Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14412 usuários registrados
O último usuário registrado atende pelo nome de LucasDrBr

Os nossos membros postaram um total de 35075 mensagens em 3551 assuntos
Quem está conectado
3 usuários online :: 1 usuário cadastrado, Nenhum Invisível e 2 Visitantes

joram

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Julho 2017
SegTerQuaQuiSexSabDom
     12
3456789
10111213141516
17181920212223
24252627282930
31      

Calendário Calendário

Palavras chave


Programas se instalaram automaticamente em meu Pc.

Página 2 de 3 Anterior  1, 2, 3  Seguinte

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

Re: Programas se instalaram automaticamente em meu Pc.

Mensagem por ViniciusDorneles em Sex 02 Maio 2014, 11:58

Desabilitei tudo no meu PC, consegui baixar o Zoek, desculpe pela demora
avatar
ViniciusDorneles
Membro
Membro

Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 24
Localização : MA

Voltar ao Topo Ir em baixo

Re: Programas se instalaram automaticamente em meu Pc.

Mensagem por Power Max em Sex 02 Maio 2014, 11:58

 isso aí!  que bom. Quando concluir a limpeza poste o log dele.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Programas se instalaram automaticamente em meu Pc.

Mensagem por ViniciusDorneles em Sex 02 Maio 2014, 12:00

Baixei o Zoek em modo seguro e executei como administrador e não consigo executar.
avatar
ViniciusDorneles
Membro
Membro

Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 24
Localização : MA

Voltar ao Topo Ir em baixo

Re: Programas se instalaram automaticamente em meu Pc.

Mensagem por Power Max em Sex 02 Maio 2014, 12:01

O que está havendo quando você o tenta executar?

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Programas se instalaram automaticamente em meu Pc.

Mensagem por ViniciusDorneles em Sex 02 Maio 2014, 12:06

Consegui baixar o ZHP e já posso executar.

O Zoek aparece isso:

" O Windows não pode acessar o dispositivo, caminho ou arquivo especificado. Talvez você não tenha as permissões adequadas para acessar o item. "
avatar
ViniciusDorneles
Membro
Membro

Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 24
Localização : MA

Voltar ao Topo Ir em baixo

Re: Programas se instalaram automaticamente em meu Pc.

Mensagem por Power Max em Sex 02 Maio 2014, 12:07

Então deixe o Zoek de lado por enquanto e use o ZHP e poste o log dele.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Programas se instalaram automaticamente em meu Pc.

Mensagem por ViniciusDorneles em Sex 02 Maio 2014, 12:07

Já coloquei para Pesquisar o ZHP.
avatar
ViniciusDorneles
Membro
Membro

Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 24
Localização : MA

Voltar ao Topo Ir em baixo

Re: Programas se instalaram automaticamente em meu Pc.

Mensagem por ViniciusDorneles em Sex 02 Maio 2014, 12:15

~ Relatório do ZHPDiag v2014.5.1.49 - Nicolas Coolman (01/05/2014)
~ Iniciado por 7Heaven (02/05/2014 12:07:01)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Fóruns de suporte gratuito para desinfecção : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16863
GCIE: Google Chrome v34.0.1847.131 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Single Language, 64-bit (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 1.75.0.1300
McAfee Internet Security v12.8.944
Windows Defender W8

---\\ Softwares d'optimização do sistema
CCleaner v4.10

---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.2.3.28705 =>P2P.µTorrent

---\\ Monitoramento dos softwares
Adobe Reader X
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6002 MB (65% free)
System Restore: Activé (Enable)
System drive C: has 825 GB (89%) free of 923 GB

---\\ Modo de conexão ao sistema
~ Computer Name: ACESHIGH
~ User Name: 7Heaven
~ All Users Names: UpdatusUser, Convidado, Administrador, 7Heaven,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\7Heaven\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\7Heaven\AppData\Roaming\
~ %Desktop% : C:\Users\7Heaven\Desktop\
~ %Favorites% : C:\Users\7Heaven\Favorites\
~ %LocalAppData% : C:\Users\7Heaven\AppData\Local\
~ %StartMenu% : C:\Users\7Heaven\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 825 Go of 923 Go)
D: CD-ROM drive (Not Inserted)
Y: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.2B7920C7885AC45FD0E27DD860F095A1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 21:08:30.) -- C:\Windows\System32\wininet.dll [2240000]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.11/10/2012 - 02:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 00:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2014 - 20:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 03:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.05/02/2013 - 19:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.27/01/2014 - 00:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/8330
~ Mes musiques (My Musics) : 1/267
~ Mes Videos (My Videos) : 3/176
~ Mes Favoris (My Favorites) : 1/5
~ Mes Documents (My Documents) : 3/58
~ Mon Bureau (My Desktop) : 4/1471
~ Menu demarrer (Programs) : 1/36
~ Hidden Files: Scanned in 00mn 07s



