~ Relatório do ZHPDiag v2015.4.6.36 - Nicolas Coolman  (29/03/2015)
~ Iniciado por Jean (26/12/2016 18:56:00)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Endereço do Webforum : http://forum.nicolascoolman.fr
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~  Lista Branca : Desativado pelo Utilizador
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.576.14393.0
MFIE: Mozilla Firefox 49.0.2
GCIE: Google Chrome v55.0.2883.87 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 10 Home Single Language, 64-bit  (Build 14393)

---\\ Softwares de proteçao do sistema

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6009 MB (53% free)
System Restore: Activé (Enable)
System drive C: has 129 GB (64%) free of 200 GB

---\\ Modo de conexão ao sistema
~ Computer Name: DESKTOP-CSR7010
~ User Name: Jean
~ All Users Names: Jean, HomeGroupUser$, DefaultAccount, Convidado, Administrador, 
~ Unselected Option: None
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Jean\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Jean\AppData\Roaming\
~ %Desktop% : D:\Users\Jean\Desktop\
~ %Favorites% : C:\Users\Jean\Favorites\
~ %LocalAppData% : C:\Users\Jean\AppData\Local\
~ %StartMenu% : C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 129 Go of 200 Go)
D: Hard drive, Flash drive, Thumb drive (Free 638 Go of 721 Go)
F: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
~ Security Center: 45 Scanned in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.4E10FB1A015B49AC68F76C1A3F4D9C0F] - (.Microsoft Corporation - Windows Explorer.) (.11/11/2016 - 06:56:12.) -- C:\Windows\Explorer.exe [4673304]
[MD5.99A19C9A74E2F9820E501DCE77F84F70] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.16/07/2016 - 08:42:27.) -- C:\Windows\System32\Wininit.exe [304240]
[MD5.E584CDC70F694F9A984A060A8291EB04] - (.Microsoft Corporation - Internet Extensions para Win32.) (.11/11/2016 - 06:03:40.) -- C:\Windows\System32\wininet.dll [2669056]
[MD5.DE6DF9BBBECAFDEF462A37D839167368] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.11/11/2016 - 06:05:00.) -- C:\Windows\System32\Winlogon.exe [673792]
[MD5.9600B7F2F89DE60A80D13DE42F672834] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.16/07/2016 - 08:42:19.) -- C:\Windows\System32\sppcomapi.dll [402432]
[MD5.323AA1953ED9C01E23F740FA891FE064] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.15/10/2016 - 01:21:41.) -- C:\Windows\system32\Drivers\AFD.sys [584032]
[MD5.A10F989A812B57B9695F6C305907C9C6] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.16/07/2016 - 08:41:53.) -- C:\Windows\system32\Drivers\atapi.sys [28512]
[MD5.F8FB51B9EF6372610E9B31A1D86B62FC] - (.Microsoft Corporation - CD-ROM File System Driver.) (.16/07/2016 - 08:42:35.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.613D0137C269187FA298A157E3D14A18] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.16/07/2016 - 08:41:53.) -- C:\Windows\system32\Drivers\Cdrom.sys [173056]
[MD5.0D1D392ED2597F295956D058D33BD7C3] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.05/10/2016 - 06:34:11.) -- C:\Windows\system32\Drivers\DfsC.sys [144896]
[MD5.10E3515FE5DBA6656FA62C29342EC4A1] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.16/07/2016 - 08:41:52.) -- C:\Windows\system32\Drivers\HDAudBus.sys [83456]
[MD5.B54B30992620C97230013A74461C8517] - (.Microsoft Corporation - Driver de porta i8042.) (.16/07/2016 - 08:41:54.) -- C:\Windows\system32\Drivers\i8042prt.sys [114176]
[MD5.F1DAECC3B3D6399875D4F10529D6A77C] - (.Microsoft Corporation - IP Network Address Translator.) (.16/07/2016 - 08:42:39.) -- C:\Windows\system32\Drivers\IpNat.sys [212480]
[MD5.E671EDAB0726E05ECEF4058B4CD73C4D] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.03/10/2016 - 04:04:42.) -- C:\Windows\system32\Drivers\MRxSmb.sys [450392]
[MD5.6FEBB0A847FFD5F057B9AC8889F1B9A7] - (.Microsoft Corporation - MBT Transport driver.) (.16/07/2016 - 08:42:35.) -- C:\Windows\system32\Drivers\netBT.sys [279040]
[MD5.DB69C6DA8B3DDFDC547D455CA23A8250] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.02/11/2016 - 08:12:35.) -- C:\Windows\system32\Drivers\ntfs.sys [2255712]
[MD5.6B81BF7853D161DB8AC62CD8B9C2DE6B] - (.Microsoft Corporation - Driver de porta paralela.) (.16/07/2016 - 08:41:53.) -- C:\Windows\system32\Drivers\Parport.sys [96768]
[MD5.17E565710172ED71B8531D8822E1C5D1] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.16/07/2016 - 08:42:39.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [104960]
[MD5.7135785C21CA79D270D11037C43D3F19] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.16/07/2016 - 20:08:05.) -- C:\Windows\system32\Drivers\rdpdr.sys [177152]
[MD5.9D2DD64A0B51C56285512DC9454340F6] - (.Microsoft Corporation - TDI Translation Driver.) (.16/07/2016 - 08:42:27.) -- C:\Windows\system32\Drivers\tdx.sys [118112]
[MD5.BF2546583BB75F01DDA60A7921DFB230] - (.Microsoft Corporation - Volume Shadow Copy driver.) (.16/07/2016 - 08:42:35.) -- C:\Windows\system32\Drivers\volsnap.sys [391520]
~ Generic Processes:  Scanned in 00mn 03s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 4/13162
~ Mes musiques (My Musics) : 1/144
~ Mes Videos (My Videos) : 2/957
~ Mes Favoris (My Favorites) : 1/3
~ Mes Documents (My Documents) : 4/77368
~ Mon Bureau (My Desktop) : 3/1384
~ Menu demarrer (Programs) : 1/35
~ Hidden Files:  Scanned in 01mn 57s



---\\ Processos lançados
[MD5.6166ABD27EF18E5D9DEF814F5FFEEDEC] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe   [631520] [PID.1456]
[MD5.D07D7BC13E6C433593EB476A3BEF99E8] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Gunbean\Application\chrome.exe   [921704] [PID.5988]
[MD5.111474C61232202B5B588D2B512CBB25] - (...) -- ysWoW64\rundll32.exe   [0] [PID.1608]
[MD5.E96DD1ABAC2BE889CF521EA2192BFD1D] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [8196608] [PID.4068]
[MD5.FE40EC349D80C0ED24A5808DCFE9A0D2] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe   [288920] [PID.5352]
~ Processes Running:  Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Pasta de extensão do Google Chrome
G2 - EXT: C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [__MSG_appName__]
G2 - EXT: C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [__MSG_appName__]
G2 - EXT: C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [__MSG_appName__]
G2 - EXT: C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [__MSG_appName__]
G2 - EXT: C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [uBlock Origin]
G2 - EXT: C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg [uBlock Origin]
G2 - EXT: C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [__MSG_appName__]
G2 - EXT: C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [__MSG_extName__]
G2 - EXT: C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [__MSG_APP_NAME__]
G2 - EXT: C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [__MSG_appName__]
G2 - EXT: C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [Chrome Media Router]
~ Google Lines Browser: 22 Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\mqatjvl5.default-1480676295370\prefs.js
C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\wyw2qnq0.default\prefs.js
C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\wyw2qnq0.default\user.js
M3 - MFPP: Plugins - [Jean] -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\wyw2qnq0.default\searchplugins\luck.xml
M0 - MFSP: prefs.js [Jean - wyw2qnq0.default] http://www.luckysearch123.com
M0 - MFSP: user.js [Jean - wyw2qnq0.default] http://www.luckysearch123.com
M2 - MFEP: prefs.js [Jean - wyw2qnq0.default\arthurj8283@gmail.com] [] xRocket Toolbar v1.0.1 (..)
P2 - FPN: [HKLM] [@java.com/DTPlugin,version=11.111.2] - (.Oracle Corporation - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=11.111.2] - (.Oracle Corporation - Next Generation Java Plug-in 11.111.2 for Mozilla browsers.) -- C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll
P2 - FPN: [HKLM] [@microsoft.com/SharePoint,version=14.0] - (.Microsoft Corporation - The plugin allows you to have a better experience with Microsoft Share.) -- C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.dll
P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.2.4] - (.VideoLAN - VLC media player Web Plugin.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll  =>.VideoLAN
~ Firefox Browser: 10 Scanned in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.amisites.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.amisites.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.amisites.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.amisites.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.amisites.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.amisites.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
~ IE Browser: 12 Scanned in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080;https=127.0.0.1:8080
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean) (22)
~ Hosts File:  Scanned in 00mn 00s



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: Lync Click to Call BHO [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Skype for Business.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper [64Bits] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} . (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
~ BHO: 11 Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [Diebold - Warsaw] . (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) -- C:\Program Files\Diebold\Warsaw\core.exe 
O4 - HKLM\..\Run: [WindowsDefender] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe (.not file.) 
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Jean\AppData\Roaming\Spotify\SpotifyWebHelper.exe 
O4 - HKCU\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\Jean\AppData\Roaming\Spotify\Spotify.exe 
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Jean\AppData\Local\Akamai\netsession_win.exe 
O4 - HKCU\..\Run: [Autodesk Sync] . (.Autodesk, Inc. - A360.) -- C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe 
O4 - HKCU\..\Run: [HP Officejet Pro 8610 (NET)] . (.Hewlett-Packard Development Company, LP - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe   =>.Hewlett-Packard Co
O4 - HKCU\..\Run: [Habil_Tray] . (.Koinonia Software - No Comment.) -- C:\Program Files (x86)\Koinonia Software\Habil Empresarial\Habil_Tray.exe 
O4 - HKCU\..\Run: [BankerFixV3] . (...) -- \LinhaDefensiva\rotinas\postreboot.bat 
O4 - HKLM\..\Wow6432Node\Run: [BrStsMon00] . (.Brother Industries, Ltd. - Status Monitor Application.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe 
O4 - HKLM\..\Wow6432Node\Run: [Autodesk Desktop App] . (.Autodesk, Inc. - Autodesk Desktop App.) -- C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe 
O4 - HKLM\..\Wow6432Node\Run: [HPUsageTrackingLEDM] . (.Hewlett-Packard Company - HP UT LEDM Driver.) -- C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe 
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe   =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\SysWOW64\OneDriveSetup.exe 
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\SysWOW64\OneDriveSetup.exe 
O4 - HKUS\S-1-5-21-3316319601-2732106155-1346404058-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-3316319601-2732106155-1346404058-1001\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Jean\AppData\Roaming\Spotify\SpotifyWebHelper.exe 
O4 - HKUS\S-1-5-21-3316319601-2732106155-1346404058-1001\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\Jean\AppData\Roaming\Spotify\Spotify.exe 
O4 - HKUS\S-1-5-21-3316319601-2732106155-1346404058-1001\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Jean\AppData\Local\Akamai\netsession_win.exe 
O4 - HKUS\S-1-5-21-3316319601-2732106155-1346404058-1001\..\Run: [Autodesk Sync] . (.Autodesk, Inc. - A360.) -- C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe 
O4 - HKUS\S-1-5-21-3316319601-2732106155-1346404058-1001\..\Run: [HP Officejet Pro 8610 (NET)] . (.Hewlett-Packard Development Company, LP - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe   =>.Hewlett-Packard Co
O4 - HKUS\S-1-5-21-3316319601-2732106155-1346404058-1001\..\Run: [Habil_Tray] . (.Koinonia Software - No Comment.) -- C:\Program Files (x86)\Koinonia Software\Habil Empresarial\Habil_Tray.exe 
O4 - HKUS\S-1-5-21-3316319601-2732106155-1346404058-1001\..\Run: [BankerFixV3] . (...) -- \LinhaDefensiva\rotinas\postreboot.bat 
~ Application:  Scanned in 00mn 00s



---\\ Icones das opções IE invisiveis no painel das configurações (05)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ IE Control Panel: 1 Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll  =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Skype for Business.) -- C:\Program Files\Microsoft Office\root\Office16\lync.exe
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll  =>.Microsoft Corporation
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Provedor de Correção de Nomeação de Emails.) -- C:\WINDOWS\system32\napinsp.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\WINDOWS\system32\pnrpnsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\WINDOWS\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\WINDOWS\system32\NLAapi.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Provedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
~ Winsock: 6 Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.caixa.gov.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itaupersonnalite.com.br
~ IE Zone Confiance:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{210750fa-36b4-4dca-9d2d-a6aa1d471ba3}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{210750fa-36b4-4dca-9d2d-a6aa1d471ba3}: DhcpDomain = domain.name
O17 - HKLM\System\CS1\Services\Tcpip\..\{210750fa-36b4-4dca-9d2d-a6aa1d471ba3}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{210750fa-36b4-4dca-9d2d-a6aa1d471ba3}: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.25.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: windows.tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) -- C:\Windows\System32\tbauth.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Windows\system32\nvinitx.dll (.not file.)
~ AppInit DLL:  Scanned in 00mn 00s



---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ SSODL: 1 Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) . (.HP Inc. - HP Support Solutions Framework Service.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: Warsaw Technology (Warsaw Technology) . (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) - C:\Program Files\Diebold\Warsaw\core.exe
O23 - Service: zdengine (zdengine) . (...) - C:\Program Files (x86)\OtherSearch\zdengine.exe (.not file.)
~ Services: 2 Scanned in 00mn 36s



---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Default MHTML Editor: Last - .(...) -  (.not file.)
~ Desktop Component: 4 Scanned in 00mn 00s



---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ BEX: 1 Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [AutoPico Daily Restart] (...) -- C:\Program Files\KMSpico\AutoPico.exe (.not file.)   [0]  =>PUA.KMSpico
[MD5.5BCE955CF12AF3417F055DADC0212920] [APT] [ChelfNotify Task] (.Tencent.) -- C:\ProgramData\ChelfNotify\BrowserUpdate.exe   [690144]  =>Adware.TencentAddressBar
[MD5.82DA9DC444B0AC40CF207F101332AE23] [APT] [Ghusech Verfier] (.Glarysoft Ltd.) -- C:\Program Files (x86)\Sherboculthaverther\nopatain.exe   [779896]
[MD5.A8FD9222E4D72596BB37DA8BE95C0BA4] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe   [153752]
[MD5.A8FD9222E4D72596BB37DA8BE95C0BA4] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe   [153752]
[MD5.3ECAF01F5F4BFBEBBA31596DB0FC471B] [APT] [HPCeeScheduleForJean] (.HP Development Company, L.P..) -- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe   [99392]
[MD5.FC10C6A255905CD87D0C54182014363A] [APT] [HPCustParticipation HP Officejet Pro 8610] (.Hewlett-Packard Development Company, LP.) -- C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe   [5745672]
[MD5.5153C06FC9D4D094D1A785545928B134] [APT] [Java Platform SE Auto Updater] (.Oracle Corporation.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   [587288]
[MD5.00000000000000000000000000000000] [APT] [KMSAutoNet] (...) -- C:\ProgramData\KMSAutoS\KMSAuto Net.exe (.not file.)   [0]  =>Trojan.AutoKMS
[MD5.00000000000000000000000000000000] [APT] [updengine] (...) -- C:\Program Files (x86)\OtherSearch\updengine.exe (.not file.)   [0]
[MD5.4FF880AFFCAC2EC8B26AE13BC1EF779D] [APT] [HP Active Health Scan (HPSA)] (.HP Inc..) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe   [199512]
[MD5.B490A5F25093B707AEAF4F6CD086808C] [APT] [HP Support Assistant Quick Start] (.HP Inc..) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe   [1151520]
[MD5.15A3BD6C514F574D3AA5458511555CC9] [APT] [HP Support Solutions Framework Report] (.HP Inc..) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe   [106376]
[MD5.1EBF84B5F20C14D6A398CA7FCC70FD43] [APT] [HP Support Solutions Framework Updater] (.HP Inc..) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe   [623496]
[MD5.1EBF84B5F20C14D6A398CA7FCC70FD43] [APT] [HP Support Solutions Framework Updater - Resources] (.HP Inc..) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe   [623496]
[MD5.B490A5F25093B707AEAF4F6CD086808C] [APT] [PC Health Analysis] (.HP Inc..) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe   [1151520]
O39 - APT: HPCeeScheduleForJean - (.HP Development Company, L.P..) -- C:\Windows\Tasks\HPCeeScheduleForJean.job   [360]
O39 - APT: HPCeeScheduleForJean - (.HP Development Company, L.P..) -- C:\Windows\System32\Tasks\HPCeeScheduleForJean   [360]
O39 - APT:  - (..) -- C:\Windows\Tasks\Synaptics TouchPad Enhancements.job   [264]
~ Scheduled Task: 24 Scanned in 00mn 11s



---\\ Componentes instalados (ActiveSetup Installed Components) (040)
O40 - ASIC: Microsoft Windows Media Player [64Bits] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll  =>.Microsoft Corporation
O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\SysWOW64\wmpdxm.dll  =>.Microsoft Corporation
O40 - ASIC: Themes Setup [64Bits] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\Windows\System32\themeui.dll
O40 - ASIC: Microsoft Windows [64Bits] - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe  =>.Microsoft Corporation
O40 - ASIC: Browsing Enhancements [64Bits] - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extensão shell da pasta FTP do Microsoft Internet Explorer.) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll  =>.Microsoft Corporation
O40 - ASIC: Windows Desktop Update [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\Windows\System32\shell32.dll
O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\System32\mscories.dll
O40 - ASIC: Google Chrome [64Bits] - {8A69D345-D564-463c-AFF1-A69D9E530F96} . (.Google Inc. - Google Chrome Installer.) -- C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe
~ Active Setup: 10 Scanned in 00mn 01s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver:  (6d68b42e205e8cb19194f902d4b37ada) . (.1XB2GV - No Comment.) - C:\Windows\System32\drivers\6d68b42e205e8cb19194f902d4b37ada.sys
O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: C:\Windows\System32\drivers\ahcache.sys (ahcache) . (.Microsoft Corporation - Application Compatibility Cache.) - C:\Windows\System32\DRIVERS\ahcache.sys
O41 - Driver: (BasicDisplay) . (.Microsoft Corporation - Microsoft Basic Display Driver.) - C:\Windows\system32\drivers\BasicDisplay.sys
O41 - Driver: (BasicRender) . (.Microsoft Corporation - Microsoft Basic Render Driver.) - C:\Windows\system32\drivers\BasicRender.sys
O41 - Driver: cdrom.inf (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys
O41 - Driver: C:\Windows\System32\drivers\dam.sys (dam) . (.Microsoft Corporation - DAM Kernel Driver.) - C:\Windows\System32\drivers\dam.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (Dfsc) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\System32\drivers\filecrypt.sys (FileCrypt) . (.Microsoft Corporation - Windows sandboxing and encryption filter.) - C:\Windows\System32\drivers\filecrypt.sys
O41 - Driver: C:\Windows\System32\drivers\gpuenergydrv.sys (GpuEnergyDrv) . (.Microsoft Corporation - GPU Energy Kernel Driver.) - C:\Windows\System32\drivers\gpuenergydrv.sys
O41 - Driver:  (iSafeKrnlKit) . (.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys  =>PUP.Elex
O41 - Driver: (kmpupbbl) . (. - .) - C:\WINDOWS\system32\drivers\kmpupbbl.sys (.not file.)
O41 - Driver: mssmbios.inf (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys
O41 - Driver: C:\Windows\system32\drivers\netbios.sys (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\drivers\netbios.sys
O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: npsvctrig.inf (npsvctrig) . (.Microsoft Corporation - Named pipe service triggers.) - C:\Windows\system32\drivers\npsvctrig.sys
O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Agendador de pacotes de serviço.) - C:\Windows\System32\drivers\pacer.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Driver do Subsistema de Buffer da Unidade R.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys
O41 - Driver: C:\Windows\System32\drivers\vwififlt.sys (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\System32\drivers\vwififlt.sys
O41 - Driver: Ambiente de suporte a provedores de serviços não-IFS do Windows Socket 2.0 (ws2ifsl) . (.Microsoft Corporation - Winsock2 IFS Layer.) - C:\Windows\system32\drivers\ws2ifsl.sys
O41 - Driver:  (wsddfac) . (.GAS Tecnologia - GAS Tecnologia - FAC.) - C:\Windows\System32\drivers\wsddfac.sys
O41 - Driver: oem25.inf (wsddntf) . (.GAS Tecnologia - GAS Tecnologia LWF Driver.) - C:\Windows\system32\DRIVERS\wsddntf.sys
O41 - Driver:  (wsddpp) . (.GAS Tecnologia - GAS Tecnologia - PP.) - C:\Windows\system32\drivers\wsddpp.sys
~ Drivers: 50 Scanned in 00mn 01s



