[HKLM\Software\Wow6432Node\TermBlazer_1.10.0.16]
[HKLM\Software\Wow6432Node\ToolsAssist]
[HKLM\Software\Wow6432Node\TrendMicro]
[HKLM\Software\Wow6432Node\VideoLAN]
[HKLM\Software\Wow6432Node\Volatile]
[HKLM\Software\Wow6432Node\WMPNetworkAcSvc]
[HKLM\Software\Wow6432Node\WinNetSvc]
[HKLM\Software\Wow6432Node\baidu]
[HKLM\Software\Wow6432Node\delta-homesSoftware] =>Hijacker.DeltaHomes
[HKLM\Software\Wow6432Node\do-searchSoftware] =>PUP.DoSearches
[HKLM\Software\Wow6432Node\im-dosearch]
[HKLM\Software\Wow6432Node\mozilla.org]
[HKLM\Software\Wow6432Node\mystartsearchSoftware] =>PUP.StartSearch
[HKLM\Software\Wow6432Node\navegaki]
[HKLM\Software\Wow6432Node\search maven]
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWindowsMangerProtect] =>PUP.Fuyu
[HKLM\Software\Wow6432Node\yoursearchingSoftware]
[HKLM\Software\Wow6432Node]
[HKLM\Software\im-dosearch]
[HKLM\Software\navegaki]
~ Key Software: 259 Scanned in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/05/2016 - 16:43:39 - [] ----D C:\Program Files (x86)\63A9D0CC-1464210093-19DE-80F8-5D39BF27DA9A
O43 - CFD: 02/02/2016 - 21:06:18 - [0] ----D C:\Program Files (x86)\Adobe
O43 - CFD: 18/03/2016 - 12:29:46 - [] ----D C:\Program Files (x86)\CalendarTool
O43 - CFD: 25/05/2016 - 21:29:25 - [] ----D C:\Program Files (x86)\CleanBrowser
O43 - CFD: 13/04/2016 - 23:13:42 - [] ----D C:\Program Files (x86)\Common Files
O43 - CFD: 19/08/2015 - 14:26:49 - [] ----D C:\Program Files (x86)\DsNET Corp
O43 - CFD: 25/05/2016 - 21:09:59 - [] ----D C:\Program Files (x86)\Google
O43 - CFD: 03/03/2015 - 05:11:09 - [] --H-D C:\Program Files (x86)\InstallJammer Registry
O43 - CFD: 09/11/2014 - 20:03:39 - [] --H-D C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 09/11/2014 - 15:37:43 - [] ----D C:\Program Files (x86)\Intel
O43 - CFD: 09/11/2014 - 16:41:38 - [] ----D C:\Program Files (x86)\Internet Explorer
O43 - CFD: 09/11/2014 - 14:02:52 - [] ----D C:\Program Files (x86)\IObit
O43 - CFD: 09/11/2014 - 14:03:33 - [] ----D C:\Program Files (x86)\K-Lite Codec Pack
O43 - CFD: 09/11/2014 - 14:29:26 - [] ----D C:\Program Files (x86)\Microsoft Analysis Services
O43 - CFD: 09/11/2014 - 14:29:19 - [] ----D C:\Program Files (x86)\Microsoft Office
O43 - CFD: 09/11/2014 - 14:31:35 - [] ----D C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 07/05/2016 - 11:01:41 - [] ----D C:\Program Files (x86)\Mozilla Firefox
O43 - CFD: 07/05/2016 - 15:54:30 - [] ----D C:\Program Files (x86)\Mozilla Maintenance Service
O43 - CFD: 09/11/2014 - 17:44:04 - [] ----D C:\Program Files (x86)\Nero
O43 - CFD: 03/03/2015 - 05:11:02 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 09/11/2014 - 20:03:39 - [] ----D C:\Program Files (x86)\Realtek
O43 - CFD: 08/11/2015 - 19:24:47 - [] ----D C:\Program Files (x86)\search maven
O43 - CFD: 28/05/2016 - 21:07:59 - [] R---D C:\Program Files (x86)\Skype
O43 - CFD: 25/05/2016 - 21:03:09 - [] ----D C:\Program Files (x86)\SkypeUpdateEx
O43 - CFD: 09/11/2014 - 20:07:39 - [0] --H-D C:\Program Files (x86)\Temp
O43 - CFD: 03/03/2015 - 16:23:52 - [0] ----D C:\Program Files (x86)\TipTv
O43 - CFD: 11/12/2015 - 22:09:11 - [] ----D C:\Program Files (x86)\ToolsAssist
O43 - CFD: 25/05/2016 - 21:02:15 - [] ----D C:\Program Files (x86)\updateservice
O43 - CFD: 09/11/2014 - 17:30:20 - [] ----D C:\Program Files (x86)\VideoLAN
O43 - CFD: 09/11/2014 - 16:42:48 - [] ----D C:\Program Files (x86)\Windows Defender
O43 - CFD: 26/07/2012 - 08:00:30 - [] ----D C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 09/11/2014 - 16:40:10 - [] ----D C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 26/07/2012 - 05:13:01 - [] ----D C:\Program Files (x86)\Windows Multimedia Platform
O43 - CFD: 26/07/2012 - 05:12:59 - [] ----D C:\Program Files (x86)\Windows NT
O43 - CFD: 09/11/2014 - 16:40:45 - [] ----D C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 26/07/2012 - 05:13:01 - [] ----D C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 26/07/2012 - 05:12:59 - [] -SH-D C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 28/05/2016 - 23:04:59 - [] ----D C:\Program Files (x86)\ZHPDiag =>.Nicolas Coolman
O43 - CFD: 02/02/2016 - 21:06:13 - [] ----D C:\Program Files (x86)\Common Files\Adobe
O43 - CFD: 09/11/2014 - 17:44:29 - [] ----D C:\Program Files (x86)\Common Files\Ahead
O43 - CFD: 03/12/2015 - 17:53:03 - [] ----D C:\Program Files (x86)\Common Files\AV
O43 - CFD: 09/11/2014 - 20:03:34 - [] ----D C:\Program Files (x86)\Common Files\InstallShield
O43 - CFD: 09/11/2014 - 15:37:34 - [] ----D C:\Program Files (x86)\Common Files\Intel
O43 - CFD: 20/05/2015 - 03:47:26 - [] ----D C:\Program Files (x86)\Common Files\Microsoft Shared
O43 - CFD: 26/07/2012 - 05:13:01 - [] ----D C:\Program Files (x86)\Common Files\Services
O43 - CFD: 13/04/2016 - 23:13:42 - [] ----D C:\Program Files (x86)\Common Files\Skype
O43 - CFD: 26/07/2012 - 08:00:30 - [] ----D C:\Program Files (x86)\Common Files\System
O43 - CFD: 02/02/2016 - 20:05:58 - [] ----D C:\ProgramData\Adobe
O43 - CFD: 02/09/2015 - 22:19:38 - [] ----D C:\ProgramData\Aeusuliite
O43 - CFD: 09/11/2014 - 13:51:04 - [] -SH-D C:\ProgramData\Ambiente de Trabalho
O43 - CFD: 19/08/2015 - 14:27:12 - [] ----D C:\ProgramData\APN
O43 - CFD: 01/04/2016 - 02:36:51 - [] ----D C:\ProgramData\AppData
O43 - CFD: 26/07/2012 - 04:22:08 - [] -SH-D C:\ProgramData\Application Data
O43 - CFD: 01/05/2016 - 07:00:57 - [] ----D C:\ProgramData\AVAST Software