---\\ Processos lançados
[MD5.349AB4F70E2AC44970894E7F03E1576E] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [236384] [PID.2116]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032] [PID.2448]
[MD5.69E967F3FF9E3DF41F4228440FBD43AE] - (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe [1015808] [PID.1996]
[MD5.98B31CBC09D671DADEB7C92AEF1CBE29] - (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Users\7Heaven\AppData\Roaming\VIVO INTERNET\ouc.exe [110592] [PID.5100]
[MD5.63A2D767B9261B4F33F97BF88F2FB197] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [276328] [PID.552]
[MD5.724CB7A116F7E1A67009D751BCF86586] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120] [PID.4880]
[MD5.9388FBA0B9985B18B3693A32B530A16B] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888] [PID.1608]
[MD5.178ED8F65EFC80EED8346A082E04ED62] - (.Lightcomm - No Comment.) -- C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe [441856] [PID.5260]
[MD5.225518F190EDBC37CA32197A3E94B498] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512] [PID.5396]
[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.5484]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.5496]
[MD5.2FB757B35C94B1C1C65BA35E4E7EC0F2] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [174952] [PID.5548]
[MD5.F01A418BDDFC14D60E463C50CABC7750] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [565096] [PID.5596]
[MD5.B2F0B501A7C017F21C4B4417623895BD] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [367976] [PID.5624]
[MD5.FF2CE3EC0F87A69B2F61EF9D89514800] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504] [PID.6108]
[MD5.253EB69F697FCCFEFCE49335301EF3A1] - (.SoftThinks - Dell - Dell Backup And Recovery Toaster.) -- C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.exe [4124760] [PID.2460]
[MD5.C6FD6C175276637C5D6F6EA293137F5E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7867904] [PID.5304]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\7Heaven\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] [Você precisa estar registrado e conectado para ver este link.]
G2 - GCE: Preference [User Data\Default] [aaaahecedhhkmoghjlecefpdmlmlilgc] Movies Toolbar v.29.1, (Désactivé) =>PUP.MoviesToolbar
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [lnkdbjbjpnpjeciipoaflmpcddinpjjp] Ashish Mishra v. ()
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 19 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll
~ Firefox Browser: 6 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\QuickLaunch [7Heaven]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [7Heaven]: Sync Folder.lnk . (...) -- C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (.not file.) =>PUP.MyPCBackup
~ Global Startup: 3 Legitimates Filtered in 00mn 03s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [QuickSet] . (.Dell Inc. - QuickSet.) -- c:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [IntelTBRunOnce] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Run: [SmartAudio] . (.Conexant Systems, Inc. - SmartAudio CPL (32bit).) -- C:\Program Files\CONEXANT\SA3\SACpl.exe
O4 - HKLM\..\Run: [BtTray] . (.Qualcomm Atheros - BtTray.) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
O4 - HKLM\..\Run: [BtvStack] . (.Atheros Communications - Bluetooth Stack Server.) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\7Heaven\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] . (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer_For_P2G8] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
O4 - HKLM\..\Wow6432Node\Run: [CLVirtualDrive] . (.CyberLink Corp. - CyberLink Virtual Drive.) -- C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [GSMEjector] . (.Lightcomm - No Comment.) -- C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-21\..\Run: [resource] Chave orfã
O4 - HKUS\S-1-5-21\..\RunOnce: [resource] Chave orfã
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B9844E1-867C-498C-AD6E-D95CC09D411C}: NameServer = 189.40.198.80 189.40.226.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DDDB32C-B228-46AF-9737-50F6197B1B9D}: NameServer = 189.40.198.80 189.40.226.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{74960B8F-3592-4F6D-B259-C437CA6D820F}: NameServer = 189.40.226.80 189.40.198.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C4997C3-B22F-4C0F-A58C-001E1ECCE1E9}: NameServer = 189.40.226.80 189.40.224.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{04B2CE81-D062-430A-985B-CF18ABD0D180}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C006F53-A5A1-46F3-B2CA-816B80F28E83}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{04B2CE81-D062-430A-985B-CF18ABD0D180}: DhcpDomain = dslgw.infineon.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C006F53-A5A1-46F3-B2CA-816B80F28E83}: DhcpDomain = setup.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B9844E1-867C-498C-AD6E-D95CC09D411C}: NameServer = 189.40.198.80 189.40.226.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{3DDDB32C-B228-46AF-9737-50F6197B1B9D}: NameServer = 189.40.198.80 189.40.226.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{74960B8F-3592-4F6D-B259-C437CA6D820F}: NameServer = 189.40.226.80 189.40.198.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{7C4997C3-B22F-4C0F-A58C-001E1ECCE1E9}: NameServer = 189.40.226.80 189.40.224.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{04B2CE81-D062-430A-985B-CF18ABD0D180}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6C006F53-A5A1-46F3-B2CA-816B80F28E83}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{04B2CE81-D062-430A-985B-CF18ABD0D180}: DhcpDomain = dslgw.infineon.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{6C006F53-A5A1-46F3-B2CA-816B80F28E83}: DhcpDomain = setup.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - ,C:\Windows\system32\nvinitx.dll (.not file.)
~ AppInit DLL: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: GSM Ejector Service (GSMEjector) . (...) - C:\Windows\SysWOW64\GSMSrvEjector.exe
O23 - Service: HWDeviceService64.exe (HWDeviceService64.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Orolix Device Monitor (OrolixDeviceMonitor) . (.Orolix Desenvolvimento de Software LTDA. - USB Device monitor.) - C:\Program Files (x86)\TIM Communicator\module\devicemon.exe
O23 - Service: Protect Monitor (ProtectMonitor) . (...) - C:\Program Files\PCDApp\StartHelp.exe =>Trojan.BitCoinMiner
O23 - Service: Service Component of VO (vosr) . (...) - C:\Users\7Heaven\AppData\Roaming\VOPackage\VOsrv.exe (.not file.) =>Adware.Downware
~ Services: 30 Legitimates Filtered in 00mn 06s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1945482154-598400869-252928238-1002Core [932]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1945482154-598400869-252928238-1002UA [954]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1084]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1088]
~ Scheduled Task: 15 Legitimates Filtered in 00mn 06s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 46 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Ares 2.1.7 - (.Ares Development Group.) [HKLM][64Bits] -- Ares
O42 - Logiciel: Creevity Mp3 Cover Downloader - (.Diego Alicata.) [HKLM][64Bits] -- Mp3 Cover Downloader_is1
O42 - Logiciel: Genesis - (...) [HKCU][64Bits] -- auauhth =>PUP.Genesis
O42 - Logiciel: PC Data App - (...) [HKLM][64Bits] -- PCData App =>Trojan.BitCoinMiner
O42 - Logiciel: TIM Communicator - (...) [HKLM][64Bits] -- OrolixCommunicator
O42 - Logiciel: Vivo - Guia Vivo Internet versão 1.0 - (.Vivo.) [HKLM][64Bits] -- {C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1
O42 - Logiciel: webssearches uninstaller - (.webssearches.) [HKLM][64Bits] -- webssearches uninstaller =>Hijacker.WebsSearches
~ Logic: 39 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\38524InstEnd]
[HKCU\Software\Ares]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\MiserWare, Inc.]
[HKCU\Software\OrolixCommunicator]
[HKCU\Software\Orolix]
[HKCU\Software\PCDataApp]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\CNXT_UIU_MUTEX]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Orolix]
[HKLM\Software\Wow6432Node\PCDataApp]
[HKLM\Software\Wow6432Node\USBDriverFlag]
[HKLM\Software\Wow6432Node\baidu] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\free_soft_today] =>Adware.FreeSoftToday
~ Key Software: 319 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/11/2012 - 17:20:38 - [] ----D C:\Program Files (x86)\Ares
O43 - CFD: 02/05/2014 - 09:14:32 - [] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 04/03/2013 - 16:05:09 - [] ----D C:\Program Files (x86)\CD to MP3 Freeware
O43 - CFD: 28/11/2012 - 17:22:04 - [] ----D C:\Program Files (x86)\MiserWare
O43 - CFD: 28/03/2013 - 11:49:37 - [] ----D C:\Program Files (x86)\Oi
O43 - CFD: 19/12/2012 - 14:51:32 - [] ----D C:\Program Files (x86)\TIM Communicator
O43 - CFD: 31/12/2013 - 10:55:41 - [] ----D C:\Program Files (x86)\Vivo
O43 - CFD: 31/12/2013 - 10:55:22 - [] ----D C:\Program Files (x86)\VIVO INTERNET
O43 - CFD: 02/05/2014 - 09:15:06 - [] ----D C:\ProgramData\baidu =>Adware.BDSearch
O43 - CFD: 02/05/2014 - 09:15:09 - [] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 28/11/2012 - 17:22:04 - [] ----D C:\ProgramData\MiserWare
O43 - CFD: 28/03/2013 - 11:49:37 - [] ----D C:\ProgramData\OI
O43 - CFD: 19/12/2012 - 14:51:32 - [] ----D C:\ProgramData\OrolixCommunicator
O43 - CFD: 02/05/2014 - 08:58:35 - [] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 02/05/2014 - 11:31:59 - [] ----D C:\Users\7Heaven\AppData\Roaming\Baidu =>Adware.BDSearch
O43 - CFD: 05/04/2014 - 00:39:25 - [] ----D C:\Users\7Heaven\AppData\Roaming\Creevity Mp3 Cover Downloader
O43 - CFD: 15/01/2014 - 11:55:42 - [] ----D C:\Users\7Heaven\AppData\Roaming\VIVO INTERNET
O43 - CFD: 28/11/2012 - 17:20:40 - [] ----D C:\Users\7Heaven\AppData\Local\Ares
O43 - CFD: 28/11/2012 - 17:20:38 - [0] ----D C:\Users\7Heaven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ares
O43 - CFD: 04/03/2013 - 16:05:05 - [0] ----D C:\Users\7Heaven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
~ Program Folder: 203 Legitimates Filtered in 00mn 02s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0D81B1EC59725FD32CCED931F908A4FA] - 02/05/2014 - 08:37:57 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [155144]
O44 - LFC:[MD5.FFC16E790499E32F3B5A16CF7A4F2AC3] - 02/05/2014 - 08:37:57 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [763854]
O44 - LFC:[MD5.284C67F9DF440634164C2C560C2E5145] - 02/05/2014 - 09:30:24 ---A- . (...) -- C:\PureRa.txt [3542]
~ Files: 9 Legitimates Filtered in 02mn 37s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{31e5f40e-6f7e-11e3-becd-782bcbbe36d9}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{c91a2866-8238-11e3-bed8-782bcbbe36d9}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1
~ MWPS: 22 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/07/2012 - 23:51:44 ---A- . (.Windows (R) Win 7 DDK provider - BulkUsb Driver.) -- C:\Windows\System32\Drivers\AthDfu.sys [55448]
O58 - SDL:19/10/2012 - 04:52:32 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4-1999 Driver.) -- C:\Windows\System32\Drivers\Dot4.sys [151968]
O58 - SDL:19/10/2012 - 04:52:30 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4 Print Class Driver.) -- C:\Windows\System32\Drivers\Dot4Prt.sys [27040]
O58 - SDL:08/10/2010 - 16:59:40 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [32768]
O58 - SDL:06/08/2010 - 07:43:20 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [1001472]
O58 - SDL:10/06/2010 - 01:15:06 ---A- . (.Windows (R) Codename Longhorn DDK provider - Alcatelusb Driver.) -- C:\Windows\System32\Drivers\Olicard160Usb.sys [25088]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
~ Drivers: 92 Legitimates Filtered in 00mn 03s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {86c83f9e-48a4-4cd2-a763-64fea5df35f7} - (Baixaki) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.64BAEC464B396B66A353D8FC2F42A4E3] [SPRF][31/07/2011] (.RaProducts.org - System Purification Tool.) -- C:\Users\7Heaven\Desktop\PureRa.exe [76565]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{262D4340-4309-4A8C-94EA-4F4E40364D8B}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{EC9D8AD5-C980-4068-8E7A-E3D5AE2F75E2}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 03s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.3561A670FD52E8DB7EBEE4E2F85AB036] [WIS][16/12/2013] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\c4512.msi [741376] =>Toolbar.Bing
~ WIS: 1 Legitimates Filtered in 00mn 18s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FindRight_RASAPI32 =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FindRight_RASMANCS =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Fortunitas_RASAPI32 =>PUP.Fortunitas
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Fortunitas_RASMANCS =>PUP.Fortunitas
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFindRight_RASAPI32 =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFindRight_RASMANCS =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFortunitas_RASAPI32 =>PUP.Fortunitas
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFortunitas_RASMANCS =>PUP.Fortunitas
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateKozaka_RASAPI32 =>PUP.Kozaka
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateKozaka_RASMANCS =>PUP.Kozaka
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilKozaka_RASAPI32 =>PUP.Kozaka
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilKozaka_RASMANCS =>PUP.Kozaka
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASMANCS =>Adware.Yontoo
~ BTK: 143 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 05/10/2012 277024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 19/06/2012 173056 | (DellDigitalDelivery) . (.Dell Products, LP..) - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
SS - | Auto 03/12/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 03/12/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 26/01/2012 332080 | (McAWFwk) . (.McAfee, Inc..) - C:\Program Files\mcafee\msc\McAWFwk.exe
SS - | Disabled 31/08/2012 201304 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Auto 28/04/2014 97002 | (ProtectMonitor) . (...) - C:\Program Files\PCDApp\StartHelp.exe =>Trojan.BitCoinMiner
SS - | Demand 30/05/2012 149544 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SS - | Auto 10/07/1658 0 | (vosr) . (...) - C:\Users\7Heaven\AppData\Roaming\VOPackage\VOsrv.exe =>Adware.Downware
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Auto 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 31/07/2012 207488 | (AtherosSvc) . (.Qualcomm Atheros Commnucations.) - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
SR - | Auto 11/10/2011 109184 | (CxUtilSvc) . (.Conexant Systems, Inc..) - C:\Program Files\Conexant\SA3\CxUtilSvc.exe
SR - | Auto 01/10/2010 620032 | (GSMEjector) . (...) - C:\Windows\SysWOW64\GSMSrvEjector.exe
SR - | Auto 30/07/2013 328928 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Demand 20/09/2012 29696 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 20/09/2012 29696 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/03/2011 346976 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SR - | Auto 09/07/2012 7168 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 13/07/2012 2451456 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 28/01/2014 178528 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 30/07/2013 328928 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Demand 02/08/2013 602944 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SR - | Auto 30/07/2013 328928 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 21/01/2014 1025712 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 17/03/2014 219752 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 17/03/2014 185792 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 20/09/2012 29696 | C:\Windows\System32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 02/10/2012 891240 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 01/08/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 21/12/2010 26528 | (OrolixDeviceMonitor) . (.Orolix Desenvolvimento de Software LTDA..) - C:\Program Files (x86)\TIM Communicator\module\devicemon.exe
SR - | Auto 20/09/2012 29696 | C:\Windows\System32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 16/04/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 24/04/2012 254512 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SR - | Auto 23/05/2013 1915480 | (SftService) . (.SoftThinks SAS.) - C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
SR - | Auto 16/11/2010 2249000 | (TeamViewer6) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
SR - | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 22/07/2012 77824 | (ZAtheros Wlan Agent) . (.Atheros.) - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
~ Services: Scanned in 00mn 08s