---\\ Software instalados (042)
O42 - Logiciel: A360 Desktop - (.Autodesk.) [HKLM][64Bits] -- {B209E611-5511-4AD6-B4B3-9D36F93DBCD4}
O42 - Logiciel: Akamai NetSession Interface - (.Akamai Technologies, Inc.) [HKCU][64Bits] -- Akamai
O42 - Logiciel: Aplicativo Bradesco versão 2.0 - (.Copyright (C) 2015 Scopus Tecnologia Ltda..) [HKLM][64Bits] -- {2F7717E5-BFF5-479A-B29E-A615ED278B6F}_is1
O42 - Logiciel: Aplicativo Itaú - (.Banco Itaú.) [HKLM][64Bits] -- {3DB32008-4479-49E3-886B-CD502BF4291E}
O42 - Logiciel: Aplicativo da área de trabalho Autodesk - (.Autodesk.) [HKLM][64Bits] -- Autodesk Desktop App
O42 - Logiciel: Aplicativos da Autodesk em destaque 2016 - (.Autodesk.) [HKLM][64Bits] -- {D42F37CD-9AF9-4435-A474-B387C5BB6B47}
O42 - Logiciel: AutoCAD 2016 - Português - Brasil (Brazilian Portuguese) - (.Autodesk.) [HKLM][64Bits] -- {5783F2D7-F001-0416-2102-0060B0CE6BBA}
O42 - Logiciel: Autodesk Advanced Material Library Image Library 2016 - (.Autodesk.) [HKLM][64Bits] -- {94AD53E7-493B-4291-8714-7A3B761D2783}
O42 - Logiciel: Autodesk App Manager 2016 - (.Autodesk.) [HKLM][64Bits] -- {4ECF9E00-2978-46AF-BD80-455EFEAB7A93}
O42 - Logiciel: Autodesk AutoCAD 2016 - Português - Brasil (Brazilian Portuguese) - (.Autodesk.) [HKLM][64Bits] -- AutoCAD 2016 - Português - Brasil (Brazilian Portuguese)
O42 - Logiciel: Autodesk AutoCAD Performance Feedback Tool 1.2.4 - (.Autodesk.) [HKLM][64Bits] -- {4E20873D-BC20-495C-AFD9-B18877B7F9BB}
O42 - Logiciel: Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit - (.Autodesk.) [HKLM][64Bits] -- {4BEE127E-95C4-434D-ABAC-65155192BB24}
O42 - Logiciel: Autodesk Content Service - (.Autodesk.) [HKLM][64Bits] -- Autodesk Content Service
O42 - Logiciel: Autodesk Content Service Language Pack - (.Autodesk.) [HKLM][64Bits] -- {A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}
O42 - Logiciel: Autodesk DWG TrueView 2016 - English - (.Autodesk.) [HKLM][64Bits] -- DWG TrueView 2016 - English
O42 - Logiciel: Autodesk Material Library 2016 - (.Autodesk.) [HKLM][64Bits] -- {29A7D6EC-63C2-42FD-8143-5812ABD2923F}
O42 - Logiciel: Autodesk Material Library Base Resolution Image Library 2016 - (.Autodesk.) [HKLM][64Bits] -- {6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}
O42 - Logiciel: Autodesk ReCap 2016 - (.Autodesk.) [HKLM][64Bits] -- Autodesk ReCap 2016
O42 - Logiciel: Dell Touchpad - (.Synaptics Incorporated.) [HKLM][64Bits] -- SynTPDeinstKey
O42 - Logiciel: Estudo de aprimoramento de produto para HP Officejet Pro 8610 - (.Hewlett-Packard Co..) [HKLM][64Bits] -- {69720A42-FF84-4BCB-B35D-82929B4FF1F2}  =>.Hewlett-Packard Co
O42 - Logiciel: FARO LS 1.1.502.0 (64bit) - (.FARO Scanner Production.) [HKLM][64Bits] -- {66D83FE0-D798-4B38-86FE-FB48151E5AEF}
O42 - Logiciel: Foxit Reader - (.Foxit Software Inc..) [HKLM][64Bits] -- Foxit Reader_is1
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
O42 - Logiciel: HL-2270DW - (.Brother Industries, Ltd..) [HKLM][64Bits] -- {E2A97415-BD97-4867-B906-05E39E9EE51F}
O42 - Logiciel: HP Customer Experience Enhancements - (.HP Development Company, L.P..) [HKLM][64Bits] -- {64228DFB-7450-49B7-935C-B97342CB6659}
O42 - Logiciel: HP LaserJet Professional P1100-P1560-P1600 Series - (...) [HKLM][64Bits] -- HP LaserJet Professional P1100-P1560-P1600 Series
O42 - Logiciel: HP Officejet Pro 8610 Ajuda - (.Hewlett Packard.) [HKLM][64Bits] -- {F27E2007-980C-40F0-927D-7C791912910F}  =>.Hewlett-Packard Co
O42 - Logiciel: HP Officejet Pro 8610 Software básico do dispositivo - (.Hewlett-Packard Co..) [HKLM][64Bits] -- {5C9B6130-0EAA-449E-9318-61CA8F6B2D63}  =>.Hewlett-Packard Co
O42 - Logiciel: HP Support Assistant - (.HP Inc..) [HKLM][64Bits] -- {56D27851-B9A6-430F-875A-E2D7A3802C7B}  =>.Hewlett-Packard Co
O42 - Logiciel: HP Support Solutions Framework - (.HP Inc..) [HKLM][64Bits] -- {0A8C9032-3AB5-4CB7-8173-13BDE66B779A}
O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM][64Bits] -- {912D30CF-F39E-4B31-AD9A-123C6B794EE2}
O42 - Logiciel: HPSSupply - (.Hewlett Packard Development Company L.P..) [HKLM][64Bits] -- {7902E313-FF0F-4493-ACB1-A8147B78DCD0}
O42 - Logiciel: Hábil Empresarial - (.Koinonia Software.) [HKLM][64Bits] -- HabilCS2012_is1
O42 - Logiciel: I.R.I.S. OCR - (.HP.) [HKLM][64Bits] -- {CA6BCA2F-EDEB-408F-850B-31404BE16A61}
O42 - Logiciel: Importação do SketchUp 2016 - (.Autodesk.) [HKLM][64Bits] -- {C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}
O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM][64Bits] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}
O42 - Logiciel: Java 8 Update 111 (64-bit) - (.Oracle Corporation.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F64180111F0}
O42 - Logiciel: Java 8 Update 111 - (.Oracle Corporation.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F32180111F0}
O42 - Logiciel: KMSpico - (...) [HKLM][64Bits] -- {8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1  =>PUA.KMSpico
O42 - Logiciel: Mozilla Firefox 49.0.2 (x86 pt-BR) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 49.0.2 (x86 pt-BR)
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService
O42 - Logiciel: NVIDIA Driver de gráficos 368.39 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver
O42 - Logiciel: NVIDIA GeForce Experience 2.11.4.0 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience
O42 - Logiciel: NVIDIA Software do sistema PhysX 9.16.0318 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX
O42 - Logiciel: Office 16 Click-to-Run Extensibility Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {90160000-008C-0000-1000-0000000FF1CE}
O42 - Logiciel: Office 16 Click-to-Run Licensing Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {90160000-007E-0000-1000-0000000FF1CE}
O42 - Logiciel: Office 16 Click-to-Run Localization Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {90160000-008C-0416-1000-0000000FF1CE}
O42 - Logiciel: Realtek Card Reader - (.Realtek Semiconduct Corp..) [HKLM][64Bits] -- {5BC2B5AB-80DE-4E83-B8CF-426902051D0A}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Skype™ 7.30 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {FC965A47-4839-40CA-B618-18F486F042C6}
O42 - Logiciel: Spotify - (.Spotify AB.) [HKCU][64Bits] -- Spotify
O42 - Logiciel: TeamViewer 11 - (.TeamViewer.) [HKLM][64Bits] -- TeamViewer
O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM][64Bits] -- VLC media player  =>.VideoLAN
O42 - Logiciel: Vulkan Run Time Libraries 1.0.11.1 - (.LunarG, Inc..) [HKLM][64Bits] -- VulkanRT1.0.11.1
O42 - Logiciel: Warsaw 1.13.0.525 64 bits - (.GAS Tecnologia.) [HKLM][64Bits] -- {20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1
O42 - Logiciel: WinRAR 5.40 (64-bit) - (.win.rar GmbH.) [HKLM][64Bits] -- WinRAR archiver
O42 - Logiciel: YAC(Yet Another Cleaner!) - (.ELEX DO BRASIL PARTICIPAÇÕES LTDA.) [HKLM][64Bits] -- iSafe  =>PUP.Elex
O42 - Logiciel: amuleC - (.amuleC.) [HKLM][64Bits] -- {19539992-061C-4E8B-9053-07B175303AF4}
~ Logic: 24 Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\6253ADA1889844A8E0F23EF73742492D]  =>PUP.CrossRider
[HKCU\Software\Affinix]
[HKCU\Software\Aplicativo Itau]
[HKCU\Software\AppDataLow\Software\JavaSoft]
[HKCU\Software\AppDataLow]
[HKCU\Software\Autodesk]
[HKCU\Software\Avg]
[HKCU\Software\Brother]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\DarwenDLM]
[HKCU\Software\ESET]
[HKCU\Software\EaseUS]
[HKCU\Software\EpmNewsInfo]
[HKCU\Software\Foxit Software]
[HKCU\Software\GbPlugin]
[HKCU\Software\Google]
[HKCU\Software\Gunbean]
[HKCU\Software\HP]
[HKCU\Software\HabilCS]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IM Providers]
[HKCU\Software\IM]
[HKCU\Software\InstallMonster]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\Marvell]
[HKCU\Software\Mozilla]
[HKCU\Software\NVIDIA Corporation]
[HKCU\Software\Netscape]
[HKCU\Software\Northcode Inc]
[HKCU\Software\ODBC]
[HKCU\Software\Policies]
[HKCU\Software\ProductSetup]  =>Adware.InstallCore
[HKCU\Software\Realtek]
[HKCU\Software\RegisteredApplications]
[HKCU\Software\Skype]
[HKCU\Software\Synaptics]
[HKCU\Software\Sysinternals]
[HKCU\Software\TeamViewer]
[HKCU\Software\Trolltech]
[HKCU\Software\WajIEnhance]  =>PUP.Wajam
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Wintertree]
[HKCU\Software\Wow6432Node]
[HKCU\Software\ZebHelpProcess Helper]
[HKCU\Software\csastats]
[HKLM\Software\AGEIA Technologies]
[HKLM\Software\AVG]
[HKLM\Software\Autodesk]
[HKLM\Software\Brother]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Creative Tech]
[HKLM\Software\DTS]
[HKLM\Software\Dolby]
[HKLM\Software\Foxit Software]
[HKLM\Software\Google]
[HKLM\Software\HP]
[HKLM\Software\IM Providers]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\Khronos]
[HKLM\Software\Macromedia]
[HKLM\Software\Macrovision]
[HKLM\Software\Marvell]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\Nuance]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\Partner]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Reltek]
[HKLM\Software\SRS Labs]
[HKLM\Software\Socia2Sear Browser Enhancer]
[HKLM\Software\Synaptics]
[HKLM\Software\SyncIntegrationClients]
[HKLM\Software\VideoLAN]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Waves Audio]
[HKLM\Software\WinRAR]
[HKLM\Software\Wow6432Node\6253ADA1889844A8E0F23EF73742492D]  =>PUP.CrossRider
[HKLM\Software\Wow6432Node\AGEIA Technologies]
[HKLM\Software\Wow6432Node\AVG]
[HKLM\Software\Wow6432Node\AdwCleaner]
[HKLM\Software\Wow6432Node\Anewaly]
[HKLM\Software\Wow6432Node\Apple Inc.]
[HKLM\Software\Wow6432Node\Autodesk]
[HKLM\Software\Wow6432Node\Brother Industries, Ltd.]
[HKLM\Software\Wow6432Node\Brother]
[HKLM\Software\Wow6432Node\Cahissterzosh]
[HKLM\Software\Wow6432Node\Classes]
[HKLM\Software\Wow6432Node\Clients]
[HKLM\Software\Wow6432Node\Drerzesh]
[HKLM\Software\Wow6432Node\Dronaing]
[HKLM\Software\Wow6432Node\Elex-tech]  =>PUP.Elex
[HKLM\Software\Wow6432Node\Eset]
[HKLM\Software\Wow6432Node\Foxit Software]
[HKLM\Software\Wow6432Node\Fupery]
[HKLM\Software\Wow6432Node\Google]
[HKLM\Software\Wow6432Node\Gunbean]
[HKLM\Software\Wow6432Node\HP]
[HKLM\Software\Wow6432Node\Hewlett-Packard]
[HKLM\Software\Wow6432Node\HewlettPackard]
[HKLM\Software\Wow6432Node\IM Providers]
[HKLM\Software\Wow6432Node\Intel]
[HKLM\Software\Wow6432Node\JavaSoft]
[HKLM\Software\Wow6432Node\JreMetrics]
[HKLM\Software\Wow6432Node\Khronos]
[HKLM\Software\Wow6432Node\LogMeInRescueCallingCard]
[HKLM\Software\Wow6432Node\Macromedia]
[HKLM\Software\Wow6432Node\MozillaPlugins]
[HKLM\Software\Wow6432Node\Mozilla]
[HKLM\Software\Wow6432Node\NVIDIA Corporation]
[HKLM\Software\Wow6432Node\NetExpPlugins]
[HKLM\Software\Wow6432Node\NetExp]
[HKLM\Software\Wow6432Node\Nuance]
[HKLM\Software\Wow6432Node\ODBC]
[HKLM\Software\Wow6432Node\OtherSearch]
[HKLM\Software\Wow6432Node\Policies]
[HKLM\Software\Wow6432Node\RegisteredApplications]
[HKLM\Software\Wow6432Node\ScreenShot]
[HKLM\Software\Wow6432Node\SkypeUpdateEx]
[HKLM\Software\Wow6432Node\Skype]
[HKLM\Software\Wow6432Node\Socia2Sear Browser Enhancer]
[HKLM\Software\Wow6432Node\UvConv]
[HKLM\Software\Wow6432Node\WOW6432Node]
[HKLM\Software\Wow6432Node\Waves Audio]
[HKLM\Software\Wow6432Node\WinArcher]
[HKLM\Software\Wow6432Node\WinSaberSvc]
[HKLM\Software\Wow6432Node\amisitesSoftware]
[HKLM\Software\Wow6432Node\amule-custom]
[HKLM\Software\Wow6432Node\iThemes]
[HKLM\Software\Wow6432Node\jhtrsq]
[HKLM\Software\Wow6432Node\mozilla.org]
[HKLM\Software\Wow6432Node\trotuxSoftware]
[HKLM\Software\jhtrsq]
[HKLM\Software\mweshield]
~ Key Software: 233 Scanned in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/11/2016 - 08:33:23 - [] ----D C:\Program Files (x86)\0i3svkii
O43 - CFD: 17/11/2016 - 08:58:09 - [] ----D C:\Program Files (x86)\4nyo2br2
O43 - CFD: 08/11/2016 - 17:29:37 - [] ----D C:\Program Files (x86)\524ksf1k
O43 - CFD: 26/12/2016 - 17:07:19 - [] ---AD C:\Program Files (x86)\amuleC1
O43 - CFD: 03/11/2016 - 11:30:55 - [] ---AD C:\Program Files (x86)\AppBrad
O43 - CFD: 03/11/2016 - 11:30:25 - [] ----D C:\Program Files (x86)\Autodesk
O43 - CFD: 17/11/2016 - 14:05:23 - [] ----D C:\Program Files (x86)\AVG
O43 - CFD: 12/11/2016 - 05:29:37 - [] ----D C:\Program Files (x86)\b12ashcu
O43 - CFD: 08/11/2016 - 13:29:37 - [] ----D C:\Program Files (x86)\b27u62eq
O43 - CFD: 03/11/2016 - 11:30:25 - [] ----D C:\Program Files (x86)\Brother
O43 - CFD: 03/11/2016 - 11:30:25 - [] ----D C:\Program Files (x86)\Browny02
O43 - CFD: 03/11/2016 - 11:30:25 - [] ----D C:\Program Files (x86)\Common Files
O43 - CFD: 03/11/2016 - 11:30:25 - [] --H-D C:\Program Files (x86)\Diebold
O43 - CFD: 21/11/2016 - 11:38:54 - [] ----D C:\Program Files (x86)\Elex-tech  =>PUP.Elex
O43 - CFD: 03/11/2016 - 18:23:09 - [] ----D C:\Program Files (x86)\Foxit Software
O43 - CFD: 03/11/2016 - 11:30:25 - [] --H-D C:\Program Files (x86)\GAS Tecnologia
O43 - CFD: 26/12/2016 - 17:12:29 - [] ---AD C:\Program Files (x86)\GbPlugin
O43 - CFD: 03/11/2016 - 18:48:37 - [] ----D C:\Program Files (x86)\Google
O43 - CFD: 26/12/2016 - 13:52:02 - [0] ----D C:\Program Files (x86)\Gubed_WMI
O43 - CFD: 21/11/2016 - 10:38:28 - [] ----D C:\Program Files (x86)\Gunbean
O43 - CFD: 03/11/2016 - 11:30:55 - [] ----D C:\Program Files (x86)\Hewlett-Packard
O43 - CFD: 03/11/2016 - 11:30:25 - [] ---AD C:\Program Files (x86)\HP
O43 - CFD: 03/11/2016 - 11:30:25 - [] --H-D C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 03/11/2016 - 11:30:55 - [] ----D C:\Program Files (x86)\Intel
O43 - CFD: 26/12/2016 - 17:07:19 - [] ----D C:\Program Files (x86)\Internet Explorer
O43 - CFD: 03/11/2016 - 11:30:25 - [] ----D C:\Program Files (x86)\Java
O43 - CFD: 03/11/2016 - 11:30:25 - [] ----D C:\Program Files (x86)\Koinonia Software
O43 - CFD: 26/12/2016 - 14:19:00 - [0] ----D C:\Program Files (x86)\Malwarebytes Anti-Malware
O43 - CFD: 03/11/2016 - 11:30:25 - [] ----D C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 03/11/2016 - 18:18:54 - [] ---AD C:\Program Files (x86)\Mozilla Firefox
O43 - CFD: 03/11/2016 - 11:30:25 - [] ----D C:\Program Files (x86)\Mozilla Maintenance Service
O43 - CFD: 03/11/2016 - 11:30:25 - [] ----D C:\Program Files (x86)\MSBuild
O43 - CFD: 08/11/2016 - 09:30:48 - [] ----D C:\Program Files (x86)\ntgsxyfb
O43 - CFD: 03/11/2016 - 11:30:25 - [] ----D C:\Program Files (x86)\NVIDIA Corporation
O43 - CFD: 17/11/2016 - 13:40:08 - [] ----D C:\Program Files (x86)\OtherSearch
O43 - CFD: 09/11/2016 - 09:12:54 - [] ----D C:\Program Files (x86)\p64n93mf
O43 - CFD: 22/11/2016 - 09:03:16 - [] ----D C:\Program Files (x86)\pdvwayt8
O43 - CFD: 09/11/2016 - 13:29:37 - [] ----D C:\Program Files (x86)\plc07u95
O43 - CFD: 09/11/2016 - 09:29:37 - [] ----D C:\Program Files (x86)\plfrrgma
O43 - CFD: 07/11/2016 - 10:00:07 - [] ----D C:\Program Files (x86)\ppgq3pym
O43 - CFD: 07/11/2016 - 13:29:37 - [] ----D C:\Program Files (x86)\ppznb1rd
O43 - CFD: 09/11/2016 - 17:29:37 - [] ----D C:\Program Files (x86)\qdhzmgn7
O43 - CFD: 03/11/2016 - 11:30:25 - [] ----D C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 24/11/2016 - 09:30:24 - [] ----D C:\Program Files (x86)\Sherboculthaverther
O43 - CFD: 26/12/2016 - 17:07:19 - [] R---D C:\Program Files (x86)\Skype
O43 - CFD: 18/11/2016 - 09:02:52 - [] ---AD C:\Program Files (x86)\TeamViewer
O43 - CFD: 03/11/2016 - 11:30:26 - [0] --H-D C:\Program Files (x86)\Uninstall Information
O43 - CFD: 22/11/2016 - 09:51:42 - [0] ----D C:\Program Files (x86)\UvConverter
O43 - CFD: 03/11/2016 - 11:30:55 - [] ----D C:\Program Files (x86)\VulkanRT
O43 - CFD: 23/12/2016 - 12:32:12 - [] ----D C:\Program Files (x86)\WinArcher
O43 - CFD: 26/12/2016 - 17:07:19 - [] ----D C:\Program Files (x86)\Windows Defender
O43 - CFD: 26/12/2016 - 17:07:22 - [] ----D C:\Program Files (x86)\Windows Mail  =>.Microsoft Corporation
O43 - CFD: 26/12/2016 - 17:07:22 - [] ----D C:\Program Files (x86)\Windows Media Player  =>.Microsoft Corporation
O43 - CFD: 03/11/2016 - 11:30:26 - [] ----D C:\Program Files (x86)\Windows Multimedia Platform
O43 - CFD: 03/11/2016 - 11:30:26 - [] ----D C:\Program Files (x86)\Windows NT
O43 - CFD: 26/12/2016 - 17:07:19 - [] ----D C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 03/11/2016 - 11:30:26 - [] ----D C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 03/11/2016 - 11:30:26 - [] -SH-D C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 03/11/2016 - 11:30:26 - [] ----D C:\Program Files (x86)\WindowsPowerShell
O43 - CFD: 26/12/2016 - 18:54:32 - [] ----D C:\Program Files (x86)\ZHPDiag  =>.Nicolas Coolman
O43 - CFD: 05/08/2016 - 11:03:32 - [] ---AD C:\Program Files (x86)\Common Files\Autodesk Shared
O43 - CFD: 03/10/2016 - 04:15:51 - [] ----D C:\Program Files (x86)\Common Files\Intel
O43 - CFD: 27/10/2016 - 08:40:38 - [] ----D C:\Program Files (x86)\Common Files\Java
O43 - CFD: 03/10/2016 - 04:23:32 - [] ---AD C:\Program Files (x86)\Common Files\Microsoft Shared
O43 - CFD: 26/12/2016 - 17:07:19 - [] ----D C:\Program Files (x86)\Common Files\Services
O43 - CFD: 26/12/2016 - 17:07:20 - [] ---AD C:\Program Files (x86)\Common Files\Skype
O43 - CFD: 08/09/2016 - 13:36:02 - [0] ----D C:\Program Files (x86)\Common Files\SWF Studio
O43 - CFD: 16/07/2016 - 20:04:23 - [] ----D C:\Program Files (x86)\Common Files\System
O43 - CFD: 26/12/2016 - 17:07:18 - [] ---AD C:\ProgramData\Autodesk
O43 - CFD: 16/11/2016 - 10:05:17 - [] ----D C:\ProgramData\AVAST Software
O43 - CFD: 17/11/2016 - 14:05:03 - [] ---AD C:\ProgramData\Avg
O43 - CFD: 03/11/2016 - 11:30:56 - [] ----D C:\ProgramData\Avira
O43 - CFD: 27/06/2016 - 15:32:17 - [] ----D C:\ProgramData\Brother
O43 - CFD: 25/11/2016 - 14:08:37 - [] ----D C:\ProgramData\ChelfNotify
O43 - CFD: 16/11/2016 - 10:14:57 - [] --H-D C:\ProgramData\Common Files
O43 - CFD: 16/07/2016 - 08:47:48 - [0] ----D C:\ProgramData\Comms
O43 - CFD: 23/06/2016 - 17:57:19 - [] -SH-D C:\ProgramData\Dados de Aplicativos
O43 - CFD: 03/10/2016 - 04:43:02 - [] -SH-D C:\ProgramData\Desktop
O43 - CFD: 23/06/2016 - 17:57:19 - [] -SH-D C:\ProgramData\Documentos
O43 - CFD: 05/08/2016 - 10:51:30 - [] ----D C:\ProgramData\FARO
O43 - CFD: 26/12/2016 - 17:07:18 - [] ----D C:\ProgramData\FLEXnet
O43 - CFD: 03/11/2016 - 18:23:12 - [] ----D C:\ProgramData\Foxit ContentPlatform
O43 - CFD: 26/12/2016 - 10:38:17 - [] ----D C:\ProgramData\Foxit Software
O43 - CFD: 05/12/2016 - 13:04:45 - [] ----D C:\ProgramData\GAS Tecnologia
O43 - CFD: 01/07/2016 - 17:13:41 - [] ----D C:\ProgramData\gbas
O43 - CFD: 26/12/2016 - 17:12:40 - [] ---AD C:\ProgramData\GbPlugin
O43 - CFD: 14/11/2016 - 09:48:42 - [] ----D C:\ProgramData\Hewlett-Packard
O43 - CFD: 28/10/2016 - 14:21:14 - [] ---AD C:\ProgramData\HP
O43 - CFD: 08/09/2016 - 13:38:36 - [0] ----D C:\ProgramData\HPSSUPPLY
O43 - CFD: 27/06/2016 - 15:31:11 - [] ----D C:\ProgramData\KMSAutoS  =>Trojan.AutoKMS
O43 - CFD: 17/10/2016 - 18:26:27 - [] ----D C:\ProgramData\Koinonia Software
O43 - CFD: 26/12/2016 - 14:19:00 - [] ----D C:\ProgramData\Malwarebytes
O43 - CFD: 23/06/2016 - 17:57:19 - [] -SH-D C:\ProgramData\Menu Iniciar
O43 - CFD: 17/11/2016 - 13:43:53 - [] ----D C:\ProgramData\MFAData
O43 - CFD: 14/11/2016 - 16:22:06 - [] -S--D C:\ProgramData\Microsoft
O43 - CFD: 03/10/2016 - 04:47:48 - [] ----D C:\ProgramData\Microsoft OneDrive
O43 - CFD: 23/06/2016 - 17:57:19 - [] -SH-D C:\ProgramData\Modelos
O43 - CFD: 03/10/2016 - 04:17:03 - [] ----D C:\ProgramData\NVIDIA
O43 - CFD: 03/10/2016 - 04:23:41 - [] ----D C:\ProgramData\NVIDIA Corporation
O43 - CFD: 27/10/2016 - 09:11:56 - [] ----D C:\ProgramData\Oracle
O43 - CFD: 05/08/2016 - 11:03:57 - [] ----D C:\ProgramData\Package Cache
O43 - CFD: 21/11/2016 - 11:37:47 - [] ----D C:\ProgramData\PreEmptive Solutions
O43 - CFD: 17/11/2016 - 13:29:02 - [] ---AD C:\ProgramData\regid.1991-06.com.microsoft
O43 - CFD: 28/11/2016 - 17:14:11 - [] ----D C:\ProgramData\Skype
O43 - CFD: 16/07/2016 - 08:47:48 - [0] ----D C:\ProgramData\SoftwareDistribution  =>Adware.Boxore
O43 - CFD: 03/10/2016 - 04:43:01 - [] ----D C:\ProgramData\USOPrivate
O43 - CFD: 03/10/2016 - 04:43:01 - [] ----D C:\ProgramData\USOShared
O43 - CFD: 14/11/2016 - 16:21:49 - [] ----D C:\ProgramData\Windows Security
O43 - CFD: 22/11/2016 - 10:02:16 - [0] ----D C:\ProgramData\WinSAPSvc
O43 - CFD: 16/07/2016 - 08:47:50 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
O43 - CFD: 26/12/2016 - 17:07:18 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 14/11/2016 - 09:44:14 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 03/10/2016 - 04:28:58 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aplicativo Bradesco
O43 - CFD: 03/10/2016 - 04:28:58 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
O43 - CFD: 03/10/2016 - 04:28:58 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk ReCap 2016
O43 - CFD: 03/10/2016 - 04:28:58 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
O43 - CFD: 03/10/2016 - 04:28:58 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office 2016
O43 - CFD: 03/11/2016 - 18:23:52 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
O43 - CFD: 03/10/2016 - 04:28:58 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
O43 - CFD: 03/10/2016 - 04:28:58 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
O43 - CFD: 16/11/2016 - 10:50:34 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hábil Empresarial
O43 - CFD: 27/10/2016 - 08:41:01 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
O43 - CFD: 14/11/2016 - 16:02:55 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico  =>PUA.KMSpico
O43 - CFD: 16/07/2016 - 08:47:50 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 03/10/2016 - 04:28:58 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
O43 - CFD: 03/10/2016 - 04:23:40 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
O43 - CFD: 26/12/2016 - 17:07:18 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer
O43 - CFD: 16/07/2016 - 08:47:50 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
O43 - CFD: 16/07/2016 - 08:47:50 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
O43 - CFD: 03/10/2016 - 04:28:58 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
O43 - CFD: 03/11/2016 - 18:17:31 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
O43 - CFD: 26/12/2016 - 18:54:32 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP  =>.Nicolas Coolman
O43 - CFD: 25/11/2016 - 10:18:39 - [] ----D C:\Users\Jean\AppData\Roaming\adgad
O43 - CFD: 23/06/2016 - 18:01:52 - [] ----D C:\Users\Jean\AppData\Roaming\Adobe
O43 - CFD: 18/11/2016 - 10:08:58 - [] ----D C:\Users\Jean\AppData\Roaming\aMule
O43 - CFD: 17/11/2016 - 12:52:11 - [] ----D C:\Users\Jean\AppData\Roaming\ASPackage  =>PUP.ASPackage
O43 - CFD: 29/08/2016 - 09:30:41 - [] ----D C:\Users\Jean\AppData\Roaming\Autodesk
O43 - CFD: 16/11/2016 - 10:28:10 - [] ----D C:\Users\Jean\AppData\Roaming\AVG
O43 - CFD: 06/12/2016 - 14:48:39 - [] R---D C:\Users\Jean\AppData\Roaming\Brother
O43 - CFD: 21/11/2016 - 11:38:53 - [] ----D C:\Users\Jean\AppData\Roaming\Elex-tech  =>PUP.Elex
O43 - CFD: 23/06/2016 - 19:24:54 - [] ----D C:\Users\Jean\AppData\Roaming\epm
O43 - CFD: 23/06/2016 - 20:30:22 - [] ----D C:\Users\Jean\AppData\Roaming\Foxit AgentInformation
O43 - CFD: 03/11/2016 - 19:03:20 - [] ----D C:\Users\Jean\AppData\Roaming\Foxit Software
O43 - CFD: 08/09/2016 - 15:43:26 - [] ----D C:\Users\Jean\AppData\Roaming\Hewlett-Packard
O43 - CFD: 16/11/2016 - 10:51:00 - [0] ----D C:\Users\Jean\AppData\Roaming\hpqLog
O43 - CFD: 16/11/2016 - 10:51:00 - [0] ----D C:\Users\Jean\AppData\Roaming\HpUpdate
O43 - CFD: 27/06/2016 - 15:30:36 - [] ----D C:\Users\Jean\AppData\Roaming\InstallShield
O43 - CFD: 03/11/2016 - 19:31:31 - [0] ----D C:\Users\Jean\AppData\Roaming\Kiayataing
O43 - CFD: 23/06/2016 - 18:07:24 - [] ----D C:\Users\Jean\AppData\Roaming\Macromedia
O43 - CFD: 03/10/2016 - 04:34:52 - [] -S--D C:\Users\Jean\AppData\Roaming\Microsoft
O43 - CFD: 25/06/2016 - 12:13:47 - [] ----D C:\Users\Jean\AppData\Roaming\Mozilla
O43 - CFD: 04/07/2016 - 14:50:27 - [] ----D C:\Users\Jean\AppData\Roaming\NetExpress50
O43 - CFD: 03/11/2016 - 11:29:08 - [] ----D C:\Users\Jean\AppData\Roaming\Profiles
O43 - CFD: 07/12/2016 - 14:06:37 - [] ----D C:\Users\Jean\AppData\Roaming\Skype
O43 - CFD: 26/12/2016 - 17:06:46 - [] ----D C:\Users\Jean\AppData\Roaming\Spotify
O43 - CFD: 23/06/2016 - 20:20:03 - [] ----D C:\Users\Jean\AppData\Roaming\Sun
O43 - CFD: 17/11/2016 - 09:43:18 - [] ----D C:\Users\Jean\AppData\Roaming\TeamViewer
O43 - CFD: 16/11/2016 - 10:27:10 - [] ----D C:\Users\Jean\AppData\Roaming\TuneUp Software
O43 - CFD: 26/12/2016 - 17:06:46 - [] ----D C:\Users\Jean\AppData\Roaming\vlc
O43 - CFD: 28/06/2016 - 17:57:59 - [] ----D C:\Users\Jean\AppData\Roaming\WinRAR
O43 - CFD: 26/12/2016 - 18:59:00 - [] ----D C:\Users\Jean\AppData\Roaming\ZHP  =>.Nicolas Coolman
O43 - CFD: 23/06/2016 - 18:03:43 - [0] ----D C:\Users\Jean\AppData\Local\ActiveSync
O43 - CFD: 05/08/2016 - 09:59:45 - [] ----D C:\Users\Jean\AppData\Local\Akamai
O43 - CFD: 26/12/2016 - 17:07:16 - [] ----D C:\Users\Jean\AppData\Local\Aplicativo Itau
O43 - CFD: 29/08/2016 - 09:30:26 - [] ----D C:\Users\Jean\AppData\Local\Autodesk
O43 - CFD: 17/11/2016 - 13:43:54 - [] ----D C:\Users\Jean\AppData\Local\Avg
O43 - CFD: 17/11/2016 - 14:04:36 - [] ----D C:\Users\Jean\AppData\Local\AvgSetupLog
O43 - CFD: 01/07/2016 - 17:12:49 - [] ----D C:\Users\Jean\AppData\Local\CEF
O43 - CFD: 03/11/2016 - 18:34:37 - [] ----D C:\Users\Jean\AppData\Local\chromium
O43 - CFD: 03/11/2016 - 11:35:52 - [] ----D C:\Users\Jean\AppData\Local\cine
O43 - CFD: 23/06/2016 - 19:10:21 - [] ----D C:\Users\Jean\AppData\Local\Comms
O43 - CFD: 03/10/2016 - 09:39:40 - [] ----D C:\Users\Jean\AppData\Local\ConnectedDevicesPlatform
O43 - CFD: 29/09/2016 - 14:14:44 - [] ----D C:\Users\Jean\AppData\Local\CrashDumps
O43 - CFD: 03/10/2016 - 04:20:29 - [] -SH-D C:\Users\Jean\AppData\Local\Dados de Aplicativos
O43 - CFD: 23/11/2016 - 09:37:28 - [] ----D C:\Users\Jean\AppData\Local\Diagnostics
O43 - CFD: 06/12/2016 - 16:41:41 - [0] ----D C:\Users\Jean\AppData\Local\ElevatedDiagnostics
O43 - CFD: 02/12/2016 - 06:37:04 - [] ----D C:\Users\Jean\AppData\Local\ESET