O43 - CFD: 11/12/2015 - 22:10:58 - [] ----D C:\ProgramData\Baidu
O43 - CFD: 26/01/2015 - 17:37:03 - [0] ----D C:\ProgramData\Baidu Security
O43 - CFD: 27/03/2015 - 06:23:09 - [] ----D C:\ProgramData\Datamngr =>PUP.Datamngr
O43 - CFD: 26/07/2012 - 04:22:08 - [] -SH-D C:\ProgramData\Desktop
O43 - CFD: 09/11/2014 - 13:51:04 - [] -SH-D C:\ProgramData\Documentos
O43 - CFD: 26/07/2012 - 04:22:08 - [] -SH-D C:\ProgramData\Documents
O43 - CFD: 03/04/2016 - 23:36:52 - [] ----D C:\ProgramData\F-Secure
O43 - CFD: 20/05/2015 - 03:47:33 - [] ----D C:\ProgramData\Hunter
O43 - CFD: 02/02/2015 - 15:45:53 - [] ----D C:\ProgramData\IHProtectUpDate =>Adware.AgentODR
O43 - CFD: 11/05/2016 - 07:11:48 - [] ----D C:\ProgramData\Intel
O43 - CFD: 09/11/2014 - 14:02:56 - [] ----D C:\ProgramData\IObit
O43 - CFD: 09/11/2014 - 13:51:04 - [] -SH-D C:\ProgramData\Menu Iniciar
O43 - CFD: 11/05/2016 - 07:11:36 - [] -S--D C:\ProgramData\Microsoft
O43 - CFD: 09/11/2014 - 14:34:00 - [] ----D C:\ProgramData\Microsoft Help
O43 - CFD: 09/11/2014 - 13:51:04 - [] -SH-D C:\ProgramData\Modelos
O43 - CFD: 09/11/2014 - 17:44:04 - [] ----D C:\ProgramData\Nero
O43 - CFD: 06/08/2015 - 20:11:51 - [] ----D C:\ProgramData\Package Cache
O43 - CFD: 09/11/2014 - 13:54:41 - [] ----D C:\ProgramData\PRICache
O43 - CFD: 17/04/2015 - 04:46:13 - [] ----D C:\ProgramData\Radio
O43 - CFD: 26/07/2012 - 08:02:42 - [] ----D C:\ProgramData\regid.1991-06.com.microsoft
O43 - CFD: 10/11/2014 - 08:14:08 - [] ----D C:\ProgramData\Samsung
O43 - CFD: 13/04/2016 - 23:13:39 - [] ----D C:\ProgramData\Skype
O43 - CFD: 26/07/2012 - 04:22:08 - [] -SH-D C:\ProgramData\Start Menu
O43 - CFD: 16/04/2015 - 09:41:14 - [] ----D C:\ProgramData\Sun
O43 - CFD: 07/04/2015 - 10:19:57 - [0] ----D C:\ProgramData\T122078ED
O43 - CFD: 16/04/2015 - 09:42:09 - [0] ---AD C:\ProgramData\TEMP
O43 - CFD: 26/07/2012 - 04:22:08 - [] -SH-D C:\ProgramData\Templates
O43 - CFD: 29/03/2016 - 16:26:15 - [] ----D C:\ProgramData\ToolsAssist
O43 - CFD: 28/05/2016 - 21:59:54 - [] ----D C:\ProgramData\Windows Security
O43 - CFD: 05/06/2015 - 22:01:41 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 03/05/2016 - 20:52:46 - [0] ----D C:\ProgramData\WinZip
O43 - CFD: 26/07/2012 - 05:13:01 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
O43 - CFD: 09/11/2014 - 16:41:54 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 26/07/2012 - 05:13:01 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 03/05/2016 - 20:44:19 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
O43 - CFD: 25/08/2015 - 09:14:56 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
O43 - CFD: 25/05/2016 - 20:18:10 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
O43 - CFD: 09/11/2014 - 14:04:17 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dic Michaelis - UOL
O43 - CFD: 09/11/2014 - 14:03:35 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
O43 - CFD: 26/07/2012 - 05:13:01 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 09/11/2014 - 14:32:57 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
O43 - CFD: 09/11/2014 - 17:48:05 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials
O43 - CFD: 03/03/2015 - 05:11:05 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB
O43 - CFD: 13/04/2016 - 23:13:43 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
O43 - CFD: 23/03/2015 - 20:23:08 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\speed browser =>PUP.SpeedBrowser
O43 - CFD: 09/11/2014 - 14:02:54 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
O43 - CFD: 20/05/2016 - 00:49:07 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
O43 - CFD: 26/07/2012 - 05:13:01 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
O43 - CFD: 26/07/2012 - 08:02:42 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 09/11/2014 - 17:30:26 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
O43 - CFD: 13/04/2016 - 23:10:25 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
O43 - CFD: 28/05/2016 - 23:04:58 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP =>.Nicolas Coolman
O43 - CFD: 03/03/2015 - 16:28:51 - [] ----D C:\Users\Elzirene\AppData\Roaming\.ACEStream
O43 - CFD: 12/03/2016 - 14:47:07 - [] ----D C:\Users\Elzirene\AppData\Roaming\Adobe
O43 - CFD: 09/11/2014 - 17:44:54 - [] ----D C:\Users\Elzirene\AppData\Roaming\Ahead
O43 - CFD: 09/11/2014 - 18:08:02 - [] ----D C:\Users\Elzirene\AppData\Roaming\AVAST Software
O43 - CFD: 11/12/2015 - 22:10:54 - [] ----D C:\Users\Elzirene\AppData\Roaming\Baidu
O43 - CFD: 28/05/2016 - 22:32:06 - [] ----D C:\Users\Elzirene\AppData\Roaming\CalendarTool
O43 - CFD: 15/12/2015 - 19:18:46 - [] ----D C:\Users\Elzirene\AppData\Roaming\dvdcss
O43 - CFD: 29/11/2015 - 09:05:03 - [] ----D C:\Users\Elzirene\AppData\Roaming\Google
O43 - CFD: 13/09/2015 - 09:51:40 - [] ----D C:\Users\Elzirene\AppData\Roaming\Identities
O43 - CFD: 19/01/2015 - 10:47:06 - [] ----D C:\Users\Elzirene\AppData\Roaming\IObit
O43 - CFD: 13/03/2016 - 16:25:27 - [] ----D C:\Users\Elzirene\AppData\Roaming\Macromedia
O43 - CFD: 26/11/2014 - 19:25:07 - [] ----D C:\Users\Elzirene\AppData\Roaming\Media Player Classic
O43 - CFD: 21/04/2016 - 15:12:32 - [] -S--D C:\Users\Elzirene\AppData\Roaming\Microsoft
O43 - CFD: 09/11/2014 - 14:08:07 - [] ----D C:\Users\Elzirene\AppData\Roaming\Mozilla
O43 - CFD: 19/08/2015 - 14:11:56 - [] ----D C:\Users\Elzirene\AppData\Roaming\NetService
O43 - CFD: 01/12/2015 - 21:22:37 - [] ----D C:\Users\Elzirene\AppData\Roaming\Opera Software