---\\ Scâner Aditional (088)
Database Version : 13045 - (01/05/2014)
Clés trouvées (Keys found) : 6
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 6
Fichiers trouvés (Files found) : 6

[HKLM\Software\Google\Chrome\Extensions\aaaahecedhhkmoghjlecefpdmlmlilgc] =>PUP.MoviesToolbar^
[HKLM\SYSTEM\CurrentControlSet\Services\ProtectMonitor] =>Trojan.BitCoinMiner^
[HKLM\SYSTEM\CurrentControlSet\Services\vosr] =>Adware.Downware^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\auauhth] =>PUP.Genesis^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCData App] =>Trojan.BitCoinMiner^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstaller] =>Hijacker.WebsSearches^
C:\Users\7Heaven\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaahecedhhkmoghjlecefpdmlmlilgc =>PUP.MoviesToolbar^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\ProgramData\baidu =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\7Heaven\AppData\Roaming\Baidu =>Adware.BDSearch^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\baidu] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\free_soft_today] =>Adware.FreeSoftToday^
C:\Windows\Installer\c4512.msi =>Toolbar.Bing^
~ Additionnel Scan: 346511 Items scanned in 01mn 03s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>PUP.MoviesToolbar
[Você precisa estar registrado e conectado para ver este link.] =>Hijacker.Proxy
[Você precisa estar registrado e conectado para ver este link.] =>PUP.MyPCBackup
[Você precisa estar registrado e conectado para ver este link.] =>Trojan.BitCoinMiner
[Você precisa estar registrado e conectado para ver este link.] =>Adware.Downware
[Você precisa estar registrado e conectado para ver este link.] =>Hijacker.WebsSearches
[Você precisa estar registrado e conectado para ver este link.] =>Adware.BDSearch
[Você precisa estar registrado e conectado para ver este link.] =>Adware.FreeSoftToday
[Você precisa estar registrado e conectado para ver este link.] =>PUP.WpManager
[Você precisa estar registrado e conectado para ver este link.] =>Hijacker.FindrToolbar
[Você precisa estar registrado e conectado para ver este link.] =>PUP.Fortunitas
[Você precisa estar registrado e conectado para ver este link.] =>PUP.Kozaka
[Você precisa estar registrado e conectado para ver este link.] =>Adware.Yontoo
~ MSI: 13 link(s) detected in 00mn 00s



~ 749 Legitimates filtered by white list
End of the scan (569 lines in 04mn 58s)(0)
avatar
ViniciusDorneles
Membro
Membro

Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 24
Localização : MA

Voltar ao Topo Ir em baixo

Re: Programas se instalaram automaticamente em meu Pc.

Mensagem por Power Max em Sex 02 Maio 2014, 12:43

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.


Última edição por Power Max em Sex 02 Maio 2014, 13:29, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Programas se instalaram automaticamente em meu Pc.

Mensagem por ViniciusDorneles em Sex 02 Maio 2014, 12:53

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by 7Heaven at 02/05/2014 12:52:29
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)

Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\program files\pcdapp\uninstaller.exe
AUSENTE Uninstall Process: c:\users\7heaven\appdata\roaming\webssearches\uninstallmanager.exe

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PCData App]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstaller]
ELIMINÉ: Service: vosr
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\PCDataApp
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\PCDataApp
ELIMINÉ: HKLM\Software\Wow6432Node\baidu
ELIMINÉ: HKLM\Software\Wow6432Node\free_soft_today
ELIMINÉ CLSID MPSK: {31e5f40e-6f7e-11e3-becd-782bcbbe36d9}
ELIMINÉ CLSID MPSK: {c91a2866-8238-11e3-bed8-782bcbbe36d9}
ELIMINÉ: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
ELIMINÉ: SearchScopes :{86c83f9e-48a4-4cd2-a763-64fea5df35f7}
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FindRight_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FindRight_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Fortunitas_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Fortunitas_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFindRight_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFindRight_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFortunitas_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFortunitas_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateKozaka_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateKozaka_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilKozaka_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilKozaka_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASMANCS
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\auauhth

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page =

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\users\7heaven\desktop\sync folder.lnk
ELIMINÉ Temporários windows (45) (16.095.323 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
35 : Chaves do Registo
6 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
3 : Ficheiros
2 : Softwares
1 : Restauração Sistema


End of clean in 00mn 55s

========== Caminho do ficheiro do relatório ==========
C:\Users\7Heaven\AppData\Roaming\ZHP\ZHPFix[R1].txt - 02/05/2014 12:52:33 [3640]
avatar
ViniciusDorneles
Membro
Membro

Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 24
Localização : MA

Voltar ao Topo Ir em baixo

Re: Programas se instalaram automaticamente em meu Pc.

Mensagem por Power Max em Sex 02 Maio 2014, 12:59

Abra novamente o ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Você precisa estar registrado e conectado para ver esta imagem.]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Programas se instalaram automaticamente em meu Pc.

Mensagem por ViniciusDorneles em Sex 02 Maio 2014, 13:07

~ Relatório do ZHPDiag v2014.5.1.49 - Nicolas Coolman (01/05/2014)
~ Iniciado por 7Heaven (02/05/2014 13:05:40)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Fóruns de suporte gratuito para desinfecção : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16863
GCIE: Google Chrome v34.0.1847.131 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Single Language, 64-bit (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 1.75.0.1300
McAfee Internet Security v12.8.944
Windows Defender W8

---\\ Softwares d'optimização do sistema
CCleaner v4.10

---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.2.3.28705 =>P2P.µTorrent

---\\ Monitoramento dos softwares
Adobe Reader X
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6002 MB (68% free)
System Restore: Activé (Enable)
System drive C: has 825 GB (89%) free of 923 GB