O43 - CFD: 07/10/2016 - 15:13:45 - [] ----D C:\Users\Jean\AppData\Local\Foxit Reader
O43 - CFD: 01/07/2016 - 18:24:07 - [] ----D C:\Users\Jean\AppData\Local\Geckofx
O43 - CFD: 31/10/2016 - 09:18:55 - [] ----D C:\Users\Jean\AppData\Local\Google
O43 - CFD: 21/11/2016 - 11:37:59 - [] ----D C:\Users\Jean\AppData\Local\Gunbean
O43 - CFD: 08/09/2016 - 14:39:06 - [] ----D C:\Users\Jean\AppData\Local\Hewlett-Packard
O43 - CFD: 03/10/2016 - 04:20:29 - [] -SH-D C:\Users\Jean\AppData\Local\Histórico
O43 - CFD: 12/09/2016 - 09:18:45 - [] ----D C:\Users\Jean\AppData\Local\HP
O43 - CFD: 09/09/2016 - 16:20:58 - [] ----D C:\Users\Jean\AppData\Local\HP_Development_Company,_L
O43 - CFD: 16/11/2016 - 10:25:13 - [] ----D C:\Users\Jean\AppData\Local\MFAData
O43 - CFD: 05/10/2016 - 14:30:23 - [] ----D C:\Users\Jean\AppData\Local\Microsoft
O43 - CFD: 23/06/2016 - 18:04:58 - [] ----D C:\Users\Jean\AppData\Local\MicrosoftEdge
O43 - CFD: 05/07/2016 - 11:51:13 - [] ----D C:\Users\Jean\AppData\Local\Mozilla
O43 - CFD: 25/06/2016 - 12:04:21 - [] ----D C:\Users\Jean\AppData\Local\MSfree Inc
O43 - CFD: 23/06/2016 - 19:49:13 - [] ----D C:\Users\Jean\AppData\Local\NVIDIA
O43 - CFD: 23/06/2016 - 19:50:36 - [] ----D C:\Users\Jean\AppData\Local\NVIDIA Corporation
O43 - CFD: 26/12/2016 - 15:04:26 - [] ----D C:\Users\Jean\AppData\Local\Packages
O43 - CFD: 23/06/2016 - 18:10:10 - [] ----D C:\Users\Jean\AppData\Local\Programs
O43 - CFD: 23/06/2016 - 18:02:21 - [] ----D C:\Users\Jean\AppData\Local\Publishers
O43 - CFD: 03/11/2016 - 11:35:32 - [] ----D C:\Users\Jean\AppData\Local\Setup504906000
O43 - CFD: 02/12/2016 - 08:11:19 - [] ----D C:\Users\Jean\AppData\Local\Spotify
O43 - CFD: 26/12/2016 - 18:54:34 - [] ----D C:\Users\Jean\AppData\Local\Temp
O43 - CFD: 03/10/2016 - 04:20:29 - [] -SH-D C:\Users\Jean\AppData\Local\Temporary Internet Files
O43 - CFD: 23/06/2016 - 18:01:44 - [] ----D C:\Users\Jean\AppData\Local\TileDataLayer
O43 - CFD: 10/10/2016 - 16:12:44 - [] ----D C:\Users\Jean\AppData\Local\VirtualStore
O43 - CFD: 03/11/2016 - 11:30:22 - [] ----D C:\Users\Jean\AppData\Local\Ziqtionanerbetain
O43 - CFD: 16/07/2016 - 08:47:50 - [] R---D C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
O43 - CFD: 03/10/2016 - 04:44:06 - [] R---D C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 26/12/2016 - 17:06:46 - [] R---D C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 18/11/2016 - 10:08:58 - [] ----D C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
O43 - CFD: 26/12/2016 - 17:06:46 - [] ----D C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú
O43 - CFD: 16/07/2016 - 08:47:50 - [] ----D C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 26/12/2016 - 17:06:46 - [] R---D C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 16/07/2016 - 08:47:50 - [] R---D C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
O43 - CFD: 16/07/2016 - 08:48:01 - [] R---D C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
O43 - CFD: 03/11/2016 - 18:17:31 - [] ----D C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
~ Program Folder: 212 Scanned in 00mn 02s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.35C08E009F7B026D43CA3C2DDA736C25] - 12/12/2016 - 08:56:41 ---A- . (.Microsoft Corporation - Legacy Phone Enrollment API BackCompat Shim.) -- C:\Windows\System32\enrollmentapi.dll   [180224]
O44 - LFC:[MD5.11D3620AB49916F0179316888852A570] - 14/12/2016 - 10:52:38 ---A- . (.Microsoft Corporation - WSMan HTTP Configuration File.) -- C:\Windows\System32\WSManHTTPConfig.exe   [32256]
O44 - LFC:[MD5.31D39097AC99F6A539A363A5722485C2] - 14/12/2016 - 10:52:39 ---A- . (.Microsoft Corporation - Assistente para mapear unidades e locais de.) -- C:\Windows\System32\netplwiz.dll   [278016]
O44 - LFC:[MD5.59F44051BCD479E70446506B7E4E78BB] - 14/12/2016 - 10:52:39 ---A- . (.Microsoft Corporation - Construtor de Pontos de Extremidade de Áudi.) -- C:\Windows\System32\AudioEndpointBuilder.dll   [337920]
O44 - LFC:[MD5.F2924292A6E176536C598F03B2AB3786] - 14/12/2016 - 10:52:39 ---A- . (.Microsoft Corporation - Host Process for Network Driver Configurati.) -- C:\Windows\System32\NetCfgNotifyObjectHost.exe   [86016]
O44 - LFC:[MD5.1C986DC8F4FDA1B040AC1176FB24467F] - 14/12/2016 - 10:52:39 ---A- . (.Microsoft Corporation - Serviço de Áudio do Windows.) -- C:\Windows\System32\audiosrv.dll   [942080]
O44 - LFC:[MD5.8019685F581BD9E0C605D227383CFF58] - 14/12/2016 - 10:52:39 ---A- . (.Microsoft Corporation - Windows Health Center WSC Interop.) -- C:\Windows\System32\wscinterop.dll   [159232]
O44 - LFC:[MD5.8054F43873E02C41D7D6B73955F7EED8] - 14/12/2016 - 10:52:40 ---A- . (.Microsoft Corporation - Background Transfer Background Manager Poli.) -- C:\Windows\System32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll   [110080]
O44 - LFC:[MD5.7AF01F6539F66128237A3D7E62EE1135] - 14/12/2016 - 10:52:40 ---A- . (.Microsoft Corporation - Crypto WinRT Library.) -- C:\Windows\System32\CryptoWinRT.dll   [376832]
O44 - LFC:[MD5.F25A86C9E36402BD4E76B7B5C2301C4B] - 14/12/2016 - 10:52:40 ---A- . (.Microsoft Corporation - Extensões de Serviços de Energia do Modo de.) -- C:\Windows\System32\umpoext.dll   [96256]
O44 - LFC:[MD5.302C6A5649494779A2CD86492E16AB73] - 14/12/2016 - 10:52:40 ---A- . (.Microsoft Corporation - Extensões do Shell para compartilhamento.) -- C:\Windows\System32\ntshrui.dll   [842240]
O44 - LFC:[MD5.30CED9C2EBD1CA0E3F47A31B3C1E4CBD] - 14/12/2016 - 10:52:40 ---A- . (.Microsoft Corporation - Painel de controle do usuário.) -- C:\Windows\System32\usercpl.dll   [1359360]
O44 - LFC:[MD5.FB081DD05891F05ECF6B015CBD7AEC8F] - 14/12/2016 - 10:52:40 ---A- . (.Microsoft Corporation - Segurança e Manutenção.) -- C:\Windows\System32\wscui.cpl   [1220096]
O44 - LFC:[MD5.4EC62F8C60191A2710294C8BDFEECB9A] - 14/12/2016 - 10:52:41 ---A- . (.Microsoft Corporation - API da Central de Segurança do Windows.) -- C:\Windows\System32\wscapi.dll   [198856]
O44 - LFC:[MD5.E4AE313316CCE407A393DDF15690BEB0] - 14/12/2016 - 10:52:41 ---A- . (.Microsoft Corporation - Audio Engine.) -- C:\Windows\System32\AudioEng.dll   [534096]
O44 - LFC:[MD5.12563643B2A0D6AD44392F23A34119E8] - 14/12/2016 - 10:52:41 ---A- . (.Microsoft Corporation - Sessão de Áudio.) -- C:\Windows\System32\AudioSes.dll   [590960]
O44 - LFC:[MD5.1EABA23A7305A232C9A16C14806ED091] - 14/12/2016 - 10:52:42 ---A- . (.Microsoft Corporation - DLL de Realtime WorkQueue.) -- C:\Windows\System32\RTWorkQ.dll   [163752]
O44 - LFC:[MD5.E2DD2E5BDCCD225670831B439826065B] - 14/12/2016 - 10:52:42 ---A- . (.Microsoft Corporation - Enumerador NT Plug and Play PCI.) -- C:\Windows\System32\Drivers\pci.sys   [335712]
O44 - LFC:[MD5.E584CDC70F694F9A984A060A8291EB04] - 14/12/2016 - 10:52:42 ---A- . (.Microsoft Corporation - Internet Extensions para Win32.) -- C:\Windows\System32\wininet.dll   [2669056]
O44 - LFC:[MD5.2DF07B2560A3E961C1CA6ABBB4400C68] - 14/12/2016 - 10:52:42 ---A- . (.Microsoft Corporation - Security Support Provider Interface.) -- C:\Windows\System32\sspicli.dll   [172528]
O44 - LFC:[MD5.7715BF8720E38F77E69B1B688DCD719D] - 14/12/2016 - 10:52:42 ---A- . (.Microsoft Corporation - VPNIKE Protocol Engine - Test dll.) -- C:\Windows\System32\vpnike.dll   [587776]
O44 - LFC:[MD5.9C86A399648A6FC9A4016B336CAA9F86] - 14/12/2016 - 10:52:43 ---A- . (.Microsoft Corporation - Configurar Processador Autônomo de Comandos.) -- C:\Windows\System32\setupugc.exe   [125952]
O44 - LFC:[MD5.9627BBAA50878F6833A6A7843EE3B1D9] - 14/12/2016 - 10:52:46 ---A- . (.Microsoft Corporation - Game Input Protocol Driver.) -- C:\Windows\System32\Drivers\xboxgip.sys   [258560]
O44 - LFC:[MD5.FB42A5A74A56DF6A85929B81860F1B64] - 14/12/2016 - 10:52:46 ---A- . (.Microsoft Corporation - IE ActiveX Interface Marshaling Library.) -- C:\Windows\System32\ieproxy.dll   [690688]
O44 - LFC:[MD5.D4D12BC29DE0F09280868FDCA65B3474] - 14/12/2016 - 10:52:46 ---A- . (.Microsoft Corporation - Longhorn SMB Downlevel SubRdr.) -- C:\Windows\System32\Drivers\mrxsmb10.sys   [282624]
O44 - LFC:[MD5.00C24D6FDEF221DDA1625836702AFC6C] - 14/12/2016 - 10:52:47 ---A- . (.Microsoft Corporation - Windows BitLocker Drive Encryption API.) -- C:\Windows\System32\fveapi.dll   [730624]
O44 - LFC:[MD5.4851F31B5BFBC2F164A317BD70F82E9C] - 14/12/2016 - 10:52:48 ---A- . (.Microsoft Corporation - API de Acesso Remoto.) -- C:\Windows\System32\rasapi32.dll   [632320]
O44 - LFC:[MD5.7EF363096F4411D0EEE1270C73EA2535] - 14/12/2016 - 10:52:48 ---A- . (.Microsoft Corporation - ExplorerFrame.) -- C:\Windows\System32\ExplorerFrame.dll   [4708864]
O44 - LFC:[MD5.E72280A50E35C3402276E5C8B02C784C] - 14/12/2016 - 10:52:48 ---A- . (.Microsoft Corporation - Network Configuration API.) -- C:\Windows\System32\NetSetupShim.dll   [489472]
O44 - LFC:[MD5.9A0E0B836413EB0BC885532D2A5389D6] - 14/12/2016 - 10:52:48 ---A- . (.Microsoft Corporation - Serviço Central de Segurança do Windows.) -- C:\Windows\System32\wscsvc.dll   [184832]
O44 - LFC:[MD5.B6699EAD25D76CCA04ACA8CEEB8508E6] - 14/12/2016 - 10:52:49 ---A- . (.Microsoft Corporation - Audio Ks Endpoint.) -- C:\Windows\System32\AUDIOKSE.dll   [418952]
O44 - LFC:[MD5.D8FA419B49A4EFC3F2CE3BCB881B797F] - 14/12/2016 - 10:52:49 ---A- . (.Microsoft Corporation - DirectX Graphics Infrastructure.) -- C:\Windows\System32\dxgi.dll   [637400]
O44 - LFC:[MD5.F79BFB5588B777C71734C1D1EC129D07] - 14/12/2016 - 10:52:49 ---A- . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\System32\rasmans.dll   [657920]
O44 - LFC:[MD5.79939990A672F2ED0F56E70475C2EB35] - 14/12/2016 - 10:52:49 ---A- . (.Microsoft Corporation - Provedor de Conexão de Plataforma de Notifi.) -- C:\Windows\System32\wpnprv.dll   [615424]
O44 - LFC:[MD5.30C9B8967B561B2C8BBA8027F09F4FB2] - 14/12/2016 - 10:52:49 ---A- . (.Microsoft Corporation - System settings network mobile handlers gro.) -- C:\Windows\System32\NetworkMobileSettings.dll   [2510848]
O44 - LFC:[MD5.3D2079B85B9D87D025E0C3E23CDA1D75] - 14/12/2016 - 10:52:50 ---A- . (.Microsoft Corporation - DeviceFlows DataModel.) -- C:\Windows\System32\DeviceFlows.DataModel.dll   [2084352]
O44 - LFC:[MD5.0243E66C562B7FBE9697A36141D177BB] - 14/12/2016 - 10:52:50 ---A- . (.Microsoft Corporation - Núcleo de Automação de Interface de Usuário.) -- C:\Windows\System32\UIAutomationCore.dll   [1709056]
O44 - LFC:[MD5.B8C0D620219ECAA23A2AC841EAF454D1] - 14/12/2016 - 10:52:50 ---A- . (.Microsoft Corporation - Serviço WSMan.) -- C:\Windows\System32\WsmSvc.dll   [2716672]
O44 - LFC:[MD5.517644763301E25D21FF48F8A894CAC3] - 14/12/2016 - 10:52:51 ---A- . (.Microsoft Corporation - Direct3D 11 Runtime.) -- C:\Windows\System32\d3d11.dll   [2828376]
O44 - LFC:[MD5.99C236BDF40912E253650B562DB65235] - 14/12/2016 - 10:52:51 ---A- . (.Microsoft Corporation - Microsoft Windows Codecs Library.) -- C:\Windows\System32\WindowsCodecs.dll   [1738560]
O44 - LFC:[MD5.4CCAD745F8CB73E02B2BE685D3094F5D] - 14/12/2016 - 10:52:51 ---A- . (.Microsoft Corporation - Microsoft ® JScript.) -- C:\Windows\System32\jscript9.dll   [4746752]
O44 - LFC:[MD5.5163F5BABAE1FF8CCC0AFD60B6EDD20A] - 14/12/2016 - 10:52:51 ---A- . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll   [2317312]
O44 - LFC:[MD5.3968825A109FE7940D5DB648556D756C] - 14/12/2016 - 10:52:52 ---A- . (.Microsoft Corporation - API de Armazenamento Microsoft WinRT.) -- C:\Windows\System32\windows.storage.dll   [7219672]
O44 - LFC:[MD5.0BD00AE0D8AAF0A62FDBAE8856F152D9] - 14/12/2016 - 10:52:52 ---A- . (.Microsoft Corporation - Direct3D 10 Rasterizer.) -- C:\Windows\System32\d3d10warp.dll   [2677544]
O44 - LFC:[MD5.587F8B85DA3328512DBF396D595DCCCF] - 14/12/2016 - 10:52:55 ---A- . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\Windows\System32\shell32.dll   [22224480]
O44 - LFC:[MD5.39D428A31DA525F730D3262ADCA41CCE] - 14/12/2016 - 10:52:56 ---A- . (.Microsoft Corporation - Plataforma da Web do Microsoft Edge.) -- C:\Windows\System32\edgehtml.dll   [22563328]
O44 - LFC:[MD5.A9FAD443A2F9424AB7B21A183050F206] - 14/12/2016 - 10:52:56 ---A- . (.Microsoft Corporation - Windows.UI.Xaml dll.) -- C:\Windows\System32\Windows.UI.Xaml.dll   [17188352]
O44 - LFC:[MD5.86DBBA9B08AB9DDA31C2F49E9F8EEFD9] - 14/12/2016 - 10:52:57 ---A- . (.Microsoft Corporation - Canonical Display Driver.) -- C:\Windows\System32\cdd.dll   [227328]
O44 - LFC:[MD5.19F2B54EE8861D90579BD0E3AE5182F9] - 14/12/2016 - 10:52:57 ---A- . (.Microsoft Corporation - DirectX Graphics Kernel.) -- C:\Windows\System32\Drivers\dxgkrnl.sys   [2189664]
O44 - LFC:[MD5.D24345315139AAF6E3DF106344EE9422] - 14/12/2016 - 10:52:57 ---A- . (.Microsoft Corporation - DirectX Graphics MMS.) -- C:\Windows\System32\Drivers\dxgmms2.sys   [658784]
O44 - LFC:[MD5.DCDA84B4419F9A9520D831273B087967] - 14/12/2016 - 10:52:58 ---A- . (.Microsoft Corporation - IndexedDb host.) -- C:\Windows\System32\indexeddbserver.dll   [261632]
O44 - LFC:[MD5.25A2DFE2ACE0CA2B7CCEF337EBEA672E] - 14/12/2016 - 10:52:58 ---A- . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll   [23677952]
O44 - LFC:[MD5.5634BF53BE184314A82E638EAD67DE73] - 14/12/2016 - 10:52:59 ---A- . (.Microsoft Corporation - DirectX Graphics MMS.) -- C:\Windows\System32\Drivers\dxgmms1.sys   [402272]
O44 - LFC:[MD5.7C98397279D619956D6A7F9294FA5C5F] - 14/12/2016 - 10:52:59 ---A- . (.Microsoft Corporation - Driver de Kernel de Win32k Base.) -- C:\Windows\System32\win32kbase.sys   [1512960]
O44 - LFC:[MD5.9CE8024075A91397B1059DE58C76502D] - 14/12/2016 - 10:52:59 ---A- . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll   [1779712]
O44 - LFC:[MD5.997050BEA4A90A3DBF69C7393BD54C08] - 14/12/2016 - 10:53:00 ---A- . (.Microsoft Corporation - Microsoft ® Chakra (Private).) -- C:\Windows\System32\Chakra.dll   [8129536]
O44 - LFC:[MD5.B5EBC4909DC4BA8D3757F6A65AF32A95] - 14/12/2016 - 10:53:00 ---A- . (.Microsoft Corporation - Windows.UI.Xaml.Resources dll.) -- C:\Windows\System32\Windows.UI.Xaml.Resources.dll   [1631232]
O44 - LFC:[MD5.FAE5D9725F3E1BE1214FBD92A190D01A] - 14/12/2016 - 10:53:04 ---A- . (.Microsoft Corporation - EDP Cleanup.) -- C:\Windows\System32\EDPCleanup.exe   [143360]
O44 - LFC:[MD5.B600F3021B9991C8EC72938E6D25A282] - 14/12/2016 - 10:53:04 ---A- . (.Microsoft Corporation - Microsoft Distributed Transaction Coordinat.) -- C:\Windows\System32\msdtcuiu.dll   [306176]
O44 - LFC:[MD5.003A750CF9401B57FD41263188134CDA] - 14/12/2016 - 10:53:04 ---A- . (.Microsoft Corporation - ReportingCSP.) -- C:\Windows\System32\ReportingCSP.dll   [109056]
O44 - LFC:[MD5.3CE2B6AECB9AF8BC159299EEC46A35CA] - 14/12/2016 - 10:53:05 ---A- . (.Microsoft Corporation - Dll de servidor empresarial.) -- C:\Windows\System32\EnterpriseAppMgmtSvc.dll   [285696]
O44 - LFC:[MD5.D23738B17E5B74BC4D6BB58A3B103C35] - 14/12/2016 - 10:53:05 ---A- . (.Microsoft Corporation - EAMProgressHandler.) -- C:\Windows\System32\EAMProgressHandler.dll   [41472]
O44 - LFC:[MD5.1A2871BEA49447B68194D0A2BF6759AA] - 14/12/2016 - 10:53:05 ---A- . (.Microsoft Corporation - Https Data Source Library.) -- C:\Windows\System32\HttpsDataSource.dll   [81408]
O44 - LFC:[MD5.3717827707AC0C50E670F842666FFA87] - 14/12/2016 - 10:53:05 ---A- . (.Microsoft Corporation - MDM Registration DLL.) -- C:\Windows\System32\mdmregistration.dll   [187392]
O44 - LFC:[MD5.0B854C8F588D38CBA00C2B1889A11F2A] - 14/12/2016 - 10:53:06 ---A- . (.Microsoft Corporation - API do Microsoft Passport.) -- C:\Windows\System32\cryptngc.dll   [381952]
O44 - LFC:[MD5.07EA23DB96222D373E81CD2E4EFDE528] - 14/12/2016 - 10:53:06 ---A- . (.Microsoft Corporation - Agente de Recuperação do Microsoft Windows.) -- C:\Windows\System32\ReAgentc.exe   [34816]
O44 - LFC:[MD5.38D8CA93EC675696D8F4A39C3081A515] - 14/12/2016 - 10:53:06 ---A- . (.Microsoft Corporation - Application Impact Telemetry Static Analyze.) -- C:\Windows\System32\aitstatic.exe   [1691136]
O44 - LFC:[MD5.DB0C3558378D0D752F52919BA10FF05E] - 14/12/2016 - 10:53:06 ---A- . (.Microsoft Corporation - DLL do Auxiliar de Leitor de Tela.) -- C:\Windows\System32\SRH.dll   [1002496]
O44 - LFC:[MD5.85220DEC5309BDF0A0F2CBEDADE6EF45] - 14/12/2016 - 10:53:06 ---A- . (.Microsoft Corporation - Shell de conexões de rede.) -- C:\Windows\System32\netshell.dll   [2800128]
O44 - LFC:[MD5.A5D48D65A9D0CB4C0DB8F76C76BA9BCC] - 14/12/2016 - 10:53:08 ---A- . (.Microsoft Corporation - Microsoft Windows ® WinRT core library.) -- C:\Windows\System32\wincorlib.dll   [380928]
O44 - LFC:[MD5.A8AE70993C0FB8DB0EA893B451E36367] - 14/12/2016 - 10:53:08 ---A- . (.Microsoft Corporation - SearchFolder.) -- C:\Windows\System32\SearchFolder.dll   [366080]
O44 - LFC:[MD5.0257EB6E424875D1FFEF193FED1F2F2E] - 14/12/2016 - 10:53:09 ---A- . (.Microsoft Corporation - Application Reputation APIs Dll.) -- C:\Windows\System32\apprepapi.dll   [176128]
O44 - LFC:[MD5.F8C0699FAA8C4A4A3F3C45FAF3D1D903] - 14/12/2016 - 10:53:09 ---A- . (.Microsoft Corporation - Módulo PnP de SysPrep.) -- C:\Windows\System32\sppnp.dll   [178176]
O44 - LFC:[MD5.A736567105C8ECE9135C84E23273CE79] - 14/12/2016 - 10:53:10 ---A- . (.Microsoft Corporation - DM Certificate Installer.) -- C:\Windows\System32\dmcertinst.exe   [147968]
O44 - LFC:[MD5.620316E17FB073F9FA519AD0CA9FA615] - 14/12/2016 - 10:53:10 ---A- . (.Microsoft Corporation - Enroll Engine DLL.) -- C:\Windows\System32\dmenrollengine.dll   [455168]
O44 - LFC:[MD5.81C7314FEF69EE047D94AC2BC72F18D2] - 14/12/2016 - 10:53:10 ---A- . (.Microsoft Corporation - EnterpriseModernAppMgmtCSP.) -- C:\Windows\System32\EnterpriseModernAppMgmtCSP.dll   [163840]
O44 - LFC:[MD5.4005682897714B769CDAE9965C9F732F] - 14/12/2016 - 10:53:10 ---A- . (.Microsoft Corporation - Policy Manager DLL.) -- C:\Windows\System32\policymanager.dll   [266544]
O44 - LFC:[MD5.09CF47A74BFB480B8262FCEE222004B6] - 14/12/2016 - 10:53:11 ---A- . (.Microsoft Corporation - DLL do Serviço de Gerenciamento do Windows.) -- C:\Windows\System32\Windows.Internal.Management.dll   [407552]
O44 - LFC:[MD5.488302B09300EB1CFDE4EDAD21390A68] - 14/12/2016 - 10:53:11 ---A- . (.Microsoft Corporation - DPAPI Server.) -- C:\Windows\System32\dpapisrv.dll   [198144]
O44 - LFC:[MD5.1CB6B8E8E4B483D65BC4F13E755211C8] - 14/12/2016 - 10:53:11 ---A- . (.Microsoft Corporation - Implementação de Manipuladores de Armazenam.) -- C:\Windows\System32\SettingsHandlers_StorageSense.dll   [574464]
O44 - LFC:[MD5.A324C1FBD3BC34DD0C88E97E5E75EF5C] - 14/12/2016 - 10:53:11 ---A- . (.Microsoft Corporation - Migration System Isolation Layer.) -- C:\Windows\System32\migisol.dll   [142176]
O44 - LFC:[MD5.0CC546199EA54CB510176DB999A455A3] - 14/12/2016 - 10:53:11 ---A- . (.Microsoft Corporation - Tarefa AppRepSync.) -- C:\Windows\System32\apprepsync.dll   [379392]
O44 - LFC:[MD5.BD56EA20694C18421E7A616CEAA05D39] - 14/12/2016 - 10:53:11 ---A- . (.Microsoft Corporation - Windows H265 Video Decoder.) -- C:\Windows\System32\hevcdecoder.dll   [2186896]
O44 - LFC:[MD5.2892EB16D39C6F6E27BF8A9276B49F20] - 14/12/2016 - 10:53:12 ---A- . (.Microsoft Corporation - API for MDM Enrollment DLL.) -- C:\Windows\System32\enterprisecsps.dll   [1004544]
O44 - LFC:[MD5.28CF4575C39A0662138E6C6A0B107BCB] - 14/12/2016 - 10:53:12 ---A- . (.Microsoft Corporation - API for MDM Enrollment.) -- C:\Windows\System32\DeviceEnroller.exe   [172544]
O44 - LFC:[MD5.AC5344ED480F896C3BCE688F0AAE5144] - 14/12/2016 - 10:53:12 ---A- . (.Microsoft Corporation - Biblioteca de Primitivos Criptografados do.) -- C:\Windows\System32\bcrypt.dll   [168424]
O44 - LFC:[MD5.33DBBCF71F68EA97D9FD34E4C9AB5AC6] - 14/12/2016 - 10:53:12 ---A- . (.Microsoft Corporation - DLL do Serviço de Estação de Trabalho.) -- C:\Windows\System32\wkssvc.dll   [283648]
O44 - LFC:[MD5.7B07A0CFEB7F5B6C016433C15DCCA9E7] - 14/12/2016 - 10:53:12 ---A- . (.Microsoft Corporation - DLL dos Tipos de Base do Windows.) -- C:\Windows\System32\WinTypes.dll   [1267512]
O44 - LFC:[MD5.F26AACA6DC392FE1C903FE866B039958] - 14/12/2016 - 10:53:12 ---A- . (.Microsoft Corporation - Mecanismo de Protocolo Personalizado.) -- C:\Windows\System32\rascustom.dll   [347648]
O44 - LFC:[MD5.B72D26074E72A757D788FB1BEF8B2F2E] - 14/12/2016 - 10:53:13 ---A- . (.Microsoft Corporation - Common Log File System Driver.) -- C:\Windows\System32\Drivers\clfs.sys   [377184]
O44 - LFC:[MD5.2269644E1163FEE49D3D3B04372B13B1] - 14/12/2016 - 10:53:13 ---A- . (.Microsoft Corporation - DLL do Auxiliar de Leitor de Tela.) -- C:\Windows\System32\SRHInproc.dll   [2009600]
O44 - LFC:[MD5.851ED52AE3E62CD5374BD4BBFF7A9DAB] - 14/12/2016 - 10:53:13 ---A- . (.Microsoft Corporation - Driver de Barramento Bluetooth.) -- C:\Windows\System32\Drivers\bthport.sys   [967168]
O44 - LFC:[MD5.9C09E3057378ADE13AFB1C43C9D13F64] - 14/12/2016 - 10:53:13 ---A- . (.Microsoft Corporation - Microsoft Passport Container.) -- C:\Windows\System32\NgcCtnr.dll   [409088]
O44 - LFC:[MD5.D5EFC0BAEC21EDE6FE03D377D403B421] - 14/12/2016 - 10:53:14 ---A- . (.Microsoft Corporation - Serviço do Gerenciador de Sessão Local.) -- C:\Windows\System32\lsm.dll   [691712]
O44 - LFC:[MD5.B0D9B87B795B7833C9152441CBD55CC4] - 14/12/2016 - 10:53:15 ---A- . (.Microsoft Corporation - Kernel Cryptography, Next Generation.) -- C:\Windows\System32\Drivers\cng.sys   [624048]
O44 - LFC:[MD5.D0B1B74D085035CE6BA5AFCE4AC7F725] - 14/12/2016 - 10:53:15 ---A- . (.Microsoft Corporation - Provedor de Credenciais do Microsoft Passpo.) -- C:\Windows\System32\ngccredprov.dll   [641024]
O44 - LFC:[MD5.80316B3EB295BFA0E8B155A0A79869FB] - 14/12/2016 - 10:53:16 ---A- . (.Microsoft Corporation - Biblioteca Principal de DWM da Microsoft.) -- C:\Windows\System32\dwmcore.dll   [2287616]
O44 - LFC:[MD5.AF6963414B820B7C45578ED3300438A7] - 14/12/2016 - 10:53:16 ---A- . (.Microsoft Corporation - Driver do Subsistema de Buffer da Unidade R.) -- C:\Windows\System32\Drivers\rdbss.sys   [433504]
O44 - LFC:[MD5.93A77008A8932FC84A173C4E97E52874] - 14/12/2016 - 10:53:16 ---A- . (.Microsoft Corporation - Longhorn SMB 2.0 Redirector.) -- C:\Windows\System32\Drivers\mrxsmb20.sys   [223584]
O44 - LFC:[MD5.B50F4C3A4DE252EA5E7656A4438F0792] - 14/12/2016 - 10:53:17 ---A- . (.Microsoft Corporation - Microsoft COM para Windows.) -- C:\Windows\System32\combase.dll   [2913144]
O44 - LFC:[MD5.5160B6F5CCB2DBFDC6FBF00604BF80B8] - 14/12/2016 - 10:53:17 ---A- . (.Microsoft Corporation - Microsoft DTV-DVD Video Decoder.) -- C:\Windows\System32\msmpeg2vdec.dll   [2482280]
O44 - LFC:[MD5.8F1AF1A559291DE87C91C9FBC15BDB80] - 14/12/2016 - 10:53:18 ---A- . (.Microsoft Corporation - Compatibility Appraiser.) -- C:\Windows\System32\appraiser.dll   [1637728]
O44 - LFC:[MD5.DCB77F9C30B269461B59E87810EE2B43] - 14/12/2016 - 10:53:18 ---A- . (.Microsoft Corporation - Compatibility Upgrade Migration Host.) -- C:\Windows\System32\acmigration.dll   [137568]
O44 - LFC:[MD5.A1D2D0F342A11179AE4D4640416ED6CA] - 14/12/2016 - 10:53:19 ---A- . (.Microsoft Corporation - Gerenciamento de Otimização de Entrega.) -- C:\Windows\System32\domgmt.dll   [324096]
O44 - LFC:[MD5.704FE1155EAE560979226C6902115B2D] - 14/12/2016 - 10:53:19 ---A- . (.Microsoft Corporation - Otimização de Entrega.) -- C:\Windows\System32\dosvc.dll   [1232384]
O44 - LFC:[MD5.151AEA80776413C9FCE3185A10EB4B00] - 14/12/2016 - 10:53:20 ---A- . (.Microsoft Corporation - DLL do servidor LSA.) -- C:\Windows\System32\lsasrv.dll   [1490944]
O44 - LFC:[MD5.E337677FFD088B87F5D7876F0ED3EC34] - 14/12/2016 - 10:53:21 ---A- . (.Microsoft Corporation - Jupiter Map Control.) -- C:\Windows\System32\JpMapControl.dll   [1060864]
O44 - LFC:[MD5.A93C9B9EBE2FDE5A536000D72CC17F7F] - 14/12/2016 - 10:53:21 ---A- . (.Microsoft Corporation - Microsoft (R) CDP User Components.) -- C:\Windows\System32\cdpusersvc.dll   [339456]
O44 - LFC:[MD5.EC99B92C40EA47862BF1723EDA9BE55D] - 14/12/2016 - 10:53:21 ---A- . (.Microsoft Corporation - NMAA.) -- C:\Windows\System32\NMAA.dll   [936448]
O44 - LFC:[MD5.87BF36C0AD9398C7C5AF48CA9C7F3E56] - 14/12/2016 - 10:53:21 ---A- . (.Microsoft Corporation - Windows Runtime AppCapture DLL.) -- C:\Windows\System32\AppCapture.dll   [170496]
O44 - LFC:[MD5.E4207E8B3FCD84B019E03B51B57CE4C1] - 14/12/2016 - 10:53:21 ---A- . (.Microsoft Corporation - Windows Runtime BcastDVRHelper DLL.) -- C:\Windows\System32\BcastDVRHelper.dll   [198656]
O44 - LFC:[MD5.02DB72679572E637F4688596F12CFBEA] - 14/12/2016 - 10:53:22 ---A- . (.Microsoft Corporation - Controles de Identidade.) -- C:\Windows\System32\IdCtrls.dll   [115200]
O44 - LFC:[MD5.BB08E753C027F5FEECA835759F180014] - 14/12/2016 - 10:53:22 ---A- . (.Microsoft Corporation - Extensões de shell para Emparelhamento de D.) -- C:\Windows\System32\DevicePairing.dll   [567296]
O44 - LFC:[MD5.0DCF6AF8987CD9EEBAB548A593380C3E] - 14/12/2016 - 10:53:24 ---A- . (.Microsoft Corporation - Continuar a partir do aplicativo de inicial.) -- C:\Windows\System32\winresume.exe   [894096]
O44 - LFC:[MD5.E6BA6FF8E956F684524CF5DBBB053687] - 14/12/2016 - 10:53:24 ---A- . (.Microsoft Corporation - Enviar mensagem.) -- C:\Windows\System32\sendmail.dll   [136192]
O44 - LFC:[MD5.2F495415E9E3386C82B3A2459D93ABD0] - 14/12/2016 - 10:53:24 ---A- . (.Microsoft Corporation - Explorador de Jogos.) -- C:\Windows\System32\gameux.dll   [2611200]
O44 - LFC:[MD5.74C191A1BF7AD5AD63432E104E1D7A54] - 14/12/2016 - 10:53:24 ---A- . (.Microsoft Corporation - OS Loader.) -- C:\Windows\System32\winload.exe   [1173496]
O44 - LFC:[MD5.8C02F264C60183EEFCE1ED27FDF006DC] - 14/12/2016 - 10:53:24 ---A- . (.Microsoft Corporation - Objeto de serviço do shell de Systray.) -- C:\Windows\System32\stobject.dll   [389632]
O44 - LFC:[MD5.11BDDEDDCAC6CD65A6A082DF53ED0F39] - 14/12/2016 - 10:53:25 ---A- . (.Microsoft Corporation - Central de Sincronização da Microsoft.) -- C:\Windows\System32\SyncCenter.dll   [3400192]
O44 - LFC:[MD5.A8594741E7FFBA9579715E9451066533] - 14/12/2016 - 10:53:25 ---A- . (.Microsoft Corporation - Continuar a partir do aplicativo de inicial.) -- C:\Windows\System32\winresume.efi   [1051112]
O44 - LFC:[MD5.DAA6A4E3DD36F21A486901284D7BBFB1] - 14/12/2016 - 10:53:25 ---A- . (.Microsoft Corporation - DIAL Server DLL.) -- C:\Windows\System32\dialserver.dll   [164352]