O43 - CFD: 03/03/2015 - 16:33:12 - [] ----D C:\Users\Elzirene\AppData\Roaming\RoxTemp
O43 - CFD: 25/05/2016 - 18:32:25 - [] ----D C:\Users\Elzirene\AppData\Roaming\RunDir
O43 - CFD: 04/06/2015 - 02:53:01 - [] ----D C:\Users\Elzirene\AppData\Roaming\Run_dregol
O43 - CFD: 14/05/2016 - 20:39:39 - [0] ----D C:\Users\Elzirene\AppData\Roaming\sc
O43 - CFD: 16/04/2015 - 11:31:22 - [0] ----D C:\Users\Elzirene\AppData\Roaming\searchult
O43 - CFD: 20/05/2016 - 21:39:32 - [] ----D C:\Users\Elzirene\AppData\Roaming\shortCutStore
O43 - CFD: 14/04/2016 - 00:41:57 - [] ----D C:\Users\Elzirene\AppData\Roaming\Skype
O43 - CFD: 20/05/2015 - 03:47:33 - [] ----D C:\Users\Elzirene\AppData\Roaming\theHunter
O43 - CFD: 03/03/2015 - 16:19:19 - [] ----D C:\Users\Elzirene\AppData\Roaming\Tiptv
O43 - CFD: 29/03/2016 - 16:26:43 - [] ----D C:\Users\Elzirene\AppData\Roaming\updateservice
O43 - CFD: 02/02/2015 - 15:52:24 - [] ----D C:\Users\Elzirene\AppData\Roaming\VDownloader
O43 - CFD: 20/05/2016 - 09:23:11 - [] ----D C:\Users\Elzirene\AppData\Roaming\vlc
O43 - CFD: 17/12/2015 - 07:48:15 - [] ----D C:\Users\Elzirene\AppData\Roaming\WinNetSvc
O43 - CFD: 09/11/2014 - 18:46:41 - [] ----D C:\Users\Elzirene\AppData\Roaming\WinRAR
O43 - CFD: 28/05/2016 - 23:43:16 - [] ----D C:\Users\Elzirene\AppData\Roaming\WMPNetworkAcSvc
O43 - CFD: 11/12/2015 - 22:40:20 - [0] ----D C:\Users\Elzirene\AppData\Roaming\yoursearching
O43 - CFD: 29/05/2016 - 00:18:45 - [] ----D C:\Users\Elzirene\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 04/06/2015 - 02:47:01 - [] ----D C:\Users\Elzirene\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}
O43 - CFD: 03/02/2016 - 21:36:34 - [0] --H-D C:\Users\Elzirene\AppData\Local\17b946a9045e0952
O43 - CFD: 19/11/2015 - 23:30:16 - [] ----D C:\Users\Elzirene\AppData\Local\1stBrowser
O43 - CFD: 29/05/2016 - 00:10:57 - [] ----D C:\Users\Elzirene\AppData\Local\63A9D0CC-1464480646-19DE-80F8-5D39BF27DA9A
O43 - CFD: 03/02/2016 - 00:38:52 - [] ----D C:\Users\Elzirene\AppData\Local\Adobe
O43 - CFD: 09/11/2014 - 17:48:06 - [] ----D C:\Users\Elzirene\AppData\Local\Ahead
O43 - CFD: 09/11/2014 - 13:53:53 - [] -SH-D C:\Users\Elzirene\AppData\Local\Application Data
O43 - CFD: 04/05/2016 - 01:26:42 - [] ----D C:\Users\Elzirene\AppData\Local\assembly
O43 - CFD: 20/05/2016 - 21:52:52 - [] ----D C:\Users\Elzirene\AppData\Local\CrashDumps
O43 - CFD: 16/04/2015 - 09:37:07 - [] ----D C:\Users\Elzirene\AppData\Local\CrashRpt
O43 - CFD: 20/05/2016 - 01:16:27 - [] ----D C:\Users\Elzirene\AppData\Local\Diagnostics
O43 - CFD: 25/05/2016 - 20:18:38 - [] ----D C:\Users\Elzirene\AppData\Local\dine
O43 - CFD: 11/12/2015 - 22:37:37 - [] ----D C:\Users\Elzirene\AppData\Local\ElevatedDiagnostics
O43 - CFD: 04/04/2016 - 07:30:17 - [0] ----D C:\Users\Elzirene\AppData\Local\FSDART
O43 - CFD: 16/04/2015 - 09:26:56 - [] ----D C:\Users\Elzirene\AppData\Local\Gameo =>PUP.Gameo
O43 - CFD: 02/02/2015 - 15:45:51 - [] ----D C:\Users\Elzirene\AppData\Local\globalUpdate =>PUP.GlobalUpdate
O43 - CFD: 28/01/2016 - 21:10:04 - [] ----D C:\Users\Elzirene\AppData\Local\Google
O43 - CFD: 09/11/2014 - 13:53:53 - [] -SH-D C:\Users\Elzirene\AppData\Local\Histórico
O43 - CFD: 16/04/2015 - 09:37:16 - [] ----D C:\Users\Elzirene\AppData\Local\Installer
O43 - CFD: 09/11/2014 - 17:20:00 - [] ----D C:\Users\Elzirene\AppData\Local\Macromedia
O43 - CFD: 04/04/2016 - 13:20:10 - [] ----D C:\Users\Elzirene\AppData\Local\Microsoft
O43 - CFD: 01/09/2015 - 00:06:40 - [] ----D C:\Users\Elzirene\AppData\Local\Microsoft Help
O43 - CFD: 11/12/2015 - 22:09:21 - [] ----D C:\Users\Elzirene\AppData\Local\MiniService
O43 - CFD: 09/11/2014 - 14:08:02 - [] ----D C:\Users\Elzirene\AppData\Local\Mozilla
O43 - CFD: 11/12/2015 - 22:39:44 - [0] ----D C:\Users\Elzirene\AppData\Local\Opera Software
O43 - CFD: 09/11/2014 - 13:54:36 - [] ----D C:\Users\Elzirene\AppData\Local\Packages
O43 - CFD: 09/11/2014 - 14:03:24 - [] ----D C:\Users\Elzirene\AppData\Local\Programs
O43 - CFD: 04/06/2015 - 02:53:04 - [] ----D C:\Users\Elzirene\AppData\Local\remi
O43 - CFD: 03/03/2015 - 16:34:52 - [] ----D C:\Users\Elzirene\AppData\Local\ROX Player
O43 - CFD: 09/11/2014 - 20:54:12 - [] ----D C:\Users\Elzirene\AppData\Local\Samsung
O43 - CFD: 04/06/2015 - 02:53:06 - [] ----D C:\Users\Elzirene\AppData\Local\Setup27788187
O43 - CFD: 20/05/2016 - 21:52:49 - [] ----D C:\Users\Elzirene\AppData\Local\Setup4911328
O43 - CFD: 25/05/2016 - 20:18:38 - [] ----D C:\Users\Elzirene\AppData\Local\Setup7848296
O43 - CFD: 25/05/2016 - 20:18:41 - [] ----D C:\Users\Elzirene\AppData\Local\Setup7851078
O43 - CFD: 13/04/2016 - 23:13:41 - [0] ----D C:\Users\Elzirene\AppData\Local\Skype
O43 - CFD: 23/03/2015 - 20:23:11 - [] ----D C:\Users\Elzirene\AppData\Local\speed browser =>PUP.SpeedBrowser
O43 - CFD: 29/05/2016 - 00:18:24 - [] ----D C:\Users\Elzirene\AppData\Local\Temp
O43 - CFD: 09/11/2014 - 13:53:53 - [] -SH-D C:\Users\Elzirene\AppData\Local\Temporary Internet Files
O43 - CFD: 14/09/2015 - 20:45:12 - [] ----D C:\Users\Elzirene\AppData\Local\TVTime
O43 - CFD: 16/11/2015 - 19:49:55 - [] ----D C:\Users\Elzirene\AppData\Local\VirtualStore
O43 - CFD: 25/05/2016 - 20:18:38 - [] ----D C:\Users\Elzirene\AppData\Local\{4737716B-639F-1DD3-0E07-383B2A6FC4A3}
O43 - CFD: 26/07/2012 - 05:13:00 - [] R---D C:\Users\Elzirene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
O43 - CFD: 26/07/2012 - 05:13:00 - [] R---D C:\Users\Elzirene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 09/11/2014 - 16:48:09 - [] R---D C:\Users\Elzirene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 09/11/2014 - 14:04:17 - [0] ----D C:\Users\Elzirene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dic Michaelis - UOL
O43 - CFD: 26/07/2012 - 05:13:00 - [] ----D C:\Users\Elzirene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 09/11/2014 - 16:48:09 - [] R---D C:\Users\Elzirene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 26/07/2012 - 05:13:00 - [] R---D C:\Users\Elzirene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
O43 - CFD: 13/04/2016 - 23:10:25 - [] ----D C:\Users\Elzirene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
~ Program Folder: 188 Scanned in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.6738B22AF2D1ABB797DC0D76E3BBF75D] - 25/05/2016 - 21:29:25 ---A- . (...) -- C:\Windows\PFRO.log [239268]
O44 - LFC:[MD5.9AE848DB3AC6855B3C8AB5FC131BAC14] - 27/05/2016 - 16:52:15 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [1696874]
O44 - LFC:[MD5.470B916AAF060B2A1C0FE0CCC9294B7D] - 27/05/2016 - 16:52:15 ---A- . (...) -- C:\Windows\System32\perfc009.dat [124834]
O44 - LFC:[MD5.B70E95242F05ED30F38C802CBEA13383] - 27/05/2016 - 16:52:15 ---A- . (...) -- C:\Windows\System32\perfh009.dat [674948]
O44 - LFC:[MD5.47BCE44713083AFF0342F30A2C37849B] - 27/05/2016 - 16:52:15 ---A- . (...) -- C:\Windows\System32\prfc0816.dat [152194]
O44 - LFC:[MD5.8B6CAF901534DE5EDCE34B0A6048A042] - 27/05/2016 - 16:52:15 ---A- . (...) -- C:\Windows\System32\prfh0816.dat [741758]
O44 - LFC:[MD5.E49549A1C0BF4BD6FB2ECAF73C3C5D14] - 28/05/2016 - 23:39:18 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.88BE06358ED372EDA81062D8DDF90164] - 28/05/2016 - 23:51:37 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1190767]
O44 - LFC:[MD5.71384084241F761B1A1312E31A9CF5D9] - 28/05/2016 - 23:55:22 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [512]
~ Files: 9 Scanned in 00mn 02s



---\\ Negação do serviço (Local Security Authority) (048)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Motor cliente do editor de configuração de proteção do Windows.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pacote de segurança Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Fornecedor de Segurança TLS/SSL.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Live Security Package.) -- C:\Windows\System32\livessp.dll
~ LSA: 9 Scanned in 00mn 00s



---\\ Controlo do Modo de Segurança (CSB) (49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\828A9A2D.sys . (.Kaspersky Lab ZAO - Kaspersky Unified Driver.) -- C:\Windows\System32\Drivers\828A9A2D.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\BasicDisplay.sys . (.Microsoft Corporation - Microsoft Basic Display Driver.) -- C:\Windows\System32\Drivers\BasicDisplay.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\BasicRender.sys . (.Microsoft Corporation - Microsoft Basic Render Driver.) -- C:\Windows\System32\Drivers\BasicRender.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dxgkrnl.sys . (.Microsoft Corporation - DirectX Graphics Kernel.) -- C:\Windows\System32\Drivers\dxgkrnl.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\FsDepends.sys . (.Microsoft Corporation - File System Dependency Manager Mini Filter Driver.) -- C:\Windows\System32\Drivers\FsDepends.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Controlador de filtro de rato série.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Controlador de Extensão do Gestor de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\828A9A2D.sys . (.Kaspersky Lab ZAO - Kaspersky Unified Driver.) -- C:\Windows\System32\Drivers\828A9A2D.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\BasicDisplay.sys . (.Microsoft Corporation - Microsoft Basic Display Driver.) -- C:\Windows\System32\Drivers\BasicDisplay.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\BasicRender.sys . (.Microsoft Corporation - Microsoft Basic Render Driver.) -- C:\Windows\System32\Drivers\BasicRender.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dxgkrnl.sys . (.Microsoft Corporation - DirectX Graphics Kernel.) -- C:\Windows\System32\Drivers\dxgkrnl.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\FsDepends.sys . (.Microsoft Corporation - File System Dependency Manager Mini Filter Driver.) -- C:\Windows\System32\Drivers\FsDepends.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (...) -- C:\Windows\System32\Drivers\rdpencdd.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Controlador de filtro de rato série.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Controlador de Extensão do Gestor de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
~ CSB: 19 Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{e4bf3f9c-46e7-11e5-8151-24f5aa62b631}\AutoRun\command. (...) -- F:\LGAutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
~ TDSD: 2 Scanned in 00mn 00s



---\\ Enumeração das chaves do registo SecurityProviders (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
~ MSCP: 2 Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableCursorSuppression"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "SoftwareSASGeneration"=1
~ MWPS: 18 Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
~ MWPE Keys: 3 Scanned in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:26/07/2012 - 02:00:49 ---A- . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\Drivers\3ware.sys [106736]
O58 - SDL:01/04/2016 - 02:38:42 ---A- . (.Kaspersky Lab ZAO - Kaspersky Unified Driver.) -- C:\Windows\System32\Drivers\828A9A2D.sys [478392]
O58 - SDL:26/07/2012 - 02:00:49 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [492272]
O58 - SDL:26/07/2012 - 02:00:48 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\Drivers\adpahci.sys [340720]
O58 - SDL:26/07/2012 - 02:00:49 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\System32\Drivers\adpu320.sys [184048]
O58 - SDL:26/07/2012 - 02:00:49 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\Drivers\amdsata.sys [76016]
O58 - SDL:26/07/2012 - 02:00:49 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\Windows\System32\Drivers\amdsbs.sys [258288]
O58 - SDL:26/07/2012 - 02:00:48 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\Drivers\amdxata.sys [26352]
O58 - SDL:26/07/2012 - 02:00:49 ---A- . (.PMC-Sierra, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\Drivers\arc.sys [104688]
O58 - SDL:26/07/2012 - 02:00:48 ---A- . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\Drivers\arcsas.sys [108272]
O58 - SDL:01/05/2016 - 07:00:56 ---A- . (.AVAST Software - avast! HWID.) -- C:\Windows\System32\Drivers\aswHwid.sys [37656] =>.ALWIL Software
O58 - SDL:01/05/2016 - 07:00:30 ---A- . (.AVAST Software - avast! Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\aswKbd.sys [37144]
O58 - SDL:01/05/2016 - 07:00:56 ---A- . (.AVAST Software - avast! File System Minifilter for Windows 2003/Vista.) -- C:\Windows\System32\Drivers\aswMonFlt.sys [107792]
O58 - SDL:01/05/2016 - 07:00:55 ---A- . (.AVAST Software - avast! WFP Redirect Driver.) -- C:\Windows\System32\Drivers\aswRdr2.sys [103064]
O58 - SDL:01/05/2016 - 07:00:56 ---A- . (.AVAST Software - avast! Revert.) -- C:\Windows\System32\Drivers\aswRvrt.sys [74544] =>.ALWIL Software
O58 - SDL:01/05/2016 - 07:00:30 ---A- . (.AVAST Software - avast! Virtualization Driver.) -- C:\Windows\System32\Drivers\aswSnx.sys [1070904]
O58 - SDL:01/05/2016 - 07:00:56 ---A- . (.AVAST Software - avast! self protection module.) -- C:\Windows\System32\Drivers\aswSP.sys [465792]
O58 - SDL:01/05/2016 - 07:00:56 ---A- . (.AVAST Software - Stream Filter.) -- C:\Windows\System32\Drivers\aswStm.sys [166432]
O58 - SDL:01/05/2016 - 07:00:56 ---A- . (.AVAST Software - avast! VM Monitor.) -- C:\Windows\System32\Drivers\aswVmm.sys [287528] =>.ALWIL Software
O58 - SDL:02/06/2012 - 11:31:32 ---A- . (.Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver.) -- C:\Windows\System32\Drivers\athrx.sys [2935808]
O58 - SDL:29/08/2012 - 12:22:38 ---A- . (.Qualcomm Atheros - Qualcomm Atheros BtFilter Driver.) -- C:\Windows\System32\Drivers\btfilter.sys [565760]
O58 - SDL:26/07/2012 - 02:00:49 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\Drivers\bxvbda.sys [539376]
O58 - SDL:26/07/2012 - 02:00:52 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\Drivers\evbda.sys [3295984]
O58 - SDL:17/07/2012 - 15:12:08 ---A- . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\Windows\System32\Drivers\HECIx64.sys [62784]
O58 - SDL:26/07/2012 - 02:00:52 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\System32\Drivers\HpSAMD.sys [64752]
O58 - SDL:02/04/2014 - 06:35:44 ---A- . (.Intel Corporation - Intel Rapid Storage Technology driver - x64.) -- C:\Windows\System32\Drivers\iaStorA.sys [633192]
O58 - SDL:26/07/2012 - 02:00:52 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\System32\Drivers\iaStorV.sys [411888]
O58 - SDL:01/10/2014 - 16:54:16 ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\Drivers\igdkmd64.sys [3828152]
O58 - SDL:26/07/2012 - 02:00:52 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\Drivers\iirsp.sys [45296]
O58 - SDL:26/07/2012 - 02:00:52 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas.sys [108784]
O58 - SDL:26/07/2012 - 02:00:52 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas2.sys [92400]
O58 - SDL:26/07/2012 - 02:00:52 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_scsi.sys [116976]
O58 - SDL:26/07/2012 - 02:00:52 ---A- . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sss.sys [81136]
O58 - SDL:26/07/2012 - 02:00:52 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\Drivers\megasas.sys [51952]
O58 - SDL:26/07/2012 - 02:00:52 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\Drivers\MegaSR.sys [353008]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) -- C:\Windows\System32\Drivers\mvumis.sys [64240]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\Drivers\nfrd960.sys [52464]
O58 - SDL:01/05/2016 - 07:00:24 ---A- . (.AVAST Software - avast! NG snapshot driver.) -- C:\Windows\System32\Drivers\ngvss.sys [161760]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\Drivers\nvraid.sys [150256]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\Drivers\nvstor.sys [168176]
O58 - SDL:02/06/2012 - 11:31:56 ---A- . (.Realtek - Realtek 8101E/8168/8169 NDIS 6.30 64-bit Driver.) -- C:\Windows\System32\Drivers\Rt630x64.sys [589824]
O58 - SDL:08/04/2014 - 15:57:06 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\RTKVHD64.sys [3917272]
O58 - SDL:26/07/2012 - 05:11:43 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\System32\Drivers\secdrv.sys [23040]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid2.sys [44784]
O58 - SDL:26/07/2012 - 02:00:56 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid4.sys [81648]
O58 - SDL:08/12/2015 - 04:00:54 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [122160]
O58 - SDL:08/12/2015 - 04:00:58 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [214832]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:29/03/2016 - 22:29:44 ---A- . (.Trend Micro Inc. - TrendMicro Common Module.) -- C:\Windows\System32\Drivers\tmcomm.sys [305832]
O58 - SDL:26/07/2012 - 02:00:58 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\viaide.sys [19184]
O58 - SDL:26/07/2012 - 02:00:58 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\Drivers\vsmraid.sys [164080]
O58 - SDL:26/07/2012 - 02:00:58 ---A- . (.VIA Corporation - VIA StorX RAID Controller Driver.) -- C:\Windows\System32\Drivers\VSTXRAID.SYS [322800]
~ Drivers: 52 Scanned in 00mn 00s



---\\ Últimos ficheiros alterados ou criados (Utilizador) (061)
O61 - LFC: 25/05/2016 - 00:18:56 ---A- . (...) -- C:\Users\Elzirene\AppData\Local\Setup7851078\Sqlite3.dll [681097]
O61 - LFC: 25/05/2016 - 00:18:56 ---A- . (...) -- C:\Users\Elzirene\AppData\Local\{4737716B-639F-1DD3-0E07-383B2A6FC4A3}\Sqlite3.dll [681097]
O61 - LFC: 25/05/2016 - 00:18:56 ---A- . (.SQLite Development Team.) -- C:\Users\Elzirene\AppData\Local\Setup7848296\Sqlite3.dll [681097]
O61 - LFC: 28/05/2016 - 00:18:57 ---A- . (.Nicolas Coolman.) -- C:\Users\Elzirene\Downloads\ZHPDiag2-2015.4.6.36.exe [6877287] =>.Nicolas Coolman
O61 - LFC: 29/05/2016 - 00:18:56 ---A- . (...) -- C:\Users\Elzirene\AppData\Local\63A9D0CC-1464480646-19DE-80F8-5D39BF27DA9A\Uninstall.exe [51270]
O61 - LFC: 29/05/2016 - 00:18:56 ---A- . (...) -- C:\Users\Elzirene\AppData\Local\Temp\1A86.tmp.exe [928539]
O61 - LFC: 29/05/2016 - 00:18:56 ---A- . (...) -- C:\Users\Elzirene\AppData\Local\Temp\nsa8276.tmp\INetC.dll [25088]
O61 - LFC: 29/05/2016 - 00:18:56 ---A- . (...) -- C:\Users\Elzirene\AppData\Local\Temp\nsa8276.tmp\System.dll [11264]
O61 - LFC: 29/05/2016 - 00:18:56 ---A- . (...) -- C:\Users\Elzirene\AppData\Local\Temp\nsa8276.tmp\nsExec.dll [6144]
~ 11 Fichiers temporaires (Temporary files)
~ 27 Fichiers cookies (Cookies files)
~ Files: 9 Scanned in 00mn 01s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do Snap-in Visualizador de Eventos.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Editor de registo.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
~ FASS Keys: 11 Scanned in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- firefox.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\Launcher.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\speed browser\Application\browser.exe (.not file.) =>PUP.SpeedBrowser
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - http://br.yhs4.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} - (e) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {2f23ab71-4ac6-41f2-a955-ea576e553146} - (Search Provided by Yahoo) - http://br.search.yahoo.comyDtDzztG0E0A0B0A0D0FyD0F0DzztAzy2QtN0A0LzuyE%26cr%3D1009639397%26a%3Dwbf_popjar_16_21_ssg02%26os_ver%3D6.2%26os%3DWindows%2B8&p={searchTerms}
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - (Ask.com) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {c9ab6446-7efc-47fe-966c-dc54324eff9f} - (e) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} - (Google) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} [DefaultScope] - (Search Provided by Yahoo) - http://br.search.yahoo.comyDtDzztG0E0A0B0A0D0FyD0F0DzztAzy2QtN0A0LzuyE%26cr%3D1370930564%26a%3Dwbf_popjar_16_02_ssg02%26os_ver%3D6.2%26os%3DWindows%2B8&p={searchTerms}
O69 - SBI: SearchScopes [HKCU] {F7A188F8-278E-4A98-AF97-5948F15C3315} - (Ask Search) - http://www.search.ask.com
~ Keys: Scanned in 00mn 00s



---\\ Listagem dos serviços iniciados pelo Svchost (SSS) (O83)
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Serviço Experiência de Aplicação.) -- C:\Windows\System32\aelupsvc.dll [190976]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificados de Smart Card da Microsoft.) -- C:\Windows\System32\certprop.dll [149504]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificados de Smart Card da Microsoft.) -- C:\Windows\System32\certprop.dll [149504]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL do Serviço de Servidor.) -- C:\Windows\System32\srvsvc.dll [309248]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Cliente de Política de Grupo.) -- C:\Windows\System32\gpsvc.dll [1366016]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\System32\ikeext.dll [1160192]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestor de Marcação Automática de Acesso Remoto.) -- C:\Windows\System32\rasauto.dll [99840]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestor de Ligação de Acesso Remoto.) -- C:\Windows\System32\rasmans.dll [358400]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestor de Interfaces Dinâmicas.) -- C:\Windows\System32\mprdim.dll [107520]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistema (SENS).) -- C:\Windows\System32\sens.dll [62976]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\System32\ipnathlp.dll [438784]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia Microsoft® Windows(TM).) -- C:\Windows\System32\tapisrv.dll [305664]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [3285504]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente em segundo plano.) -- C:\Windows\System32\qmgr.dll [826368]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços da shell do Windows.) -- C:\Windows\System32\shsvcs.dll [565760]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 numa rede IPv4..) -- C:\Windows\System32\iphlpsvc.dll [894464]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL secundária de serviço de início de sessão.) -- C:\Windows\system32\seclogon.dll [30720]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações sobre Aplicações.) -- C:\Windows\System32\appinfo.dll [70144]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Deteção iSCSI.) -- C:\Windows\System32\iscsiexe.dll [151552]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Serviço EAPHost da Microsoft.) -- C:\Windows\System32\eapsvc.dll [105472]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Programador de Tarefas.) -- C:\Windows\System32\schedsvc.dll [1287680]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [219648]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Serviço do Programador de Classes de Multimédia.) -- C:\Windows\System32\mmcss.dll [80384]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL do Browser de Computador.) -- C:\Windows\System32\browser.dll [134144]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [209920]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração do Ambiente de Trabalho Remoto.) -- C:\Windows\System32\sessenv.dll [291328]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios e Soluções de Problemas.) -- C:\Windows\System32\wercplsupport.dll [84992]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\System32\kmsvc.dll [97792]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Serviço BDE.) -- C:\Windows\System32\bdesvc.dll [190464]
O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Serviço Conta Microsoft®.) -- C:\Windows\System32\wlidsvc.dll [1964544]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL de Serviços de Tema da Shell do Windows.) -- C:\Windows\System32\themeservice.dll [47104]
O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Gestor de Configuração de Dispositivos.) -- C:\Windows\System32\DeviceSetupManager.dll [207872]
O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Serviço do Assistente de Conectividade da Rede da Microsoft.) -- C:\Windows\System32\ncasvc.dll [161792]
O83 - Search Svchost Services: SystemEventsBroker (SystemEventsBroker) . (.Microsoft Corporation - Mediador de Eventos de Sistema.) -- C:\Windows\System32\SystemEventsBrokerServer.dll [180224]
~ Services: 34 Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.7EAF84943819D9F362CD74DC9FC8E376] [SPRF][23/01/2016] (...) -- C:\Users\Elzirene\AppData\Roaming\sb421.dat [2561044]
~ Files: 1 Scanned in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NetEngine_RASAPI32 =>PUP.NetEngine
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NetEngine_RASMANCS =>PUP.NetEngine
~ BTK: 65 Scanned in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 12/05/2016 269504 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 01/05/2016 5570272 | (AvastVBoxSvc) . (.Avast Software.) - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
SS - | Demand 01/10/2014 281488 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 06/09/2015 144200 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 06/09/2015 144200 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 07/05/2016 146888 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/03/2016 327808 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 05/05/2016 168376 | (SkypeUpdateEx) . (.skype.cog.cc.) - C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe
SS - | Demand 26/07/2012 30208 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 29/08/2012 208384 | (AtherosSvc) . (.Atheros Commnucations.) - C:\Windows\System32\AdminService.exe
SR - | Auto 01/05/2016 243296 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 01/10/2014 319376 | (igfxCUIService1.0.0.0) . (.Intel Corporation.) - C:\Windows\System32\igfxCUIService.exe
SR - | Auto 22/07/1658 0 | (KMService) . (...) - C:\Windows\system32\srvany.exe
SR - | Auto 25/05/2016 245760 | (midityjezbt) . (...) - C:\Program Files (x86)\63A9D0CC-1464210093-19DE-80F8-5D39BF27DA9A\knsh128.tmp
SR - | Auto 08/07/2015 173088 | (NetTcpHandler) . (...) - C:\Users\Elzirene\AppData\Roaming\NetService\netservice.exe
SR - | Demand 01/06/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 25/04/2013 75584 | (StartMenuService) . (.IObit.) - C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
SR - | Auto 21/10/2014 3000664 | (SWUpdateService) . (.Samsung Electronics CO., LTD..) - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
SR - | Auto 25/12/2015 141960 | (TheCalendarService) . (...) - C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe
SR - | Auto 29/03/2016 43008 | (update_service) . (...) - C:\Program Files (x86)\updateservice\updateservice.exe
SR - | Demand 22/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 16/12/2015 4845408 | (WinNetSvc) . (...) - C:\Users\Elzirene\AppData\Roaming\WinNetSvc\WinNetSvc.exe
SR - | Auto 15/03/2016 4984448 | (WMPNetworkAcSvc) . (...) - C:\Users\Elzirene\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe
SR - | Auto 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 26/12/2015 158720 | (zigipyro) . (...) - C:\Users\Elzirene\AppData\Local\63A9D0CC-1464480646-19DE-80F8-5D39BF27DA9A\qnsbF58B.tmp
~ Services: Scanned in 00mn 14s