---\\ Modo de conexão ao sistema
~ Computer Name: ACESHIGH
~ User Name: 7Heaven
~ All Users Names: UpdatusUser, Convidado, Administrador, 7Heaven,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\7Heaven\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\7Heaven\AppData\Roaming\
~ %Desktop% : C:\Users\7Heaven\Desktop\
~ %Favorites% : C:\Users\7Heaven\Favorites\
~ %LocalAppData% : C:\Users\7Heaven\AppData\Local\
~ %StartMenu% : C:\Users\7Heaven\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 825 Go of 923 Go)
D: CD-ROM drive (Not Inserted)
Y: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.2B7920C7885AC45FD0E27DD860F095A1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 21:08:30.) -- C:\Windows\System32\wininet.dll [2240000]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.11/10/2012 - 02:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 00:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2014 - 20:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 03:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.05/02/2013 - 19:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.27/01/2014 - 00:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/8330
~ Mes musiques (My Musics) : 1/267
~ Mes Videos (My Videos) : 3/174
~ Mes Favoris (My Favorites) : 1/5
~ Mes Documents (My Documents) : 3/58
~ Mon Bureau (My Desktop) : 4/1473
~ Menu demarrer (Programs) : 1/36
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.349AB4F70E2AC44970894E7F03E1576E] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [236384] [PID.2116]
[MD5.69E967F3FF9E3DF41F4228440FBD43AE] - (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe [1015808] [PID.1996]
[MD5.98B31CBC09D671DADEB7C92AEF1CBE29] - (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Users\7Heaven\AppData\Roaming\VIVO INTERNET\ouc.exe [110592] [PID.5100]
[MD5.63A2D767B9261B4F33F97BF88F2FB197] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [276328] [PID.552]
[MD5.724CB7A116F7E1A67009D751BCF86586] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120] [PID.4880]
[MD5.9388FBA0B9985B18B3693A32B530A16B] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888] [PID.1608]
[MD5.178ED8F65EFC80EED8346A082E04ED62] - (.Lightcomm - No Comment.) -- C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe [441856] [PID.5260]
[MD5.225518F190EDBC37CA32197A3E94B498] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512] [PID.5396]
[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.5484]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.5496]
[MD5.2FB757B35C94B1C1C65BA35E4E7EC0F2] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [174952] [PID.5548]
[MD5.F01A418BDDFC14D60E463C50CABC7750] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [565096] [PID.5596]
[MD5.B2F0B501A7C017F21C4B4417623895BD] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [367976] [PID.5624]
[MD5.FF2CE3EC0F87A69B2F61EF9D89514800] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504] [PID.6108]
[MD5.253EB69F697FCCFEFCE49335301EF3A1] - (.SoftThinks - Dell - Dell Backup And Recovery Toaster.) -- C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.exe [4124760] [PID.2460]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032] [PID.6236]
[MD5.C6FD6C175276637C5D6F6EA293137F5E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7867904] [PID.1700]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\7Heaven\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] [Você precisa estar registrado e conectado para ver este link.]
G2 - GCE: Preference [User Data\Default] [aaaahecedhhkmoghjlecefpdmlmlilgc] Movies Toolbar v.29.1, (Désactivé) =>PUP.MoviesToolbar
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [lnkdbjbjpnpjeciipoaflmpcddinpjjp] Ashish Mishra v. ()
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 19 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll
~ Firefox Browser: 6 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\QuickLaunch [7Heaven]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [QuickSet] . (.Dell Inc. - QuickSet.) -- c:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [IntelTBRunOnce] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Run: [SmartAudio] . (.Conexant Systems, Inc. - SmartAudio CPL (32bit).) -- C:\Program Files\CONEXANT\SA3\SACpl.exe
O4 - HKLM\..\Run: [BtTray] . (.Qualcomm Atheros - BtTray.) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
O4 - HKLM\..\Run: [BtvStack] . (.Atheros Communications - Bluetooth Stack Server.) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\7Heaven\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] . (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer_For_P2G8] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
O4 - HKLM\..\Wow6432Node\Run: [CLVirtualDrive] . (.CyberLink Corp. - CyberLink Virtual Drive.) -- C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [GSMEjector] . (.Lightcomm - No Comment.) -- C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-21\..\Run: [resource] Chave orfã
O4 - HKUS\S-1-5-21\..\RunOnce: [resource] Chave orfã
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B9844E1-867C-498C-AD6E-D95CC09D411C}: NameServer = 189.40.198.80 189.40.226.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DDDB32C-B228-46AF-9737-50F6197B1B9D}: NameServer = 189.40.198.80 189.40.226.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{74960B8F-3592-4F6D-B259-C437CA6D820F}: NameServer = 189.40.226.80 189.40.198.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C4997C3-B22F-4C0F-A58C-001E1ECCE1E9}: NameServer = 189.40.226.80 189.40.224.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{04B2CE81-D062-430A-985B-CF18ABD0D180}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C006F53-A5A1-46F3-B2CA-816B80F28E83}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{04B2CE81-D062-430A-985B-CF18ABD0D180}: DhcpDomain = dslgw.infineon.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C006F53-A5A1-46F3-B2CA-816B80F28E83}: DhcpDomain = setup.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B9844E1-867C-498C-AD6E-D95CC09D411C}: NameServer = 189.40.198.80 189.40.226.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{3DDDB32C-B228-46AF-9737-50F6197B1B9D}: NameServer = 189.40.198.80 189.40.226.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{74960B8F-3592-4F6D-B259-C437CA6D820F}: NameServer = 189.40.226.80 189.40.198.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{7C4997C3-B22F-4C0F-A58C-001E1ECCE1E9}: NameServer = 189.40.226.80 189.40.224.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{04B2CE81-D062-430A-985B-CF18ABD0D180}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6C006F53-A5A1-46F3-B2CA-816B80F28E83}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{04B2CE81-D062-430A-985B-CF18ABD0D180}: DhcpDomain = dslgw.infineon.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{6C006F53-A5A1-46F3-B2CA-816B80F28E83}: DhcpDomain = setup.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - ,C:\Windows\system32\nvinitx.dll (.not file.)
~ AppInit DLL: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: GSM Ejector Service (GSMEjector) . (...) - C:\Windows\SysWOW64\GSMSrvEjector.exe
O23 - Service: HWDeviceService64.exe (HWDeviceService64.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Orolix Device Monitor (OrolixDeviceMonitor) . (.Orolix Desenvolvimento de Software LTDA. - USB Device monitor.) - C:\Program Files (x86)\TIM Communicator\module\devicemon.exe
~ Services: 29 Legitimates Filtered in 00mn 05s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1945482154-598400869-252928238-1002Core [932]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1945482154-598400869-252928238-1002UA [954]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1084]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1088]
~ Scheduled Task: 15 Legitimates Filtered in 00mn 01s



---\\ Software instalados (042)
O42 - Logiciel: Ares 2.1.7 - (.Ares Development Group.) [HKLM][64Bits] -- Ares
O42 - Logiciel: Creevity Mp3 Cover Downloader - (.Diego Alicata.) [HKLM][64Bits] -- Mp3 Cover Downloader_is1
O42 - Logiciel: TIM Communicator - (...) [HKLM][64Bits] -- OrolixCommunicator
O42 - Logiciel: Vivo - Guia Vivo Internet versão 1.0 - (.Vivo.) [HKLM][64Bits] -- {C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1
~ Logic: 36 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\38524InstEnd]
[HKCU\Software\Ares]
[HKCU\Software\MiserWare, Inc.]
[HKCU\Software\OrolixCommunicator]
[HKCU\Software\Orolix]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\CNXT_UIU_MUTEX]
[HKLM\Software\Wow6432Node\Orolix]
[HKLM\Software\Wow6432Node\USBDriverFlag]
~ Key Software: 306 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/11/2012 - 17:20:38 - [] ----D C:\Program Files (x86)\Ares
O43 - CFD: 04/03/2013 - 16:05:09 - [] ----D C:\Program Files (x86)\CD to MP3 Freeware
O43 - CFD: 28/11/2012 - 17:22:04 - [] ----D C:\Program Files (x86)\MiserWare
O43 - CFD: 28/03/2013 - 11:49:37 - [] ----D C:\Program Files (x86)\Oi
O43 - CFD: 19/12/2012 - 14:51:32 - [] ----D C:\Program Files (x86)\TIM Communicator
O43 - CFD: 31/12/2013 - 10:55:41 - [] ----D C:\Program Files (x86)\Vivo
O43 - CFD: 31/12/2013 - 10:55:22 - [] ----D C:\Program Files (x86)\VIVO INTERNET
O43 - CFD: 28/11/2012 - 17:22:04 - [] ----D C:\ProgramData\MiserWare
O43 - CFD: 28/03/2013 - 11:49:37 - [] ----D C:\ProgramData\OI
O43 - CFD: 19/12/2012 - 14:51:32 - [] ----D C:\ProgramData\OrolixCommunicator
O43 - CFD: 05/04/2014 - 00:39:25 - [] ----D C:\Users\7Heaven\AppData\Roaming\Creevity Mp3 Cover Downloader
O43 - CFD: 15/01/2014 - 11:55:42 - [] ----D C:\Users\7Heaven\AppData\Roaming\VIVO INTERNET
O43 - CFD: 28/11/2012 - 17:20:40 - [] ----D C:\Users\7Heaven\AppData\Local\Ares
O43 - CFD: 28/11/2012 - 17:20:38 - [0] ----D C:\Users\7Heaven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ares
O43 - CFD: 04/03/2013 - 16:05:05 - [0] ----D C:\Users\7Heaven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
~ Program Folder: 198 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0D81B1EC59725FD32CCED931F908A4FA] - 02/05/2014 - 08:37:57 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [155144]
O44 - LFC:[MD5.FFC16E790499E32F3B5A16CF7A4F2AC3] - 02/05/2014 - 08:37:57 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [763854]
O44 - LFC:[MD5.284C67F9DF440634164C2C560C2E5145] - 02/05/2014 - 09:30:24 ---A- . (...) -- C:\PureRa.txt [3542]
~ Files: 9 Legitimates Filtered in 00mn 08s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1
~ MWPS: 22 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/07/2012 - 23:51:44 ---A- . (.Windows (R) Win 7 DDK provider - BulkUsb Driver.) -- C:\Windows\System32\Drivers\AthDfu.sys [55448]
O58 - SDL:19/10/2012 - 04:52:32 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4-1999 Driver.) -- C:\Windows\System32\Drivers\Dot4.sys [151968]
O58 - SDL:19/10/2012 - 04:52:30 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4 Print Class Driver.) -- C:\Windows\System32\Drivers\Dot4Prt.sys [27040]
O58 - SDL:08/10/2010 - 16:59:40 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [32768]
O58 - SDL:06/08/2010 - 07:43:20 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [1001472]
O58 - SDL:10/06/2010 - 01:15:06 ---A- . (.Windows (R) Codename Longhorn DDK provider - Alcatelusb Driver.) -- C:\Windows\System32\Drivers\Olicard160Usb.sys [25088]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
~ Drivers: 92 Legitimates Filtered in 00mn 00s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.64BAEC464B396B66A353D8FC2F42A4E3] [SPRF][31/07/2011] (.RaProducts.org - System Purification Tool.) -- C:\Users\7Heaven\Desktop\PureRa.exe [76565]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{262D4340-4309-4A8C-94EA-4F4E40364D8B}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{EC9D8AD5-C980-4068-8E7A-E3D5AE2F75E2}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.3561A670FD52E8DB7EBEE4E2F85AB036] [WIS][16/12/2013] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\c4512.msi [741376] =>Toolbar.Bing
~ WIS: 1 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 05/10/2012 277024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 19/06/2012 173056 | (DellDigitalDelivery) . (.Dell Products, LP..) - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
SS - | Auto 03/12/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 03/12/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 26/01/2012 332080 | (McAWFwk) . (.McAfee, Inc..) - C:\Program Files\mcafee\msc\McAWFwk.exe
SS - | Demand 02/08/2013 602944 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SS - | Disabled 31/08/2012 201304 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Demand 30/05/2012 149544 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Auto 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 31/07/2012 207488 | (AtherosSvc) . (.Qualcomm Atheros Commnucations.) - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
SR - | Auto 11/10/2011 109184 | (CxUtilSvc) . (.Conexant Systems, Inc..) - C:\Program Files\Conexant\SA3\CxUtilSvc.exe
SR - | Auto 01/10/2010 620032 | (GSMEjector) . (...) - C:\Windows\SysWOW64\GSMSrvEjector.exe
SR - | Auto 30/07/2013 328928 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Demand 20/09/2012 29696 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 20/09/2012 29696 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/03/2011 346976 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SR - | Auto 09/07/2012 7168 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 13/07/2012 2451456 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 28/01/2014 178528 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 30/07/2013 328928 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 21/01/2014 1025712 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 17/03/2014 219752 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 17/03/2014 185792 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 20/09/2012 29696 | C:\Windows\System32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 02/10/2012 891240 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 01/08/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 21/12/2010 26528 | (OrolixDeviceMonitor) . (.Orolix Desenvolvimento de Software LTDA..) - C:\Program Files (x86)\TIM Communicator\module\devicemon.exe
SR - | Auto 20/09/2012 29696 | C:\Windows\System32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 16/04/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 24/04/2012 254512 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SR - | Auto 23/05/2013 1915480 | (SftService) . (.SoftThinks SAS.) - C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
SR - | Auto 16/11/2010 2249000 | (TeamViewer6) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
SR - | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 22/07/2012 77824 | (ZAtheros Wlan Agent) . (.Atheros.) - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
~ Services: Scanned in 00mn 04s