O44 - LFC:[MD5.183B7A1DCA847669FB16A7392535B095] - 14/12/2016 - 10:53:25 ---A- . (.Microsoft Corporation - OS Loader.) -- C:\Windows\System32\winload.efi   [1354320]
O44 - LFC:[MD5.BBB6B1F731DC954B833115DA90A89597] - 14/12/2016 - 10:53:26 ---A- . (.Microsoft Corporation - <d> ACP Background Manager Policy DLL.) -- C:\Windows\System32\ACPBackgroundManagerPolicy.dll   [159744]
O44 - LFC:[MD5.CAAF0CD70FEE7C5110B1E62804E41B17] - 14/12/2016 - 10:53:26 ---A- . (.Microsoft Corporation - Gerenciador de Mapas Baixados.) -- C:\Windows\System32\moshost.dll   [82944]
O44 - LFC:[MD5.4333EB2F0D4EFD6591CC2007F8EBA26C] - 14/12/2016 - 10:53:26 ---A- . (.Microsoft Corporation - MosStorage.) -- C:\Windows\System32\MosStorage.dll   [89600]
O44 - LFC:[MD5.2925A1C60E081F0B51699C148AE1925A] - 14/12/2016 - 10:53:26 ---A- . (.Microsoft Corporation - NT Secure Kernel.) -- C:\Windows\System32\securekernel.exe   [455520]
O44 - LFC:[MD5.5729FB886E5B0663C6CE1D7F6CCEA566] - 14/12/2016 - 10:53:26 ---A- . (.Microsoft Corporation - RDXTaskFactory.) -- C:\Windows\System32\RDXTaskFactory.dll   [366080]
O44 - LFC:[MD5.BC198A2793B6B84789D9C159AE146298] - 14/12/2016 - 10:53:27 ---A- . (.Microsoft Corporation - Maps Background Transfer Service.) -- C:\Windows\System32\MapsBtSvc.dll   [151040]
O44 - LFC:[MD5.AA9A5061D81F59B8DB107A871CE96CEE] - 14/12/2016 - 10:53:27 ---A- . (.Microsoft Corporation - Media Foundation Playback API DLL.) -- C:\Windows\System32\MFPlay.dll   [424616]
O44 - LFC:[MD5.C1DBD5C3898237A2C8065D7722C8EA36] - 14/12/2016 - 10:53:28 ---A- . (.Microsoft Corporation - Servidor de Execução Moderno.) -- C:\Windows\System32\modernexecserver.dll   [960000]
O44 - LFC:[MD5.4CD89AE11FF2D1C8C5FB4579E42C870B] - 14/12/2016 - 10:53:29 ---A- . (.Microsoft Corporation - Broadcast DVR server.) -- C:\Windows\System32\bcastdvr.exe   [620544]
O44 - LFC:[MD5.35202E997F51B4832FF77F52CAC06695] - 14/12/2016 - 10:53:29 ---A- . (.Microsoft Corporation - Downloaded Maps Manager Core.) -- C:\Windows\System32\moshostcore.dll   [313856]
O44 - LFC:[MD5.675A95DCF8F9C66122A4E3357E95C6DF] - 14/12/2016 - 10:53:29 ---A- . (.Microsoft Corporation - Launch Windows App.) -- C:\Windows\System32\LaunchWinApp.exe   [43008]
O44 - LFC:[MD5.B2988953AF18B7DEDDE06B195A8DEE64] - 14/12/2016 - 10:53:29 ---A- . (.Microsoft Corporation - Map Control Core.) -- C:\Windows\System32\MapControlCore.dll   [905216]
O44 - LFC:[MD5.32D5C807FCC03D07AE7C3616FAF5CD08] - 14/12/2016 - 10:53:29 ---A- . (.Microsoft Corporation - MapConfiguration.) -- C:\Windows\System32\MapConfiguration.dll   [446976]
O44 - LFC:[MD5.C31AFDF95FE4162ACCA59DB5FBA14EF3] - 14/12/2016 - 10:53:29 ---A- . (.Microsoft Corporation - Microsoft Windows MRM.) -- C:\Windows\System32\MrmCoreR.dll   [1069720]
O44 - LFC:[MD5.2E6612376D257F74781F2EF1F869D8C3] - 14/12/2016 - 10:53:29 ---A- . (.Microsoft Corporation - Serviço Microsoft (R) CDP.) -- C:\Windows\System32\cdpsvc.dll   [411648]
O44 - LFC:[MD5.5BEEB27D8F314D94773FA6568740AE13] - 14/12/2016 - 10:53:30 ---A- . (.Microsoft Corporation - GDI Client DLL.) -- C:\Windows\System32\gdi32full.dll   [1572768]
O44 - LFC:[MD5.CDBD029BAEC8D09F6FBD404632D9AF28] - 14/12/2016 - 10:53:30 ---A- . (.Microsoft Corporation - Partition driver.) -- C:\Windows\System32\Drivers\partmgr.sys   [128352]
O44 - LFC:[MD5.976EB2566EF7A48DD80BEEDE63DE1C65] - 14/12/2016 - 10:53:31 ---A- . (.Microsoft Corporation - CloudExperienceHost.) -- C:\Windows\System32\CloudExperienceHost.dll   [241504]
O44 - LFC:[MD5.45198B71B548B113A18ACD0D9DF7F686] - 14/12/2016 - 10:53:31 ---A- . (.Microsoft Corporation - DLL de nível do NT.) -- C:\Windows\System32\ntdll.dll   [1886344]
O44 - LFC:[MD5.5C98A144C06B806976FA4F5BEEBD4D10] - 14/12/2016 - 10:53:31 ---A- . (.Microsoft Corporation - Maps Store Dll.) -- C:\Windows\System32\MapsStore.dll   [1031680]
O44 - LFC:[MD5.5DE2049D5F57C1D142F36FA9CE443693] - 14/12/2016 - 10:53:31 ---A- . (.Microsoft Corporation - Microsoft CoreMessaging Dll.) -- C:\Windows\System32\CoreMessaging.dll   [764392]
O44 - LFC:[MD5.DA446593637409C623A1F308371F0505] - 14/12/2016 - 10:53:31 ---A- . (.Microsoft Corporation - ShareHost.) -- C:\Windows\System32\ShareHost.dll   [716800]
O44 - LFC:[MD5.4E10FB1A015B49AC68F76C1A3F4D9C0F] - 14/12/2016 - 10:53:31 ---A- . (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\explorer.exe   [4673304]
O44 - LFC:[MD5.DA842AEF3EED0C980036B5E6A8E51F4F] - 14/12/2016 - 10:53:32 ---A- . (.Microsoft Corporation - DLL cliente da API BASE do Windows NT.) -- C:\Windows\System32\KernelBase.dll   [2213760]
O44 - LFC:[MD5.90E6A44311F392E63043D4B395FEBE80] - 14/12/2016 - 10:53:32 ---A- . (.Microsoft Corporation - Núcleo de Notificações por Push do Windows.) -- C:\Windows\System32\wpncore.dll   [1366016]
O44 - LFC:[MD5.BD71ABBF635991C41569163DE31AB674] - 14/12/2016 - 10:53:33 ---A- . (.Microsoft Corporation - Maps Geocoder.) -- C:\Windows\System32\MapGeocoder.dll   [2953216]
O44 - LFC:[MD5.1F5FF8C45418A3D47DC73D612EFBD47E] - 14/12/2016 - 10:53:34 ---A- . (.Microsoft Corporation - API do Cliente Microsoft (R) CDP.) -- C:\Windows\System32\cdp.dll   [5114368]
O44 - LFC:[MD5.1E75344E86ED73D0FDCA29F3435F9FFF] - 14/12/2016 - 10:53:34 ---A- . (.Microsoft Corporation - Maps Router.) -- C:\Windows\System32\MapRouter.dll   [3441152]
O44 - LFC:[MD5.88125659EFA273D90BF43F34D1209032] - 14/12/2016 - 10:53:35 ---A- . (.Microsoft Corporation - Bing Map Control.) -- C:\Windows\System32\BingMaps.dll   [7812096]
O44 - LFC:[MD5.9EDCF34001A705B3F0F065E6A4D340CC] - 14/12/2016 - 10:53:35 ---A- . (.Microsoft Corporation - mos.) -- C:\Windows\System32\mos.dll   [7654400]
O44 - LFC:[MD5.A930AD470CBCBEEAA2B684325453D48A] - 14/12/2016 - 10:53:36 ---A- . (.Microsoft Corporation - Full/Desktop Win32k Kernel Driver.) -- C:\Windows\System32\win32kfull.sys   [3616768]
O44 - LFC:[MD5.6343BD5C58F385703454D47416EE0100] - 14/12/2016 - 10:53:37 ---A- . (.Microsoft Corporation - Full/Desktop Multi-User Win32 Driver.) -- C:\Windows\System32\win32k.sys   [206848]
O44 - LFC:[MD5.9F2965CB4D07ED5420C3E01A94888E21] - 14/12/2016 - 10:53:37 ---A- . (.Microsoft Corporation - Paint.) -- C:\Windows\System32\mspaint.exe   [6664192]
O44 - LFC:[MD5.047038089EBA9376B3B280C50243263C] - 14/12/2016 - 10:53:37 ---A- . (.Microsoft Corporation - TWINUI.) -- C:\Windows\System32\twinui.dll   [9131008]
O44 - LFC:[MD5.83D459A5CBAF13FA700EBCFD35C8E98A] - 14/12/2016 - 10:53:38 ---A- . (.Microsoft Corporation - DataSense Handler Implementation.) -- C:\Windows\System32\DataSenseHandlers.dll   [495104]
O44 - LFC:[MD5.32F359D2120A8C670FE650994A9FF419] - 14/12/2016 - 10:53:38 ---A- . (.Microsoft Corporation - Shell UI.) -- C:\Windows\System32\Windows.UI.Shell.dll   [49152]
O44 - LFC:[MD5.C415587AC829504F74ACE07066A0402F] - 14/12/2016 - 10:53:38 ---A- . (.Microsoft Corporation - System Settings Handlers Implementation.) -- C:\Windows\System32\SettingsHandlers_nt.dll   [4749312]
O44 - LFC:[MD5.C46EA86BF0E7C96235E9064CBAD6ED26] - 14/12/2016 - 10:53:40 ---A- . (.Microsoft Corporation - DLL de cliente API de usuário Windows para.) -- C:\Windows\System32\user32.dll   [1461200]
O44 - LFC:[MD5.F20DD184C8DC1BEF7863BEE44BB3D09F] - 14/12/2016 - 10:53:40 ---A- . (.Microsoft Corporation - DLL de servidor MSCTF.) -- C:\Windows\System32\msctf.dll   [1418312]
O44 - LFC:[MD5.981159C5094E4C2AD4DADCEDF3E8F532] - 14/12/2016 - 10:53:40 ---A- . (.Microsoft Corporation - Navegador da Internet.) -- C:\Windows\System32\ieframe.dll   [13084160]
O44 - LFC:[MD5.04E33678D2737E0612084F0AAFBFE832] - 14/12/2016 - 10:53:41 ---A- . (.Microsoft Corporation - EDITIONUPGRADEHELPER.DLL.) -- C:\Windows\System32\EditionUpgradeHelper.dll   [161792]
O44 - LFC:[MD5.033C350C64617BA4F65084BD0B78385E] - 14/12/2016 - 10:53:41 ---A- . (.Microsoft Corporation - Windows System Reset Platform Plugin for MD.) -- C:\Windows\System32\RjvMDMConfig.dll   [105984]
O44 - LFC:[MD5.55CA5329D1ADEB8F8034045930147AE4] - 14/12/2016 - 10:53:42 ---A- . (.Microsoft Corporation - Driver de Servidor Smb 2.0.) -- C:\Windows\System32\Drivers\srv2.sys   [713216]
O44 - LFC:[MD5.0D50B3F3AB32D416786B58D4553859CE] - 14/12/2016 - 10:53:42 ---A- . (.Microsoft Corporation - Driver de dispositivo de modem.) -- C:\Windows\System32\Drivers\modem.sys   [42496]
O44 - LFC:[MD5.9DAA32C2B9E9E60259491BBFD6F1EB88] - 14/12/2016 - 10:53:42 ---A- . (.Microsoft Corporation - InstallAgent.) -- C:\Windows\System32\InstallAgent.exe   [211968]
O44 - LFC:[MD5.2CB858F99F34CCECC72BE24B2000817F] - 14/12/2016 - 10:53:42 ---A- . (.Microsoft Corporation - InstallAgentUserBroker.) -- C:\Windows\System32\InstallAgentUserBroker.exe   [260608]
O44 - LFC:[MD5.3B9487062A0CFF44131EAC1731CA47CE] - 14/12/2016 - 10:53:43 ---A- . (.Microsoft Corporation - "EditBufferTestHook.DYNLINK".) -- C:\Windows\System32\EditBufferTestHook.dll   [85504]
O44 - LFC:[MD5.8F8B9B67E8BAFE7AEE433609D5DE8076] - 14/12/2016 - 10:53:43 ---A- . (.Microsoft Corporation - "InputLocaleManager.DYNLINK".) -- C:\Windows\System32\InputLocaleManager.dll   [119296]
O44 - LFC:[MD5.C1C8560C3FA7E2F970CB134393B594BC] - 14/12/2016 - 10:53:43 ---A- . (.Microsoft Corporation - "WordBreakers.DYNLINK".) -- C:\Windows\System32\WordBreakers.dll   [40448]
O44 - LFC:[MD5.3344B87342E5235D870ECDAC88A9E7B2] - 14/12/2016 - 10:53:43 ---A- . (.Microsoft Corporation - DLL de Tempo de Execução da Estrutura de Te.) -- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll   [320000]
O44 - LFC:[MD5.F00D9885A1B3173B75E9C2A954238984] - 14/12/2016 - 10:53:43 ---A- . (.Microsoft Corporation - Pastas compactadas (zipadas).) -- C:\Windows\System32\zipfldr.dll   [388096]
O44 - LFC:[MD5.B91FBE7CB4633FEB32AFBD0B48576396] - 14/12/2016 - 10:53:43 ---A- . (.Microsoft Corporation - Serviços de Armazenamento.) -- C:\Windows\System32\StorSvc.dll   [396800]
O44 - LFC:[MD5.96ADD6454DC4FC40CCEE4C1B195E0EA8] - 14/12/2016 - 10:53:43 ---A- . (.Microsoft Corporation - StoreAgent.) -- C:\Windows\System32\StoreAgent.dll   [748544]
O44 - LFC:[MD5.C4049F43A5BC629689B2629D50EECF3F] - 14/12/2016 - 10:53:43 ---A- . (.Microsoft Corporation - Sysprep provider for Provisioning.) -- C:\Windows\System32\ProvSysprep.dll   [68096]
O44 - LFC:[MD5.A078282A109E2FC4EA26430D5D602830] - 14/12/2016 - 10:53:43 ---A- . (.Microsoft Corporation - Windows Runtime OnlineId Authentication DLL.) -- C:\Windows\System32\Windows.Security.Authentication.OnlineId.dll   [981504]
O44 - LFC:[MD5.C30FB61C85D12E1F7DDEFEA141F79DB4] - 14/12/2016 - 10:53:43 ---A- . (.Microsoft Corporation - Windows.UI.Core.TextInput dll.) -- C:\Windows\System32\Windows.UI.Core.TextInput.dll   [261120]
O44 - LFC:[MD5.AD7A39B37059851994BC59D18513E13A] - 14/12/2016 - 10:53:44 ---A- . (.Microsoft Corporation - "TextInputFramework.DYNLINK".) -- C:\Windows\System32\TextInputFramework.dll   [433664]
O44 - LFC:[MD5.B6337AC6D2C16E4050362711041B2DA4] - 14/12/2016 - 10:53:44 ---A- . (.Microsoft Corporation - CloudStorageWizard.) -- C:\Windows\System32\CloudStorageWizard.exe   [187520]
O44 - LFC:[MD5.B69B3DCCF4C87451F738330C94A99AC9] - 14/12/2016 - 10:53:44 ---A- . (.Microsoft Corporation - DeviceReactivation.) -- C:\Windows\System32\DeviceReactivation.dll   [101216]
O44 - LFC:[MD5.0660F4A14F9D2A2F59B26B1D74F1A6D0] - 14/12/2016 - 10:53:44 ---A- . (.Microsoft Corporation - RDXService.) -- C:\Windows\System32\RDXService.dll   [650752]
O44 - LFC:[MD5.524086B8BB70DDE6C167F9CC5DC129DD] - 14/12/2016 - 10:53:45 ---A- . (.Microsoft Corporation - Media Foundation MKV Media Source and Sink.) -- C:\Windows\System32\mfmkvsrcsnk.dll   [870400]
O44 - LFC:[MD5.EC449756B377F4330B2885567112ACF5] - 14/12/2016 - 10:53:46 ---A- . (.Microsoft Corporation - ActiveX Interface Marshaling Library.) -- C:\Windows\System32\actxprxy.dll   [3542016]
O44 - LFC:[MD5.C5C184635BA06F8F707BB8837D1F7BD1] - 14/12/2016 - 10:53:46 ---A- . (.Microsoft Corporation - ContentDeliveryManager.Utilities.) -- C:\Windows\System32\ContentDeliveryManager.Utilities.dll   [603488]
O44 - LFC:[MD5.BFC3A0E0D9CA0BC28FFDDB1999794970] - 14/12/2016 - 10:53:46 ---A- . (.Microsoft Corporation - Windows Search URI Handler.) -- C:\Windows\System32\Windows.Shell.Search.UriHandler.dll   [58880]
O44 - LFC:[MD5.DE6DF9BBBECAFDEF462A37D839167368] - 14/12/2016 - 10:53:47 ---A- . (.Microsoft Corporation - Aplicativo de Logon do Windows.) -- C:\Windows\System32\winlogon.exe   [673792]
O44 - LFC:[MD5.FB72606571F97668A773079A3A3A3ADF] - 14/12/2016 - 10:53:47 ---A- . (.Microsoft Corporation - DLL de Tempo de Execução da Windows Store.) -- C:\Windows\System32\Windows.ApplicationModel.Store.dll   [1859264]
O44 - LFC:[MD5.46171262D0E806779DEEDFCAB2F830CC] - 14/12/2016 - 10:53:47 ---A- . (.Microsoft Corporation - Driver de Dispositivo TPM.) -- C:\Windows\System32\Drivers\tpm.sys   [219488]
O44 - LFC:[MD5.F107BF38350045A51AEBFA2C4E0E03B7] - 14/12/2016 - 10:53:47 ---A- . (.Microsoft Corporation - Media Foundation Audio Converter DLL.) -- C:\Windows\System32\mfaudiocnv.dll   [126568]
O44 - LFC:[MD5.24B894CCC09F373C8E0883E31A7A1CB0] - 14/12/2016 - 10:53:47 ---A- . (.Microsoft Corporation - Microsoft Text InputService Dll.) -- C:\Windows\System32\InputService.dll   [2820096]
O44 - LFC:[MD5.4CDF5A5841E22456E7D64CC01B41E6AF] - 14/12/2016 - 10:53:47 ---A- . (.Microsoft Corporation - Obtenha sua licença do Windows.) -- C:\Windows\System32\EditionUpgradeManagerObj.dll   [882680]
O44 - LFC:[MD5.0C2545B95A19F573D335608680B0C31D] - 14/12/2016 - 10:53:47 ---A- . (.Microsoft Corporation - Provedor de Credencial Facial.) -- C:\Windows\System32\facecredentialprovider.dll   [411136]
O44 - LFC:[MD5.40C1E763ACB4FCB8744C220D7B1A4800] - 14/12/2016 - 10:53:48 ---A- . (.Microsoft Corporation - AAD Cloud AP Plugin.) -- C:\Windows\System32\aadcloudap.dll   [425984]
O44 - LFC:[MD5.96A380C14A4FFC2883A00FFB250EBD44] - 14/12/2016 - 10:53:48 ---A- . (.Microsoft Corporation - AppX Deployment Extensions OneCore DLL.) -- C:\Windows\System32\AppXDeploymentExtensions.onecore.dll   [1692672]
O44 - LFC:[MD5.E15711970C5BE05E8D70B294D0AFF621] - 14/12/2016 - 10:53:48 ---A- . (.Microsoft Corporation - Serviço Conta da Microsoft®.) -- C:\Windows\System32\wlidsvc.dll   [2104320]
O44 - LFC:[MD5.4F41459377C3C1B05BF46B7C0D50125A] - 14/12/2016 - 10:53:48 ---A- . (.Microsoft Corporation - Software Protection Platform Windows Plugin.) -- C:\Windows\System32\sppwinob.dll   [743224]
O44 - LFC:[MD5.7B2301A9FE0A9B1DF7A321F1E044BA41] - 14/12/2016 - 10:53:49 ---A- . (.Microsoft Corporation - AAD Token Broker Helper Library.) -- C:\Windows\System32\aadtb.dll   [1121280]
O44 - LFC:[MD5.9B5701A33BA8CE1E547645FFAF4CDD18] - 14/12/2016 - 10:53:49 ---A- . (.Microsoft Corporation - Media Foundation Core DLL.) -- C:\Windows\System32\mfcore.dll   [4130432]
O44 - LFC:[MD5.7FC2CEE4B16F4E9AEB5565C9429FC5A5] - 14/12/2016 - 10:53:49 ---A- . (.Microsoft Corporation - Media Foundation Platform DLL.) -- C:\Windows\System32\mfplat.dll   [1473048]
O44 - LFC:[MD5.8D7AC60330B3E96C4D00E682437868D0] - 14/12/2016 - 10:53:50 ---A- . (...) -- C:\Windows\System32\CoreUIComponents.dll   [2681200]
O44 - LFC:[MD5.2C1CEC25F6D92871F38960E2E84CC3EE] - 14/12/2016 - 10:53:50 ---A- . (.Microsoft Corporation - DLL do Servidor de Implantação AppX.) -- C:\Windows\System32\AppXDeploymentServer.dll   [2275840]
O44 - LFC:[MD5.C6E7C0577523905FF4FF3B0D5A036A3B] - 14/12/2016 - 10:53:50 ---A- . (.Microsoft Corporation - NT Kernel & System.) -- C:\Windows\System32\ntoskrnl.exe   [7816032]
O44 - LFC:[MD5.70D5AF138FDBDF97F8A6415C596C80E4] - 14/12/2016 - 10:53:51 ---A- . (.Microsoft Corporation - DLL de Coletor e Fonte MPEG4 do Media Found.) -- C:\Windows\System32\mfmp4srcsnk.dll   [1988560]
O44 - LFC:[MD5.18F00DE0A1E18D8740B589BABE1965D8] - 14/12/2016 - 10:53:51 ---A- . (.Microsoft Corporation - Media Foundation Simple Video Renderer DLL.) -- C:\Windows\System32\mfsvr.dll   [1062480]
O44 - LFC:[MD5.4C80C700BA6B90EE9ED878EEBE67851D] - 14/12/2016 - 10:53:51 ---A- . (.Microsoft Corporation - Software Protection Platform Plugins.) -- C:\Windows\System32\sppobjs.dll   [1600624]
O44 - LFC:[MD5.666090378138806ECC581835FB134C8B] - 14/12/2016 - 10:53:52 ---A- . (.Microsoft Corporation - Media Foundation Media Engine DLL.) -- C:\Windows\System32\MFMediaEngine.dll   [3777536]
O44 - LFC:[MD5.20A7D1848593F5988A2ACE63F22DE8BF] - 14/12/2016 - 10:53:52 ---A- . (.Microsoft Corporation - Windows Media Runtime DLL.) -- C:\Windows\System32\Windows.Media.dll   [6285312]
O44 - LFC:[MD5.88104DF1A924408A61B35438A0596A1B] - 14/12/2016 - 10:53:52 ---A- . (.Microsoft Corporation - Windows.UI.Search.) -- C:\Windows\System32\Windows.UI.Search.dll   [909312]
O44 - LFC:[MD5.6012019C0E09D6194E0E6144B4859EB2] - 14/12/2016 - 10:53:53 ---A- . (.Microsoft Corporation - LicenseManager.) -- C:\Windows\System32\LicenseManager.dll   [1293152]
O44 - LFC:[MD5.8A6F3A7F4ED2687171FFA0C598FED595] - 14/12/2016 - 10:53:55 ---A- . (.Microsoft Corporation - Logon User Experience.) -- C:\Windows\System32\Windows.UI.Logon.dll   [2688512]
O44 - LFC:[MD5.8439DB137E719EBFF71FD20586AAA2B4] - 14/12/2016 - 10:53:56 ---A- . (.Microsoft Corporation - <d> CBT Background Manager Policy DLL.) -- C:\Windows\System32\CbtBackgroundManagerPolicy.dll   [40960]
O44 - LFC:[MD5.EF63052EC54A826B484455FB9DB62E0E] - 14/12/2016 - 10:53:56 ---A- . (.Microsoft Corporation - TDL Store Event Handlers.) -- C:\Windows\System32\VEStoreEventHandlers.dll   [158720]
O44 - LFC:[MD5.1D8F285E38781C2688FCBD249B4AA50C] - 14/12/2016 - 10:53:56 ---A- . (.Microsoft Corporation - Windows StateRepository API Broker.) -- C:\Windows\System32\Windows.StateRepositoryBroker.dll   [73216]
O44 - LFC:[MD5.13F5191092A5767D17BAB667395BA42F] - 14/12/2016 - 10:53:56 ---A- . (.Microsoft Corporation - Windows StateRepository API Broker.) -- C:\Windows\System32\Windows.StateRepositoryClient.dll   [122880]
O44 - LFC:[MD5.9E700419EA86397448296B7D9B195907] - 14/12/2016 - 10:53:57 ---A- . (.Microsoft Corporation - Activation Manager.) -- C:\Windows\System32\ActivationManager.dll   [389632]
O44 - LFC:[MD5.CBA63D4B9F8A9117A59703EF18DABC53] - 14/12/2016 - 10:54:01 ---A- . (.Microsoft Corporation - DLL de diálogos comuns.) -- C:\Windows\System32\comdlg32.dll   [991232]
O44 - LFC:[MD5.DEE66FE9F9001BC60D757E5CCD01E0E8] - 14/12/2016 - 10:54:01 ---A- . (.Microsoft Corporation - DisplayManager.) -- C:\Windows\System32\DisplayManager.dll   [185344]
O44 - LFC:[MD5.DC79517FEBFB066CEA6BDBD376DA9C08] - 14/12/2016 - 10:54:01 ---A- . (.Microsoft Corporation - Limpeza do pacote do Idioma MUI.) -- C:\Windows\System32\lpremove.exe   [68096]
O44 - LFC:[MD5.FA918EC296EB410FF02867D008D02421] - 14/12/2016 - 10:54:02 ---A- . (.Microsoft Corporation - Fast FAT File System Driver.) -- C:\Windows\System32\Drivers\fastfat.sys   [352096]
O44 - LFC:[MD5.3BBD41D11F3888F2500CB5A5FBF5A9B2] - 14/12/2016 - 10:54:02 ---A- . (.Microsoft Corporation - Storage Protection Windows Runtime DLL.) -- C:\Windows\System32\efswrt.dll   [590336]
O44 - LFC:[MD5.3C69CC28665854F1AAB4B4005005FA31] - 14/12/2016 - 10:54:03 ---A- . (.Microsoft Corporation - Aplicativo de serviços e controle.) -- C:\Windows\System32\services.exe   [454592]
O44 - LFC:[MD5.D07C0FEBC9CF05306DDD3B8320BD1331] - 14/12/2016 - 10:54:03 ---A- . (.Microsoft Corporation - BrowserBroker.) -- C:\Windows\System32\browserbroker.dll   [98304]
O44 - LFC:[MD5.B202DB61CBB01C34EF1083225B869BB0] - 14/12/2016 - 10:54:03 ---A- . (.Microsoft Corporation - Microsoft Distributed Transaction Coordinat.) -- C:\Windows\System32\msdtcprx.dll   [870912]
O44 - LFC:[MD5.3C26EB27EA2D1ADE809434D330A9FA3C] - 14/12/2016 - 10:54:03 ---A- . (.Microsoft Corporation - VPNv2CSP.) -- C:\Windows\System32\VPNv2CSP.dll   [107520]
O44 - LFC:[MD5.9458B2D945C676A0795823C76B8B506A] - 14/12/2016 - 10:54:03 ---A- . (.Microsoft Corporation - Windows Lock Application Framework DLL.) -- C:\Windows\System32\Windows.ApplicationModel.LockScreen.dll   [324608]
O44 - LFC:[MD5.8FC3E97C6063915D1F3DBA35930169FC] - 14/12/2016 - 10:54:04 ---A- . (.Microsoft Corporation - Configurações.) -- C:\Windows\System32\SystemSettingsAdminFlows.exe   [360040]
O44 - LFC:[MD5.7F6BDCFC4EB0E47EBA67F8CEC404C26C] - 14/12/2016 - 10:54:04 ---A- . (.Microsoft Corporation - HV Loader.) -- C:\Windows\System32\hvloader.efi   [947552]
O44 - LFC:[MD5.12736C69D73EB8A0D2889CBE167217E2] - 14/12/2016 - 10:54:04 ---A- . (.Microsoft Corporation - HV Loader.) -- C:\Windows\System32\hvloader.exe   [811872]
O44 - LFC:[MD5.52A50D6838A6ED4255FF8B0CE2BC4B11] - 14/12/2016 - 10:54:04 ---A- . (.Microsoft Corporation - WINDOWS.UI.IMMERSIVE.) -- C:\Windows\System32\Windows.UI.Immersive.dll   [1726976]
O44 - LFC:[MD5.613FF7815E475EEB84F898A9FB1F658E] - 14/12/2016 - 10:54:05 ---A- . (.Microsoft Corporation - Windows Application Data API Server.) -- C:\Windows\System32\Windows.Storage.ApplicationData.dll   [328008]
O44 - LFC:[MD5.6B02A2756E4D3D4DB0DF5A71A5A7E1E0] - 14/12/2016 - 10:54:05 ---A- . (.Microsoft Corporation - Windows Update Agent plugin for Windows.) -- C:\Windows\System32\wuuhext.dll   [391168]
O44 - LFC:[MD5.D5C59218EDAD5E424C33D825DD797C49] - 14/12/2016 - 10:54:06 ---A- . (.Microsoft Corporation - Hypervisor V2.0.) -- C:\Windows\System32\hvax64.exe   [989024]
O44 - LFC:[MD5.9664CEE01F1F168FD201C1972DB2C718] - 14/12/2016 - 10:54:06 ---A- . (.Microsoft Corporation - Módulo de interface com o usuário do editor.) -- C:\Windows\System32\wsecedit.dll   [1477632]
O44 - LFC:[MD5.D7F8E55D7AECA523B2B88EA04545B995] - 14/12/2016 - 10:54:07 ---A- . (.Microsoft Corporation - Controlador da Experiência de Usuário de Lo.) -- C:\Windows\System32\LogonController.dll   [717824]
O44 - LFC:[MD5.1067D34BEEA34E48E4D30F37F6AA93AF] - 14/12/2016 - 10:54:07 ---A- . (.Microsoft Corporation - DLL do Cliente de Implantação AppX.) -- C:\Windows\System32\AppXDeploymentClient.dll   [410112]
O44 - LFC:[MD5.9A077360DC6A6BF2E364FE4A47DC9854] - 14/12/2016 - 10:54:07 ---A- . (.Microsoft Corporation - Hypervisor V2.0.) -- C:\Windows\System32\hvix64.exe   [1100128]
O44 - LFC:[MD5.FCC7B4C5CAD998DC936251247AB22C9A] - 14/12/2016 - 10:54:07 ---A- . (.Microsoft Corporation - Microsoft OLE para Windows.) -- C:\Windows\System32\ole32.dll   [1274712]
O44 - LFC:[MD5.94552B30376D315653BE815BEFAC5AD4] - 14/12/2016 - 10:54:07 ---A- . (.Microsoft Corporation - Microsoft Windows PlayTo Manager.) -- C:\Windows\System32\PlayToManager.dll   [539136]
O44 - LFC:[MD5.A0746EF6C5AB7A17A67BC167167499C1] - 14/12/2016 - 10:54:08 ---A- . (.Microsoft Corporation - AppReadiness.) -- C:\Windows\System32\AppReadiness.dll   [560128]
O44 - LFC:[MD5.F1A1EBBFDC04204B89E1B4C4E9EF753E] - 14/12/2016 - 10:54:08 ---A- . (.Microsoft Corporation - Microsoft Distributed Transaction Coordinat.) -- C:\Windows\System32\msdtctm.dll   [1589760]
O44 - LFC:[MD5.6C9AD8E67F7D1F7AA735A9299D261816] - 14/12/2016 - 10:54:08 ---A- . (.Microsoft Corporation - System Settings Admin Flow XAML UI Implemen.) -- C:\Windows\System32\SystemSettingsThresholdAdminFlowUI.dll   [2852864]
O44 - LFC:[MD5.4E330AD1EED4A5D582EE415FD55953A2] - 14/12/2016 - 10:54:10 ---A- . (.Microsoft Corporation - Servidor da API de StateRepository do Windo.) -- C:\Windows\System32\Windows.StateRepository.dll   [4136448]
O44 - LFC:[MD5.06244AE293E04AB801876B9059DC7615] - 14/12/2016 - 10:54:10 ---A- . (.Microsoft Corporation - Windows Installer.) -- C:\Windows\System32\msi.dll   [3059200]
O44 - LFC:[MD5.2F3EA67476D78958F91E070C14A8E31B] - 14/12/2016 - 10:54:13 ---A- . (.Microsoft Corporation - Microsoft PlayReady Client Framework Dll.) -- C:\Windows\System32\Windows.Media.Protection.PlayReady.dll   [8168000]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/12/2016 - 12:34:38 ---A- . (...) -- C:\Windows\MEMORY.DMP   [1060923740]
O44 - LFC:[MD5.C37A3215E6B4AA74289542BB75657D3D] - 16/12/2016 - 15:32:17 ---A- . (.Microsoft Corporation - Ferramentas de Remoção de Software Mal-Inte.) -- C:\Windows\System32\MRT.exe   [135632432]
O44 - LFC:[MD5.130BFB4EA94AE4A8AF89EB3D53628B7E] - 18/12/2016 - 12:27:12 ---A- . (...) -- C:\Windows\System32\FNTCACHE.DAT   [419336]
O44 - LFC:[MD5.7563534CD0723968895DA9B3C9CB73DC] - 18/12/2016 - 12:33:31 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI   [1401548]
O44 - LFC:[MD5.6EC9F03BB6CF761609F8DDEA252C9113] - 18/12/2016 - 12:33:31 ---A- . (...) -- C:\Windows\System32\perfc009.dat   [156580]
O44 - LFC:[MD5.DED87A3B8EACE753A35F5C6DAE58B753] - 18/12/2016 - 12:33:31 ---A- . (...) -- C:\Windows\System32\perfh009.dat   [753566]
O44 - LFC:[MD5.AAD29B211ABCD1B44F08D2136A1B95CA] - 18/12/2016 - 12:33:31 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [77778]
O44 - LFC:[MD5.1BE3058AC17B59910A1C00DC57D1A6E9] - 18/12/2016 - 12:33:31 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [409268]
O44 - LFC:[MD5.8213C5972C91A56BE78CD02A4DE4E3FC] - 23/12/2016 - 12:29:05 ---A- . (.Sysinternals - www.sysinternals.com - Process Explorer.) -- C:\Windows\System32\Drivers\PROCEXP152.SYS   [34328]
O44 - LFC:[MD5.8746A4DB6FC74C83D801857897FBE010] - 26/12/2016 - 15:37:35 ---A- . (.1XB2GV - No Comment.) -- C:\Windows\System32\Drivers\6d68b42e205e8cb19194f902d4b37ada.sys   [95048]
O44 - LFC:[MD5.ED01FE4B7E4268F8A05565C3097E2CF6] - 26/12/2016 - 15:37:39 ---A- . (...) -- C:\Windows\d70c1249622fd6fd2d3bdc6181f310a6.exe   [1833654]
O44 - LFC:[MD5.01A44D42459A29E3D636A4C134FD0AEE] - 26/12/2016 - 15:50:50 ---A- . (...) -- C:\Windows\PFRO.log   [433542]
O44 - LFC:[MD5.7BB7FEA480343902F6AC70284777D82C] - 26/12/2016 - 17:12:34 ---A- . (.GAS Tecnologia - GAS Tecnologia - FAC.) -- C:\Windows\System32\Drivers\wsddfac.sys   [101080]
O44 - LFC:[MD5.A3BD9C007056C99F7AEF8EE904723E67] - 26/12/2016 - 17:13:49 ---A- . (.GAS Tecnologia - GAS Tecnologia - REG.) -- C:\Windows\System32\Drivers\gbpddreg64.sys   [29816]
O44 - LFC:[MD5.2C4EBDC89887B46652883224B017516E] - 26/12/2016 - 17:13:51 ---A- . (.GAS Tecnologia - GAS Tecnologia - FAC.) -- C:\Windows\System32\Drivers\gbpddfac64.sys   [28888]
O44 - LFC:[MD5.E608750503473877BB90059A3FC6A0DF] - 26/12/2016 - 17:14:15 -S-A- . (...) -- C:\Windows\bootstat.dat   [67584]
O44 - LFC:[MD5.038356387332650843BCB352BB89A101] - 26/12/2016 - 18:53:47 ---A- . (...) -- C:\Windows\WindowsUpdate.log   [275]
~ Files: 262 Scanned in 01mn 05s



---\\ Últimos arquivos criados no Windows Prefetcher (045)
O45 - LFCP:[MD5.C6142B41DDC4335F9E234B0DCC2843F5] - 15/12/2016 - 09:22:24 ---A- - C:\Windows\Prefetch\ISAFESVC.EXE-D978E07F.pf  =>Trojan.Staser
O45 - LFCP:[MD5.32F69AC56281AA89A7541637E6265393] - 15/12/2016 - 09:22:28 ---A- - C:\Windows\Prefetch\ISAFESVC2.EXE-9783F0A1.pf  =>Trojan.Staser
O45 - LFCP:[MD5.3AA8B43837459B6A9F938CA40F280EBD] - 19/12/2016 - 08:49:30 ---A- - C:\Windows\Prefetch\ISAFETHLP.EXE-3540C4E3.pf  =>Trojan.Staser
O45 - LFCP:[MD5.C00A4A454C22D805226F358331E43C07] - 15/12/2016 - 09:22:34 ---A- - C:\Windows\Prefetch\ISAFETHLP64.EXE-AEDBD295.pf  =>Trojan.Staser
O45 - LFCP:[MD5.666D78577A5F28BF74DC5B377129FA69] - 26/12/2016 - 08:27:00 ---A- - C:\Windows\Prefetch\ISAFETRAY.EXE-91550E03.pf  =>Trojan.Staser
~ Prefetcher: 5 Scanned in 00mn 02s



---\\ Negação do serviço (Local Security Authority) (048)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\Windows\System32\scecli.dll
~ LSA: 3 Scanned in 00mn 00s



---\\ Controlo do Modo de Segurança (CSB) (49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\Ahcache.sys . (.Microsoft Corporation - Application Compatibility Cache.) -- C:\Windows\System32\Drivers\Ahcache.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\BasicDisplay.sys . (.Microsoft Corporation - Microsoft Basic Display Driver.) -- C:\Windows\System32\Drivers\BasicDisplay.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\BasicRender.sys . (.Microsoft Corporation - Microsoft Basic Render Driver.) -- C:\Windows\System32\Drivers\BasicRender.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dxgkrnl.sys . (.Microsoft Corporation - DirectX Graphics Kernel.) -- C:\Windows\System32\Drivers\dxgkrnl.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\FsDepends.sys . (.Microsoft Corporation - File System Dependency Manager Mini Filter Driver.) -- C:\Windows\System32\Drivers\FsDepends.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\iai2c.sys . (.Intel(R) Corporation - Intel(R) Serial IO I2C Driver.) -- C:\Windows\System32\Drivers\iai2c.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\SpbCx.sys . (.Microsoft Corporation - SPB Class Extension.) -- C:\Windows\System32\Drivers\SpbCx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\uefi.sys . (.Microsoft Corporation - UEFI Driver for NT.) -- C:\Windows\System32\Drivers\uefi.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Driver de Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\Ahcache.sys . (.Microsoft Corporation - Application Compatibility Cache.) -- C:\Windows\System32\Drivers\Ahcache.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\BasicDisplay.sys . (.Microsoft Corporation - Microsoft Basic Display Driver.) -- C:\Windows\System32\Drivers\BasicDisplay.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\BasicRender.sys . (.Microsoft Corporation - Microsoft Basic Render Driver.) -- C:\Windows\System32\Drivers\BasicRender.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dxgkrnl.sys . (.Microsoft Corporation - DirectX Graphics Kernel.) -- C:\Windows\System32\Drivers\dxgkrnl.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\FsDepends.sys . (.Microsoft Corporation - File System Dependency Manager Mini Filter Driver.) -- C:\Windows\System32\Drivers\FsDepends.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (...) -- C:\Windows\System32\Drivers\rdpencdd.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\SpbCx.sys . (.Microsoft Corporation - SPB Class Extension.) -- C:\Windows\System32\Drivers\SpbCx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\uefi.sys . (.Microsoft Corporation - UEFI Driver for NT.) -- C:\Windows\System32\Drivers\uefi.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Driver de Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
~ CSB: 24 Scanned in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - MRT.exe - C:\WINDOWS\TEMP\weaC6D1.tmp\Gubed.exe -Yrrehs
~ IFEO:  Scanned in 00mn 00s



---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
~ TDSD: 2 Scanned in 00mn 00s



---\\ Enumeração das chaves do registo SecurityProviders (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
~ MSCP: 2 Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "DSCAutomationHostEnabled"=2
O55 - MWPS:[HKLM\...\Policies\System] - "EnableCursorSuppression"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
~ MWPS: 17 Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoRecentDocsHistory"=0
~ MWPE Keys: 6 Scanned in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\Drivers\3ware.sys   [107360]
O58 - SDL:26/12/2016 - 15:37:35 ---A- . (.1XB2GV - No Comment.) -- C:\Windows\System32\Drivers\6d68b42e205e8cb19194f902d4b37ada.sys   [95048]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.PMC-Sierra - PMC-Sierra Storport  Driver For SPC8x6G SAS/SATA controller.) -- C:\Windows\System32\Drivers\adp80xx.sys   [1135456]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) -- C:\Windows\System32\Drivers\amdsata.sys   [83296]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\Windows\System32\Drivers\amdsbs.sys   [259424]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\Drivers\amdxata.sys   [26976]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\Drivers\arcsas.sys   [131936]
O58 - SDL:16/07/2016 - 08:41:50 ---A- . (.Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver.) -- C:\Windows\System32\Drivers\athw8x.sys   [4233728]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2  Device Driver.) -- C:\Windows\System32\Drivers\bcmfn.sys   [9728]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2  Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys   [9728]
O58 - SDL:13/07/2016 - 17:47:38 ---A- . (.Qualcomm Atheros - Qualcomm Atheros BtFilter Driver.) -- C:\Windows\System32\Drivers\btfilter.sys   [610336]
O58 - SDL:16/07/2016 - 08:41:52 ---A- . (.QLogic Corporation - QLogic Gigabit Ethernet VBD.) -- C:\Windows\System32\Drivers\bxvbda.sys   [533856]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.Chelsio Communications - Chelsio iSCSI Crash Dump Driver.) -- C:\Windows\System32\Drivers\cht4dx64.sys   [102752]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.Chelsio Communications - Chelsio iSCSI VMiniport Driver.) -- C:\Windows\System32\Drivers\cht4sx64.sys   [346976]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.Chelsio Communications - Virtual Bus Driver for Chelsio ® T4 Chipset.) -- C:\Windows\System32\Drivers\cht4vx64.sys   [2104160]
O58 - SDL:16/07/2016 - 08:41:52 ---A- . (.QLogic Corporation - QLogic 10 GigE VBD.) -- C:\Windows\System32\Drivers\evbda.sys   [3418976]
O58 - SDL:26/12/2016 - 17:13:51 ---A- . (.GAS Tecnologia - GAS Tecnologia - FAC.) -- C:\Windows\System32\Drivers\gbpddfac64.sys   [28888]
O58 - SDL:26/12/2016 - 17:13:49 ---A- . (.GAS Tecnologia - GAS Tecnologia - REG.) -- C:\Windows\System32\Drivers\gbpddreg64.sys   [29816]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\System32\Drivers\HpSAMD.sys   [64352]
O58 - SDL:16/07/2016 - 08:41:54 ---A- . (.Intel(R) Corporation - Intel(R) Serial IO GPIO Controller Driver.) -- C:\Windows\System32\Drivers\iagpio.sys   [33280]
O58 - SDL:16/07/2016 - 08:41:54 ---A- . (.Intel(R) Corporation - Intel(R) Serial IO I2C Driver.) -- C:\Windows\System32\Drivers\iai2c.sys   [81408]
O58 - SDL:16/07/2016 - 08:41:54 ---A- . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) -- C:\Windows\System32\Drivers\iaLPSS2i_GPIO2.sys   [64512]
O58 - SDL:16/07/2016 - 08:41:54 ---A- . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) -- C:\Windows\System32\Drivers\iaLPSS2i_I2C.sys   [176384]
O58 - SDL:16/07/2016 - 08:41:52 ---A- . (.Intel Corporation - Intel(R) Serial IO GPIO Controller Driver.) -- C:\Windows\System32\Drivers\iaLPSSi_GPIO.sys   [38128]
O58 - SDL:16/07/2016 - 08:41:50 ---A- . (.Intel Corporation - Intel(R) Serial IO I2C Controller Driver.) -- C:\Windows\System32\Drivers\iaLPSSi_I2C.sys   [113152]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.Intel Corporation - Intel(R) Rapid Storage Technology driver (inbox) - x64.) -- C:\Windows\System32\Drivers\iaStorAV.sys   [673120]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\System32\Drivers\iaStorV.sys   [412000]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.Mellanox - InfiniBand Fabric Bus Driver.) -- C:\Windows\System32\Drivers\ibbus.sys   [526176]
O58 - SDL:03/05/2016 - 23:30:46 ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\Drivers\igdkmd64.sys   [3811288]
O58 - SDL:21/08/2015 - 11:50:48 ----- . (.Intel(R) Corporation - Intel(R) Display Audio Driver.) -- C:\Windows\System32\Drivers\IntcDAud.sys   [463112]
O58 - SDL:01/12/2015 - 16:46:03 ---A- . (.Intel Corporation - Intel® WiDi Solution.) -- C:\Windows\System32\Drivers\intelaud.sys   [50160]
O58 - SDL:01/12/2015 - 16:46:03 ---A- . (.Intel Corporation - Intel® WiDi Solution.) -- C:\Windows\System32\Drivers\iwdbus.sys   [38896]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas.sys   [108896]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas2i.sys   [105824]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.Avago Technologies - Avago SAS Gen3 Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas3i.sys   [101216]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sss.sys   [82776]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\Drivers\megasas.sys   [59744]
O58 - SDL:05/10/2016 - 07:09:07 ---A- . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\Drivers\MegaSas2i.sys   [64352]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\Drivers\megasr.sys   [575840]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.Mellanox - MLX4 Bus Driver.) -- C:\Windows\System32\Drivers\mlx4_bus.sys   [842584]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) -- C:\Windows\System32\Drivers\mvumis.sys   [63840]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.Mellanox - NetworkDirect Support Filter Driver.) -- C:\Windows\System32\Drivers\ndfltr.sys   [108896]
O58 - SDL:16/07/2016 - 08:42:03 ---A- . (...) -- C:\Windows\System32\Drivers\NetAdapterCx.sys   [90624]
O58 - SDL:12/09/2016 - 21:15:22 ---A- . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 369.09.) -- C:\Windows\System32\Drivers\nvpciflt.sys   [57400]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\Drivers\nvraid.sys   [150368]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\Drivers\nvstor.sys   [166240]
O58 - SDL:03/06/2016 - 04:22:06 ---A- . (.NVIDIA Corporation - NVIDIA Virtual Audio Driver.) -- C:\Windows\System32\Drivers\nvvad64v.sys   [56384]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\Drivers\percsas2i.sys   [58720]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\Drivers\percsas3i.sys   [61792]
O58 - SDL:23/12/2016 - 12:29:05 ---A- . (.Sysinternals - www.sysinternals.com - Process Explorer.) -- C:\Windows\System32\Drivers\PROCEXP152.SYS   [34328]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.Realtek - Realtek 8136/8168/8169 NDIS 6.40 64-bit Driver.) -- C:\Windows\System32\Drivers\rt640x64.sys   [589824]
O58 - SDL:04/08/2015 - 00:21:50 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\RTKVHD64.sys   [4518136]
O58 - SDL:14/03/2016 - 06:51:46 ---A- . (.Realsil Semiconductor Corporation - RTS USB READER Driver.) -- C:\Windows\System32\Drivers\RtsUer.sys   [422656]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid2.sys   [44896]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid4.sys   [81760]
O58 - SDL:15/07/2016 - 07:42:42 ---A- . (.Synaptics Incorporated - Synaptics SMBus Driver.) -- C:\Windows\System32\Drivers\Smb_driver_AMDASF_Aux.sys   [50872]
O58 - SDL:15/07/2016 - 07:42:42 ---A- . (.Synaptics Incorporated - Synaptics SMBus Driver.) -- C:\Windows\System32\Drivers\Smb_driver_Intel.sys   [51392]
O58 - SDL:15/07/2016 - 07:42:42 ---A- . (.Synaptics Incorporated - Synaptics SMBus Driver.) -- C:\Windows\System32\Drivers\Smb_driver_Intel_Aux.sys   [51392]
O58 - SDL:05/09/2016 - 05:47:06 ---A- . (.Samsung Electronics Co., Ltd. - SAMSUNG USB Composite Device Driver.) -- C:\Windows\System32\Drivers\ssudbus.sys   [131712]
O58 - SDL:05/09/2016 - 05:47:12 ---A- . (.Samsung Electronics Co., Ltd. - SAMSUNG Android Modem Device Driver.) -- C:\Windows\System32\Drivers\ssudmdm.sys   [165504]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys   [31072]
O58 - SDL:15/07/2016 - 07:42:42 ---A- . (.Synaptics Incorporated - Synaptics Touchpad Win64 Driver.) -- C:\Windows\System32\Drivers\SynTP.sys   [622272]
O58 - SDL:19/01/2016 - 22:50:38 ---A- . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\Windows\System32\Drivers\TeeDriverW8x64.sys   [202032]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\Drivers\vsmraid.sys   [166752]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.VIA Corporation - VIA StorX RAID Controller Driver.) -- C:\Windows\System32\Drivers\VSTXRAID.SYS   [305504]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.Mellanox - Kernel WinMad.) -- C:\Windows\System32\Drivers\winmad.sys   [32096]
O58 - SDL:16/07/2016 - 08:41:53 ---A- . (.Mellanox - Kernel WinVerbs.) -- C:\Windows\System32\Drivers\winverbs.sys   [64864]
O58 - SDL:26/12/2016 - 17:12:34 ---A- . (.GAS Tecnologia - GAS Tecnologia - FAC.) -- C:\Windows\System32\Drivers\wsddfac.sys   [101080]
O58 - SDL:21/06/2016 - 16:24:27 ---A- . (.GAS Tecnologia - GAS Tecnologia LWF Driver.) -- C:\Windows\System32\Drivers\wsddntf.sys   [47176]
O58 - SDL:08/06/2016 - 18:43:01 ----- . (.GAS Tecnologia - GAS Tecnologia - PP.) -- C:\Windows\System32\Drivers\wsddpp.sys   [97376]
~ Drivers: 70 Scanned in 00mn 06s



---\\ Últimos ficheiros alterados ou criados (Utilizador) (061)
O61 - LFC: 22/12/2016 - 19:00:51 ---A- . (...) -- C:\Users\Jean\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Header.bin   [17128]
O61 - LFC: 24/12/2016 - 19:00:42 ---A- . (...) -- C:\Users\Jean\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\UWPEnum.dll   [95120]
O61 - LFC: 24/12/2016 - 19:00:42 ---A- . (.NVIDIA Corporation.) -- C:\Users\Jean\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe   [346512]
O61 - LFC: 24/12/2016 - 19:00:42 ---A- . (.NVIDIA Corporation.) -- C:\Users\Jean\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe   [403856]
O61 - LFC: 24/12/2016 - 19:00:42 ---A- . (.NVIDIA Corporation.) -- C:\Users\Jean\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\Ontology.dll   [2047888]
O61 - LFC: 26/12/2016 - 19:00:37 ---A- . (...) -- C:\Users\Jean\AppData\Local\Microsoft\Windows\UPPS\UPPS.bin   [16148]
O61 - LFC: 26/12/2016 - 19:00:42 ---A- . (...) -- C:\Users\Jean\AppData\Local\NVIDIA\NvBackend\Packages\00009a13\DAO.21508554.exe   [9977736]
O61 - LFC: 26/12/2016 - 19:01:00 ----- . (...) -- C:\Users\Jean\AppData\Local\Temp\EC3EBE74-9247C234-9341275A-E1BC84F4\117b7bdf5d0.sys   [968064]
O61 - LFC: 26/12/2016 - 19:01:00 ---A- . (...) -- C:\Users\Jean\AppData\Local\Temp\EC3EBE74-9247C234-9341275A-E1BC84F4\7pGdHFYnltc.exe   [704728]
O61 - LFC: 26/12/2016 - 19:01:00 ---A- . (...) -- C:\Users\Jean\AppData\Local\Temp\EC3EBE74-9247C234-9341275A-E1BC84F4\DgZjIUY7cv2.exe   [2369112]
O61 - LFC: 26/12/2016 - 19:01:00 ---A- . (...) -- C:\Users\Jean\AppData\Local\Temp\EC3EBE74-9247C234-9341275A-E1BC84F4\GYoTNcWAz.exe   [557728]
O61 - LFC: 26/12/2016 - 19:01:00 ---A- . (...) -- C:\Users\Jean\AppData\Local\Temp\EC3EBE74-9247C234-9341275A-E1BC84F4\lnYvih3VERiXjY.exe   [7381976]
O61 - LFC: 26/12/2016 - 19:01:00 ---A- . (.Doctor Web, Ltd..) -- C:\Users\Jean\AppData\Local\Temp\EC3EBE74-9247C234-9341275A-E1BC84F4\JgKoRdE6TW5.dll   [4521984]
O61 - LFC: 26/12/2016 - 19:01:00 ---A- . (.Doctor Web, Ltd..) -- C:\Users\Jean\AppData\Local\Temp\EC3EBE74-9247C234-9341275A-E1BC84F4\V765Eouj.dll   [4696024]
O61 - LFC: 26/12/2016 - 19:01:00 ---A- . (.Doctor Web, Ltd..) -- C:\Users\Jean\AppData\Local\Temp\EC3EBE74-9247C234-9341275A-E1BC84F4\iSk5nFJBhNVa.dll   [3693856]
~ 3166 Fichiers temporaires (Temporary files)
~ 248 Fichiers cookies (Cookies files)
~ Files: 15 Scanned in 00mn 40s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe  =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.scr> <DWGTrueViewScriptFile>[HKCU\..\open\Command] (.Microsoft Corporation - Bloco de notas.) -- C:\Windows\system32\notepad.exe
~ FASS Keys: 11 Scanned in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- c:\program files (x86)\mozilla firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\program files (x86)\google\chrome\application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Listagem dos serviços iniciados pelo Svchost (SSS) (O83)
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll   [193536]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll   [193536]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll   [305152]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Cliente da Política de Grupo.) -- C:\Windows\System32\gpsvc.dll   [1227264]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\System32\ikeext.dll   [932352]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 em uma rede IPv4..) -- C:\Windows\System32\iphlpsvc.dll   [945664]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\Windows\system32\seclogon.dll   [31232]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações de Aplicativos.) -- C:\Windows\System32\appinfo.dll   [125952]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Descoberta iSCSI.) -- C:\Windows\System32\iscsiexe.dll   [151552]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Serviço Microsoft EAPHost.) -- C:\Windows\System32\eapsvc.dll   [112128]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll   [948224]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll   [222720]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\System32\browser.dll   [134656]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração da Área de Trabalho Remota.) -- C:\Windows\System32\sessenv.dll   [387072]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\System32\wercplsupport.dll   [94208]
O83 - Search Svchost Services: shpamsvc (shpamsvc) . (.Microsoft Corporation - SharedPC.AccountManager.) -- C:\Windows\System32\Windows.SharedPC.AccountManager.dll   [161792]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\System32\themeservice.dll   [70656]
O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Serviço de Geolocalização.) -- C:\Windows\System32\lfsvc.dll   [37376]
O83 - Search Svchost Services: DmEnrollmentSvc (DmEnrollmentSvc) . (.Microsoft Corporation - DLL do Serviço de Gerenciamento do Windows.) -- C:\Windows\System32\Windows.Internal.Management.dll   [407552]
O83 - Search Svchost Services: Irmon (Irmon) . (.Microsoft Corporation - Monitor de infravermelho.) -- C:\Windows\System32\irmon.dll   [25088]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gerenciador de Discagem Automática de Acesso Remoto.) -- C:\Windows\System32\rasauto.dll   [105472]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\System32\rasmans.dll   [657920]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gerenciador de Interface Dinâmica.) -- C:\Windows\System32\mprdim.dll   [496128]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistema (SENS).) -- C:\Windows\System32\sens.dll   [70656]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\System32\ipnathlp.dll   [541696]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft® Windows(TM).) -- C:\Windows\System32\tapisrv.dll   [309248]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll   [2317312]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de tela de fundo.) -- C:\Windows\System32\qmgr.dll   [1054208]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\System32\shsvcs.dll   [617472]
O83 - Search Svchost Services: dmwappushservice (dmwappushservice) . (.Microsoft Corporation - dmwappushsvc.) -- C:\Windows\System32\dmwappushsvc.dll   [57344]
O83 - Search Svchost Services: WpnService (WpnService) . (.Microsoft Corporation - Serviço do Sistema de Notificação por Push do Windows.) -- C:\Windows\System32\WpnService.dll   [234496]
O83 - Search Svchost Services: XboxNetApiSvc (XboxNetApiSvc) . (.Microsoft Corporation - Xbox Live Networking Service.) -- C:\Windows\System32\XboxNetApiSvc.dll   [1025536]
O83 - Search Svchost Services: DcpSvc (DcpSvc) . (.Microsoft Corporation - dcpsvc Task.) -- C:\Windows\System32\dcpsvc.dll   [183808]
O83 - Search Svchost Services: RetailDemo (RetailDemo) . (.Microsoft Corporation - RDXService.) -- C:\Windows\System32\RDXService.dll   [650752]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Serviço BDE.) -- C:\Windows\System32\bdesvc.dll   [361472]
O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Gerenciador de Instalação de Dispositivo.) -- C:\Windows\System32\DeviceSetupManager.dll   [197632]
O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Serviço Assistente de Conectividade de Rede da Microsoft.) -- C:\Windows\System32\ncasvc.dll   [167936]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll   [358400]
O83 - Search Svchost Services: UserManager (UserManager) . (.Microsoft Corporation - UserMgr.) -- C:\Windows\System32\usermgr.dll   [1020928]
O83 - Search Svchost Services: XblAuthManager (XblAuthManager) . (.Microsoft Corporation - Xbox Live Auth Manager.) -- C:\Windows\System32\XblAuthManager.dll   [1013248]
O83 - Search Svchost Services: XblGameSave (XblGameSave) . (.Microsoft Corporation - Xbox Live Game Save Service.) -- C:\Windows\System32\XblGameSave.dll   [1159680]
O83 - Search Svchost Services: UsoSvc (UsoSvc) . (.Microsoft Corporation - Atualizar Sessão do Orchestrator Core.) -- C:\Windows\System32\usocore.dll   [539136]
O83 - Search Svchost Services: wisvc (wisvc) . (.Microsoft Corporation - Configurações da Nova Versão.) -- C:\Windows\System32\flightsettings.dll   [635904]
O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Serviço Conta da Microsoft®.) -- C:\Windows\System32\wlidsvc.dll   [2104320]
O83 - Search Svchost Services: NetSetupSvc (NetSetupSvc) . (.Microsoft Corporation - Serviço de Configuração de Rede.) -- C:\Windows\System32\NetSetupSvc.dll   [265728]
~ Services: 45 Scanned in 00mn 01s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.871EB98CDF8C1BC07F4EB912EDE54A35] [SPRF][17/11/2015] (.Autodesk, Inc. - Autodesk i-drop control.) -- C:\Windows\Downloaded Program Files\IDropENU.dll   [116672]
[MD5.4755B582B18161EAB4FB6EB8B8EFA94F] [SPRF][19/02/2015] (.Autodesk, Inc. - Autodesk i-drop control.) -- C:\Windows\Downloaded Program Files\IDropPTB.dll   [120592]
~ Files: 2 Scanned in 00mn 00s



---\\ Exportar as chaves do registo aleatórias (091)
[HKCU\Software\6253ADA1889844A8E0F23EF73742492D]:d="20161103"
[HKLM\Software\Wow6432Node\6253ADA1889844A8E0F23EF73742492D]:="{EFD519A3-DC49-498A-8DD4-AD1DA8F97FCD}"
~ Export Key Software:  Scanned in 00mn 00s



---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS:  - {088e3905-0323-4b02-9826-5d99428e115f}
O92 - MNS:  - {1CF1260C-4DD0-4ebb-811F-33C572699FDE}
O92 - MNS:  - {24ad3ad4-a569-4530-98e1-ab02f9417aa8}
O92 - MNS:  - {374DE290-123F-4565-9164-39C4925E467B}
O92 - MNS:  - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
O92 - MNS:  - {3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}
O92 - MNS:  - {A0953C92-50DC-43bf-BE83-3742FED03C9C}
O92 - MNS: A360 Desktop - {A7B36FF9-3BB0-426B-A737-A997B80466D5}
O92 - MNS:  - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
O92 - MNS:  - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
O92 - MNS:  - {d3162b92-9365-467a-956b-92703aca08af}
O92 - MNS:  - {f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}
~ MNS: 12 Scanned in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{84C22490-C68A-4492-B3A6-3B7CB17FA122}] (WalletDealsFactory)  =>PUP.DealsFactor
~ BCK: 8843 Scanned in 00mn 24s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Disabled 01/07/2016 1295376 |  (AdAppMgrSvc) . (.Autodesk Inc..) - C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
SS - | Disabled 26/12/2016 5554688 |  (adf8bf0d5d389188ab256441835bdeb4) . (...) - C:\Program Files\adf8bf0d5d389188ab256441835bdeb4\3f463ad7e2647e9809edc00708401d82.exe
SS - | Disabled 05/02/2015 31160 |  (Autodesk Content Service) . (.Autodesk, Inc..) - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
SS - | Disabled 05/06/2012 266240 |  (BrYNSvc) . (.Brother Industries, Ltd..) - C:\Program Files (x86)\Browny02\BrYNSvc.exe
SS - | Disabled 03/05/2016 299488 |  (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Disabled 16/11/2016 237568 |  (ed2kidle) . (.http://www.amule.org/.) - C:\Program Files (x86)\amuleC1\ed2k.exe
SS - | Disabled 05/08/2016 1369856 |  (FlexNet Licensing Service 64) . (.Flexera Software LLC.) - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
SS - | Disabled 05/08/2016 1648840 |  (FoxitReaderService) . (.Foxit Software Inc..) - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
SS - | Disabled 14/06/2016 1163712 |  (GfExperienceService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
SS - | Disabled 03/11/2016 153752 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 03/11/2016 153752 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 24/06/2009 136704 |  (HP LaserJet Service) . (.HP.) - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
SS - | Disabled 26/09/2012 126880 |  (HPSIService) . (.HP.) - C:\Windows\system32\HPSIsvc.exe
SS - | Disabled 03/05/2016 337888 |  (igfxCUIService1.0.0.0) . (.Intel Corporation.) - C:\Windows\System32\igfxCUIService.exe
SS - | Disabled 19/08/2016 131024 |  (iSafeService) . (.Elex do Brasil Participações Ltda.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe  =>PUP.Elex
SS - | Disabled 16/09/2016 146888 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Disabled 23/03/2016 18936 |  (NetExpress Updater) . (...) - C:\Program Files (x86)\AppBrad\NetExpressUpdater.exe
SS - | Disabled 14/06/2016 1879488 |  (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SS - | Disabled 14/06/2016 3632576 |  (NvStreamNetworkSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
SS - | Disabled 14/06/2016 2521024 |  (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
SS - | Disabled 01/08/2016 1365048 |  (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe
SS - | Disabled 04/08/2015 312056 |  (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SS - | Disabled 20/09/2016 324224 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Disabled 12/05/2016 7032080 |  (TeamViewer) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
SS - | Disabled 16/11/2016 6342584 |  (XBox) . (...) - C:\Program Files\XBox\XBLive.exe
SS - | Auto 22/07/1658 0 |  (zdengine) . (...) - C:\Program Files (x86)\OtherSearch\zdengine.exe
SR - | Auto 16/07/2016 38792 | C:\Program Files (x86)\WinArcher\Archer.dll (Archer) . (.Fun Dw.) - C:\WINDOWS\SysWoW64\svchost.exe
SR - | Auto 15/08/2016 29728 |  (HPSupportSolutionsFrameworkService) . (.HP Inc..) - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
SR - | Demand 22/07/1658 0 |  (iThemes5) . (...) - rundll32 "C:\Program Files (x86)\Common Files\Services\iThemes.dll
SR - | Auto 23/06/2016 925744 |  (Warsaw Technology) . (.GAS Tecnologia LTDA.) - C:\Program Files\Diebold\Warsaw\core.exe
SR - | Demand 22/07/1658 0 |  (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Auto 22/07/1658 0 |  (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 22/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SR - | Demand 16/07/2016 44496 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 28s



---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBR) (080)
Run by Jean at 26/12/2016 19:02:51
~ OS 64 not supported by MBR tool
~ MBR: 0 Scanned in 00mn 00s



---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBRCheck) (080)
Written by ad13, http://ad13.geekstog
Run by Jean at 26/12/2016 19:02:53
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR:  Scanned in 00mn 02s



---\\ Scâner Aditional (088)
Database Version : 13008 - (29/03/2015)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 6
Fichiers trouvés  (Files found) : 7

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1]   =>PUA.KMSpico^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iSafe]   =>PUP.Elex^
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]   =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]   =>PUP.V9Software
C:\Program Files (x86)\Elex-tech   =>PUP.Elex^
C:\ProgramData\KMSAutoS   =>Trojan.AutoKMS^
C:\ProgramData\SoftwareDistribution   =>Adware.Boxore^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico   =>PUA.KMSpico^
C:\Users\Jean\AppData\Roaming\ASPackage   =>PUP.ASPackage^
C:\Users\Jean\AppData\Roaming\Elex-tech   =>PUP.Elex^
C:\ProgramData\ChelfNotify\BrowserUpdate.exe   =>Adware.TencentAddressBar^
[HKCU\Software\6253ADA1889844A8E0F23EF73742492D]   =>PUP.CrossRider^
[HKCU\Software\ProductSetup]   =>Adware.InstallCore^
[HKCU\Software\WajIEnhance]   =>PUP.Wajam^
[HKLM\Software\Wow6432Node\6253ADA1889844A8E0F23EF73742492D]   =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\Elex-tech]   =>PUP.Elex^
[HKCR\CLSID\{84C22490-C68A-4492-B3A6-3B7CB17FA122}] (WalletDealsFactory)   =>PUP.DealsFactor^
~ Additionnel Scan: 371433 Items scanned in 00mn 40s



---\\ Informações complémentaires do módulos
~ http://nicolascoolman.fr/g2-google-chrome-extensions/  =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/  =>.Internet Explorer, Gestão do Proxy (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/  =>.Browser Helper Objects do navegador (02)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/  =>.Aplicações iniciadas por registo & pastas (04)
~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/  =>.Image File Execution Options (IFEO) (O50)
~ AMI: 5 Scanned in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
http://nicolascoolman.fr/pup-kmspico  =>PUA.KMSpico
http://nicolascoolman.fr/adware-tencentaddressbar  =>Adware.TencentAddressBar
http://nicolascoolman.fr/trojan-autokms  =>Trojan.AutoKMS
http://nicolascoolman.fr/pup-elex  =>PUP.Elex
http://nicolascoolman.fr/pup-crossrider  =>PUP.CrossRider
http://nicolascoolman.fr/adware-installcore  =>Adware.InstallCore
http://nicolascoolman.fr/pup-wajam  =>PUP.Wajam
http://nicolascoolman.fr/adware-boxore  =>Adware.Boxore
http://www.nicolascoolman.fr/blog/  =>PUP.ASPackage
http://nicolascoolman.fr/trojan-staser  =>Trojan.Staser
http://www.nicolascoolman.fr/blog/  =>PUP.DealsFactor
http://nicolascoolman.fr/pup-v9software  =>PUP.V9Software
~ MSI: 12 link(s) detected in 00mn 00s



End of the scan (1513 lines in 07mn 39s)(0.6)