---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBR) (080)
Run by Elzirene at 29/05/2016 00:19:31
~ OS 64 not supported by MBR tool
~ MBR: 0 Scanned in 00mn 00s



---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBRCheck) (080)
Written by ad13, http://ad13.geekstog
Run by Elzirene at 29/05/2016 00:19:33
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scâner Aditional (088)
Database Version : 13008 - (29/03/2015)
Clés trouvées (Keys found) : 18
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 10
Fichiers trouvés (Files found) : 25

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0CAA5FE-7C9C-4DCA-A265-63CF55379D1A}] =>Adware.Bandoo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}] =>PUP.ShopperPro^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}] =>PUP.Goobzo^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\iLivid] =>Adware.Bandoo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\speed browser] =>PUP.SpeedBrowser^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\delta-homesSoftware] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent] =>Adware.IMBooster
C:\ProgramData\Datamngr =>PUP.Datamngr^
C:\ProgramData\IHProtectUpDate =>Adware.AgentODR^
C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\speed browser =>PUP.SpeedBrowser^
C:\Users\Elzirene\AppData\Local\Gameo =>PUP.Gameo^
C:\Users\Elzirene\AppData\Local\globalUpdate =>PUP.GlobalUpdate^
C:\Users\Elzirene\AppData\Local\speed browser =>PUP.SpeedBrowser^
C:\Users\Elzirene\AppData\Local\Installer =>Adware.InstallPedia
C:\Users\Elzirene\AppData\LocalLow\searchresultstb =>Toolbar.Agent
C:\Users\Elzirene\AppData\Roaming\Mozilla\Firefox\Profiles\aw3ei7fk.default\Zwinky_5q =>Adware.MyClearSearch
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
O2 - BHO: Movies Search App (Dist. by Bandoo Media, Inc.) [64Bits] - {c0caa5fe-7c9c-4dca-a265-63cf55379d1a} Chave orfã =>Adware.Bandoo^
O2 - BHO: ShopperProBHO [64Bits] - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} Chave orfã =>PUP.ShopperPro^
O2 - BHO: YTAHelperBHO [64Bits] - {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} Chave orfã =>PUP.Goobzo^
[HKCU\Software\APNDTX] =>Toolbar.Ask^
[HKCU\Software\AppDataLow\Software\DynConIE] =>PUP.DynConIE^
[HKCU\Software\AppDataLow\Software\ilividbandoomoviestoolbar] =>Adware.Bandoo^
[HKCU\Software\Gameo] =>PUP.Gameo^
[HKCU\Software\Goobzo] =>PUP.Goobzo^
[HKCU\Software\ProductSetup] =>Adware.InstallCore^
[HKCU\Software\Tuguu] =>PUP.VAFPlayer^
[HKCU\Software\globalUpdate] =>PUP.GlobalUpdate^
[HKCU\Software\ilividbandoomoviestoolbar] =>Adware.Bandoo^
[HKLM\Software\ShopperPro] =>PUP.ShopperPro^
[HKLM\Software\Wow6432Node\Datamngr] =>PUP.Datamngr^
[HKLM\Software\Wow6432Node\GlobalUpdate] =>PUP.GlobalUpdate^
[HKLM\Software\Wow6432Node\Goobzo] =>PUP.Goobzo^
[HKLM\Software\Wow6432Node\IHProtect] =>Adware.AgentODR^
[HKLM\Software\Wow6432Node\SpeedBrowser] =>PUP.SpeedBrowser^
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\do-searchSoftware] =>PUP.DoSearches^
[HKLM\Software\Wow6432Node\mystartsearchSoftware] =>PUP.StartSearch^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWindowsMangerProtect] =>PUP.Fuyu^
C:\Windows\KMService.exe =>Hijacker.Windows
~ Additionnel Scan: 182004 Items scanned in 00mn 26s



---\\ Informações complémentaires do módulos
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Gestão do Proxy (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects do navegador (02)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Barras do Internet Explorer (03))
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Aplicações iniciadas por registo & pastas (04)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Chave do registo Shell MountPoints2 (MPSK) (O51)
~ AMI: 6 Scanned in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
http://www.nicolascoolman.fr/blog/ =>Hijacker.Application
http://nicolascoolman.fr/hijacker-webssearches =>Hijacker.WebsSearches
http://nicolascoolman.fr/pup-dosearches =>PUP.DoSearches
http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
http://nicolascoolman.fr/pup-shopperpro =>PUP.ShopperPro
http://www.nicolascoolman.fr/blog/ =>PUP.Goobzo
http://www.nicolascoolman.fr/blog/ =>PUP.SpeedBrowser
http://www.nicolascoolman.fr/blog/ =>PUP.NetEngine
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://www.nicolascoolman.fr/blog/ =>PUP.DynConIE
http://www.nicolascoolman.fr/blog/ =>PUP.Gameo
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://nicolascoolman.fr/pup-vafplayer =>PUP.VAFPlayer
http://nicolascoolman.fr/pup-globalupdate =>PUP.GlobalUpdate
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://nicolascoolman.fr/pup-datamngr =>PUP.Datamngr
http://www.nicolascoolman.fr/blog/ =>Adware.AgentODR
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://www.nicolascoolman.fr/blog/ =>Hijacker.DeltaHomes
http://nicolascoolman.fr/pup-startsearch =>PUP.StartSearch
http://www.nicolascoolman.fr/blog/ =>PUP.Fuyu
http://nicolascoolman.fr/toolbar-deltasearch =>Toolbar.DeltaSearch
http://nicolascoolman.fr/adware-installpedia =>Adware.InstallPedia
http://www.nicolascoolman.fr/blog/ =>Toolbar.Agent
http://nicolascoolman.fr/28456964-adware-myclearsearch =>Adware.MyClearSearch
http://nicolascoolman.fr/hijacker-windows =>Hijacker.Windows
~ MSI: 26 link(s) detected in 00mn 00s



End of the scan (1251 lines in 02mn 46s)(0.7)

Publicité


Signaler le contenu de ce document

Publicité