---\\ Scâner Aditional (088)
Database Version : 13045 - (01/05/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 1

[HKLM\Software\Google\Chrome\Extensions\aaaahecedhhkmoghjlecefpdmlmlilgc] =>PUP.MoviesToolbar^
C:\Users\7Heaven\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaahecedhhkmoghjlecefpdmlmlilgc =>PUP.MoviesToolbar^
C:\Windows\Installer\c4512.msi =>Toolbar.Bing^
~ Additionnel Scan: 345512 Items scanned in 00mn 18s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>PUP.MoviesToolbar
~ MSI: 1 link(s) detected in 00mn 00s



~ 723 Legitimates filtered by white list
End of the scan (482 lines in 00mn 50s)(0)
avatar
ViniciusDorneles
Membro
Membro

Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 24
Localização : MA

Voltar ao Topo Ir em baixo

Re: Programas se instalaram automaticamente em meu Pc.

Mensagem por Power Max em Sex 02 Maio 2014, 13:28

 Selecione e copie todo o texto destacado em vermelho que te passei.
____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.


Última edição por Power Max em Sex 02 Maio 2014, 13:34, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Programas se instalaram automaticamente em meu Pc.

Mensagem por ViniciusDorneles em Sex 02 Maio 2014, 13:33

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by 7Heaven at 02/05/2014 13:32:39
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)

Reciclagem vazia (00mn 02s)

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (0) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Outros ==========
NÃO-TRATADO O4 - HKUS\S-1-5-21\..\Run: [resource] Chave orfã
NÃO-TRATADO O4 - HKUS\S-1-5-21\..\RunOnce: [resource] Chave orfã


========== Recapitulativo ==========
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema
2 : Outros


End of clean in 00mn 03s

========== Caminho do ficheiro do relatório ==========
C:\Users\7Heaven\AppData\Roaming\ZHP\ZHPFix[R1].txt - 02/05/2014 12:52:33 [3722]
C:\Users\7Heaven\AppData\Roaming\ZHP\ZHPFix[R2].txt - 02/05/2014 13:32:42 [981]
avatar
ViniciusDorneles
Membro
Membro

Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 24
Localização : MA

Voltar ao Topo Ir em baixo

Re: Programas se instalaram automaticamente em meu Pc.

Mensagem por Power Max em Sex 02 Maio 2014, 13:34

Baixe o programa Junkware Removal Tool no link abaixo:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Programas se instalaram automaticamente em meu Pc.

Mensagem por ViniciusDorneles em Sex 02 Maio 2014, 13:50

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 Single Language x64
Ran by 7Heaven on 02/05/2014 at 13:42:22,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/05/2014 at 13:49:46,47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~
avatar
ViniciusDorneles
Membro
Membro

Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 24
Localização : MA

Voltar ao Topo Ir em baixo

Re: Programas se instalaram automaticamente em meu Pc.

Mensagem por Power Max em Sex 02 Maio 2014, 13:52

Baixe o Farbar Recovery Scan Tool e salve-o no Desktop (Área de Trabalho)

Obs: Ao acessar o link acima, clique no botão Download Now 64-Bit Version

Execute o Farbar seguindo as dicas deste tutorial:

Analise importantes áreas do Windows com Farbar Recovery Scan Tool (versão 64 bits)

*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt

Poste estes dois relatórios em sua próxima resposta. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Programas se instalaram automaticamente em meu Pc.

Mensagem por ViniciusDorneles em Sex 02 Maio 2014, 14:01

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2014
Ran by 7Heaven (administrator) on ACESHIGH on 02-05-2014 13:58:08
Running from C:\Users\7Heaven\Desktop\Nova pasta
Windows 8 Single Language (X64) OS Language: Portuguese Brazilian
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: [Você precisa estar registrado e conectado para ver este link.]
Download link for 64-Bit Version: [Você precisa estar registrado e conectado para ver este link.]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Você precisa estar registrado e conectado para ver este link.]

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
() C:\Windows\SysWOW64\GSMSrvEjector.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Orolix Desenvolvimento de Software LTDA.) C:\Program Files (x86)\TIM Communicator\module\devicemon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Ares Development Group) C:\Program Files (x86)\Ares\Ares.exe
(Huawei Technologies Co., Ltd.) C:\Users\7Heaven\AppData\Roaming\VIVO INTERNET\ouc.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Lightcomm) C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4384928 2012-07-12] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-07-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127616 2012-07-31] (Atheros Communications)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [GSMEjector] => C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe [441856 2010-10-01] (Lightcomm)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-05-15] (RealNetworks, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1945482154-598400869-252928238-1002\...\Run: [ares] => C:\Program Files (x86)\Ares\Ares.exe [1015808 2010-10-27] (Ares Development Group)
HKU\S-1-5-21-1945482154-598400869-252928238-1002\...\Run: [Facebook Update] => C:\Users\7Heaven\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-10] (Facebook Inc.)
HKU\S-1-5-21-1945482154-598400869-252928238-1002\...\Run: [HW_OPENEYE_OUC_VIVO INTERNET] => C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe [110592 2009-07-27] (Huawei Technologies Co., Ltd.)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL = [Você precisa estar registrado e conectado para ver este link.]
SearchScopes: HKLM-x32 - {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL = [Você precisa estar registrado e conectado para ver este link.]
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Você precisa estar registrado e conectado para ver este link.]
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{0B9844E1-867C-498C-AD6E-D95CC09D411C}: [NameServer]189.40.198.80 189.40.226.80
Tcpip\..\Interfaces\{3DDDB32C-B228-46AF-9737-50F6197B1B9D}: [NameServer]189.40.198.80 189.40.226.80
Tcpip\..\Interfaces\{74960B8F-3592-4F6D-B259-C437CA6D820F}: [NameServer]189.40.226.80 189.40.198.80
Tcpip\..\Interfaces\{7C4997C3-B22F-4C0F-A58C-001E1ECCE1E9}: [NameServer]189.40.226.80 189.40.224.80

FireFox:
========
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\7Heaven\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\7Heaven\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-05-15]

Chrome:
=======
CHR HomePage: [Você precisa estar registrado e conectado para ver este link.]
CHR DefaultSearchKeyword: google.com.br
CHR Extension: (Google Docs) - C:\Users\7Heaven\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-23]
CHR Extension: (Google Drive) - C:\Users\7Heaven\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-23]
CHR Extension: (YouTube) - C:\Users\7Heaven\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-23]
CHR Extension: (Pesquisa do Google) - C:\Users\7Heaven\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-23]
CHR Extension: (Ashish Mishra) - C:\Users\7Heaven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2014-03-23]
CHR Extension: (Google Wallet) - C:\Users\7Heaven\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Gmail) - C:\Users\7Heaven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-23]
CHR HKLM-x32\...\Chrome\Extension: [aaaahecedhhkmoghjlecefpdmlmlilgc] - C:\Users\7Heaven\AppData\Local\torchmediamoviestoolbar181\GC\toolbar.crx [2013-12-12]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2011-10-11] (Conexant Systems, Inc.)
R2 GSMEjector; C:\Windows\SysWOW64\GSMSrvEjector.exe [620032 2010-10-01] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
R2 OrolixDeviceMonitor; C:\Program Files (x86)\TIM Communicator\module\devicemon.exe [26528 2010-12-21] (Orolix Desenvolvimento de Software LTDA.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-07-22] (Atheros)

==================== Drivers (Whitelisted) ====================

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-31] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S3 BthMtpEnum; C:\Windows\system32\DRIVERS\BthMtpEnum.sys [64512 2012-07-25] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [238080 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 lehidmini; C:\Windows\System32\drivers\leath_hid.sys [39704 2012-07-31] (Atheros)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
S3 Olicard160net; C:\Windows\system32\DRIVERS\Olicard160Usbnet.sys [138752 2009-12-11] (TCT International Mobile Ltd)
S3 Olicard160ser; C:\Windows\system32\DRIVERS\Olicard160ser.sys [119680 2010-04-07] (Olivetti)
S3 OLICARD160USB; C:\Windows\System32\Drivers\Olicard160Usb.sys [25088 2010-06-10] (Windows (R) Codename Longhorn DDK provider)
S3 ONDAusbmdm6k; C:\Windows\system32\DRIVERS\ONDAusbmdm6k.sys [119680 2011-01-24] (Onda Communication)
S3 ONDAusbnmea; C:\Windows\system32\DRIVERS\ONDAusbnmea.sys [119680 2011-01-24] (Onda Communication)
S3 ONDAusbser6k; C:\Windows\system32\DRIVERS\ONDAusbser6k.sys [119680 2011-01-24] (Onda Communication)
S3 ONDAusbvoice; C:\Windows\system32\DRIVERS\ONDAusbvoice.sys [119680 2011-01-24] (Onda Communication)
S3 qca_shb; C:\Windows\System32\drivers\qca_shb.sys [99328 2012-07-31] (Qualcomm Atheros Communications Inc.)
S3 wdf_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [43128 2011-12-05] (MediaTek Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-02 13:58 - 2014-05-02 13:58 - 00000000 ____D () C:\FRST
2014-05-02 13:49 - 2014-05-02 13:49 - 00000841 _____ () C:\Users\7Heaven\Desktop\JRT.txt
2014-05-02 12:51 - 2014-05-02 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-02 12:20 - 2014-05-02 13:58 - 00000000 ____D () C:\Users\7Heaven\Desktop\Nova pasta
2014-05-02 12:03 - 2014-05-02 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-05-02 12:02 - 2014-05-02 13:32 - 00000000 ____D () C:\Users\7Heaven\AppData\Roaming\ZHP
2014-05-02 12:02 - 2014-05-02 13:05 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-05-02 10:57 - 2014-05-02 10:57 - 00000000 ____D () C:\Users\Public\Documents\Baidu
2014-05-02 10:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-02 10:53 - 2014-05-02 10:56 - 00000000 ____D () C:\AdwCleaner
2014-05-02 10:47 - 2014-05-02 10:59 - 00035104 _____ () C:\Windows\PFRO.log
2014-05-02 09:52 - 2014-05-02 13:57 - 00079721 _____ () C:\Windows\WindowsUpdate.log
2014-05-02 09:15 - 2014-05-02 11:32 - 00003544 _____ () C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
2014-05-02 09:01 - 2014-05-02 09:00 - 01745872 _____ (AnyProtect.com) C:\Users\7Heaven\AppData\Local\nsu5F0D.tmp
2014-05-02 09:00 - 2014-05-02 09:42 - 00902246 _____ () C:\Users\7Heaven\AppData\Local\auauhth.gss
2014-05-02 09:00 - 2014-05-02 09:42 - 00002048 _____ () C:\Users\7Heaven\AppData\Local\auauhth.gdb
2014-05-02 08:58 - 2014-05-02 12:52 - 00000000 ____D () C:\Program Files\PCDApp
2014-05-01 22:04 - 2014-05-01 22:04 - 00172544 _____ () C:\Users\7Heaven\Desktop\QUANTITATIVOS M TEC.xls
2014-04-29 22:17 - 2014-04-29 22:17 - 00461052 _____ () C:\Users\7Heaven\Desktop\25_04_2014 - Apresentação Mirna Pacto do Ensino Médio Mirna na I reunião técnica (1).pptx
2014-04-29 12:36 - 2014-04-29 12:36 - 00000000 ____D () C:\Users\7Heaven\AppData\Roaming\MPC-HC
2014-04-29 12:32 - 2014-04-29 12:40 - 00001132 _____ () C:\Users\Public\Desktop\MPC-HC x64.lnk
2014-04-29 12:32 - 2014-04-29 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2014-04-22 02:13 - 2014-04-22 02:13 - 00000000 ____D () C:\Users\7Heaven\AppData\Roaming\Unity
2014-04-22 02:12 - 2014-04-22 02:12 - 00000000 ____D () C:\Users\7Heaven\AppData\Local\Unity
2014-04-18 15:22 - 2014-04-19 20:34 - 00000000 ____D () C:\Users\7Heaven\Documents\Bluetooth Folder
2014-04-18 03:32 - 2014-04-18 03:35 - 53845901 _____ () C:\Users\7Heaven\Desktop\PUMPED UP KICKS DUBSTEP[1].mp4
2014-04-14 07:44 - 2014-02-03 20:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-14 07:44 - 2014-02-03 20:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-14 07:44 - 2014-01-31 00:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-14 07:44 - 2014-01-30 21:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-14 07:44 - 2014-01-30 21:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-14 07:44 - 2014-01-30 21:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-14 07:44 - 2014-01-30 21:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-14 07:44 - 2014-01-30 21:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-14 07:44 - 2014-01-30 21:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-14 07:44 - 2014-01-30 21:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-14 07:44 - 2014-01-27 00:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-14 07:44 - 2014-01-27 00:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-14 07:44 - 2014-01-26 21:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-14 07:44 - 2014-01-26 21:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-14 07:44 - 2014-01-26 20:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-14 07:44 - 2014-01-15 20:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-14 07:44 - 2014-01-11 03:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-14 07:44 - 2014-01-11 02:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-14 07:44 - 2014-01-02 20:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-14 07:44 - 2014-01-02 20:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-14 07:43 - 2014-03-06 21:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-14 07:43 - 2014-03-06 21:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-14 07:43 - 2014-03-06 21:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-14 07:43 - 2014-03-06 21:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-14 07:43 - 2014-03-06 21:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-14 07:43 - 2014-03-06 21:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-14 07:43 - 2014-03-06 21:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-14 07:43 - 2014-03-06 21:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-14 07:43 - 2014-03-06 21:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-14 07:43 - 2014-03-06 21:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-14 07:43 - 2014-03-06 21:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-14 07:43 - 2014-03-06 21:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-14 07:43 - 2014-03-06 21:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-14 07:43 - 2014-03-06 21:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-14 07:43 - 2014-03-06 21:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-14 07:43 - 2014-03-06 21:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-14 07:43 - 2014-03-06 21:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-14 07:43 - 2014-03-06 21:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-14 07:43 - 2014-03-06 21:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-14 07:43 - 2013-05-15 19:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-04-14 07:43 - 2013-05-15 19:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-04-14 07:43 - 2013-05-14 10:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-14 07:43 - 2013-05-14 06:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-14 07:43 - 2013-02-21 07:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-14 07:43 - 2013-02-21 07:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-14 07:43 - 2013-02-21 07:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-14 07:43 - 2013-02-21 07:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-14 07:43 - 2013-02-21 07:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-14 07:43 - 2013-02-21 07:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-14 07:43 - 2013-02-19 06:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-04-14 07:43 - 2012-11-08 01:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-14 07:43 - 2012-11-08 01:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-14 07:43 - 2012-07-26 00:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-10 15:08 - 2014-02-05 20:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 15:08 - 2014-02-05 20:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-10 15:08 - 2014-02-05 20:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-10 15:08 - 2014-02-05 20:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-05 00:39 - 2014-04-05 00:39 - 00000000 ____D () C:\Users\7Heaven\AppData\Roaming\Creevity Mp3 Cover Downloader
2014-04-05 00:38 - 2014-04-05 00:38 - 00001036 _____ () C:\Users\Public\Desktop\Creevity Mp3 Cover Downloader.lnk
2014-04-05 00:38 - 2014-04-05 00:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creevity Mp3 Cover Downloader
2014-04-05 00:38 - 2014-04-05 00:38 - 00000000 ____D () C:\Program Files\Creevity Mp3 Cover Downloader
2014-04-05 00:37 - 2014-04-05 00:37 - 01334718 _____ (Diego Alicata ) C:\Users\7Heaven\Downloads\Mp3CoverDownloaderSetup.exe

==================== One Month Modified Files and Folders =======

2014-05-02 13:58 - 2014-05-02 13:58 - 00000000 ____D () C:\FRST
2014-05-02 13:58 - 2014-05-02 12:20 - 00000000 ____D () C:\Users\7Heaven\Desktop\Nova pasta
2014-05-02 13:57 - 2014-05-02 09:52 - 00079721 _____ () C:\Windows\WindowsUpdate.log
2014-05-02 13:49 - 2014-05-02 13:49 - 00000841 _____ () C:\Users\7Heaven\Desktop\JRT.txt
2014-05-02 13:32 - 2014-05-02 12:02 - 00000000 ____D () C:\Users\7Heaven\AppData\Roaming\ZHP
2014-05-02 13:21 - 2013-07-10 22:16 - 00000954 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1945482154-598400869-252928238-1002UA.job
2014-05-02 13:11 - 2012-12-03 13:51 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-02 13:05 - 2014-05-02 12:02 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-05-02 13:00 - 2012-07-26 05:12 - 00000000 ____D () C:\Windows\system32\sru
2014-05-02 12:52 - 2014-05-02 08:58 - 00000000 ____D () C:\Program Files\PCDApp
2014-05-02 12:51 - 2014-05-02 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-02 12:31 - 2012-11-27 17:14 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1945482154-598400869-252928238-1002
2014-05-02 12:03 - 2014-05-02 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-05-02 12:03 - 2012-10-16 00:44 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-05-02 11:54 - 2012-12-03 13:51 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-02 11:54 - 2012-07-26 04:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-02 11:54 - 2012-07-26 02:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-05-02 11:32 - 2014-05-02 09:15 - 00003544 _____ () C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
2014-05-02 10:59 - 2014-05-02 10:47 - 00035104 _____ () C:\Windows\PFRO.log
2014-05-02 10:57 - 2014-05-02 10:57 - 00000000 ____D () C:\Users\Public\Documents\Baidu
2014-05-02 10:56 - 2014-05-02 10:53 - 00000000 ____D () C:\AdwCleaner
2014-05-02 10:56 - 2012-11-27 17:09 - 00000000 ___RD () C:\Users\7Heaven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-02 09:46 - 2012-11-27 17:09 - 00000986 _____ () C:\Users\7Heaven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-02 09:42 - 2014-05-02 09:00 - 00902246 _____ () C:\Users\7Heaven\AppData\Local\auauhth.gss
2014-05-02 09:42 - 2014-05-02 09:00 - 00002048 _____ () C:\Users\7Heaven\AppData\Local\auauhth.gdb
2014-05-02 09:30 - 2014-04-01 22:25 - 00003542 _____ () C:\PureRa.txt
2014-05-02 09:15 - 2014-02-24 18:50 - 00000029 _____ () C:\Windows\SysWOW64\config.ini
2014-05-02 09:15 - 2012-07-26 05:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-02 09:15 - 2012-07-26 05:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-05-02 09:00 - 2014-05-02 09:01 - 01745872 _____ (AnyProtect.com) C:\Users\7Heaven\AppData\Local\nsu5F0D.tmp
2014-05-02 08:37 - 2012-07-26 07:32 - 00763854 _____ () C:\Windows\system32\prfh0416.dat
2014-05-02 08:37 - 2012-07-26 07:32 - 00155144 _____ () C:\Windows\system32\prfc0416.dat
2014-05-02 08:37 - 2012-07-26 04:28 - 01769104 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-01 22:21 - 2013-07-10 22:16 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1945482154-598400869-252928238-1002Core.job
2014-05-01 22:04 - 2014-05-01 22:04 - 00172544 _____ () C:\Users\7Heaven\Desktop\QUANTITATIVOS M TEC.xls
2014-04-30 14:13 - 2012-07-26 05:12 - 00000000 ____D () C:\Windows\rescache
2014-04-29 22:17 - 2014-04-29 22:17 - 00461052 _____ () C:\Users\7Heaven\Desktop\25_04_2014 - Apresentação Mirna Pacto do Ensino Médio Mirna na I reunião técnica (1).pptx
2014-04-29 18:04 - 2012-07-26 05:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-04-29 12:40 - 2014-04-29 12:32 - 00001132 _____ () C:\Users\Public\Desktop\MPC-HC x64.lnk
2014-04-29 12:40 - 2014-04-29 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2014-04-29 12:40 - 2013-05-19 00:08 - 00000000 ____D () C:\Program Files (x86)\MPC-HC
2014-04-29 12:36 - 2014-04-29 12:36 - 00000000 ____D () C:\Users\7Heaven\AppData\Roaming\MPC-HC
2014-04-28 19:19 - 2013-12-07 22:20 - 00000000 ____D () C:\Users\7Heaven\Desktop\negile
2014-04-28 19:19 - 2013-03-03 13:34 - 00000000 ____D () C:\Users\7Heaven\Desktop\[ Atalhos Programas ]
2014-04-28 14:54 - 2012-07-26 02:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-04-25 11:39 - 2012-07-26 05:12 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-04-25 09:53 - 2013-05-15 12:31 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1945482154-598400869-252928238-1002
2014-04-25 09:53 - 2013-05-15 12:31 - 00003214 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1945482154-598400869-252928238-1002
2014-04-25 09:52 - 2013-05-15 12:29 - 00000000 ____D () C:\Users\7Heaven\AppData\Roaming\Real
2014-04-22 20:47 - 2013-11-20 15:34 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-22 20:47 - 2013-11-20 15:34 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-22 13:33 - 2013-06-11 20:15 - 00000000 ____D () C:\Users\7Heaven\Desktop\Arquivos
2014-04-22 02:13 - 2014-04-22 02:13 - 00000000 ____D () C:\Users\7Heaven\AppData\Roaming\Unity
2014-04-22 02:12 - 2014-04-22 02:12 - 00000000 ____D () C:\Users\7Heaven\AppData\Local\Unity
2014-04-19 20:34 - 2014-04-18 15:22 - 00000000 ____D () C:\Users\7Heaven\Documents\Bluetooth Folder
2014-04-18 15:23 - 2012-11-27 17:09 - 00000000 ____D () C:\Users\7Heaven\AppData\Roaming\Atheros
2014-04-18 03:35 - 2014-04-18 03:32 - 53845901 _____ () C:\Users\7Heaven\Desktop\PUMPED UP KICKS DUBSTEP[1].mp4
2014-04-14 17:32 - 2012-11-27 17:09 - 00000000 ___RD () C:\Users\7Heaven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-14 08:52 - 2012-07-26 05:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-14 08:52 - 2012-07-26 05:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-14 08:50 - 2012-11-28 14:40 - 00000000 ____D () C:\Users\7Heaven\AppData\Local\CrashDumps
2014-04-11 11:11 - 2012-10-16 00:41 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-04-09 14:18 - 2012-11-28 17:29 - 00000000 ____D () C:\Users\Todos os Usuários\Microsoft Help
2014-04-09 14:18 - 2012-11-28 17:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 14:17 - 2013-07-13 21:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 14:15 - 2012-12-21 18:11 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 13:52 - 2012-07-26 05:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-04-06 00:16 - 2012-10-16 00:22 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-04-06 00:16 - 2012-10-16 00:22 - 00000000 ____D () C:\Windows\system32\NV
2014-04-06 00:16 - 2012-10-16 00:19 - 00000000 ____D () C:\Users\Todos os Usuários\NVIDIA
2014-04-06 00:16 - 2012-10-16 00:19 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-05 00:39 - 2014-04-05 00:39 - 00000000 ____D () C:\Users\7Heaven\AppData\Roaming\Creevity Mp3 Cover Downloader
2014-04-05 00:38 - 2014-04-05 00:38 - 00001036 _____ () C:\Users\Public\Desktop\Creevity Mp3 Cover Downloader.lnk
2014-04-05 00:38 - 2014-04-05 00:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creevity Mp3 Cover Downloader
2014-04-05 00:38 - 2014-04-05 00:38 - 00000000 ____D () C:\Program Files\Creevity Mp3 Cover Downloader
2014-04-05 00:37 - 2014-04-05 00:37 - 01334718 _____ (Diego Alicata ) C:\Users\7Heaven\Downloads\Mp3CoverDownloaderSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-27 14:37

==================== End Of Log ============================
avatar
ViniciusDorneles
Membro
Membro

Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 24
Localização : MA

Voltar ao Topo Ir em baixo

Re: Programas se instalaram automaticamente em meu Pc.

Mensagem por ViniciusDorneles em Sex 02 Maio 2014, 14:01

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2014
Ran by 7Heaven at 2014-05-02 13:58:29
Running from C:\Users\7Heaven\Desktop\Nova pasta
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.3.28705 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Reader X (10.1.9) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AMCap (HKLM-x32\...\AMCap) (Version: 9.20.132.2 - Noël Danjou)
Any Video Converter 5 5.0.3 (HKLM-x32\...\Any Video Converter 5_is1) (Version: - Any-Video-Converter.com)
Ares 2.1.7 (HKLM-x32\...\Ares) (Version: 2.1.7-Build#3041 - Ares Development Group)
Atualizações da NVIDIA 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 3.8.6610 - DsNET Corp)
Bing Bar (HKLM-x32\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C4400 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.40.0 - Conexant)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Creevity Mp3 Cover Downloader (HKLM\...\Mp3 Cover Downloader_is1) (Version: 1.4.0 - Diego Alicata)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.1913 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1904 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version: - Microsoft)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.209 - ALPS ELECTRIC CO., LTD.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DiscadorOi.exe (HKLM-x32\...\oigsm_is1) (Version: 1.4.1.0 - LightComm Tecnologia)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
DVDShrink 2008 (HKLM-x32\...\{EE3FBA20-AB77-46E0-9825-565807A24A66}) (Version: 1.0.0 - BitByteSoft)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Free CD to MP3 Converter (HKLM-x32\...\Free CD to MP3 Converter) (Version: - Eusing Software)
Galeria de Fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart C4400 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{886E586A-9121-4515-9C18-2C04202614B2}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2817 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417000FF}) (Version: 7.0.0 - Oracle)
LibreOffice 3.3 (HKLM-x32\...\{3D33A4EB-957B-4212-BF0D-7F7FB02F1BE3}) (Version: 3.3.301 - LibreOffice)
Malwarebytes Anti-Malware versão 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.944 - McAfee, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Monitor da tecnologia Intel® Turbo Boost 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movies Toolbar for Chrome (Dist. by Torch Media, Inc.) (HKLM-x32\...\torchmediamoviestoolbar181CR) (Version: 1.8.1.0 - IAC Search and Media) <==== ATTENTION
MPC-HC 1.7.4 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.4 - MPC-HC Team)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6422.14 - PC-Doctor, Inc.)
NVIDIA Driver de gráficos 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Olicard160 (HKLM-x32\...\{49B40A1F-2AB0-4EE1-A6B0-56E7A85BEBFB}) (Version: 1.000.00001 - Olivetti)
Painel de controle da NVIDIA 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PS_AIO_03_C4400_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.204 - Nome de sua empresa:)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.27 - Dell Inc.)
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
TeamViewer 6 (HKLM-x32\...\TeamViewer 6) (Version: 6.0.9699 Beta - TeamViewer GmbH)
TIM Communicator (HKLM-x32\...\OrolixCommunicator) (Version: - )
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0416-0000-0000000FF1CE}_Office14.SingleImage_{956FF6E4-8BBB-4B9A-9279-8A34D8C1FF9D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0416-0000-0000000FF1CE}_Office14.SingleImage_{27F43FC3-052A-41B5-9F39-68514C0AABC2}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Vivo - Guia Vivo Internet versão 1.0 (HKLM-x32\...\{C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1) (Version: 1.0 - Vivo)
VIVO INTERNET (HKLM-x32\...\VIVO INTERNET) (Version: 16.002.10.19.149 - Huawei Technologies Co.,Ltd)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Watchtower Library 2012 - Português (HKLM-x32\...\{BB706B9B-B7D3-478B-8BB1-FB412C76E408}) (Version: 14.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
ZHPDiag 2014 (HKLM-x32\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)

==================== Restore Points =========================

14-04-2014 11:31:02 Windows Update
22-04-2014 00:53:31 Windows Update
29-04-2014 15:57:10 Windows Update
02-05-2014 15:52:02 ZHPFix Restore System Point

==================== Hosts content: ==========================

2012-07-26 02:26 - 2014-03-23 13:26 - 00000840 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {04633C92-32CA-42E4-A8DA-0C5768CA8329} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {09E49529-E2E8-47A5-ACB5-E77A5145C540} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-12-03] (PC-Doctor, Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1B15E560-42F8-422C-BC6D-FCFBB3A1E625} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1945482154-598400869-252928238-1002Core => C:\Users\7Heaven\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-10] (Facebook Inc.)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2EFB6EEF-E3DD-4CD7-AEFD-591B5D51C1C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {4770D7EE-41E5-44DF-A838-78BEB5CD8D76} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {4EAEED92-00F4-4D0A-AB67-514F05F2F0F2} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1945482154-598400869-252928238-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {55C29433-B97E-465F-A9B0-7C69CD307261} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {6020638A-52D4-4D29-93D3-170F19DBF484} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1945482154-598400869-252928238-1002UA => C:\Users\7Heaven\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-10] (Facebook Inc.)
Task: {698C1F30-C4BD-4AD7-AFBE-42D7CE432A7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {971F497E-3D1C-487B-B918-C0A1E3017334} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
Task: {A1AB78C5-A9CE-43B0-A204-501FB2843435} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-12-03] (PC-Doctor, Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C2FBEA07-D38B-40A8-861E-8029B96889F7} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {DFC26324-1C5B-4BEC-8C88-942B831C1C1A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1945482154-598400869-252928238-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1945482154-598400869-252928238-1002Core.job => C:\Users\7Heaven\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1945482154-598400869-252928238-1002UA.job => C:\Users\7Heaven\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-03-28 11:49 - 2010-10-01 12:49 - 00620032 _____ () C:\Windows\SysWOW64\GSMSrvEjector.exe
2011-03-14 12:27 - 2011-03-14 12:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-04-16 03:07 - 2013-04-16 03:07 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-10-16 00:39 - 2012-04-24 23:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-07-26 07:37 - 2012-07-26 07:35 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-10-16 00:30 - 2012-07-18 11:03 - 00165024 _____ () C:\Program Files\Conexant\SA3\MaxxAudioWrapper.dll
2012-07-31 19:10 - 2012-07-31 19:10 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2012-07-31 19:05 - 2012-07-31 19:05 - 00020992 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\L10n\pt-BR\BtTray.pt-BR.dll
2012-10-16 04:53 - 2012-07-25 17:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-06 13:09 - 2013-04-19 19:51 - 00023328 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2013-07-06 13:09 - 2013-04-19 19:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll
2012-11-28 17:22 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2012-10-16 00:38 - 2012-06-08 00:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-02-16 13:13 - 2014-02-16 13:13 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\b1c5b85477b09ceb4fa27fdf6e37e617\PSIClient.ni.dll
2012-10-16 00:29 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-07-06 13:09 - 2013-05-02 20:01 - 01813792 _____ () C:\Program Files (x86)\Dell Backup and Recovery\OLCoreWrapper.dll
2014-04-27 21:15 - 2014-04-23 21:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-04-27 21:15 - 2014-04-23 21:33 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
2014-04-27 21:15 - 2014-04-23 21:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
2014-04-27 21:15 - 2014-04-23 21:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-27 21:15 - 2014-04-23 21:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-27 21:15 - 2014-04-23 21:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
2014-04-27 21:15 - 2014-04-23 21:33 - 13692232 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1703 Bluetooth
Description: Dell Wireless 1703 Bluetooth
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-04-18 15:24:01.299
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-03-24 18:32:19.060
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-26 00:07:48.020
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-05 11:10:53.147
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-05 10:41:13.609
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-08-09 00:28:07.823
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-07-15 08:49:11.387
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-07-12 23:22:41.662
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-07-11 03:15:34.529
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-07-11 03:15:34.505
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 6002.92 MB
Available physical RAM: 3715.88 MB
Total Pagefile: 6962.92 MB
Available Pagefile: 4240.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (Inspiron 14R 3540) (Fixed) (Total:923.19 GB) (Free:824.67 GB) NTFS
Drive y: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: C2C88BB0)

Partition: GPT Partition Type.

==================== End Of Log ============================
avatar
ViniciusDorneles
Membro
Membro

Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 24
Localização : MA

Voltar ao Topo Ir em baixo

Re: Programas se instalaram automaticamente em meu Pc.

Mensagem por Power Max em Sex 02 Maio 2014, 15:40

 Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o no mesmo local onde você deixou o Farbar (FRST64) que é este lugar abaixo:
C:\Users\7Heaven\Desktop\Nova pasta

Execute o FRST64. Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo.

Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Programas se instalaram automaticamente em meu Pc.

Mensagem por ViniciusDorneles em Sex 02 Maio 2014, 15:43

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-05-2014
Ran by 7Heaven at 2014-05-02 15:42:50 Run:1
Running from C:\Users\7Heaven\Desktop\Nova pasta
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL = [Você precisa estar registrado e conectado para ver este link.]
SearchScopes: HKLM-x32 - {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL = [Você precisa estar registrado e conectado para ver este link.]
CHR HKLM-x32\...\Chrome\Extension: [aaaahecedhhkmoghjlecefpdmlmlilgc] - C:\Users\7Heaven\AppData\Local\torchmediamoviestoolbar181\GC\toolbar.crx [2013-12-12]
2014-05-02 10:57 - 2014-05-02 10:57 - 00000000 ____D () C:\Users\Public\Documents\Baidu
2014-05-02 09:15 - 2014-05-02 11:32 - 00003544 _____ () C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
2014-05-02 09:01 - 2014-05-02 09:00 - 01745872 _____ (AnyProtect.com) C:\Users\7Heaven\AppData\Local\nsu5F0D.tmp
Movies Toolbar for Chrome (Dist. by Torch Media, Inc.) (HKLM-x32\...\torchmediamoviestoolbar181CR) (Version: 1.8.1.0 - IAC Search and Media) <==== ATTENTION
Task: {971F497E-3D1C-487B-B918-C0A1E3017334} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:373E1720
end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} => Key deleted successfully.
HKCR\CLSID\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaahecedhhkmoghjlecefpdmlmlilgc => Key deleted successfully.
C:\Users\7Heaven\AppData\Local\torchmediamoviestoolbar181\GC\toolbar.crx => Moved successfully.
C:\Users\Public\Documents\Baidu => Moved successfully.
C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Moved successfully.
C:\Users\7Heaven\AppData\Local\nsu5F0D.tmp => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{971F497E-3D1C-487B-B918-C0A1E3017334} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{971F497E-3D1C-487B-B918-C0A1E3017334} => Key deleted successfully.
C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633 => Key deleted successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
"C:\Users\Todos os Usuários\Temp" => ":373E1720" ADS not found.

==== End of Fixlog ====
avatar
ViniciusDorneles
Membro
Membro

Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 24
Localização : MA

Voltar ao Topo Ir em baixo

Re: Programas se instalaram automaticamente em meu Pc.

Mensagem por Power Max em Sex 02 Maio 2014, 15:48

Como está o PC atualmente?

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Programas se instalaram automaticamente em meu Pc.

Mensagem por ViniciusDorneles em Sex 02 Maio 2014, 15:56

Está muito melhor, mais rápido e não travando.
O trojan Artemis parou de aparecer.
Há algo a mais a fazer?
avatar
ViniciusDorneles
Membro
Membro

Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 24
Localização : MA

Voltar ao Topo Ir em baixo

Re: Programas se instalaram automaticamente em meu Pc.

Mensagem por Power Max em Sex 02 Maio 2014, 16:00

Ainda deve ter restos do Baidu em seu PC.

 Faça o download do SystemLook.exe no endereço abaixo e salve no seu Desktop (área de trabalho):
[Você precisa estar registrado e conectado para ver este link.]

*** Para usuários do usuários do Windows Vista, Windows 7 ou Windows 8: Clique com o direito sobre o arquivo SystemLook.exe, depois clique em [Você precisa estar registrado e conectado para ver esta imagem.]

Após abrir o SystemLook.exe, selecione, copie todo este texto destacado em vermelho que te passei.

Cole o texto que você acabou de copiar na caixa de texto do SystemLook.

Clique no botão Look e ao fim do exame um log (relatório) se abrirá. Ele é salvo como SystemLook.txt no Desktop.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.


Última edição por Power Max em Sex 02 Maio 2014, 17:17, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Programas se instalaram automaticamente em meu Pc.

Mensagem por ViniciusDorneles em Sex 02 Maio 2014, 16:07

SystemLook 30.07.11 by jpshortstuff
Log created at 16:06 on 02/05/2014 by 7Heaven
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "baidu"
No files found.

========== folderfind ==========

Searching for "baidu"
C:\AdwCleaner\Quarantine\C\Users\7Heaven\AppData\Roaming\baidu d------ [13:56 02/05/2014]
C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu d------ [13:56 02/05/2014]
C:\FRST\Quarantine\C\Users\Public\Documents\Baidu d------ [13:57 02/05/2014]
C:\Users\7Heaven\AppData\Roaming\ZHP\Quarantine\baidu.DIR\Baidu d------ [15:52 02/05/2014]

========== regfind ==========

Searching for "baidu"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\UFH\SHC]
"13"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bav.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_USERS\.DEFAULT\Software\Baidu]
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-21-1945482154-598400869-252928238-1001\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-1945482154-598400869-252928238-1002\Software\Microsoft\Windows\CurrentVersion\UFH\SHC]
"13"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bav.exe"
[HKEY_USERS\S-1-5-18\Software\Baidu]
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

-= EOF =-
avatar
ViniciusDorneles
Membro
Membro

Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 24
Localização : MA

Voltar ao Topo Ir em baixo

Re: Programas se instalaram automaticamente em meu Pc.

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Página 2 de 3 Anterior  1, 2, 3  Seguinte

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum