Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 5 usuários online :: 0 registrados, 0 invisíveis e 5 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Problemas com o "View-Password".
2 participantes
Página 1 de 2
Página 1 de 2 • 1, 2 
Problemas com o "View-Password".
por ViniciusDorneles Dom 23 Mar 2014, 00:37
Oi sou novo aqui e um leigo nesta área, estava fazendo compras Online quando me deparei com o "View-Password"
Procurei na internet e descobre o perigo disto.
Tentei vários programas desde o "Adw" até o "Loaris", mas nada foi resolvido.
Liguei para um amigo meu, Rodrigo César, e ele me indicou vocês.
Sei que é trabalhoso e complicado, mas vocês poderiam me ajudar?
Agradeceria muitíssimo.
Procurei na internet e descobre o perigo disto.
Tentei vários programas desde o "Adw" até o "Loaris", mas nada foi resolvido.
Liguei para um amigo meu, Rodrigo César, e ele me indicou vocês.
Sei que é trabalhoso e complicado, mas vocês poderiam me ajudar?
Agradeceria muitíssimo.
ViniciusDorneles- Membro
- Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 30
Localização : MA
Re: Problemas com o "View-Password".
por Power Max Dom 23 Mar 2014, 00:42
Olá Vinícius. Seja bem vindo ao Fórum PC Brasil.
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )
|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
|- Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
|- Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Última edição por Power Max em Dom 23 Mar 2014, 21:08, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Problemas com o "View-Password".
por ViniciusDorneles Dom 23 Mar 2014, 00:47
Estou fazendo o procedimento.
ViniciusDorneles- Membro
- Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 30
Localização : MA
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Problemas com o "View-Password".
por ViniciusDorneles Dom 23 Mar 2014, 00:52
~ Relatório do ZHPDiag v2014.3.22.25 - Nicolas Coolman (22/03/2014)
~ Iniciado por 7Heaven (23/03/2014 00:50:42)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16843
GCIE: Google Chrome v33.0.1750.154 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Single Language, 64-bit (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
McAfee Security Scan Plus v3.8.141.11
Windows Defender W8
---\\ Softwares d'optimização do sistema
CCleaner v4.10 =>Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.2.3.28705 =>P2P.µTorrent
---\\ Monitoramento dos softwares
Adobe Reader X
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6002 MB (57% free)
System Restore: Activé (Enable)
System drive C: has 827 GB (89%) free of 923 GB
---\\ Modo de conexão ao sistema
~ Computer Name: ACESHIGH
~ User Name: 7Heaven
~ All Users Names: UpdatusUser, Convidado, Administrador, 7Heaven,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\7Heaven\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\7Heaven\AppData\Roaming\
~ %Desktop% : C:\Users\7Heaven\Desktop\
~ %Favorites% : C:\Users\7Heaven\Favorites\
~ %LocalAppData% : C:\Users\7Heaven\AppData\Local\
~ %StartMenu% : C:\Users\7Heaven\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 827 Go of 923 Go)
D: CD-ROM drive (Not Inserted)
Y: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.79EDF01FA13D886F8E1B655D542011FB] - (.Microsoft Corporation - Internet Extensions para Win32.) (.23/02/2014 - 05:13:41.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.11/10/2012 - 02:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 00:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.25/07/2012 - 23:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 03:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.05/02/2013 - 19:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.02/02/2013 - 07:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/8047
~ Mes musiques (My Musics) : 1/266
~ Mes Videos (My Videos) : 3/40
~ Mes Favoris (My Favorites) : 1/5
~ Mes Documents (My Documents) : 2/56
~ Mon Bureau (My Desktop) : 1/1303
~ Menu demarrer (Programs) : 1/36
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.349AB4F70E2AC44970894E7F03E1576E] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [236384] [PID.3796]
[MD5.69E967F3FF9E3DF41F4228440FBD43AE] - (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe [1015808] [PID.4896]
[MD5.98B31CBC09D671DADEB7C92AEF1CBE29] - (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Users\7Heaven\AppData\Roaming\VIVO INTERNET\ouc.exe [110592] [PID.4936]
[MD5.63A2D767B9261B4F33F97BF88F2FB197] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [276328] [PID.4948]
[MD5.724CB7A116F7E1A67009D751BCF86586] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120] [PID.5092]
[MD5.9388FBA0B9985B18B3693A32B530A16B] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888] [PID.4220]
[MD5.178ED8F65EFC80EED8346A082E04ED62] - (.Lightcomm - No Comment.) -- C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe [441856] [PID.4156]
[MD5.225518F190EDBC37CA32197A3E94B498] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512] [PID.4144]
[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.4412]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.4372]
[MD5.FF2CE3EC0F87A69B2F61EF9D89514800] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504] [PID.1668]
[MD5.2FB757B35C94B1C1C65BA35E4E7EC0F2] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [174952] [PID.3016]
[MD5.F01A418BDDFC14D60E463C50CABC7750] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [565096] [PID.5128]
[MD5.B2F0B501A7C017F21C4B4417623895BD] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [367976] [PID.5160]
[MD5.253EB69F697FCCFEFCE49335301EF3A1] - (.SoftThinks - Dell - Dell Backup And Recovery Toaster.) -- C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.exe [4124760] [PID.6076]
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976] [PID.3224]
[MD5.7D25BE752946B2307CDFCA22D6CEADBB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8256000] [PID.1040]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\7Heaven\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [bopakagnckmlgajfccecajhnimjiiedh] McAfee Security Scan+ v.3.8.141.12 (Désactivé)
G2 - GCE: Preference [User Data\Default] [lnkdbjbjpnpjeciipoaflmpcddinpjjp] Ashish Mishra v. ()
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 14 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Bing Bar - [HKLM]{8dcb7100-df86-4384-8842-8fa844297b3f} . (.Microsoft Corporation. - Bing Client Extensions.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll =>Toolbar.Bing
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Central de Soluções HP.lnk . (.Hewlett-Packard Company - hpqdirec.exe.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe
O4 - GS\Desktop [Public]: Discador Oi.lnk . (.LightComm Tecnologia - 3G Dialer.) -- C:\Program Files (x86)\Oi\Oi3G\DiscadorOi.exe
O4 - GS\Desktop [Public]: Guia Vivo Internet.lnk . (...) -- C:\Program Files (x86)\Vivo\Guia Vivo Internet\Guia Vivo Internet\Guia Vivo Internet.hta
O4 - GS\Desktop [Public]: Kantoo English.lnk - Chave orfã
O4 - GS\Desktop [Public]: Loaris Trojan Remover.lnk . (.Loaris Inc. - Loaris Trojan Remover.) -- C:\Program Files\Loaris\Trojan Remover\ltr.exe
O4 - GS\Desktop [Public]: Loja de Suprimentos HP.lnk . (.Hewlett-Packard Development Company L.P. - Shop for HP Supplies.) -- C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe
O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.) -- C:\Program Files\McAfee Security Scan\3.8.141\McUICnt.exe
O4 - GS\Desktop [Public]: MPC-HC.lnk . (.MPC-HC Team - MPC-HC.) -- C:\Program Files (x86)\MPC-HC\mpc-hc.exe
O4 - GS\Desktop [Public]: Nuvem de Livros.lnk - Chave orfã
O4 - GS\Desktop [Public]: Segurança Online.lnk - Chave orfã
O4 - GS\Desktop [Public]: TIM Communicator.lnk . (...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O4 - GS\Desktop [Public]: Video Search.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: VIVO INTERNET.lnk . (...) -- C:\Program Files (x86)\VIVO INTERNET\VIVO INTERNET.exe
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Public]: Dell Digital Delivery.lnk . (.Dell Products, LP - Dell Digital Delivery.) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryTray.exe
O4 - GS\Program [Public]: Desktop.lnk - Chave orfã
O4 - GS\Program [Public]: Registro OCR I.R.I.S..lnk . (.I.R.I.S. Image Recognition Integarted Syste - Registration Wizard.) -- C:\Program Files (x86)\HP\Digital Imaging\DocProc\regipe.exe
O4 - GS\QuickLaunch [UpdatusUser]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\Desktop [UpdatusUser]: Ares.lnk . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - GS\Desktop [UpdatusUser]: Free CD to MP3 Converter.lnk . (...) -- C:\Program Files (x86)\CD to MP3 Freeware\cdextract.exe
O4 - GS\Desktop [UpdatusUser]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [7Heaven]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [7Heaven]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [7Heaven]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [7Heaven]: Ares.lnk . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - GS\TaskBar [7Heaven]: Google Chrome (2).lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [7Heaven]: Google Chrome.lnk - Chave orfã
O4 - GS\TaskBar [7Heaven]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\Program [7Heaven]: Computador.lnk - Chave orfã
O4 - GS\Program [7Heaven]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [7Heaven]: Videos.lnk - Chave orfã
O4 - GS\Desktop [7Heaven]: Any Video Converter 5.lnk . (.AnvSoft Inc. - Any Video Converter Application.) -- C:\Program Files (x86)\AnvSoft\Any Video Converter 5\AVCFree.exe
O4 - GS\Desktop [7Heaven]: Free CD to MP3 Converter.lnk . (...) -- C:\Program Files (x86)\CD to MP3 Freeware\cdextract.exe
~ Global Startup: 67 Legitimates Filtered in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Public]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe =>.Hewlett-Packard Co
O4 - GS\Startup [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [QuickSet] . (.Dell Inc. - QuickSet.) -- c:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [IntelTBRunOnce] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Run: [SmartAudio] . (.Conexant Systems, Inc. - SmartAudio CPL (32bit).) -- C:\Program Files\CONEXANT\SA3\SACpl.exe
O4 - HKLM\..\Run: [BtTray] . (.Qualcomm Atheros - BtTray.) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
O4 - HKLM\..\Run: [BtvStack] . (.Atheros Communications - Bluetooth Stack Server.) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\7Heaven\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] . (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer_For_P2G8] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
O4 - HKLM\..\Wow6432Node\Run: [CLVirtualDrive] . (.CyberLink Corp. - CyberLink Virtual Drive.) -- C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [GSMEjector] . (.Lightcomm - No Comment.) -- C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-21\..\Run: [resource] Chave orfã
O4 - HKUS\S-1-5-21\..\RunOnce: [resource] Chave orfã
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Chave orfã
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B9844E1-867C-498C-AD6E-D95CC09D411C}: NameServer = 189.40.198.80 189.40.226.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DDDB32C-B228-46AF-9737-50F6197B1B9D}: NameServer = 189.40.198.80 189.40.226.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{74960B8F-3592-4F6D-B259-C437CA6D820F}: NameServer = 189.40.226.80 189.40.198.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C4997C3-B22F-4C0F-A58C-001E1ECCE1E9}: NameServer = 189.40.226.80 189.40.224.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{04B2CE81-D062-430A-985B-CF18ABD0D180}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C006F53-A5A1-46F3-B2CA-816B80F28E83}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{04B2CE81-D062-430A-985B-CF18ABD0D180}: DhcpDomain = dslgw.infineon.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C006F53-A5A1-46F3-B2CA-816B80F28E83}: DhcpDomain = setup.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B9844E1-867C-498C-AD6E-D95CC09D411C}: NameServer = 189.40.198.80 189.40.226.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{3DDDB32C-B228-46AF-9737-50F6197B1B9D}: NameServer = 189.40.198.80 189.40.226.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{74960B8F-3592-4F6D-B259-C437CA6D820F}: NameServer = 189.40.226.80 189.40.198.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{7C4997C3-B22F-4C0F-A58C-001E1ECCE1E9}: NameServer = 189.40.226.80 189.40.224.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{04B2CE81-D062-430A-985B-CF18ABD0D180}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6C006F53-A5A1-46F3-B2CA-816B80F28E83}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{04B2CE81-D062-430A-985B-CF18ABD0D180}: DhcpDomain = dslgw.infineon.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{6C006F53-A5A1-46F3-B2CA-816B80F28E83}: DhcpDomain = setup.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 306.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: GSM Ejector Service (GSMEjector) . (...) - C:\Windows\SysWOW64\GSMSrvEjector.exe
O23 - Service: HWDeviceService64.exe (HWDeviceService64.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Orolix Device Monitor (OrolixDeviceMonitor) . (.Orolix Desenvolvimento de Software LTDA. - USB Device monitor.) - C:\Program Files (x86)\TIM Communicator\module\devicemon.exe
O23 - Service: Update Kozaka (Update Kozaka) . (...) - C:\Program Files (x86)\Kozaka\updateKozaka.exe (.not file.) =>PUP.Kozaka
~ Services: 29 Legitimates Filtered in 00mn 06s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [SomotoUpdateCheckerAutoStart] (...) -- C:\Users\7Heaven\AppData\Local\FilesFrog Update Checker\update_checker.exe (.not file.) [0] =>Adware.MegaSearch
[MD5.00000000000000000000000000000000] [APT] [{85A7996E-E3BF-4C73-9CD8-9A27BED17A36}] (...) -- C:\Program Files (x86)\WinZip Driver Updater\unins000.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A548B176-D645-440D-A852-FE927B2F90D2}] (...) -- C:\Users\7Heaven\Pictures\Vin¡cius\Others\Etc\Games\PC\SimCity\dotnetfx.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BB821326-D3BA-4573-A6F5-F6B2F79FB3C6}] (...) -- C:\Program Files (x86)\Fortunitas\Fortunitasuninstall.exe (.not file.) [0] =>PUP.Fortunitas
~ Scheduled Task: 19 Legitimates Filtered in 00mn 01s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys =>Adware.BDSearch
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys
~ Drivers: 42 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Ares 2.1.7 - (.Ares Development Group.) [HKLM][64Bits] -- Ares
O42 - Logiciel: TIM Communicator - (...) [HKLM][64Bits] -- OrolixCommunicator
O42 - Logiciel: Vivo - Guia Vivo Internet versão 1.0 - (.Vivo.) [HKLM][64Bits] -- {C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1
O42 - Logiciel: sweet-page uninstaller - (.sweet-page.) [HKLM][64Bits] -- sweet-page uninstaller =>PUP.SweetPage
~ Logic: 37 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\38524InstEnd]
[HKCU\Software\Ares]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Baidu] =>Adware.BDSearch
[HKCU\Software\MiserWare, Inc.]
[HKCU\Software\OrolixCommunicator]
[HKCU\Software\Orolix]
[HKCU\Software\iVIDI Plugin] =>PUP.Ividi
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\CNXT_UIU_MUTEX]
[HKLM\Software\Loaris]
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Trojan.Lozavita
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Fortunitas] =>PUP.Fortunitas
[HKLM\Software\Wow6432Node\Orolix]
[HKLM\Software\Wow6432Node\USBDriverFlag]
~ Key Software: 313 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/11/2012 - 17:20:38 - [4,783] ----D C:\Program Files (x86)\Ares
O43 - CFD: 24/02/2014 - 18:49:11 - [0,001] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 04/03/2013 - 16:05:09 - [4,110] ----D C:\Program Files (x86)\CD to MP3 Freeware
O43 - CFD: 28/11/2012 - 17:22:04 - [0,545] ----D C:\Program Files (x86)\MiserWare
O43 - CFD: 24/02/2014 - 18:56:29 - [0] ----D C:\Program Files (x86)\NNeextCooupa =>PUP.NetCoupon
O43 - CFD: 28/03/2013 - 11:49:37 - [13,115] ----D C:\Program Files (x86)\Oi
O43 - CFD: 19/12/2012 - 14:51:32 - [29,072] ----D C:\Program Files (x86)\TIM Communicator
O43 - CFD: 31/12/2013 - 10:55:41 - [4,007] ----D C:\Program Files (x86)\Vivo
O43 - CFD: 31/12/2013 - 10:55:22 - [51,792] ----D C:\Program Files (x86)\VIVO INTERNET
O43 - CFD: 24/02/2014 - 19:28:36 - [0] ----D C:\Program Files (x86)\weebsaaVe =>PUP.Websave
O43 - CFD: 22/03/2014 - 22:33:03 - [0,129] ----D C:\ProgramData\1fe18c60706bcd7c
O43 - CFD: 22/03/2014 - 22:30:06 - [90,891] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 24/02/2014 - 19:27:30 - [6,822] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 22/03/2014 - 22:51:30 - [32,423] ----D C:\ProgramData\Loaris
O43 - CFD: 28/11/2012 - 17:22:04 - [0,001] ----D C:\ProgramData\MiserWare
O43 - CFD: 22/03/2014 - 22:34:05 - [0] ----D C:\ProgramData\NNeextCooupa =>PUP.NetCoupon
O43 - CFD: 28/03/2013 - 11:49:37 - [0,099] ----D C:\ProgramData\OI
O43 - CFD: 19/12/2012 - 14:51:32 - [4,566] ----D C:\ProgramData\OrolixCommunicator
O43 - CFD: 22/03/2014 - 22:41:17 - [0] ----D C:\ProgramData\weebsaaVe =>PUP.Websave
O43 - CFD: 04/03/2013 - 15:56:27 - [23,535] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 15/05/2013 - 11:23:44 - [2,821] ----D C:\Users\7Heaven\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 22/03/2014 - 23:32:23 - [2,170] ----D C:\Users\7Heaven\AppData\Roaming\sweet-page =>PUP.SweetPage
O43 - CFD: 15/01/2014 - 11:55:42 - [6,155] ----D C:\Users\7Heaven\AppData\Roaming\VIVO INTERNET
O43 - CFD: 28/11/2012 - 17:20:40 - [0,029] ----D C:\Users\7Heaven\AppData\Local\Ares
O43 - CFD: 28/11/2012 - 17:20:38 - [0] ----D C:\Users\7Heaven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ares
O43 - CFD: 04/03/2013 - 16:05:05 - [0] ----D C:\Users\7Heaven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
~ Program Folder: 206 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0D81B1EC59725FD32CCED931F908A4FA] - 22/03/2014 - 22:24:03 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [155144]
O44 - LFC:[MD5.FFC16E790499E32F3B5A16CF7A4F2AC3] - 22/03/2014 - 22:24:03 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [763854]
O44 - LFC:[MD5.90C486EB8F0E47B6CE9E1F2810A54619] - 22/03/2014 - 22:51:36 ---A- . (...) -- C:\NTUSER.DAT [262144]
O44 - LFC:[MD5.76AA9677F829DA967F37C080AFE6D291] - 22/03/2014 - 22:51:36 -SHA- . (...) -- C:\NTUSER.DAT.LOG1 [8192]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/03/2014 - 22:51:36 -SHA- . (...) -- C:\NTUSER.DAT.LOG2 [0]
O44 - LFC:[MD5.E0751C554783D985D706AF26EA60CD58] - 22/03/2014 - 22:51:37 -SHA- . (...) -- C:\NTUSER.DAT{355ed663-b22c-11e3-bef4-782bcbbe36d9}.TM.blf [65536]
O44 - LFC:[MD5.F40502BB81EA95E2C5C9E5E41B49A3CE] - 22/03/2014 - 22:51:37 -SHA- . (...) -- C:\NTUSER.DAT{355ed663-b22c-11e3-bef4-782bcbbe36d9}.TMContainer00000000000000000001.regtrans-ms [524288]
O44 - LFC:[MD5.59071590099D21DD439896592338BF95] - 22/03/2014 - 22:51:37 -SHA- . (...) -- C:\NTUSER.DAT{355ed663-b22c-11e3-bef4-782bcbbe36d9}.TMContainer00000000000000000002.regtrans-ms [524288]
~ Files: 41 Legitimates Filtered in 00mn 02s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{31e5f40e-6f7e-11e3-becd-782bcbbe36d9}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{61be45e2-49fe-11e2-be6b-782bcbbe36d9}\AutoRun\command. (...) -- F:\autorun.exe (.not file.)
O51 - MPSK:{61be46e4-49fe-11e2-be6b-782bcbbe36d9}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
O51 - MPSK:{61be47da-49fe-11e2-be6b-782bcbbe36d9}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
O51 - MPSK:{693be290-38c0-11e2-be6a-e006e6d0e196}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
O51 - MPSK:{693bee07-38c0-11e2-be6a-e006e6d0e196}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
O51 - MPSK:{693bee38-38c0-11e2-be6a-e006e6d0e196}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
O51 - MPSK:{693befcb-38c0-11e2-be6a-e006e6d0e196}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
O51 - MPSK:{693beffe-38c0-11e2-be6a-e006e6d0e196}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
O51 - MPSK:{693bf072-38c0-11e2-be6a-e006e6d0e196}\AutoRun\command. (...) -- F:\autorun.exe (.not file.)
O51 - MPSK:{693bf0af-38c0-11e2-be6a-e006e6d0e196}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
O51 - MPSK:{693bf109-38c0-11e2-be6a-e006e6d0e196}\AutoRun\command. (...) -- F:\autorun.exe (.not file.)
O51 - MPSK:{794affad-4a01-11e2-be6c-782bcbbe36d9}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
O51 - MPSK:{794b0054-4a01-11e2-be6c-782bcbbe36d9}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
O51 - MPSK:{794b0084-4a01-11e2-be6c-782bcbbe36d9}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
O51 - MPSK:{c91a2866-8238-11e3-bed8-782bcbbe36d9}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{ce184198-c12e-11e2-be8b-782bcbbe36d9}\AutoRun\command. (...) -- E:\Setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1
~ MWPS: 20 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.AE8EE29474663398737DBC146D53D440] - 31/07/2012 - 23:51:44 ---A- . (.Windows (R) Win 7 DDK provider - BulkUsb Driver.) -- C:\Windows\System32\Drivers\AthDfu.sys [55448]
O58 - SDL:[MD5.37F5CDA64FC515B3072531C1187EDCCA] - 21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:[MD5.DFC1681F6645CB2AEA83897588F05362] - 21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624] =>Adware.BDSearch
O58 - SDL:[MD5.F4C1984178175ACE4A75BE23059C3E0A] - 21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:[MD5.27069CFFF29B7F04F4B1BB10154BE52B] - 19/10/2012 - 04:52:32 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4-1999 Driver.) -- C:\Windows\System32\Drivers\Dot4.sys [151968]
O58 - SDL:[MD5.0BD906A79F9CE3013F7D9D0AC45F9F9D] - 19/10/2012 - 04:52:30 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4 Print Class Driver.) -- C:\Windows\System32\Drivers\Dot4Prt.sys [27040]
O58 - SDL:[MD5.F572B7467B5CB4FA8FB6319575902E41] - 08/10/2010 - 16:59:40 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [32768]
O58 - SDL:[MD5.15E399875C850B54FC253A2323AD8021] - 06/08/2010 - 07:43:20 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [1001472]
O58 - SDL:[MD5.913C625EB03E0F917BF934734369EC54] - 10/06/2010 - 01:15:06 ---A- . (.Windows (R) Codename Longhorn DDK provider - Alcatelusb Driver.) -- C:\Windows\System32\Drivers\Olicard160Usb.sys [25088]
O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
~ Drivers: 20 Legitimates Filtered in 00mn 00s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.DF06DC5837316EA78746E3F790A950ED] [SPRF][22/03/2014] (...) -- C:\Users\7Heaven\Desktop\AdwCleaner.exe [1950720]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{FF4B54E0-8081-452A-858C-521625D04BA8}C:\program files (x86)\ares\ares.exe" | In - Public - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "UDP Query User{C675C01B-42D6-4763-BCF7-38C0AEED452A}C:\program files (x86)\ares\ares.exe" | In - Public - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "{667D31A8-00C3-4E36-8B8C-7865DD20BEEB}" | In - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O87 - FAEL: "{8E42264C-5F23-468B-AAED-F57B846FC677}" | In - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O87 - FAEL: "{90B551C8-5231-4868-AB24-501838E6BFE3}" | In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O87 - FAEL: "{E61035D5-0299-484A-AAF2-5BD28897E316}" | In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O87 - FAEL: "{7D12583F-A295-4DFE-A6C1-B26D48BCD52E}" | In - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O87 - FAEL: "{22E34D1F-C31F-45DE-85CB-917F0D1E0E76}" | In - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O87 - FAEL: "TCP Query User{52C38062-DA06-4102-8FA3-A746618DB625}C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe" | In - Public - P6 - TRUE | .(.DsNET - aTube Catcher to download and convert videos..) -- C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe
O87 - FAEL: "UDP Query User{CB5524EF-09C6-4666-9A22-BEF8CB7CC9BF}C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe" | In - Public - P17 - TRUE | .(.DsNET - aTube Catcher to download and convert videos..) -- C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe
O87 - FAEL: "{CB8E9290-35D2-4176-9170-927478647DF7}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (.not file.) =>Adware.RelevantKnowledge
O87 - FAEL: "{18F43EE1-6F53-4BA1-8BBB-44D6201DE7CD}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (.not file.) =>Adware.RelevantKnowledge
O87 - FAEL: "TCP Query User{BF5E1C5A-14FF-4531-8626-5A6A3952D38D}C:\program files (x86)\ares\ares.exe" | In - Private - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "UDP Query User{D189B4E9-A826-4326-B140-24AA988AC8B3}C:\program files (x86)\ares\ares.exe" | In - Private - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "{87246730-5B0C-4ECE-B92F-3427AB693C68}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles
O87 - FAEL: "{B3F379CA-B965-46E5-BC22-CADB086F38D3}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles
O87 - FAEL: "{2C2D939C-A1C1-4051-B602-218FB948406E}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles
O87 - FAEL: "{D11CE49F-9B81-4DF3-A3C2-B4EF11C977D3}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles
O87 - FAEL: "TCP Query User{B5818F2B-EDA9-4D29-A88E-4C47E5534F5E}C:\users\7heaven\appdata\local\akamai\netsession_win.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\7heaven\appdata\local\akamai\netsession_win.exe (.not file.)
O87 - FAEL: "UDP Query User{FAE6ACF8-93F4-4AA6-A7D2-EA7491AA5C63}C:\users\7heaven\appdata\local\akamai\netsession_win.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\7heaven\appdata\local\akamai\netsession_win.exe (.not file.)
O87 - FAEL: "{B4BC8752-9ED2-4037-8538-1B26F1BCEA28}" |In - Private - P6 - TRUE | .(...) -- C:\AeriaGames\AuraKingdom\game.bin (.not file.)
O87 - FAEL: "{C16F6908-9D13-4477-AFBE-542222DB333E}" |In - Private - P17 - TRUE | .(...) -- C:\AeriaGames\AuraKingdom\game.bin (.not file.)
O87 - FAEL: "TCP Query User{304E68AA-A54A-4510-9C9F-B4830AEE8FE1}C:\users\7heaven\appdata\local\akamai\netsession_win.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\7heaven\appdata\local\akamai\netsession_win.exe (.not file.)
O87 - FAEL: "UDP Query User{7CE4FFC8-E947-4536-BC05-57FAF474F47E}C:\users\7heaven\appdata\local\akamai\netsession_win.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\7heaven\appdata\local\akamai\netsession_win.exe (.not file.)
~ Firewall: 277 Legitimates Filtered in 00mn 00s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "1BF4A48A307DBD84980E866B94D98210" . (..) -- C:\Windows\Installer\{A84A4FB1-D703-48DB-89E0-68B6499D2801}\ARPPRODUCTICON.exe
O90 - PUC: "617DD6FF01B79624F991FF0BA74CDC59" . (.Bing Bar.) -- C:\Windows\Installer\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 87 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.C133F19570415BEC44B8403A15BD4E9A] [WIS][29/04/2011] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\13a78b09.msi [523776]
[MD5.3C39FF60A6924725D3000F9A5B2EF377] [WIS][11/06/2011] (.LibreOffice - LibreOffice 3.3.) -- C:\Windows\Installer\5893aa6.msi [4321280]
~ WIS: 91 Legitimates Filtered in 00mn 05s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 16/12/2013 193696 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe
SS - | Demand 05/10/2012 277024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 19/06/2012 173056 | (DellDigitalDelivery) . (.Dell Products, LP..) - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
SS - | Auto 03/12/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 03/12/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 26/01/2012 332080 | (McAWFwk) . (.McAfee, Inc..) - C:\Program Files\mcafee\msc\McAWFwk.exe
SS - | Demand 15/01/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
SS - | Demand 02/08/2013 602944 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SS - | Disabled 31/08/2012 201304 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Demand 30/05/2012 149544 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SS - | Auto 10/07/1658 0 | (Update Kozaka) . (...) - C:\Program Files (x86)\Kozaka\updateKozaka.exe =>PUP.Kozaka
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Auto 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 31/07/2012 207488 | (AtherosSvc) . (.Qualcomm Atheros Commnucations.) - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
SR - | Demand 16/12/2013 247968 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
SR - | Auto 11/10/2011 109184 | (CxUtilSvc) . (.Conexant Systems, Inc..) - C:\Program Files\Conexant\SA3\CxUtilSvc.exe
SR - | Auto 01/10/2010 620032 | (GSMEjector) . (...) - C:\Windows\SysWOW64\GSMSrvEjector.exe
SR - | Auto 30/07/2013 328928 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Demand 20/09/2012 29696 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 20/09/2012 29696 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/03/2011 346976 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SR - | Auto 09/07/2012 7168 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 13/07/2012 2451456 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 28/01/2014 178528 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 30/07/2013 328928 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 21/01/2014 1025712 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 27/01/2014 219752 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 27/01/2014 185792 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 20/09/2012 29696 | C:\Windows\System32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 02/10/2012 891240 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 01/08/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 21/12/2010 26528 | (OrolixDeviceMonitor) . (.Orolix Desenvolvimento de Software LTDA..) - C:\Program Files (x86)\TIM Communicator\module\devicemon.exe
SR - | Auto 20/09/2012 29696 | C:\Windows\System32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 16/04/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 24/04/2012 254512 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SR - | Auto 23/05/2013 1915480 | (SftService) . (.SoftThinks SAS.) - C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
SR - | Auto 16/11/2010 2249000 | (TeamViewer6) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
SR - | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 22/07/2012 77824 | (ZAtheros Wlan Agent) . (.Atheros.) - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
~ Services: Scanned in 00mn 05s
---\\ Scâner Aditional (088)
Database Version : 13031 - (22/03/2014)
Clés trouvées (Keys found) : 6
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 10
Fichiers trouvés (Files found) : 7
[HKLM\SYSTEM\CurrentControlSet\Services\Update Kozaka] =>PUP.Kozaka^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstaller] =>PUP.SweetPage^
[HKLM\Software\Loaris] =>Rogue.Multiple
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{8dcb7100-df86-4384-8842-8fa844297b3f} =>Toolbar.Bing^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\Program Files (x86)\NNeextCooupa =>PUP.NetCoupon^
C:\Program Files (x86)\weebsaaVe =>PUP.Websave^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\NNeextCooupa =>PUP.NetCoupon^
C:\ProgramData\weebsaaVe =>PUP.Websave^
C:\Users\7Heaven\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\Users\7Heaven\AppData\Roaming\sweet-page =>PUP.SweetPage^
C:\ProgramData\Loaris =>Rogue.Multiple
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\Baidu] =>Adware.BDSearch^
[HKCU\Software\iVIDI Plugin] =>PUP.Ividi^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Fortunitas] =>PUP.Fortunitas^
~ Additionnel Scan: 347623 Items scanned in 00mn 19s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Kozaka
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.MegaSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Fortunitas
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SweetPage
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Ividi
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.NetCoupon
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.WebSave
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Tarma
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.RelevantKnowledge
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
~ MSI: 12 link(s) detected in 00mn 19s
~ 1140 Legitimates filtered by white list
End of the scan (655 lines in 00mn 49s)(0)
~ Iniciado por 7Heaven (23/03/2014 00:50:42)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16843
GCIE: Google Chrome v33.0.1750.154 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Single Language, 64-bit (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
McAfee Security Scan Plus v3.8.141.11
Windows Defender W8
---\\ Softwares d'optimização do sistema
CCleaner v4.10 =>Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.2.3.28705 =>P2P.µTorrent
---\\ Monitoramento dos softwares
Adobe Reader X
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6002 MB (57% free)
System Restore: Activé (Enable)
System drive C: has 827 GB (89%) free of 923 GB
---\\ Modo de conexão ao sistema
~ Computer Name: ACESHIGH
~ User Name: 7Heaven
~ All Users Names: UpdatusUser, Convidado, Administrador, 7Heaven,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\7Heaven\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\7Heaven\AppData\Roaming\
~ %Desktop% : C:\Users\7Heaven\Desktop\
~ %Favorites% : C:\Users\7Heaven\Favorites\
~ %LocalAppData% : C:\Users\7Heaven\AppData\Local\
~ %StartMenu% : C:\Users\7Heaven\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 827 Go of 923 Go)
D: CD-ROM drive (Not Inserted)
Y: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.79EDF01FA13D886F8E1B655D542011FB] - (.Microsoft Corporation - Internet Extensions para Win32.) (.23/02/2014 - 05:13:41.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.11/10/2012 - 02:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 00:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.25/07/2012 - 23:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 03:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.05/02/2013 - 19:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.02/02/2013 - 07:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/8047
~ Mes musiques (My Musics) : 1/266
~ Mes Videos (My Videos) : 3/40
~ Mes Favoris (My Favorites) : 1/5
~ Mes Documents (My Documents) : 2/56
~ Mon Bureau (My Desktop) : 1/1303
~ Menu demarrer (Programs) : 1/36
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.349AB4F70E2AC44970894E7F03E1576E] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [236384] [PID.3796]
[MD5.69E967F3FF9E3DF41F4228440FBD43AE] - (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe [1015808] [PID.4896]
[MD5.98B31CBC09D671DADEB7C92AEF1CBE29] - (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Users\7Heaven\AppData\Roaming\VIVO INTERNET\ouc.exe [110592] [PID.4936]
[MD5.63A2D767B9261B4F33F97BF88F2FB197] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [276328] [PID.4948]
[MD5.724CB7A116F7E1A67009D751BCF86586] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120] [PID.5092]
[MD5.9388FBA0B9985B18B3693A32B530A16B] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888] [PID.4220]
[MD5.178ED8F65EFC80EED8346A082E04ED62] - (.Lightcomm - No Comment.) -- C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe [441856] [PID.4156]
[MD5.225518F190EDBC37CA32197A3E94B498] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512] [PID.4144]
[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.4412]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.4372]
[MD5.FF2CE3EC0F87A69B2F61EF9D89514800] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504] [PID.1668]
[MD5.2FB757B35C94B1C1C65BA35E4E7EC0F2] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [174952] [PID.3016]
[MD5.F01A418BDDFC14D60E463C50CABC7750] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [565096] [PID.5128]
[MD5.B2F0B501A7C017F21C4B4417623895BD] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [367976] [PID.5160]
[MD5.253EB69F697FCCFEFCE49335301EF3A1] - (.SoftThinks - Dell - Dell Backup And Recovery Toaster.) -- C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.exe [4124760] [PID.6076]
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976] [PID.3224]
[MD5.7D25BE752946B2307CDFCA22D6CEADBB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8256000] [PID.1040]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\7Heaven\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [bopakagnckmlgajfccecajhnimjiiedh] McAfee Security Scan+ v.3.8.141.12 (Désactivé)
G2 - GCE: Preference [User Data\Default] [lnkdbjbjpnpjeciipoaflmpcddinpjjp] Ashish Mishra v. ()
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 14 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Bing Bar - [HKLM]{8dcb7100-df86-4384-8842-8fa844297b3f} . (.Microsoft Corporation. - Bing Client Extensions.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll =>Toolbar.Bing
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Central de Soluções HP.lnk . (.Hewlett-Packard Company - hpqdirec.exe.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe
O4 - GS\Desktop [Public]: Discador Oi.lnk . (.LightComm Tecnologia - 3G Dialer.) -- C:\Program Files (x86)\Oi\Oi3G\DiscadorOi.exe
O4 - GS\Desktop [Public]: Guia Vivo Internet.lnk . (...) -- C:\Program Files (x86)\Vivo\Guia Vivo Internet\Guia Vivo Internet\Guia Vivo Internet.hta
O4 - GS\Desktop [Public]: Kantoo English.lnk - Chave orfã
O4 - GS\Desktop [Public]: Loaris Trojan Remover.lnk . (.Loaris Inc. - Loaris Trojan Remover.) -- C:\Program Files\Loaris\Trojan Remover\ltr.exe
O4 - GS\Desktop [Public]: Loja de Suprimentos HP.lnk . (.Hewlett-Packard Development Company L.P. - Shop for HP Supplies.) -- C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe
O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.) -- C:\Program Files\McAfee Security Scan\3.8.141\McUICnt.exe
O4 - GS\Desktop [Public]: MPC-HC.lnk . (.MPC-HC Team - MPC-HC.) -- C:\Program Files (x86)\MPC-HC\mpc-hc.exe
O4 - GS\Desktop [Public]: Nuvem de Livros.lnk - Chave orfã
O4 - GS\Desktop [Public]: Segurança Online.lnk - Chave orfã
O4 - GS\Desktop [Public]: TIM Communicator.lnk . (...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O4 - GS\Desktop [Public]: Video Search.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: VIVO INTERNET.lnk . (...) -- C:\Program Files (x86)\VIVO INTERNET\VIVO INTERNET.exe
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Public]: Dell Digital Delivery.lnk . (.Dell Products, LP - Dell Digital Delivery.) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryTray.exe
O4 - GS\Program [Public]: Desktop.lnk - Chave orfã
O4 - GS\Program [Public]: Registro OCR I.R.I.S..lnk . (.I.R.I.S. Image Recognition Integarted Syste - Registration Wizard.) -- C:\Program Files (x86)\HP\Digital Imaging\DocProc\regipe.exe
O4 - GS\QuickLaunch [UpdatusUser]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\Desktop [UpdatusUser]: Ares.lnk . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - GS\Desktop [UpdatusUser]: Free CD to MP3 Converter.lnk . (...) -- C:\Program Files (x86)\CD to MP3 Freeware\cdextract.exe
O4 - GS\Desktop [UpdatusUser]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [7Heaven]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [7Heaven]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [7Heaven]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [7Heaven]: Ares.lnk . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - GS\TaskBar [7Heaven]: Google Chrome (2).lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [7Heaven]: Google Chrome.lnk - Chave orfã
O4 - GS\TaskBar [7Heaven]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\Program [7Heaven]: Computador.lnk - Chave orfã
O4 - GS\Program [7Heaven]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [7Heaven]: Videos.lnk - Chave orfã
O4 - GS\Desktop [7Heaven]: Any Video Converter 5.lnk . (.AnvSoft Inc. - Any Video Converter Application.) -- C:\Program Files (x86)\AnvSoft\Any Video Converter 5\AVCFree.exe
O4 - GS\Desktop [7Heaven]: Free CD to MP3 Converter.lnk . (...) -- C:\Program Files (x86)\CD to MP3 Freeware\cdextract.exe
~ Global Startup: 67 Legitimates Filtered in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Public]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe =>.Hewlett-Packard Co
O4 - GS\Startup [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [QuickSet] . (.Dell Inc. - QuickSet.) -- c:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [IntelTBRunOnce] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Run: [SmartAudio] . (.Conexant Systems, Inc. - SmartAudio CPL (32bit).) -- C:\Program Files\CONEXANT\SA3\SACpl.exe
O4 - HKLM\..\Run: [BtTray] . (.Qualcomm Atheros - BtTray.) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
O4 - HKLM\..\Run: [BtvStack] . (.Atheros Communications - Bluetooth Stack Server.) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\7Heaven\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] . (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer_For_P2G8] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
O4 - HKLM\..\Wow6432Node\Run: [CLVirtualDrive] . (.CyberLink Corp. - CyberLink Virtual Drive.) -- C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [GSMEjector] . (.Lightcomm - No Comment.) -- C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-21\..\Run: [resource] Chave orfã
O4 - HKUS\S-1-5-21\..\RunOnce: [resource] Chave orfã
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Chave orfã
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B9844E1-867C-498C-AD6E-D95CC09D411C}: NameServer = 189.40.198.80 189.40.226.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DDDB32C-B228-46AF-9737-50F6197B1B9D}: NameServer = 189.40.198.80 189.40.226.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{74960B8F-3592-4F6D-B259-C437CA6D820F}: NameServer = 189.40.226.80 189.40.198.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C4997C3-B22F-4C0F-A58C-001E1ECCE1E9}: NameServer = 189.40.226.80 189.40.224.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{04B2CE81-D062-430A-985B-CF18ABD0D180}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C006F53-A5A1-46F3-B2CA-816B80F28E83}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{04B2CE81-D062-430A-985B-CF18ABD0D180}: DhcpDomain = dslgw.infineon.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C006F53-A5A1-46F3-B2CA-816B80F28E83}: DhcpDomain = setup.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B9844E1-867C-498C-AD6E-D95CC09D411C}: NameServer = 189.40.198.80 189.40.226.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{3DDDB32C-B228-46AF-9737-50F6197B1B9D}: NameServer = 189.40.198.80 189.40.226.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{74960B8F-3592-4F6D-B259-C437CA6D820F}: NameServer = 189.40.226.80 189.40.198.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{7C4997C3-B22F-4C0F-A58C-001E1ECCE1E9}: NameServer = 189.40.226.80 189.40.224.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{04B2CE81-D062-430A-985B-CF18ABD0D180}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6C006F53-A5A1-46F3-B2CA-816B80F28E83}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{04B2CE81-D062-430A-985B-CF18ABD0D180}: DhcpDomain = dslgw.infineon.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{6C006F53-A5A1-46F3-B2CA-816B80F28E83}: DhcpDomain = setup.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 306.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: GSM Ejector Service (GSMEjector) . (...) - C:\Windows\SysWOW64\GSMSrvEjector.exe
O23 - Service: HWDeviceService64.exe (HWDeviceService64.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Orolix Device Monitor (OrolixDeviceMonitor) . (.Orolix Desenvolvimento de Software LTDA. - USB Device monitor.) - C:\Program Files (x86)\TIM Communicator\module\devicemon.exe
O23 - Service: Update Kozaka (Update Kozaka) . (...) - C:\Program Files (x86)\Kozaka\updateKozaka.exe (.not file.) =>PUP.Kozaka
~ Services: 29 Legitimates Filtered in 00mn 06s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [SomotoUpdateCheckerAutoStart] (...) -- C:\Users\7Heaven\AppData\Local\FilesFrog Update Checker\update_checker.exe (.not file.) [0] =>Adware.MegaSearch
[MD5.00000000000000000000000000000000] [APT] [{85A7996E-E3BF-4C73-9CD8-9A27BED17A36}] (...) -- C:\Program Files (x86)\WinZip Driver Updater\unins000.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A548B176-D645-440D-A852-FE927B2F90D2}] (...) -- C:\Users\7Heaven\Pictures\Vin¡cius\Others\Etc\Games\PC\SimCity\dotnetfx.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BB821326-D3BA-4573-A6F5-F6B2F79FB3C6}] (...) -- C:\Program Files (x86)\Fortunitas\Fortunitasuninstall.exe (.not file.) [0] =>PUP.Fortunitas
~ Scheduled Task: 19 Legitimates Filtered in 00mn 01s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys =>Adware.BDSearch
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys
~ Drivers: 42 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Ares 2.1.7 - (.Ares Development Group.) [HKLM][64Bits] -- Ares
O42 - Logiciel: TIM Communicator - (...) [HKLM][64Bits] -- OrolixCommunicator
O42 - Logiciel: Vivo - Guia Vivo Internet versão 1.0 - (.Vivo.) [HKLM][64Bits] -- {C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1
O42 - Logiciel: sweet-page uninstaller - (.sweet-page.) [HKLM][64Bits] -- sweet-page uninstaller =>PUP.SweetPage
~ Logic: 37 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\38524InstEnd]
[HKCU\Software\Ares]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Baidu] =>Adware.BDSearch
[HKCU\Software\MiserWare, Inc.]
[HKCU\Software\OrolixCommunicator]
[HKCU\Software\Orolix]
[HKCU\Software\iVIDI Plugin] =>PUP.Ividi
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\CNXT_UIU_MUTEX]
[HKLM\Software\Loaris]
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Trojan.Lozavita
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Fortunitas] =>PUP.Fortunitas
[HKLM\Software\Wow6432Node\Orolix]
[HKLM\Software\Wow6432Node\USBDriverFlag]
~ Key Software: 313 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/11/2012 - 17:20:38 - [4,783] ----D C:\Program Files (x86)\Ares
O43 - CFD: 24/02/2014 - 18:49:11 - [0,001] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 04/03/2013 - 16:05:09 - [4,110] ----D C:\Program Files (x86)\CD to MP3 Freeware
O43 - CFD: 28/11/2012 - 17:22:04 - [0,545] ----D C:\Program Files (x86)\MiserWare
O43 - CFD: 24/02/2014 - 18:56:29 - [0] ----D C:\Program Files (x86)\NNeextCooupa =>PUP.NetCoupon
O43 - CFD: 28/03/2013 - 11:49:37 - [13,115] ----D C:\Program Files (x86)\Oi
O43 - CFD: 19/12/2012 - 14:51:32 - [29,072] ----D C:\Program Files (x86)\TIM Communicator
O43 - CFD: 31/12/2013 - 10:55:41 - [4,007] ----D C:\Program Files (x86)\Vivo
O43 - CFD: 31/12/2013 - 10:55:22 - [51,792] ----D C:\Program Files (x86)\VIVO INTERNET
O43 - CFD: 24/02/2014 - 19:28:36 - [0] ----D C:\Program Files (x86)\weebsaaVe =>PUP.Websave
O43 - CFD: 22/03/2014 - 22:33:03 - [0,129] ----D C:\ProgramData\1fe18c60706bcd7c
O43 - CFD: 22/03/2014 - 22:30:06 - [90,891] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 24/02/2014 - 19:27:30 - [6,822] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 22/03/2014 - 22:51:30 - [32,423] ----D C:\ProgramData\Loaris
O43 - CFD: 28/11/2012 - 17:22:04 - [0,001] ----D C:\ProgramData\MiserWare
O43 - CFD: 22/03/2014 - 22:34:05 - [0] ----D C:\ProgramData\NNeextCooupa =>PUP.NetCoupon
O43 - CFD: 28/03/2013 - 11:49:37 - [0,099] ----D C:\ProgramData\OI
O43 - CFD: 19/12/2012 - 14:51:32 - [4,566] ----D C:\ProgramData\OrolixCommunicator
O43 - CFD: 22/03/2014 - 22:41:17 - [0] ----D C:\ProgramData\weebsaaVe =>PUP.Websave
O43 - CFD: 04/03/2013 - 15:56:27 - [23,535] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 15/05/2013 - 11:23:44 - [2,821] ----D C:\Users\7Heaven\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 22/03/2014 - 23:32:23 - [2,170] ----D C:\Users\7Heaven\AppData\Roaming\sweet-page =>PUP.SweetPage
O43 - CFD: 15/01/2014 - 11:55:42 - [6,155] ----D C:\Users\7Heaven\AppData\Roaming\VIVO INTERNET
O43 - CFD: 28/11/2012 - 17:20:40 - [0,029] ----D C:\Users\7Heaven\AppData\Local\Ares
O43 - CFD: 28/11/2012 - 17:20:38 - [0] ----D C:\Users\7Heaven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ares
O43 - CFD: 04/03/2013 - 16:05:05 - [0] ----D C:\Users\7Heaven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
~ Program Folder: 206 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0D81B1EC59725FD32CCED931F908A4FA] - 22/03/2014 - 22:24:03 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [155144]
O44 - LFC:[MD5.FFC16E790499E32F3B5A16CF7A4F2AC3] - 22/03/2014 - 22:24:03 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [763854]
O44 - LFC:[MD5.90C486EB8F0E47B6CE9E1F2810A54619] - 22/03/2014 - 22:51:36 ---A- . (...) -- C:\NTUSER.DAT [262144]
O44 - LFC:[MD5.76AA9677F829DA967F37C080AFE6D291] - 22/03/2014 - 22:51:36 -SHA- . (...) -- C:\NTUSER.DAT.LOG1 [8192]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/03/2014 - 22:51:36 -SHA- . (...) -- C:\NTUSER.DAT.LOG2 [0]
O44 - LFC:[MD5.E0751C554783D985D706AF26EA60CD58] - 22/03/2014 - 22:51:37 -SHA- . (...) -- C:\NTUSER.DAT{355ed663-b22c-11e3-bef4-782bcbbe36d9}.TM.blf [65536]
O44 - LFC:[MD5.F40502BB81EA95E2C5C9E5E41B49A3CE] - 22/03/2014 - 22:51:37 -SHA- . (...) -- C:\NTUSER.DAT{355ed663-b22c-11e3-bef4-782bcbbe36d9}.TMContainer00000000000000000001.regtrans-ms [524288]
O44 - LFC:[MD5.59071590099D21DD439896592338BF95] - 22/03/2014 - 22:51:37 -SHA- . (...) -- C:\NTUSER.DAT{355ed663-b22c-11e3-bef4-782bcbbe36d9}.TMContainer00000000000000000002.regtrans-ms [524288]
~ Files: 41 Legitimates Filtered in 00mn 02s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{31e5f40e-6f7e-11e3-becd-782bcbbe36d9}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{61be45e2-49fe-11e2-be6b-782bcbbe36d9}\AutoRun\command. (...) -- F:\autorun.exe (.not file.)
O51 - MPSK:{61be46e4-49fe-11e2-be6b-782bcbbe36d9}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
O51 - MPSK:{61be47da-49fe-11e2-be6b-782bcbbe36d9}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
O51 - MPSK:{693be290-38c0-11e2-be6a-e006e6d0e196}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
O51 - MPSK:{693bee07-38c0-11e2-be6a-e006e6d0e196}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
O51 - MPSK:{693bee38-38c0-11e2-be6a-e006e6d0e196}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
O51 - MPSK:{693befcb-38c0-11e2-be6a-e006e6d0e196}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
O51 - MPSK:{693beffe-38c0-11e2-be6a-e006e6d0e196}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
O51 - MPSK:{693bf072-38c0-11e2-be6a-e006e6d0e196}\AutoRun\command. (...) -- F:\autorun.exe (.not file.)
O51 - MPSK:{693bf0af-38c0-11e2-be6a-e006e6d0e196}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
O51 - MPSK:{693bf109-38c0-11e2-be6a-e006e6d0e196}\AutoRun\command. (...) -- F:\autorun.exe (.not file.)
O51 - MPSK:{794affad-4a01-11e2-be6c-782bcbbe36d9}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
O51 - MPSK:{794b0054-4a01-11e2-be6c-782bcbbe36d9}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
O51 - MPSK:{794b0084-4a01-11e2-be6c-782bcbbe36d9}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
O51 - MPSK:{c91a2866-8238-11e3-bed8-782bcbbe36d9}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{ce184198-c12e-11e2-be8b-782bcbbe36d9}\AutoRun\command. (...) -- E:\Setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1
~ MWPS: 20 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.AE8EE29474663398737DBC146D53D440] - 31/07/2012 - 23:51:44 ---A- . (.Windows (R) Win 7 DDK provider - BulkUsb Driver.) -- C:\Windows\System32\Drivers\AthDfu.sys [55448]
O58 - SDL:[MD5.37F5CDA64FC515B3072531C1187EDCCA] - 21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:[MD5.DFC1681F6645CB2AEA83897588F05362] - 21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624] =>Adware.BDSearch
O58 - SDL:[MD5.F4C1984178175ACE4A75BE23059C3E0A] - 21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:[MD5.27069CFFF29B7F04F4B1BB10154BE52B] - 19/10/2012 - 04:52:32 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4-1999 Driver.) -- C:\Windows\System32\Drivers\Dot4.sys [151968]
O58 - SDL:[MD5.0BD906A79F9CE3013F7D9D0AC45F9F9D] - 19/10/2012 - 04:52:30 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4 Print Class Driver.) -- C:\Windows\System32\Drivers\Dot4Prt.sys [27040]
O58 - SDL:[MD5.F572B7467B5CB4FA8FB6319575902E41] - 08/10/2010 - 16:59:40 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [32768]
O58 - SDL:[MD5.15E399875C850B54FC253A2323AD8021] - 06/08/2010 - 07:43:20 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [1001472]
O58 - SDL:[MD5.913C625EB03E0F917BF934734369EC54] - 10/06/2010 - 01:15:06 ---A- . (.Windows (R) Codename Longhorn DDK provider - Alcatelusb Driver.) -- C:\Windows\System32\Drivers\Olicard160Usb.sys [25088]
O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
~ Drivers: 20 Legitimates Filtered in 00mn 00s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.DF06DC5837316EA78746E3F790A950ED] [SPRF][22/03/2014] (...) -- C:\Users\7Heaven\Desktop\AdwCleaner.exe [1950720]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{FF4B54E0-8081-452A-858C-521625D04BA8}C:\program files (x86)\ares\ares.exe" | In - Public - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "UDP Query User{C675C01B-42D6-4763-BCF7-38C0AEED452A}C:\program files (x86)\ares\ares.exe" | In - Public - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "{667D31A8-00C3-4E36-8B8C-7865DD20BEEB}" | In - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O87 - FAEL: "{8E42264C-5F23-468B-AAED-F57B846FC677}" | In - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O87 - FAEL: "{90B551C8-5231-4868-AB24-501838E6BFE3}" | In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O87 - FAEL: "{E61035D5-0299-484A-AAF2-5BD28897E316}" | In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O87 - FAEL: "{7D12583F-A295-4DFE-A6C1-B26D48BCD52E}" | In - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O87 - FAEL: "{22E34D1F-C31F-45DE-85CB-917F0D1E0E76}" | In - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O87 - FAEL: "TCP Query User{52C38062-DA06-4102-8FA3-A746618DB625}C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe" | In - Public - P6 - TRUE | .(.DsNET - aTube Catcher to download and convert videos..) -- C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe
O87 - FAEL: "UDP Query User{CB5524EF-09C6-4666-9A22-BEF8CB7CC9BF}C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe" | In - Public - P17 - TRUE | .(.DsNET - aTube Catcher to download and convert videos..) -- C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe
O87 - FAEL: "{CB8E9290-35D2-4176-9170-927478647DF7}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (.not file.) =>Adware.RelevantKnowledge
O87 - FAEL: "{18F43EE1-6F53-4BA1-8BBB-44D6201DE7CD}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (.not file.) =>Adware.RelevantKnowledge
O87 - FAEL: "TCP Query User{BF5E1C5A-14FF-4531-8626-5A6A3952D38D}C:\program files (x86)\ares\ares.exe" | In - Private - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "UDP Query User{D189B4E9-A826-4326-B140-24AA988AC8B3}C:\program files (x86)\ares\ares.exe" | In - Private - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "{87246730-5B0C-4ECE-B92F-3427AB693C68}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles
O87 - FAEL: "{B3F379CA-B965-46E5-BC22-CADB086F38D3}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles
O87 - FAEL: "{2C2D939C-A1C1-4051-B602-218FB948406E}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles
O87 - FAEL: "{D11CE49F-9B81-4DF3-A3C2-B4EF11C977D3}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles
O87 - FAEL: "TCP Query User{B5818F2B-EDA9-4D29-A88E-4C47E5534F5E}C:\users\7heaven\appdata\local\akamai\netsession_win.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\7heaven\appdata\local\akamai\netsession_win.exe (.not file.)
O87 - FAEL: "UDP Query User{FAE6ACF8-93F4-4AA6-A7D2-EA7491AA5C63}C:\users\7heaven\appdata\local\akamai\netsession_win.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\7heaven\appdata\local\akamai\netsession_win.exe (.not file.)
O87 - FAEL: "{B4BC8752-9ED2-4037-8538-1B26F1BCEA28}" |In - Private - P6 - TRUE | .(...) -- C:\AeriaGames\AuraKingdom\game.bin (.not file.)
O87 - FAEL: "{C16F6908-9D13-4477-AFBE-542222DB333E}" |In - Private - P17 - TRUE | .(...) -- C:\AeriaGames\AuraKingdom\game.bin (.not file.)
O87 - FAEL: "TCP Query User{304E68AA-A54A-4510-9C9F-B4830AEE8FE1}C:\users\7heaven\appdata\local\akamai\netsession_win.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\7heaven\appdata\local\akamai\netsession_win.exe (.not file.)
O87 - FAEL: "UDP Query User{7CE4FFC8-E947-4536-BC05-57FAF474F47E}C:\users\7heaven\appdata\local\akamai\netsession_win.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\7heaven\appdata\local\akamai\netsession_win.exe (.not file.)
~ Firewall: 277 Legitimates Filtered in 00mn 00s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "1BF4A48A307DBD84980E866B94D98210" . (..) -- C:\Windows\Installer\{A84A4FB1-D703-48DB-89E0-68B6499D2801}\ARPPRODUCTICON.exe
O90 - PUC: "617DD6FF01B79624F991FF0BA74CDC59" . (.Bing Bar.) -- C:\Windows\Installer\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 87 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.C133F19570415BEC44B8403A15BD4E9A] [WIS][29/04/2011] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\13a78b09.msi [523776]
[MD5.3C39FF60A6924725D3000F9A5B2EF377] [WIS][11/06/2011] (.LibreOffice - LibreOffice 3.3.) -- C:\Windows\Installer\5893aa6.msi [4321280]
~ WIS: 91 Legitimates Filtered in 00mn 05s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 16/12/2013 193696 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe
SS - | Demand 05/10/2012 277024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 19/06/2012 173056 | (DellDigitalDelivery) . (.Dell Products, LP..) - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
SS - | Auto 03/12/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 03/12/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 26/01/2012 332080 | (McAWFwk) . (.McAfee, Inc..) - C:\Program Files\mcafee\msc\McAWFwk.exe
SS - | Demand 15/01/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
SS - | Demand 02/08/2013 602944 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SS - | Disabled 31/08/2012 201304 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Demand 30/05/2012 149544 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SS - | Auto 10/07/1658 0 | (Update Kozaka) . (...) - C:\Program Files (x86)\Kozaka\updateKozaka.exe =>PUP.Kozaka
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Auto 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 31/07/2012 207488 | (AtherosSvc) . (.Qualcomm Atheros Commnucations.) - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
SR - | Demand 16/12/2013 247968 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
SR - | Auto 11/10/2011 109184 | (CxUtilSvc) . (.Conexant Systems, Inc..) - C:\Program Files\Conexant\SA3\CxUtilSvc.exe
SR - | Auto 01/10/2010 620032 | (GSMEjector) . (...) - C:\Windows\SysWOW64\GSMSrvEjector.exe
SR - | Auto 30/07/2013 328928 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Demand 20/09/2012 29696 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 20/09/2012 29696 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/03/2011 346976 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SR - | Auto 09/07/2012 7168 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 13/07/2012 2451456 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 28/01/2014 178528 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 30/07/2013 328928 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 21/01/2014 1025712 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 27/01/2014 219752 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 27/01/2014 185792 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 20/09/2012 29696 | C:\Windows\System32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 02/10/2012 891240 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 01/08/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 21/12/2010 26528 | (OrolixDeviceMonitor) . (.Orolix Desenvolvimento de Software LTDA..) - C:\Program Files (x86)\TIM Communicator\module\devicemon.exe
SR - | Auto 20/09/2012 29696 | C:\Windows\System32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 16/04/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 24/04/2012 254512 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SR - | Auto 23/05/2013 1915480 | (SftService) . (.SoftThinks SAS.) - C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
SR - | Auto 16/11/2010 2249000 | (TeamViewer6) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
SR - | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 22/07/2012 77824 | (ZAtheros Wlan Agent) . (.Atheros.) - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
~ Services: Scanned in 00mn 05s
---\\ Scâner Aditional (088)
Database Version : 13031 - (22/03/2014)
Clés trouvées (Keys found) : 6
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 10
Fichiers trouvés (Files found) : 7
[HKLM\SYSTEM\CurrentControlSet\Services\Update Kozaka] =>PUP.Kozaka^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstaller] =>PUP.SweetPage^
[HKLM\Software\Loaris] =>Rogue.Multiple
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{8dcb7100-df86-4384-8842-8fa844297b3f} =>Toolbar.Bing^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\Program Files (x86)\NNeextCooupa =>PUP.NetCoupon^
C:\Program Files (x86)\weebsaaVe =>PUP.Websave^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\NNeextCooupa =>PUP.NetCoupon^
C:\ProgramData\weebsaaVe =>PUP.Websave^
C:\Users\7Heaven\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\Users\7Heaven\AppData\Roaming\sweet-page =>PUP.SweetPage^
C:\ProgramData\Loaris =>Rogue.Multiple
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\Baidu] =>Adware.BDSearch^
[HKCU\Software\iVIDI Plugin] =>PUP.Ividi^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Fortunitas] =>PUP.Fortunitas^
~ Additionnel Scan: 347623 Items scanned in 00mn 19s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Kozaka
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.MegaSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Fortunitas
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SweetPage
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Ividi
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.NetCoupon
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.WebSave
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Tarma
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.RelevantKnowledge
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
~ MSI: 12 link(s) detected in 00mn 19s
~ 1140 Legitimates filtered by white list
End of the scan (655 lines in 00mn 49s)(0)
ViniciusDorneles- Membro
- Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 30
Localização : MA
Re: Problemas com o "View-Password".
por ViniciusDorneles Dom 23 Mar 2014, 00:59
Pronto. A situação está crítica?
ViniciusDorneles- Membro
- Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 30
Localização : MA
Re: Problemas com o "View-Password".
por ViniciusDorneles Dom 23 Mar 2014, 01:08
Não consta que o meu notebook tem O "view-passoword" mas todas as minhas páginas na rede está aparecendo.
Acabou de aparecer uma pasta "Baidu security"
Acabou de aparecer uma pasta "Baidu security"
ViniciusDorneles- Membro
- Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 30
Localização : MA
Re: Problemas com o "View-Password".
por Power Max Dom 23 Mar 2014, 01:31
Selecione e copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Dom 23 Mar 2014, 20:51, editado 2 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Problemas com o "View-Password".
por ViniciusDorneles Dom 23 Mar 2014, 01:36
Rapport de ZHPFix 2014.3.19.4 par Nicolas Coolman, Update du 19/03/2014
Fichier d'export Registre :
Run by 7Heaven at 23/03/2014 01:35:34
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador
========== Softwares ==========
AUSENTE Uninstall Process: c:\users\7heaven\appdata\roaming\sweet-page\uninstallmanager.exe
========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstaller]
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}]
ELIMINÉ:* CLSID Extra Buttons: {7815BE26-237D-41A8-A98F-F7BD75F71086}
ELIMINÉ: Service: Update Kozaka
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baidu
ELIMINÉ: HKCU\Software\iVIDI Plugin
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Loaris
ELIMINÉ: HKLM\Software\Wow6432Node\360Safe
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\Wow6432Node\Fortunitas
ELIMINÉ CLSID MPSK: {31e5f40e-6f7e-11e3-becd-782bcbbe36d9}
ELIMINÉ CLSID MPSK: {61be45e2-49fe-11e2-be6b-782bcbbe36d9}
ELIMINÉ CLSID MPSK: {61be46e4-49fe-11e2-be6b-782bcbbe36d9}
ELIMINÉ CLSID MPSK: {61be47da-49fe-11e2-be6b-782bcbbe36d9}
ELIMINÉ CLSID MPSK: {693be290-38c0-11e2-be6a-e006e6d0e196}
ELIMINÉ CLSID MPSK: {693bee07-38c0-11e2-be6a-e006e6d0e196}
ELIMINÉ CLSID MPSK: {693bee38-38c0-11e2-be6a-e006e6d0e196}
ELIMINÉ CLSID MPSK: {693befcb-38c0-11e2-be6a-e006e6d0e196}
ELIMINÉ CLSID MPSK: {693beffe-38c0-11e2-be6a-e006e6d0e196}
ELIMINÉ CLSID MPSK: {693bf072-38c0-11e2-be6a-e006e6d0e196}
ELIMINÉ CLSID MPSK: {693bf0af-38c0-11e2-be6a-e006e6d0e196}
ELIMINÉ CLSID MPSK: {693bf109-38c0-11e2-be6a-e006e6d0e196}
ELIMINÉ CLSID MPSK: {794affad-4a01-11e2-be6c-782bcbbe36d9}
ELIMINÉ CLSID MPSK: {794b0054-4a01-11e2-be6c-782bcbbe36d9}
ELIMINÉ CLSID MPSK: {794b0084-4a01-11e2-be6c-782bcbbe36d9}
ELIMINÉ CLSID MPSK: {c91a2866-8238-11e3-bed8-782bcbbe36d9}
ELIMINÉ CLSID MPSK: {ce184198-c12e-11e2-be8b-782bcbbe36d9}
ELIMINÉ: [HKLM\Software\Classes\Installer\Products\\617DD6FF01B79624F991FF0BA74CDC59]
ELIMINÉ: [HKLM\Software\Classes\Installer\Features\617DD6FF01B79624F991FF0BA74CDC59]
ELIMINÉ: Service: BBSvc
ELIMINÉ: Service: BBUpdate
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f}
ELIMINÉ: {CB8E9290-35D2-4176-9170-927478647DF7}
ELIMINÉ: {18F43EE1-6F53-4BA1-8BBB-44D6201DE7CD}
ELIMINÉ: {87246730-5B0C-4ECE-B92F-3427AB693C68}
ELIMINÉ: {B3F379CA-B965-46E5-BC22-CADB086F38D3}
ELIMINÉ: {2C2D939C-A1C1-4051-B602-218FB948406E}
ELIMINÉ: {D11CE49F-9B81-4DF3-A3C2-B4EF11C977D3}
ELIMINÉ: TCP Query User{B5818F2B-EDA9-4D29-A88E-4C47E5534F5E}C:\users\7heaven\appdata\local\akamai\netsession_win.exe
ELIMINÉ: UDP Query User{FAE6ACF8-93F4-4AA6-A7D2-EA7491AA5C63}C:\users\7heaven\appdata\local\akamai\netsession_win.exe
ELIMINÉ: {B4BC8752-9ED2-4037-8538-1B26F1BCEA28}
ELIMINÉ: {C16F6908-9D13-4477-AFBE-542222DB333E}
ELIMINÉ: TCP Query User{304E68AA-A54A-4510-9C9F-B4830AEE8FE1}C:\users\7heaven\appdata\local\akamai\netsession_win.exe
ELIMINÉ: UDP Query User{7CE4FFC8-E947-4536-BC05-57FAF474F47E}C:\users\7heaven\appdata\local\akamai\netsession_win.exe
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page =
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\users\public\desktop\loaris trojan remover.lnk
ELIMINA REINICIAR: c:\program files\loaris\trojan remover\ltr.exe
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ: c:\program files (x86)\microsoft\bingbar\7.3.124.0\bbsvc.exe
ELIMINA REINICIAR: c:\program files (x86)\microsoft\bingbar\7.3.124.0\seaport.exe
ELIMINÉ Temporários windows (131) (30.135.478 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: SomotoUpdateCheckerAutoStart
ELIMINÉ: {85A7996E-E3BF-4C73-9CD8-9A27BED17A36}
ELIMINÉ: {A548B176-D645-440D-A852-FE927B2F90D2}
ELIMINÉ: {BB821326-D3BA-4573-A6F5-F6B2F79FB3C6}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Outros ==========
NÃO-TRATADO O4 - HKUS\S-1-5-21\..\Run: [resource] Chave orfã
NÃO-TRATADO O4 - HKUS\S-1-5-21\..\RunOnce: [resource] Chave orfã
========== Recapitulativo ==========
38 : Chaves do Registo
19 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
9 : Ficheiros
1 : Softwares
4 : Tarefa planificada
1 : Restauração Sistema
2 : Outros
End of clean in 01mn 49s
========== Caminho do ficheiro do relatório ==========
C:\Users\7Heaven\AppData\Roaming\ZHP\ZHPFix[R1].txt - 23/03/2014 01:35:37 [5387]
Fichier d'export Registre :
Run by 7Heaven at 23/03/2014 01:35:34
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador
========== Softwares ==========
AUSENTE Uninstall Process: c:\users\7heaven\appdata\roaming\sweet-page\uninstallmanager.exe
========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstaller]
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}]
ELIMINÉ:* CLSID Extra Buttons: {7815BE26-237D-41A8-A98F-F7BD75F71086}
ELIMINÉ: Service: Update Kozaka
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baidu
ELIMINÉ: HKCU\Software\iVIDI Plugin
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Loaris
ELIMINÉ: HKLM\Software\Wow6432Node\360Safe
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\Wow6432Node\Fortunitas
ELIMINÉ CLSID MPSK: {31e5f40e-6f7e-11e3-becd-782bcbbe36d9}
ELIMINÉ CLSID MPSK: {61be45e2-49fe-11e2-be6b-782bcbbe36d9}
ELIMINÉ CLSID MPSK: {61be46e4-49fe-11e2-be6b-782bcbbe36d9}
ELIMINÉ CLSID MPSK: {61be47da-49fe-11e2-be6b-782bcbbe36d9}
ELIMINÉ CLSID MPSK: {693be290-38c0-11e2-be6a-e006e6d0e196}
ELIMINÉ CLSID MPSK: {693bee07-38c0-11e2-be6a-e006e6d0e196}
ELIMINÉ CLSID MPSK: {693bee38-38c0-11e2-be6a-e006e6d0e196}
ELIMINÉ CLSID MPSK: {693befcb-38c0-11e2-be6a-e006e6d0e196}
ELIMINÉ CLSID MPSK: {693beffe-38c0-11e2-be6a-e006e6d0e196}
ELIMINÉ CLSID MPSK: {693bf072-38c0-11e2-be6a-e006e6d0e196}
ELIMINÉ CLSID MPSK: {693bf0af-38c0-11e2-be6a-e006e6d0e196}
ELIMINÉ CLSID MPSK: {693bf109-38c0-11e2-be6a-e006e6d0e196}
ELIMINÉ CLSID MPSK: {794affad-4a01-11e2-be6c-782bcbbe36d9}
ELIMINÉ CLSID MPSK: {794b0054-4a01-11e2-be6c-782bcbbe36d9}
ELIMINÉ CLSID MPSK: {794b0084-4a01-11e2-be6c-782bcbbe36d9}
ELIMINÉ CLSID MPSK: {c91a2866-8238-11e3-bed8-782bcbbe36d9}
ELIMINÉ CLSID MPSK: {ce184198-c12e-11e2-be8b-782bcbbe36d9}
ELIMINÉ: [HKLM\Software\Classes\Installer\Products\\617DD6FF01B79624F991FF0BA74CDC59]
ELIMINÉ: [HKLM\Software\Classes\Installer\Features\617DD6FF01B79624F991FF0BA74CDC59]
ELIMINÉ: Service: BBSvc
ELIMINÉ: Service: BBUpdate
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f}
ELIMINÉ: {CB8E9290-35D2-4176-9170-927478647DF7}
ELIMINÉ: {18F43EE1-6F53-4BA1-8BBB-44D6201DE7CD}
ELIMINÉ: {87246730-5B0C-4ECE-B92F-3427AB693C68}
ELIMINÉ: {B3F379CA-B965-46E5-BC22-CADB086F38D3}
ELIMINÉ: {2C2D939C-A1C1-4051-B602-218FB948406E}
ELIMINÉ: {D11CE49F-9B81-4DF3-A3C2-B4EF11C977D3}
ELIMINÉ: TCP Query User{B5818F2B-EDA9-4D29-A88E-4C47E5534F5E}C:\users\7heaven\appdata\local\akamai\netsession_win.exe
ELIMINÉ: UDP Query User{FAE6ACF8-93F4-4AA6-A7D2-EA7491AA5C63}C:\users\7heaven\appdata\local\akamai\netsession_win.exe
ELIMINÉ: {B4BC8752-9ED2-4037-8538-1B26F1BCEA28}
ELIMINÉ: {C16F6908-9D13-4477-AFBE-542222DB333E}
ELIMINÉ: TCP Query User{304E68AA-A54A-4510-9C9F-B4830AEE8FE1}C:\users\7heaven\appdata\local\akamai\netsession_win.exe
ELIMINÉ: UDP Query User{7CE4FFC8-E947-4536-BC05-57FAF474F47E}C:\users\7heaven\appdata\local\akamai\netsession_win.exe
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page =
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\users\public\desktop\loaris trojan remover.lnk
ELIMINA REINICIAR: c:\program files\loaris\trojan remover\ltr.exe
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ: c:\program files (x86)\microsoft\bingbar\7.3.124.0\bbsvc.exe
ELIMINA REINICIAR: c:\program files (x86)\microsoft\bingbar\7.3.124.0\seaport.exe
ELIMINÉ Temporários windows (131) (30.135.478 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: SomotoUpdateCheckerAutoStart
ELIMINÉ: {85A7996E-E3BF-4C73-9CD8-9A27BED17A36}
ELIMINÉ: {A548B176-D645-440D-A852-FE927B2F90D2}
ELIMINÉ: {BB821326-D3BA-4573-A6F5-F6B2F79FB3C6}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Outros ==========
NÃO-TRATADO O4 - HKUS\S-1-5-21\..\Run: [resource] Chave orfã
NÃO-TRATADO O4 - HKUS\S-1-5-21\..\RunOnce: [resource] Chave orfã
========== Recapitulativo ==========
38 : Chaves do Registo
19 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
9 : Ficheiros
1 : Softwares
4 : Tarefa planificada
1 : Restauração Sistema
2 : Outros
End of clean in 01mn 49s
========== Caminho do ficheiro do relatório ==========
C:\Users\7Heaven\AppData\Roaming\ZHP\ZHPFix[R1].txt - 23/03/2014 01:35:37 [5387]
ViniciusDorneles- Membro
- Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 30
Localização : MA
Re: Problemas com o "View-Password".
por Power Max Dom 23 Mar 2014, 01:38
Caso o PC não tenha reiniciado, reinicie-o.
Depois que o computador tiver reiniciado, abra novamente o ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Última edição por Power Max em Dom 23 Mar 2014, 21:14, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Problemas com o "View-Password".
por ViniciusDorneles Dom 23 Mar 2014, 01:41
O "View-Password" ainda aparece.
Irei reiniciar agora.
Irei reiniciar agora.
ViniciusDorneles- Membro
- Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 30
Localização : MA
Re: Problemas com o "View-Password".
por Power Max Dom 23 Mar 2014, 01:45
Sim, depois que reiniciar poste um novo log do ZHP.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Problemas com o "View-Password".
por ViniciusDorneles Dom 23 Mar 2014, 01:52
~ Relatório do ZHPDiag v2014.3.22.25 - Nicolas Coolman (22/03/2014)
~ Iniciado por 7Heaven (23/03/2014 01:50:52)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program
---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16843
GCIE: Google Chrome v33.0.1750.154 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Single Language, 64-bit (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
McAfee Security Scan Plus v3.8.141.11
Windows Defender W8
---\\ Softwares d'optimização do sistema
CCleaner v4.10 =>Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.2.3.28705 =>P2P.µTorrent
---\\ Monitoramento dos softwares
Adobe Reader X
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6002 MB (71% free)
System Restore: Activé (Enable)
System drive C: has 827 GB (89%) free of 923 GB
---\\ Modo de conexão ao sistema
~ Computer Name: ACESHIGH
~ User Name: 7Heaven
~ All Users Names: UpdatusUser, Convidado, Administrador, 7Heaven,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\7Heaven\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\7Heaven\AppData\Roaming\
~ %Desktop% : C:\Users\7Heaven\Desktop\
~ %Favorites% : C:\Users\7Heaven\Favorites\
~ %LocalAppData% : C:\Users\7Heaven\AppData\Local\
~ %StartMenu% : C:\Users\7Heaven\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 827 Go of 923 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.79EDF01FA13D886F8E1B655D542011FB] - (.Microsoft Corporation - Internet Extensions para Win32.) (.23/02/2014 - 05:13:41.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.11/10/2012 - 02:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 00:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.25/07/2012 - 23:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 03:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.05/02/2013 - 19:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.02/02/2013 - 07:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/8048
~ Mes musiques (My Musics) : 1/266
~ Mes Videos (My Videos) : 3/80
~ Mes Favoris (My Favorites) : 1/10
~ Mes Documents (My Documents) : 2/112
~ Mon Bureau (My Desktop) : 1/2608
~ Menu demarrer (Programs) : 1/72
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.349AB4F70E2AC44970894E7F03E1576E] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [236384] [PID.4028]
[MD5.69E967F3FF9E3DF41F4228440FBD43AE] - (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe [1015808] [PID.4940]
[MD5.98B31CBC09D671DADEB7C92AEF1CBE29] - (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Users\7Heaven\AppData\Roaming\VIVO INTERNET\ouc.exe [110592] [PID.5076]
[MD5.63A2D767B9261B4F33F97BF88F2FB197] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [276328] [PID.5104]
[MD5.724CB7A116F7E1A67009D751BCF86586] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120] [PID.4256]
[MD5.9388FBA0B9985B18B3693A32B530A16B] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888] [PID.4284]
[MD5.178ED8F65EFC80EED8346A082E04ED62] - (.Lightcomm - No Comment.) -- C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe [441856] [PID.4180]
[MD5.225518F190EDBC37CA32197A3E94B498] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512] [PID.2120]
[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.4552]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.4504]
[MD5.2FB757B35C94B1C1C65BA35E4E7EC0F2] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [174952] [PID.728]
[MD5.F01A418BDDFC14D60E463C50CABC7750] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [565096] [PID.1568]
[MD5.B2F0B501A7C017F21C4B4417623895BD] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [367976] [PID.4628]
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976] [PID.4556]
[MD5.FF2CE3EC0F87A69B2F61EF9D89514800] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504] [PID.2372]
[MD5.7D25BE752946B2307CDFCA22D6CEADBB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8256000] [PID.4040]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\7Heaven\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [bopakagnckmlgajfccecajhnimjiiedh] McAfee Security Scan+ v.3.8.141.12 (Désactivé)
G2 - GCE: Preference [User Data\Default] [lnkdbjbjpnpjeciipoaflmpcddinpjjp] Ashish Mishra v. ()
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 26 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Central de Soluções HP.lnk . (.Hewlett-Packard Company - hpqdirec.exe.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe
O4 - GS\Desktop [Public]: Discador Oi.lnk . (.LightComm Tecnologia - 3G Dialer.) -- C:\Program Files (x86)\Oi\Oi3G\DiscadorOi.exe
O4 - GS\Desktop [Public]: Guia Vivo Internet.lnk . (...) -- C:\Program Files (x86)\Vivo\Guia Vivo Internet\Guia Vivo Internet\Guia Vivo Internet.hta
O4 - GS\Desktop [Public]: Kantoo English.lnk - Chave orfã
O4 - GS\Desktop [Public]: Loja de Suprimentos HP.lnk . (.Hewlett-Packard Development Company L.P. - Shop for HP Supplies.) -- C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe
O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.) -- C:\Program Files\McAfee Security Scan\3.8.141\McUICnt.exe
O4 - GS\Desktop [Public]: MPC-HC.lnk . (.MPC-HC Team - MPC-HC.) -- C:\Program Files (x86)\MPC-HC\mpc-hc.exe
O4 - GS\Desktop [Public]: Nuvem de Livros.lnk - Chave orfã
O4 - GS\Desktop [Public]: Segurança Online.lnk - Chave orfã
O4 - GS\Desktop [Public]: TIM Communicator.lnk . (...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O4 - GS\Desktop [Public]: Video Search.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: VIVO INTERNET.lnk . (...) -- C:\Program Files (x86)\VIVO INTERNET\VIVO INTERNET.exe
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Public]: Dell Digital Delivery.lnk . (.Dell Products, LP - Dell Digital Delivery.) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryTray.exe
O4 - GS\Program [Public]: Desktop.lnk - Chave orfã
O4 - GS\Program [Public]: Registro OCR I.R.I.S..lnk . (.I.R.I.S. Image Recognition Integarted Syste - Registration Wizard.) -- C:\Program Files (x86)\HP\Digital Imaging\DocProc\regipe.exe
O4 - GS\QuickLaunch [UpdatusUser]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\Desktop [UpdatusUser]: Ares.lnk . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - GS\Desktop [UpdatusUser]: Free CD to MP3 Converter.lnk . (...) -- C:\Program Files (x86)\CD to MP3 Freeware\cdextract.exe
O4 - GS\Desktop [UpdatusUser]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [7Heaven]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [7Heaven]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [7Heaven]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [7Heaven]: Ares.lnk . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - GS\TaskBar [7Heaven]: Google Chrome (2).lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [7Heaven]: Google Chrome.lnk - Chave orfã
O4 - GS\TaskBar [7Heaven]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\Program [7Heaven]: Computador.lnk - Chave orfã
O4 - GS\Program [7Heaven]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [7Heaven]: Videos.lnk - Chave orfã
O4 - GS\Desktop [7Heaven]: Any Video Converter 5.lnk . (.AnvSoft Inc. - Any Video Converter Application.) -- C:\Program Files (x86)\AnvSoft\Any Video Converter 5\AVCFree.exe
O4 - GS\Desktop [7Heaven]: Free CD to MP3 Converter.lnk . (...) -- C:\Program Files (x86)\CD to MP3 Freeware\cdextract.exe
~ Global Startup: 66 Legitimates Filtered in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Public]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe =>.Hewlett-Packard Co
O4 - GS\Startup [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [QuickSet] . (.Dell Inc. - QuickSet.) -- c:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [IntelTBRunOnce] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Run: [SmartAudio] . (.Conexant Systems, Inc. - SmartAudio CPL (32bit).) -- C:\Program Files\CONEXANT\SA3\SACpl.exe
O4 - HKLM\..\Run: [BtTray] . (.Qualcomm Atheros - BtTray.) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
O4 - HKLM\..\Run: [BtvStack] . (.Atheros Communications - Bluetooth Stack Server.) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\7Heaven\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] . (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer_For_P2G8] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
O4 - HKLM\..\Wow6432Node\Run: [CLVirtualDrive] . (.CyberLink Corp. - CyberLink Virtual Drive.) -- C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [GSMEjector] . (.Lightcomm - No Comment.) -- C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B9844E1-867C-498C-AD6E-D95CC09D411C}: NameServer = 189.40.198.80 189.40.226.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DDDB32C-B228-46AF-9737-50F6197B1B9D}: NameServer = 189.40.198.80 189.40.226.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{74960B8F-3592-4F6D-B259-C437CA6D820F}: NameServer = 189.40.226.80 189.40.198.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C4997C3-B22F-4C0F-A58C-001E1ECCE1E9}: NameServer = 189.40.226.80 189.40.224.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{04B2CE81-D062-430A-985B-CF18ABD0D180}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C006F53-A5A1-46F3-B2CA-816B80F28E83}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{04B2CE81-D062-430A-985B-CF18ABD0D180}: DhcpDomain = dslgw.infineon.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C006F53-A5A1-46F3-B2CA-816B80F28E83}: DhcpDomain = setup.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B9844E1-867C-498C-AD6E-D95CC09D411C}: NameServer = 189.40.198.80 189.40.226.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{3DDDB32C-B228-46AF-9737-50F6197B1B9D}: NameServer = 189.40.198.80 189.40.226.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{74960B8F-3592-4F6D-B259-C437CA6D820F}: NameServer = 189.40.226.80 189.40.198.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{7C4997C3-B22F-4C0F-A58C-001E1ECCE1E9}: NameServer = 189.40.226.80 189.40.224.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{04B2CE81-D062-430A-985B-CF18ABD0D180}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6C006F53-A5A1-46F3-B2CA-816B80F28E83}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{04B2CE81-D062-430A-985B-CF18ABD0D180}: DhcpDomain = dslgw.infineon.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{6C006F53-A5A1-46F3-B2CA-816B80F28E83}: DhcpDomain = setup.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 306.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: GSM Ejector Service (GSMEjector) . (...) - C:\Windows\SysWOW64\GSMSrvEjector.exe
O23 - Service: HWDeviceService64.exe (HWDeviceService64.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Orolix Device Monitor (OrolixDeviceMonitor) . (.Orolix Desenvolvimento de Software LTDA. - USB Device monitor.) - C:\Program Files (x86)\TIM Communicator\module\devicemon.exe
~ Services: 29 Legitimates Filtered in 00mn 06s
---\\ Software instalados (042)
O42 - Logiciel: Ares 2.1.7 - (.Ares Development Group.) [HKLM][64Bits] -- Ares
O42 - Logiciel: TIM Communicator - (...) [HKLM][64Bits] -- OrolixCommunicator
O42 - Logiciel: Vivo - Guia Vivo Internet versão 1.0 - (.Vivo.) [HKLM][64Bits] -- {C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1
~ Logic: 36 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\38524InstEnd]
[HKCU\Software\Ares]
[HKCU\Software\MiserWare, Inc.]
[HKCU\Software\OrolixCommunicator]
[HKCU\Software\Orolix]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\CNXT_UIU_MUTEX]
[HKLM\Software\Loaris]
[HKLM\Software\Wow6432Node\Orolix]
[HKLM\Software\Wow6432Node\USBDriverFlag]
~ Key Software: 302 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/11/2012 - 17:20:38 - [4,783] ----D C:\Program Files (x86)\Ares
O43 - CFD: 04/03/2013 - 16:05:09 - [4,110] ----D C:\Program Files (x86)\CD to MP3 Freeware
O43 - CFD: 28/11/2012 - 17:22:04 - [0,545] ----D C:\Program Files (x86)\MiserWare
O43 - CFD: 28/03/2013 - 11:49:37 - [13,115] ----D C:\Program Files (x86)\Oi
O43 - CFD: 19/12/2012 - 14:51:32 - [29,072] ----D C:\Program Files (x86)\TIM Communicator
O43 - CFD: 31/12/2013 - 10:55:41 - [4,007] ----D C:\Program Files (x86)\Vivo
O43 - CFD: 31/12/2013 - 10:55:22 - [51,793] ----D C:\Program Files (x86)\VIVO INTERNET
O43 - CFD: 22/03/2014 - 22:33:03 - [0,129] ----D C:\ProgramData\1fe18c60706bcd7c
O43 - CFD: 28/11/2012 - 17:22:04 - [0,001] ----D C:\ProgramData\MiserWare
O43 - CFD: 28/03/2013 - 11:49:37 - [0,099] ----D C:\ProgramData\OI
O43 - CFD: 19/12/2012 - 14:51:32 - [4,566] ----D C:\ProgramData\OrolixCommunicator
O43 - CFD: 15/01/2014 - 11:55:42 - [6,161] ----D C:\Users\7Heaven\AppData\Roaming\VIVO INTERNET
O43 - CFD: 28/11/2012 - 17:20:40 - [0,030] ----D C:\Users\7Heaven\AppData\Local\Ares
O43 - CFD: 28/11/2012 - 17:20:38 - [0] ----D C:\Users\7Heaven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ares
O43 - CFD: 04/03/2013 - 16:05:05 - [0] ----D C:\Users\7Heaven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
~ Program Folder: 195 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0D81B1EC59725FD32CCED931F908A4FA] - 22/03/2014 - 22:24:03 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [155144]
O44 - LFC:[MD5.FFC16E790499E32F3B5A16CF7A4F2AC3] - 22/03/2014 - 22:24:03 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [763854]
O44 - LFC:[MD5.90C486EB8F0E47B6CE9E1F2810A54619] - 22/03/2014 - 22:51:36 ---A- . (...) -- C:\NTUSER.DAT [262144]
O44 - LFC:[MD5.76AA9677F829DA967F37C080AFE6D291] - 22/03/2014 - 22:51:36 -SHA- . (...) -- C:\NTUSER.DAT.LOG1 [8192]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/03/2014 - 22:51:36 -SHA- . (...) -- C:\NTUSER.DAT.LOG2 [0]
O44 - LFC:[MD5.E0751C554783D985D706AF26EA60CD58] - 22/03/2014 - 22:51:37 -SHA- . (...) -- C:\NTUSER.DAT{355ed663-b22c-11e3-bef4-782bcbbe36d9}.TM.blf [65536]
O44 - LFC:[MD5.F40502BB81EA95E2C5C9E5E41B49A3CE] - 22/03/2014 - 22:51:37 -SHA- . (...) -- C:\NTUSER.DAT{355ed663-b22c-11e3-bef4-782bcbbe36d9}.TMContainer00000000000000000001.regtrans-ms [524288]
O44 - LFC:[MD5.59071590099D21DD439896592338BF95] - 22/03/2014 - 22:51:37 -SHA- . (...) -- C:\NTUSER.DAT{355ed663-b22c-11e3-bef4-782bcbbe36d9}.TMContainer00000000000000000002.regtrans-ms [524288]
~ Files: 41 Legitimates Filtered in 00mn 01s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1
~ MWPS: 20 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 10 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.AE8EE29474663398737DBC146D53D440] - 31/07/2012 - 23:51:44 ---A- . (.Windows (R) Win 7 DDK provider - BulkUsb Driver.) -- C:\Windows\System32\Drivers\AthDfu.sys [55448]
O58 - SDL:[MD5.37F5CDA64FC515B3072531C1187EDCCA] - 21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:[MD5.DFC1681F6645CB2AEA83897588F05362] - 21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624] =>Adware.BDSearch
O58 - SDL:[MD5.F4C1984178175ACE4A75BE23059C3E0A] - 21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:[MD5.27069CFFF29B7F04F4B1BB10154BE52B] - 19/10/2012 - 04:52:32 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4-1999 Driver.) -- C:\Windows\System32\Drivers\Dot4.sys [151968]
O58 - SDL:[MD5.0BD906A79F9CE3013F7D9D0AC45F9F9D] - 19/10/2012 - 04:52:30 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4 Print Class Driver.) -- C:\Windows\System32\Drivers\Dot4Prt.sys [27040]
O58 - SDL:[MD5.F572B7467B5CB4FA8FB6319575902E41] - 08/10/2010 - 16:59:40 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [32768]
O58 - SDL:[MD5.15E399875C850B54FC253A2323AD8021] - 06/08/2010 - 07:43:20 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [1001472]
O58 - SDL:[MD5.913C625EB03E0F917BF934734369EC54] - 10/06/2010 - 01:15:06 ---A- . (.Windows (R) Codename Longhorn DDK provider - Alcatelusb Driver.) -- C:\Windows\System32\Drivers\Olicard160Usb.sys [25088]
O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
~ Drivers: 20 Legitimates Filtered in 00mn 00s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.DF06DC5837316EA78746E3F790A950ED] [SPRF][22/03/2014] (...) -- C:\Users\7Heaven\Desktop\AdwCleaner.exe [1950720]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{FF4B54E0-8081-452A-858C-521625D04BA8}C:\program files (x86)\ares\ares.exe" | In - Public - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "UDP Query User{C675C01B-42D6-4763-BCF7-38C0AEED452A}C:\program files (x86)\ares\ares.exe" | In - Public - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "{667D31A8-00C3-4E36-8B8C-7865DD20BEEB}" | In - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O87 - FAEL: "{8E42264C-5F23-468B-AAED-F57B846FC677}" | In - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O87 - FAEL: "{90B551C8-5231-4868-AB24-501838E6BFE3}" | In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O87 - FAEL: "{E61035D5-0299-484A-AAF2-5BD28897E316}" | In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O87 - FAEL: "{7D12583F-A295-4DFE-A6C1-B26D48BCD52E}" | In - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O87 - FAEL: "{22E34D1F-C31F-45DE-85CB-917F0D1E0E76}" | In - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O87 - FAEL: "TCP Query User{52C38062-DA06-4102-8FA3-A746618DB625}C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe" | In - Public - P6 - TRUE | .(.DsNET - aTube Catcher to download and convert videos..) -- C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe
O87 - FAEL: "UDP Query User{CB5524EF-09C6-4666-9A22-BEF8CB7CC9BF}C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe" | In - Public - P17 - TRUE | .(.DsNET - aTube Catcher to download and convert videos..) -- C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe
O87 - FAEL: "TCP Query User{BF5E1C5A-14FF-4531-8626-5A6A3952D38D}C:\program files (x86)\ares\ares.exe" | In - Private - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "UDP Query User{D189B4E9-A826-4326-B140-24AA988AC8B3}C:\program files (x86)\ares\ares.exe" | In - Private - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
~ Firewall: 265 Legitimates Filtered in 00mn 00s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "1BF4A48A307DBD84980E866B94D98210" . (..) -- C:\Windows\Installer\{A84A4FB1-D703-48DB-89E0-68B6499D2801}\ARPPRODUCTICON.exe
~ Update Products: 86 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.C133F19570415BEC44B8403A15BD4E9A] [WIS][29/04/2011] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\13a78b09.msi [523776]
[MD5.3C39FF60A6924725D3000F9A5B2EF377] [WIS][11/06/2011] (.LibreOffice - LibreOffice 3.3.) -- C:\Windows\Installer\5893aa6.msi [4321280]
~ WIS: 91 Legitimates Filtered in 00mn 01s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 05/10/2012 277024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 19/06/2012 173056 | (DellDigitalDelivery) . (.Dell Products, LP..) - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
SS - | Auto 03/12/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 03/12/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 26/01/2012 332080 | (McAWFwk) . (.McAfee, Inc..) - C:\Program Files\mcafee\msc\McAWFwk.exe
SS - | Demand 15/01/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
SS - | Demand 02/08/2013 602944 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SS - | Disabled 31/08/2012 201304 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Demand 30/05/2012 149544 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 31/07/2012 207488 | (AtherosSvc) . (.Qualcomm Atheros Commnucations.) - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
SR - | Auto 11/10/2011 109184 | (CxUtilSvc) . (.Conexant Systems, Inc..) - C:\Program Files\Conexant\SA3\CxUtilSvc.exe
SR - | Auto 01/10/2010 620032 | (GSMEjector) . (...) - C:\Windows\SysWOW64\GSMSrvEjector.exe
SR - | Auto 30/07/2013 328928 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Demand 20/09/2012 29696 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 20/09/2012 29696 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/03/2011 346976 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SR - | Auto 09/07/2012 7168 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 13/07/2012 2451456 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 28/01/2014 178528 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 30/07/2013 328928 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 21/01/2014 1025712 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 27/01/2014 219752 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 27/01/2014 185792 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 20/09/2012 29696 | C:\Windows\System32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 02/10/2012 891240 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 01/08/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 21/12/2010 26528 | (OrolixDeviceMonitor) . (.Orolix Desenvolvimento de Software LTDA..) - C:\Program Files (x86)\TIM Communicator\module\devicemon.exe
SR - | Auto 20/09/2012 29696 | C:\Windows\System32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 16/04/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 24/04/2012 254512 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SR - | Auto 23/05/2013 1915480 | (SftService) . (.SoftThinks SAS.) - C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
SR - | Auto 16/11/2010 2249000 | (TeamViewer6) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
SR - | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 22/07/2012 77824 | (ZAtheros Wlan Agent) . (.Atheros.) - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
~ Services: Scanned in 00mn 01s
---\\ Scâner Aditional (088)
Database Version : 13031 - (22/03/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
[HKLM\Software\Loaris] =>Rogue.Multiple
~ Additionnel Scan: 345436 Items scanned in 00mn 18s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ MSI: 1 link(s) detected in 00mn 18s
~ 1127 Legitimates filtered by white list
End of the scan (533 lines in 00mn 39s)(0)
~ Iniciado por 7Heaven (23/03/2014 01:50:52)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program
---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16843
GCIE: Google Chrome v33.0.1750.154 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Single Language, 64-bit (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
McAfee Security Scan Plus v3.8.141.11
Windows Defender W8
---\\ Softwares d'optimização do sistema
CCleaner v4.10 =>Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.2.3.28705 =>P2P.µTorrent
---\\ Monitoramento dos softwares
Adobe Reader X
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6002 MB (71% free)
System Restore: Activé (Enable)
System drive C: has 827 GB (89%) free of 923 GB
---\\ Modo de conexão ao sistema
~ Computer Name: ACESHIGH
~ User Name: 7Heaven
~ All Users Names: UpdatusUser, Convidado, Administrador, 7Heaven,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\7Heaven\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\7Heaven\AppData\Roaming\
~ %Desktop% : C:\Users\7Heaven\Desktop\
~ %Favorites% : C:\Users\7Heaven\Favorites\
~ %LocalAppData% : C:\Users\7Heaven\AppData\Local\
~ %StartMenu% : C:\Users\7Heaven\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 827 Go of 923 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.79EDF01FA13D886F8E1B655D542011FB] - (.Microsoft Corporation - Internet Extensions para Win32.) (.23/02/2014 - 05:13:41.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.11/10/2012 - 02:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 00:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.25/07/2012 - 23:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 03:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.05/02/2013 - 19:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.02/02/2013 - 07:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/8048
~ Mes musiques (My Musics) : 1/266
~ Mes Videos (My Videos) : 3/80
~ Mes Favoris (My Favorites) : 1/10
~ Mes Documents (My Documents) : 2/112
~ Mon Bureau (My Desktop) : 1/2608
~ Menu demarrer (Programs) : 1/72
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.349AB4F70E2AC44970894E7F03E1576E] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [236384] [PID.4028]
[MD5.69E967F3FF9E3DF41F4228440FBD43AE] - (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe [1015808] [PID.4940]
[MD5.98B31CBC09D671DADEB7C92AEF1CBE29] - (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Users\7Heaven\AppData\Roaming\VIVO INTERNET\ouc.exe [110592] [PID.5076]
[MD5.63A2D767B9261B4F33F97BF88F2FB197] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [276328] [PID.5104]
[MD5.724CB7A116F7E1A67009D751BCF86586] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120] [PID.4256]
[MD5.9388FBA0B9985B18B3693A32B530A16B] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888] [PID.4284]
[MD5.178ED8F65EFC80EED8346A082E04ED62] - (.Lightcomm - No Comment.) -- C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe [441856] [PID.4180]
[MD5.225518F190EDBC37CA32197A3E94B498] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512] [PID.2120]
[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.4552]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.4504]
[MD5.2FB757B35C94B1C1C65BA35E4E7EC0F2] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [174952] [PID.728]
[MD5.F01A418BDDFC14D60E463C50CABC7750] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [565096] [PID.1568]
[MD5.B2F0B501A7C017F21C4B4417623895BD] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [367976] [PID.4628]
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976] [PID.4556]
[MD5.FF2CE3EC0F87A69B2F61EF9D89514800] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504] [PID.2372]
[MD5.7D25BE752946B2307CDFCA22D6CEADBB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8256000] [PID.4040]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\7Heaven\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [bopakagnckmlgajfccecajhnimjiiedh] McAfee Security Scan+ v.3.8.141.12 (Désactivé)
G2 - GCE: Preference [User Data\Default] [lnkdbjbjpnpjeciipoaflmpcddinpjjp] Ashish Mishra v. ()
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 26 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Central de Soluções HP.lnk . (.Hewlett-Packard Company - hpqdirec.exe.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe
O4 - GS\Desktop [Public]: Discador Oi.lnk . (.LightComm Tecnologia - 3G Dialer.) -- C:\Program Files (x86)\Oi\Oi3G\DiscadorOi.exe
O4 - GS\Desktop [Public]: Guia Vivo Internet.lnk . (...) -- C:\Program Files (x86)\Vivo\Guia Vivo Internet\Guia Vivo Internet\Guia Vivo Internet.hta
O4 - GS\Desktop [Public]: Kantoo English.lnk - Chave orfã
O4 - GS\Desktop [Public]: Loja de Suprimentos HP.lnk . (.Hewlett-Packard Development Company L.P. - Shop for HP Supplies.) -- C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe
O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.) -- C:\Program Files\McAfee Security Scan\3.8.141\McUICnt.exe
O4 - GS\Desktop [Public]: MPC-HC.lnk . (.MPC-HC Team - MPC-HC.) -- C:\Program Files (x86)\MPC-HC\mpc-hc.exe
O4 - GS\Desktop [Public]: Nuvem de Livros.lnk - Chave orfã
O4 - GS\Desktop [Public]: Segurança Online.lnk - Chave orfã
O4 - GS\Desktop [Public]: TIM Communicator.lnk . (...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O4 - GS\Desktop [Public]: Video Search.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: VIVO INTERNET.lnk . (...) -- C:\Program Files (x86)\VIVO INTERNET\VIVO INTERNET.exe
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Public]: Dell Digital Delivery.lnk . (.Dell Products, LP - Dell Digital Delivery.) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryTray.exe
O4 - GS\Program [Public]: Desktop.lnk - Chave orfã
O4 - GS\Program [Public]: Registro OCR I.R.I.S..lnk . (.I.R.I.S. Image Recognition Integarted Syste - Registration Wizard.) -- C:\Program Files (x86)\HP\Digital Imaging\DocProc\regipe.exe
O4 - GS\QuickLaunch [UpdatusUser]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\Desktop [UpdatusUser]: Ares.lnk . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - GS\Desktop [UpdatusUser]: Free CD to MP3 Converter.lnk . (...) -- C:\Program Files (x86)\CD to MP3 Freeware\cdextract.exe
O4 - GS\Desktop [UpdatusUser]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [7Heaven]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [7Heaven]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [7Heaven]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [7Heaven]: Ares.lnk . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - GS\TaskBar [7Heaven]: Google Chrome (2).lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [7Heaven]: Google Chrome.lnk - Chave orfã
O4 - GS\TaskBar [7Heaven]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\Program [7Heaven]: Computador.lnk - Chave orfã
O4 - GS\Program [7Heaven]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [7Heaven]: Videos.lnk - Chave orfã
O4 - GS\Desktop [7Heaven]: Any Video Converter 5.lnk . (.AnvSoft Inc. - Any Video Converter Application.) -- C:\Program Files (x86)\AnvSoft\Any Video Converter 5\AVCFree.exe
O4 - GS\Desktop [7Heaven]: Free CD to MP3 Converter.lnk . (...) -- C:\Program Files (x86)\CD to MP3 Freeware\cdextract.exe
~ Global Startup: 66 Legitimates Filtered in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Public]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe =>.Hewlett-Packard Co
O4 - GS\Startup [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [QuickSet] . (.Dell Inc. - QuickSet.) -- c:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [IntelTBRunOnce] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Run: [SmartAudio] . (.Conexant Systems, Inc. - SmartAudio CPL (32bit).) -- C:\Program Files\CONEXANT\SA3\SACpl.exe
O4 - HKLM\..\Run: [BtTray] . (.Qualcomm Atheros - BtTray.) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
O4 - HKLM\..\Run: [BtvStack] . (.Atheros Communications - Bluetooth Stack Server.) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\7Heaven\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] . (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer_For_P2G8] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
O4 - HKLM\..\Wow6432Node\Run: [CLVirtualDrive] . (.CyberLink Corp. - CyberLink Virtual Drive.) -- C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [GSMEjector] . (.Lightcomm - No Comment.) -- C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B9844E1-867C-498C-AD6E-D95CC09D411C}: NameServer = 189.40.198.80 189.40.226.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DDDB32C-B228-46AF-9737-50F6197B1B9D}: NameServer = 189.40.198.80 189.40.226.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{74960B8F-3592-4F6D-B259-C437CA6D820F}: NameServer = 189.40.226.80 189.40.198.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C4997C3-B22F-4C0F-A58C-001E1ECCE1E9}: NameServer = 189.40.226.80 189.40.224.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{04B2CE81-D062-430A-985B-CF18ABD0D180}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C006F53-A5A1-46F3-B2CA-816B80F28E83}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{04B2CE81-D062-430A-985B-CF18ABD0D180}: DhcpDomain = dslgw.infineon.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C006F53-A5A1-46F3-B2CA-816B80F28E83}: DhcpDomain = setup.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B9844E1-867C-498C-AD6E-D95CC09D411C}: NameServer = 189.40.198.80 189.40.226.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{3DDDB32C-B228-46AF-9737-50F6197B1B9D}: NameServer = 189.40.198.80 189.40.226.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{74960B8F-3592-4F6D-B259-C437CA6D820F}: NameServer = 189.40.226.80 189.40.198.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{7C4997C3-B22F-4C0F-A58C-001E1ECCE1E9}: NameServer = 189.40.226.80 189.40.224.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{04B2CE81-D062-430A-985B-CF18ABD0D180}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6C006F53-A5A1-46F3-B2CA-816B80F28E83}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{04B2CE81-D062-430A-985B-CF18ABD0D180}: DhcpDomain = dslgw.infineon.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{6C006F53-A5A1-46F3-B2CA-816B80F28E83}: DhcpDomain = setup.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 306.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: GSM Ejector Service (GSMEjector) . (...) - C:\Windows\SysWOW64\GSMSrvEjector.exe
O23 - Service: HWDeviceService64.exe (HWDeviceService64.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Orolix Device Monitor (OrolixDeviceMonitor) . (.Orolix Desenvolvimento de Software LTDA. - USB Device monitor.) - C:\Program Files (x86)\TIM Communicator\module\devicemon.exe
~ Services: 29 Legitimates Filtered in 00mn 06s
---\\ Software instalados (042)
O42 - Logiciel: Ares 2.1.7 - (.Ares Development Group.) [HKLM][64Bits] -- Ares
O42 - Logiciel: TIM Communicator - (...) [HKLM][64Bits] -- OrolixCommunicator
O42 - Logiciel: Vivo - Guia Vivo Internet versão 1.0 - (.Vivo.) [HKLM][64Bits] -- {C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1
~ Logic: 36 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\38524InstEnd]
[HKCU\Software\Ares]
[HKCU\Software\MiserWare, Inc.]
[HKCU\Software\OrolixCommunicator]
[HKCU\Software\Orolix]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\CNXT_UIU_MUTEX]
[HKLM\Software\Loaris]
[HKLM\Software\Wow6432Node\Orolix]
[HKLM\Software\Wow6432Node\USBDriverFlag]
~ Key Software: 302 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/11/2012 - 17:20:38 - [4,783] ----D C:\Program Files (x86)\Ares
O43 - CFD: 04/03/2013 - 16:05:09 - [4,110] ----D C:\Program Files (x86)\CD to MP3 Freeware
O43 - CFD: 28/11/2012 - 17:22:04 - [0,545] ----D C:\Program Files (x86)\MiserWare
O43 - CFD: 28/03/2013 - 11:49:37 - [13,115] ----D C:\Program Files (x86)\Oi
O43 - CFD: 19/12/2012 - 14:51:32 - [29,072] ----D C:\Program Files (x86)\TIM Communicator
O43 - CFD: 31/12/2013 - 10:55:41 - [4,007] ----D C:\Program Files (x86)\Vivo
O43 - CFD: 31/12/2013 - 10:55:22 - [51,793] ----D C:\Program Files (x86)\VIVO INTERNET
O43 - CFD: 22/03/2014 - 22:33:03 - [0,129] ----D C:\ProgramData\1fe18c60706bcd7c
O43 - CFD: 28/11/2012 - 17:22:04 - [0,001] ----D C:\ProgramData\MiserWare
O43 - CFD: 28/03/2013 - 11:49:37 - [0,099] ----D C:\ProgramData\OI
O43 - CFD: 19/12/2012 - 14:51:32 - [4,566] ----D C:\ProgramData\OrolixCommunicator
O43 - CFD: 15/01/2014 - 11:55:42 - [6,161] ----D C:\Users\7Heaven\AppData\Roaming\VIVO INTERNET
O43 - CFD: 28/11/2012 - 17:20:40 - [0,030] ----D C:\Users\7Heaven\AppData\Local\Ares
O43 - CFD: 28/11/2012 - 17:20:38 - [0] ----D C:\Users\7Heaven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ares
O43 - CFD: 04/03/2013 - 16:05:05 - [0] ----D C:\Users\7Heaven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
~ Program Folder: 195 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0D81B1EC59725FD32CCED931F908A4FA] - 22/03/2014 - 22:24:03 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [155144]
O44 - LFC:[MD5.FFC16E790499E32F3B5A16CF7A4F2AC3] - 22/03/2014 - 22:24:03 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [763854]
O44 - LFC:[MD5.90C486EB8F0E47B6CE9E1F2810A54619] - 22/03/2014 - 22:51:36 ---A- . (...) -- C:\NTUSER.DAT [262144]
O44 - LFC:[MD5.76AA9677F829DA967F37C080AFE6D291] - 22/03/2014 - 22:51:36 -SHA- . (...) -- C:\NTUSER.DAT.LOG1 [8192]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/03/2014 - 22:51:36 -SHA- . (...) -- C:\NTUSER.DAT.LOG2 [0]
O44 - LFC:[MD5.E0751C554783D985D706AF26EA60CD58] - 22/03/2014 - 22:51:37 -SHA- . (...) -- C:\NTUSER.DAT{355ed663-b22c-11e3-bef4-782bcbbe36d9}.TM.blf [65536]
O44 - LFC:[MD5.F40502BB81EA95E2C5C9E5E41B49A3CE] - 22/03/2014 - 22:51:37 -SHA- . (...) -- C:\NTUSER.DAT{355ed663-b22c-11e3-bef4-782bcbbe36d9}.TMContainer00000000000000000001.regtrans-ms [524288]
O44 - LFC:[MD5.59071590099D21DD439896592338BF95] - 22/03/2014 - 22:51:37 -SHA- . (...) -- C:\NTUSER.DAT{355ed663-b22c-11e3-bef4-782bcbbe36d9}.TMContainer00000000000000000002.regtrans-ms [524288]
~ Files: 41 Legitimates Filtered in 00mn 01s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1
~ MWPS: 20 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 10 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.AE8EE29474663398737DBC146D53D440] - 31/07/2012 - 23:51:44 ---A- . (.Windows (R) Win 7 DDK provider - BulkUsb Driver.) -- C:\Windows\System32\Drivers\AthDfu.sys [55448]
O58 - SDL:[MD5.37F5CDA64FC515B3072531C1187EDCCA] - 21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:[MD5.DFC1681F6645CB2AEA83897588F05362] - 21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624] =>Adware.BDSearch
O58 - SDL:[MD5.F4C1984178175ACE4A75BE23059C3E0A] - 21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:[MD5.27069CFFF29B7F04F4B1BB10154BE52B] - 19/10/2012 - 04:52:32 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4-1999 Driver.) -- C:\Windows\System32\Drivers\Dot4.sys [151968]
O58 - SDL:[MD5.0BD906A79F9CE3013F7D9D0AC45F9F9D] - 19/10/2012 - 04:52:30 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4 Print Class Driver.) -- C:\Windows\System32\Drivers\Dot4Prt.sys [27040]
O58 - SDL:[MD5.F572B7467B5CB4FA8FB6319575902E41] - 08/10/2010 - 16:59:40 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [32768]
O58 - SDL:[MD5.15E399875C850B54FC253A2323AD8021] - 06/08/2010 - 07:43:20 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [1001472]
O58 - SDL:[MD5.913C625EB03E0F917BF934734369EC54] - 10/06/2010 - 01:15:06 ---A- . (.Windows (R) Codename Longhorn DDK provider - Alcatelusb Driver.) -- C:\Windows\System32\Drivers\Olicard160Usb.sys [25088]
O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
~ Drivers: 20 Legitimates Filtered in 00mn 00s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.DF06DC5837316EA78746E3F790A950ED] [SPRF][22/03/2014] (...) -- C:\Users\7Heaven\Desktop\AdwCleaner.exe [1950720]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{FF4B54E0-8081-452A-858C-521625D04BA8}C:\program files (x86)\ares\ares.exe" | In - Public - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "UDP Query User{C675C01B-42D6-4763-BCF7-38C0AEED452A}C:\program files (x86)\ares\ares.exe" | In - Public - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "{667D31A8-00C3-4E36-8B8C-7865DD20BEEB}" | In - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O87 - FAEL: "{8E42264C-5F23-468B-AAED-F57B846FC677}" | In - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O87 - FAEL: "{90B551C8-5231-4868-AB24-501838E6BFE3}" | In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O87 - FAEL: "{E61035D5-0299-484A-AAF2-5BD28897E316}" | In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O87 - FAEL: "{7D12583F-A295-4DFE-A6C1-B26D48BCD52E}" | In - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O87 - FAEL: "{22E34D1F-C31F-45DE-85CB-917F0D1E0E76}" | In - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O87 - FAEL: "TCP Query User{52C38062-DA06-4102-8FA3-A746618DB625}C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe" | In - Public - P6 - TRUE | .(.DsNET - aTube Catcher to download and convert videos..) -- C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe
O87 - FAEL: "UDP Query User{CB5524EF-09C6-4666-9A22-BEF8CB7CC9BF}C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe" | In - Public - P17 - TRUE | .(.DsNET - aTube Catcher to download and convert videos..) -- C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe
O87 - FAEL: "TCP Query User{BF5E1C5A-14FF-4531-8626-5A6A3952D38D}C:\program files (x86)\ares\ares.exe" | In - Private - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "UDP Query User{D189B4E9-A826-4326-B140-24AA988AC8B3}C:\program files (x86)\ares\ares.exe" | In - Private - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
~ Firewall: 265 Legitimates Filtered in 00mn 00s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "1BF4A48A307DBD84980E866B94D98210" . (..) -- C:\Windows\Installer\{A84A4FB1-D703-48DB-89E0-68B6499D2801}\ARPPRODUCTICON.exe
~ Update Products: 86 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.C133F19570415BEC44B8403A15BD4E9A] [WIS][29/04/2011] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\13a78b09.msi [523776]
[MD5.3C39FF60A6924725D3000F9A5B2EF377] [WIS][11/06/2011] (.LibreOffice - LibreOffice 3.3.) -- C:\Windows\Installer\5893aa6.msi [4321280]
~ WIS: 91 Legitimates Filtered in 00mn 01s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 05/10/2012 277024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 19/06/2012 173056 | (DellDigitalDelivery) . (.Dell Products, LP..) - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
SS - | Auto 03/12/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 03/12/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 26/01/2012 332080 | (McAWFwk) . (.McAfee, Inc..) - C:\Program Files\mcafee\msc\McAWFwk.exe
SS - | Demand 15/01/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
SS - | Demand 02/08/2013 602944 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SS - | Disabled 31/08/2012 201304 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Demand 30/05/2012 149544 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 31/07/2012 207488 | (AtherosSvc) . (.Qualcomm Atheros Commnucations.) - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
SR - | Auto 11/10/2011 109184 | (CxUtilSvc) . (.Conexant Systems, Inc..) - C:\Program Files\Conexant\SA3\CxUtilSvc.exe
SR - | Auto 01/10/2010 620032 | (GSMEjector) . (...) - C:\Windows\SysWOW64\GSMSrvEjector.exe
SR - | Auto 30/07/2013 328928 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Demand 20/09/2012 29696 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 20/09/2012 29696 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/03/2011 346976 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SR - | Auto 09/07/2012 7168 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 13/07/2012 2451456 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 28/01/2014 178528 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 30/07/2013 328928 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 21/01/2014 1025712 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 27/01/2014 219752 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 27/01/2014 185792 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 20/09/2012 29696 | C:\Windows\System32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 02/10/2012 891240 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 01/08/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 21/12/2010 26528 | (OrolixDeviceMonitor) . (.Orolix Desenvolvimento de Software LTDA..) - C:\Program Files (x86)\TIM Communicator\module\devicemon.exe
SR - | Auto 20/09/2012 29696 | C:\Windows\System32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 16/04/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 24/04/2012 254512 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SR - | Auto 23/05/2013 1915480 | (SftService) . (.SoftThinks SAS.) - C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
SR - | Auto 16/11/2010 2249000 | (TeamViewer6) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
SR - | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 22/07/2012 77824 | (ZAtheros Wlan Agent) . (.Atheros.) - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
~ Services: Scanned in 00mn 01s
---\\ Scâner Aditional (088)
Database Version : 13031 - (22/03/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
[HKLM\Software\Loaris] =>Rogue.Multiple
~ Additionnel Scan: 345436 Items scanned in 00mn 18s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ MSI: 1 link(s) detected in 00mn 18s
~ 1127 Legitimates filtered by white list
End of the scan (533 lines in 00mn 39s)(0)
ViniciusDorneles- Membro
- Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 30
Localização : MA
Re: Problemas com o "View-Password".
por Power Max Dom 23 Mar 2014, 02:02
Sugiro que desinstale o McAfee Security Scan Plus, que é desnecessário.________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Dom 23 Mar 2014, 20:52, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Problemas com o "View-Password".
por ViniciusDorneles Dom 23 Mar 2014, 02:05
Desinstalado, obrigado pela dica e irei copiar agora.
ViniciusDorneles- Membro
- Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 30
Localização : MA
Re: Problemas com o "View-Password".
por ViniciusDorneles Dom 23 Mar 2014, 02:08
A um pedido de reiniciar, irei fazer isso.
_________________________________________________________________________________
Rapport de ZHPFix 2014.3.19.4 par Nicolas Coolman, Update du 19/03/2014
Fichier d'export Registre :
Run by 7Heaven at 23/03/2014 02:06:27
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ:* HKLM\Software\Loaris
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (0) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Chaves do Registo
1 : Pastas
5 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 05s
========== Caminho do ficheiro do relatório ==========
C:\Users\7Heaven\AppData\Roaming\ZHP\ZHPFix[R1].txt - 23/03/2014 01:35:37 [5469]
C:\Users\7Heaven\AppData\Roaming\ZHP\ZHPFix[R2].txt - 23/03/2014 02:06:30 [1121]
_________________________________________________________________________________
Rapport de ZHPFix 2014.3.19.4 par Nicolas Coolman, Update du 19/03/2014
Fichier d'export Registre :
Run by 7Heaven at 23/03/2014 02:06:27
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ:* HKLM\Software\Loaris
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (0) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Chaves do Registo
1 : Pastas
5 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 05s
========== Caminho do ficheiro do relatório ==========
C:\Users\7Heaven\AppData\Roaming\ZHP\ZHPFix[R1].txt - 23/03/2014 01:35:37 [5469]
C:\Users\7Heaven\AppData\Roaming\ZHP\ZHPFix[R2].txt - 23/03/2014 02:06:30 [1121]
ViniciusDorneles- Membro
- Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 30
Localização : MA
Re: Problemas com o "View-Password".
por Power Max Dom 23 Mar 2014, 02:10
Não precisa reiniciar agora não.
Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve-o no Desktop (Área de Trabalho)
Obs: Ao acessar o link acima, clique no botão Download Now 64-Bit Version
*Execute o FRST e aceite o contrato
*Clique [Scan]
*Ao término clique [OK] > [OK]
*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt
Poste estes dois relatórios em sua próxima resposta. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).
Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve-o no Desktop (Área de Trabalho)Obs: Ao acessar o link acima, clique no botão Download Now 64-Bit Version
*Execute o FRST e aceite o contrato
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Clique [Scan]
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Ao término clique [OK] > [OK]
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt
Poste estes dois relatórios em sua próxima resposta. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).
Última edição por Power Max em Dom 23 Mar 2014, 21:14, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Problemas com o "View-Password".
por ViniciusDorneles Dom 23 Mar 2014, 02:14
Desinstalado, reiniciando agora.
________________________________________________________________
Rapport de ZHPFix 2014.3.19.4 par Nicolas Coolman, Update du 19/03/2014
Fichier d'export Registre :
Run by 7Heaven at 23/03/2014 02:13:21
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Reciclagem vazia (00mn 01s)
Reparação de atalhos do navegador
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (7) (6.567 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
________________________________________________________________
Rapport de ZHPFix 2014.3.19.4 par Nicolas Coolman, Update du 19/03/2014
Fichier d'export Registre :
Run by 7Heaven at 23/03/2014 02:13:21
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Reciclagem vazia (00mn 01s)
Reparação de atalhos do navegador
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (7) (6.567 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
ViniciusDorneles- Membro
- Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 30
Localização : MA
Re: Problemas com o "View-Password".
por ViniciusDorneles Dom 23 Mar 2014, 02:18
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by 7Heaven (administrator) on ACESHIGH on 23-03-2014 02:16:07
Running from C:\Users\7Heaven\Videos
Windows 8 Single Language (X64) OS Language: Portuguese Brazilian
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link for 64-Bit Version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\CxUtilSvc.exe
() C:\Windows\SysWOW64\GSMSrvEjector.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Orolix Desenvolvimento de Software LTDA.) C:\Program Files (x86)\TIM Communicator\module\devicemon.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio3.exe
(Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Ares Development Group) C:\Program Files (x86)\Ares\Ares.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Huawei Technologies Co., Ltd.) C:\Users\7Heaven\AppData\Roaming\VIVO INTERNET\ouc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Lightcomm) C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] - c:\Program Files\Dell\QuickSet\QuickSet.exe [4384928 2012-07-12] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-07-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127616 2012-07-31] (Atheros Communications)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [GSMEjector] - C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe [441856 2010-10-01] (Lightcomm)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-05-15] (RealNetworks, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1945482154-598400869-252928238-1002\...\Run: [ares] - C:\Program Files (x86)\Ares\Ares.exe [1015808 2010-10-27] (Ares Development Group)
HKU\S-1-5-21-1945482154-598400869-252928238-1002\...\Run: [Facebook Update] - C:\Users\7Heaven\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-10] (Facebook Inc.)
HKU\S-1-5-21-1945482154-598400869-252928238-1002\...\Run: [HW_OPENEYE_OUC_VIVO INTERNET] - C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe [110592 2009-07-27] (Huawei Technologies Co., Ltd.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {88EEA455-6930-4A70-AE73-27A57A329272} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKLM-x32 - {88EEA455-6930-4A70-AE73-27A57A329272} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - Web URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {88EEA455-6930-4A70-AE73-27A57A329272} URL =
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: SearchNewTab - {4FB224F4-DE24-0D9D-9F6C-21DC1655E34E} - C:\ProgramData\SearchNewTab\518a63f0efe6f.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{0B9844E1-867C-498C-AD6E-D95CC09D411C}: [NameServer]189.40.198.80 189.40.226.80
Tcpip\..\Interfaces\{3DDDB32C-B228-46AF-9737-50F6197B1B9D}: [NameServer]189.40.198.80 189.40.226.80
Tcpip\..\Interfaces\{74960B8F-3592-4F6D-B259-C437CA6D820F}: [NameServer]189.40.226.80 189.40.198.80
Tcpip\..\Interfaces\{7C4997C3-B22F-4C0F-A58C-001E1ECCE1E9}: [NameServer]189.40.226.80 189.40.224.80
Chrome:
=======
CHR HomePage: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR DefaultSearchKeyword: google.com.br
CHR Extension: (Ashish Mishra) - C:\Users\7Heaven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2014-02-24]
CHR Extension: (Google Wallet) - C:\Users\7Heaven\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
==================== Services (Whitelisted) =================
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2011-10-11] (Conexant Systems, Inc.)
R2 GSMEjector; C:\Windows\SysWOW64\GSMSrvEjector.exe [620032 2010-10-01] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
R2 OrolixDeviceMonitor; C:\Program Files (x86)\TIM Communicator\module\devicemon.exe [26528 2010-12-21] (Orolix Desenvolvimento de Software LTDA.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-07-22] (Atheros)
==================== Drivers (Whitelisted) ====================
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-31] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S3 BthMtpEnum; C:\Windows\system32\DRIVERS\BthMtpEnum.sys [64512 2012-07-25] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [238080 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 lehidmini; C:\Windows\System32\drivers\leath_hid.sys [39704 2012-07-31] (Atheros)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
S3 Olicard160net; C:\Windows\system32\DRIVERS\Olicard160Usbnet.sys [138752 2009-12-11] (TCT International Mobile Ltd)
S3 Olicard160ser; C:\Windows\system32\DRIVERS\Olicard160ser.sys [119680 2010-04-07] (Olivetti)
S3 OLICARD160USB; C:\Windows\System32\Drivers\Olicard160Usb.sys [25088 2010-06-10] (Windows (R) Codename Longhorn DDK provider)
S3 ONDAusbmdm6k; C:\Windows\system32\DRIVERS\ONDAusbmdm6k.sys [119680 2011-01-24] (Onda Communication)
S3 ONDAusbnmea; C:\Windows\system32\DRIVERS\ONDAusbnmea.sys [119680 2011-01-24] (Onda Communication)
S3 ONDAusbser6k; C:\Windows\system32\DRIVERS\ONDAusbser6k.sys [119680 2011-01-24] (Onda Communication)
S3 ONDAusbvoice; C:\Windows\system32\DRIVERS\ONDAusbvoice.sys [119680 2011-01-24] (Onda Communication)
S3 qca_shb; C:\Windows\System32\drivers\qca_shb.sys [99328 2012-07-31] (Qualcomm Atheros Communications Inc.)
S3 wdf_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [43128 2011-12-05] (MediaTek Inc.)
S3 BdApiUtil; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [X]
S3 BdCameraProtect; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-23 02:15 - 2014-03-23 02:16 - 00000000 ____D () C:\FRST
2014-03-23 02:14 - 2014-03-23 02:13 - 00001191 _____ () C:\Users\7Heaven\Desktop\ZHPFixReport.txt
2014-03-23 02:04 - 2014-02-13 17:21 - 00000426 _____ () C:\AVScanner.ini
2014-03-23 01:51 - 2014-03-23 01:51 - 00041402 _____ () C:\Users\7Heaven\Desktop\ZHPDiag.txt
2014-03-23 00:46 - 2014-03-23 02:13 - 00000000 ____D () C:\Users\7Heaven\AppData\Roaming\ZHP
2014-03-23 00:46 - 2014-03-23 02:13 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-03-23 00:46 - 2014-03-23 00:46 - 00002004 _____ () C:\Users\7Heaven\Desktop\ZHPFix.lnk
2014-03-23 00:46 - 2014-03-23 00:46 - 00001877 _____ () C:\Users\7Heaven\Desktop\ZHPDiag.lnk
2014-03-23 00:28 - 2014-03-23 00:31 - 00000396 _____ () C:\Users\7Heaven\Desktop\jvh.txt
2014-03-23 00:07 - 2014-03-23 00:07 - 00000000 ____D () C:\zoek_backup
2014-03-22 23:52 - 2014-03-22 23:52 - 01950720 _____ () C:\Users\7Heaven\Desktop\AdwCleaner.exe
2014-03-22 22:51 - 2014-03-22 22:51 - 00000000 ____D () C:\Program Files\Loaris
2014-03-22 14:58 - 2014-03-22 22:32 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-03-22 14:58 - 2014-03-22 22:31 - 00000000 ____D () C:\Users\7Heaven\AppData\Roaming\IrfanView
2014-03-22 14:57 - 2014-03-22 14:57 - 01883792 _____ (Irfan Skiljan) C:\Users\7Heaven\Downloads\133-iview437_setup.exe
2014-03-22 14:18 - 2014-03-22 23:18 - 00000000 ____D () C:\Program Files\Recuva
2014-03-22 14:18 - 2014-03-22 14:18 - 00001675 _____ () C:\Users\Public\Desktop\Recuva.lnk
2014-03-22 14:17 - 2014-03-22 14:17 - 04092088 _____ (Piriform Ltd) C:\Users\7Heaven\Desktop\488-rcsetup150.exe
2014-03-18 15:27 - 2014-03-18 15:27 - 00399592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-17 23:51 - 2014-03-17 23:51 - 00001203 _____ () C:\Users\Public\Desktop\aTube Catcher.lnk
2014-03-17 08:52 - 2014-03-17 08:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-17 08:52 - 2014-03-17 08:52 - 00000000 _____ () C:\Windows\setupact.log
2014-03-13 21:49 - 2014-03-23 02:09 - 00040204 _____ () C:\Windows\PFRO.log
2014-03-13 11:21 - 2014-03-23 02:13 - 00939043 _____ () C:\Windows\WindowsUpdate.log
2014-03-12 23:19 - 2014-02-23 05:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 23:19 - 2014-02-23 05:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 23:19 - 2014-02-23 05:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-03-12 23:19 - 2014-02-23 05:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-03-12 23:19 - 2014-02-23 05:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 23:19 - 2014-02-23 05:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 23:19 - 2014-02-23 05:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 23:19 - 2014-02-23 05:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 23:19 - 2014-02-23 05:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 23:19 - 2014-02-23 05:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 23:19 - 2014-02-23 05:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 23:19 - 2014-02-23 05:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-12 23:19 - 2014-02-23 05:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-12 23:19 - 2014-02-23 05:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 23:19 - 2014-02-23 05:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 23:19 - 2014-02-23 05:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 23:19 - 2014-02-23 03:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 23:19 - 2014-02-23 03:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 23:19 - 2014-02-23 03:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-03-12 23:19 - 2014-02-23 03:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 23:19 - 2014-02-23 03:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 23:19 - 2014-02-23 03:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 23:19 - 2014-02-23 03:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 23:19 - 2014-02-23 03:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-12 23:19 - 2014-02-23 03:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 23:19 - 2014-02-23 03:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 23:19 - 2014-02-23 03:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-12 23:19 - 2014-02-23 03:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 23:19 - 2014-02-23 03:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 23:19 - 2014-02-23 03:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 23:19 - 2014-02-23 03:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 23:19 - 2014-02-23 03:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 23:19 - 2014-02-23 01:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-03-12 23:19 - 2014-02-08 01:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 23:19 - 2013-10-25 04:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-03-12 23:19 - 2013-10-24 19:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-03-12 23:18 - 2014-02-05 20:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 23:18 - 2014-02-05 20:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 23:18 - 2014-01-30 21:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 23:18 - 2014-01-30 21:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 23:18 - 2013-12-07 03:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-12 23:18 - 2013-12-07 02:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-12 18:52 - 2014-03-21 18:32 - 00000000 ____D () C:\Users\7Heaven\Desktop\SEBRAE
2014-03-09 23:28 - 2014-03-10 00:39 - 00000000 ____D () C:\Users\7Heaven\Desktop\CURRICULO
2014-03-09 23:18 - 2014-03-09 23:18 - 00026836 _____ () C:\Users\7Heaven\Documents\CURRICULO PRE VESTIBULAR II.txt
2014-03-08 10:42 - 2014-03-08 10:43 - 00000000 ____D () C:\Users\7Heaven\Desktop\DECLARAÇÃO ACADÊMICA - 08-03-14
2014-03-06 21:48 - 2014-03-07 00:03 - 00000000 ____D () C:\Users\7Heaven\Desktop\PACTO 2014
2014-02-24 18:50 - 2014-02-24 18:50 - 00000029 _____ () C:\Windows\SysWOW64\config.ini
2014-02-24 18:50 - 2014-01-21 11:14 - 00052032 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfilter.sys
2014-02-24 18:50 - 2014-01-21 11:14 - 00034624 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfmon.sys
2014-02-24 18:50 - 2014-01-21 07:01 - 00128992 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bprotect.sys
2014-02-24 18:45 - 2014-02-24 18:45 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-24 18:45 - 2014-02-24 18:45 - 00000839 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-24 18:45 - 2014-02-24 18:45 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-24 18:42 - 2014-02-24 18:42 - 04721920 _____ (Piriform Ltd) C:\Users\7Heaven\Downloads\744-ccsetup410.exe
2014-02-24 18:41 - 2014-02-24 18:41 - 00677824 _____ ( ) C:\Users\7Heaven\Downloads\ccleaner-4104570-gerenciador-32-bits.exe
2014-02-24 18:27 - 2014-03-22 22:33 - 00000000 ____D () C:\Users\Todos os Usuários\1fe18c60706bcd7c
2014-02-24 18:27 - 2014-03-22 22:33 - 00000000 ____D () C:\ProgramData\1fe18c60706bcd7c
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Convidado\AppData\Local\Torch
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Convidado\AppData\Local\Google
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Convidado\AppData\Local\Comodo
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Convidado
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Torch
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Google
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Comodo
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Administrador
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\7Heaven\AppData\Local\Comodo
2014-02-24 18:25 - 2014-02-24 18:25 - 00000000 ____D () C:\Users\Todos os Usuários\SafeSoft
2014-02-24 18:25 - 2014-02-24 18:25 - 00000000 ____D () C:\ProgramData\SafeSoft
==================== One Month Modified Files and Folders =======
2014-03-23 02:16 - 2014-03-23 02:15 - 00000000 ____D () C:\FRST
2014-03-23 02:13 - 2014-03-23 02:14 - 00001191 _____ () C:\Users\7Heaven\Desktop\ZHPFixReport.txt
2014-03-23 02:13 - 2014-03-23 00:46 - 00000000 ____D () C:\Users\7Heaven\AppData\Roaming\ZHP
2014-03-23 02:13 - 2014-03-23 00:46 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-03-23 02:13 - 2014-03-13 11:21 - 00939043 _____ () C:\Windows\WindowsUpdate.log
2014-03-23 02:12 - 2012-10-16 00:44 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-03-23 02:09 - 2014-03-13 21:49 - 00040204 _____ () C:\Windows\PFRO.log
2014-03-23 02:09 - 2012-12-03 13:51 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-23 02:09 - 2012-07-26 04:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-23 02:08 - 2012-07-26 02:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-23 02:06 - 2012-12-03 13:51 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-23 02:00 - 2012-07-26 05:12 - 00000000 ____D () C:\Windows\system32\sru
2014-03-23 01:51 - 2014-03-23 01:51 - 00041402 _____ () C:\Users\7Heaven\Desktop\ZHPDiag.txt
2014-03-23 01:21 - 2013-07-10 22:16 - 00000954 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1945482154-598400869-252928238-1002UA.job
2014-03-23 00:46 - 2014-03-23 00:46 - 00002004 _____ () C:\Users\7Heaven\Desktop\ZHPFix.lnk
2014-03-23 00:46 - 2014-03-23 00:46 - 00001877 _____ () C:\Users\7Heaven\Desktop\ZHPDiag.lnk
2014-03-23 00:31 - 2014-03-23 00:28 - 00000396 _____ () C:\Users\7Heaven\Desktop\jvh.txt
2014-03-23 00:07 - 2014-03-23 00:07 - 00000000 ____D () C:\zoek_backup
2014-03-22 23:56 - 2013-12-18 13:58 - 00000000 ____D () C:\AdwCleaner
2014-03-22 23:52 - 2014-03-22 23:52 - 01950720 _____ () C:\Users\7Heaven\Desktop\AdwCleaner.exe
2014-03-22 23:32 - 2013-12-07 22:20 - 00000000 ____D () C:\Users\7Heaven\Desktop\negile
2014-03-22 23:18 - 2014-03-22 14:18 - 00000000 ____D () C:\Program Files\Recuva
2014-03-22 22:51 - 2014-03-22 22:51 - 00000000 ____D () C:\Program Files\Loaris
2014-03-22 22:38 - 2013-12-07 12:05 - 00001392 _____ () C:\Users\Todos os Usuários\hpzinstall.log
2014-03-22 22:38 - 2013-12-07 12:05 - 00001392 _____ () C:\ProgramData\hpzinstall.log
2014-03-22 22:33 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Todos os Usuários\1fe18c60706bcd7c
2014-03-22 22:33 - 2014-02-24 18:27 - 00000000 ____D () C:\ProgramData\1fe18c60706bcd7c
2014-03-22 22:32 - 2014-03-22 14:58 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-03-22 22:31 - 2014-03-22 14:58 - 00000000 ____D () C:\Users\7Heaven\AppData\Roaming\IrfanView
2014-03-22 22:24 - 2012-07-26 07:32 - 00763854 _____ () C:\Windows\system32\prfh0416.dat
2014-03-22 22:24 - 2012-07-26 07:32 - 00155144 _____ () C:\Windows\system32\prfc0416.dat
2014-03-22 22:24 - 2012-07-26 04:28 - 01769104 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-22 22:21 - 2013-07-10 22:16 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1945482154-598400869-252928238-1002Core.job
2014-03-22 22:21 - 2012-11-27 17:09 - 00000000 ___RD () C:\Users\7Heaven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-22 15:51 - 2012-11-27 17:07 - 00000000 ____D () C:\Users\7Heaven
2014-03-22 14:57 - 2014-03-22 14:57 - 01883792 _____ (Irfan Skiljan) C:\Users\7Heaven\Downloads\133-iview437_setup.exe
2014-03-22 14:26 - 2014-01-15 16:38 - 00000000 ____D () C:\Users\Todos os Usuários\Log
2014-03-22 14:26 - 2014-01-15 16:38 - 00000000 ____D () C:\ProgramData\Log
2014-03-22 14:18 - 2014-03-22 14:18 - 00001675 _____ () C:\Users\Public\Desktop\Recuva.lnk
2014-03-22 14:17 - 2014-03-22 14:17 - 04092088 _____ (Piriform Ltd) C:\Users\7Heaven\Desktop\488-rcsetup150.exe
2014-03-21 18:32 - 2014-03-12 18:52 - 00000000 ____D () C:\Users\7Heaven\Desktop\SEBRAE
2014-03-21 16:41 - 2012-07-26 02:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-03-19 23:26 - 2012-07-26 05:12 - 00000000 ____D () C:\Windows\rescache
2014-03-18 15:27 - 2014-03-18 15:27 - 00399592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-18 01:58 - 2012-07-26 05:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-18 00:27 - 2013-07-13 21:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 00:25 - 2012-12-21 18:11 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 23:55 - 2013-06-11 20:15 - 00000000 ____D () C:\Users\7Heaven\Desktop\Arquivos
2014-03-17 23:54 - 2013-05-13 20:12 - 00000000 ____D () C:\Users\7Heaven\Desktop\CEUMA -
2014-03-17 23:51 - 2014-03-17 23:51 - 00001203 _____ () C:\Users\Public\Desktop\aTube Catcher.lnk
2014-03-17 23:51 - 2013-12-14 16:47 - 00002133 _____ () C:\Users\Public\Desktop\Video Search.lnk
2014-03-17 23:50 - 2012-11-28 17:20 - 00000000 ____D () C:\Program Files (x86)\DsNET Corp
2014-03-17 08:52 - 2014-03-17 08:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-17 08:52 - 2014-03-17 08:52 - 00000000 _____ () C:\Windows\setupact.log
2014-03-14 11:11 - 2014-02-20 14:24 - 00000000 ____D () C:\Users\7Heaven\Desktop\j.mill
2014-03-13 23:13 - 2012-11-27 17:14 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1945482154-598400869-252928238-1002
2014-03-13 21:52 - 2012-11-27 17:09 - 00000000 ___RD () C:\Users\7Heaven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-13 21:50 - 2012-10-16 00:41 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-03-13 21:49 - 2013-03-15 03:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 21:49 - 2013-03-15 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 21:47 - 2012-07-26 05:12 - 00000000 ___RD () C:\Windows\ToastData
2014-03-13 21:47 - 2012-07-26 05:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-13 21:47 - 2012-07-26 05:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-13 21:47 - 2012-07-26 05:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-13 12:14 - 2012-11-28 17:29 - 00000000 ____D () C:\Users\Todos os Usuários\Microsoft Help
2014-03-13 12:14 - 2012-11-28 17:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-13 11:36 - 2012-07-26 05:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-12 22:57 - 2012-10-16 00:41 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-03-10 00:39 - 2014-03-09 23:28 - 00000000 ____D () C:\Users\7Heaven\Desktop\CURRICULO
2014-03-09 23:18 - 2014-03-09 23:18 - 00026836 _____ () C:\Users\7Heaven\Documents\CURRICULO PRE VESTIBULAR II.txt
2014-03-09 21:10 - 2013-03-04 16:05 - 00000040 _____ () C:\Users\7Heaven\AppData\Roaming\cdr.ini
2014-03-08 10:43 - 2014-03-08 10:42 - 00000000 ____D () C:\Users\7Heaven\Desktop\DECLARAÇÃO ACADÊMICA - 08-03-14
2014-03-07 00:03 - 2014-03-06 21:48 - 00000000 ____D () C:\Users\7Heaven\Desktop\PACTO 2014
2014-03-04 19:52 - 2013-11-20 15:34 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-04 19:52 - 2013-11-20 15:34 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-02 02:18 - 2013-02-09 15:51 - 00000000 ____D () C:\Users\7Heaven\AppData\Local\Windows Live
2014-02-25 02:50 - 2013-05-15 12:31 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1945482154-598400869-252928238-1002
2014-02-25 02:50 - 2013-05-15 12:31 - 00003214 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1945482154-598400869-252928238-1002
2014-02-24 19:37 - 2012-11-27 17:09 - 00000986 _____ () C:\Users\7Heaven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-24 19:15 - 2013-05-19 00:10 - 00000000 ____D () C:\Users\7Heaven\AppData\Roaming\Media Player Classic
2014-02-24 19:15 - 2013-04-18 22:55 - 00000000 ____D () C:\Users\7Heaven\AppData\Roaming\uTorrent
2014-02-24 19:15 - 2012-10-16 04:49 - 00000000 ____D () C:\Windows\Panther
2014-02-24 19:14 - 2012-11-28 14:40 - 00000000 ____D () C:\Users\7Heaven\AppData\Local\CrashDumps
2014-02-24 18:50 - 2014-02-24 18:50 - 00000029 _____ () C:\Windows\SysWOW64\config.ini
2014-02-24 18:45 - 2014-02-24 18:45 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-24 18:45 - 2014-02-24 18:45 - 00000839 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-24 18:45 - 2014-02-24 18:45 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-24 18:42 - 2014-02-24 18:42 - 04721920 _____ (Piriform Ltd) C:\Users\7Heaven\Downloads\744-ccsetup410.exe
2014-02-24 18:41 - 2014-02-24 18:41 - 00677824 _____ ( ) C:\Users\7Heaven\Downloads\ccleaner-4104570-gerenciador-32-bits.exe
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Convidado\AppData\Local\Torch
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Convidado\AppData\Local\Google
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Convidado\AppData\Local\Comodo
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Convidado
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Torch
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Google
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Comodo
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Administrador
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\7Heaven\AppData\Local\Comodo
2014-02-24 18:27 - 2012-12-03 13:51 - 00000000 ____D () C:\Users\7Heaven\AppData\Local\Google
2014-02-24 18:25 - 2014-02-24 18:25 - 00000000 ____D () C:\Users\Todos os Usuários\SafeSoft
2014-02-24 18:25 - 2014-02-24 18:25 - 00000000 ____D () C:\ProgramData\SafeSoft
2014-02-24 16:40 - 2012-07-26 05:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-02-23 05:13 - 2014-03-12 23:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 05:13 - 2014-03-12 23:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 05:13 - 2014-03-12 23:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-02-23 05:13 - 2014-03-12 23:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-02-23 05:13 - 2014-03-12 23:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-23 05:12 - 2014-03-12 23:19 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 05:12 - 2014-03-12 23:19 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 05:12 - 2014-03-12 23:19 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-23 05:11 - 2014-03-12 23:19 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 05:11 - 2014-03-12 23:19 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 05:11 - 2014-03-12 23:19 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 05:11 - 2014-03-12 23:19 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 05:11 - 2014-03-12 23:19 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-23 05:11 - 2014-03-12 23:19 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-23 05:11 - 2014-03-12 23:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 05:11 - 2014-03-12 23:19 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-23 03:54 - 2014-03-12 23:19 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-23 03:54 - 2014-03-12 23:19 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-23 03:54 - 2014-03-12 23:19 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-02-23 03:53 - 2014-03-12 23:19 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-23 03:53 - 2014-03-12 23:19 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-23 03:53 - 2014-03-12 23:19 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-23 03:53 - 2014-03-12 23:19 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-23 03:53 - 2014-03-12 23:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-23 03:53 - 2014-03-12 23:19 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-23 03:53 - 2014-03-12 23:19 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-23 03:53 - 2014-03-12 23:19 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-23 03:53 - 2014-03-12 23:19 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-23 03:53 - 2014-03-12 23:19 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-23 03:53 - 2014-03-12 23:19 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-23 03:35 - 2014-03-12 23:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 03:31 - 2014-03-12 23:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-23 01:06 - 2014-03-12 23:19 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-18 11:40
==================== End Of Log ============================
Ran by 7Heaven (administrator) on ACESHIGH on 23-03-2014 02:16:07
Running from C:\Users\7Heaven\Videos
Windows 8 Single Language (X64) OS Language: Portuguese Brazilian
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link for 64-Bit Version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\CxUtilSvc.exe
() C:\Windows\SysWOW64\GSMSrvEjector.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Orolix Desenvolvimento de Software LTDA.) C:\Program Files (x86)\TIM Communicator\module\devicemon.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio3.exe
(Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Ares Development Group) C:\Program Files (x86)\Ares\Ares.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Huawei Technologies Co., Ltd.) C:\Users\7Heaven\AppData\Roaming\VIVO INTERNET\ouc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Lightcomm) C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] - c:\Program Files\Dell\QuickSet\QuickSet.exe [4384928 2012-07-12] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-07-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127616 2012-07-31] (Atheros Communications)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [GSMEjector] - C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe [441856 2010-10-01] (Lightcomm)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-05-15] (RealNetworks, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1945482154-598400869-252928238-1002\...\Run: [ares] - C:\Program Files (x86)\Ares\Ares.exe [1015808 2010-10-27] (Ares Development Group)
HKU\S-1-5-21-1945482154-598400869-252928238-1002\...\Run: [Facebook Update] - C:\Users\7Heaven\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-10] (Facebook Inc.)
HKU\S-1-5-21-1945482154-598400869-252928238-1002\...\Run: [HW_OPENEYE_OUC_VIVO INTERNET] - C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe [110592 2009-07-27] (Huawei Technologies Co., Ltd.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {88EEA455-6930-4A70-AE73-27A57A329272} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKLM-x32 - {88EEA455-6930-4A70-AE73-27A57A329272} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - Web URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {88EEA455-6930-4A70-AE73-27A57A329272} URL =
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: SearchNewTab - {4FB224F4-DE24-0D9D-9F6C-21DC1655E34E} - C:\ProgramData\SearchNewTab\518a63f0efe6f.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{0B9844E1-867C-498C-AD6E-D95CC09D411C}: [NameServer]189.40.198.80 189.40.226.80
Tcpip\..\Interfaces\{3DDDB32C-B228-46AF-9737-50F6197B1B9D}: [NameServer]189.40.198.80 189.40.226.80
Tcpip\..\Interfaces\{74960B8F-3592-4F6D-B259-C437CA6D820F}: [NameServer]189.40.226.80 189.40.198.80
Tcpip\..\Interfaces\{7C4997C3-B22F-4C0F-A58C-001E1ECCE1E9}: [NameServer]189.40.226.80 189.40.224.80
Chrome:
=======
CHR HomePage: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR DefaultSearchKeyword: google.com.br
CHR Extension: (Ashish Mishra) - C:\Users\7Heaven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2014-02-24]
CHR Extension: (Google Wallet) - C:\Users\7Heaven\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
==================== Services (Whitelisted) =================
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2011-10-11] (Conexant Systems, Inc.)
R2 GSMEjector; C:\Windows\SysWOW64\GSMSrvEjector.exe [620032 2010-10-01] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
R2 OrolixDeviceMonitor; C:\Program Files (x86)\TIM Communicator\module\devicemon.exe [26528 2010-12-21] (Orolix Desenvolvimento de Software LTDA.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-07-22] (Atheros)
==================== Drivers (Whitelisted) ====================
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-31] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S3 BthMtpEnum; C:\Windows\system32\DRIVERS\BthMtpEnum.sys [64512 2012-07-25] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [238080 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 lehidmini; C:\Windows\System32\drivers\leath_hid.sys [39704 2012-07-31] (Atheros)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
S3 Olicard160net; C:\Windows\system32\DRIVERS\Olicard160Usbnet.sys [138752 2009-12-11] (TCT International Mobile Ltd)
S3 Olicard160ser; C:\Windows\system32\DRIVERS\Olicard160ser.sys [119680 2010-04-07] (Olivetti)
S3 OLICARD160USB; C:\Windows\System32\Drivers\Olicard160Usb.sys [25088 2010-06-10] (Windows (R) Codename Longhorn DDK provider)
S3 ONDAusbmdm6k; C:\Windows\system32\DRIVERS\ONDAusbmdm6k.sys [119680 2011-01-24] (Onda Communication)
S3 ONDAusbnmea; C:\Windows\system32\DRIVERS\ONDAusbnmea.sys [119680 2011-01-24] (Onda Communication)
S3 ONDAusbser6k; C:\Windows\system32\DRIVERS\ONDAusbser6k.sys [119680 2011-01-24] (Onda Communication)
S3 ONDAusbvoice; C:\Windows\system32\DRIVERS\ONDAusbvoice.sys [119680 2011-01-24] (Onda Communication)
S3 qca_shb; C:\Windows\System32\drivers\qca_shb.sys [99328 2012-07-31] (Qualcomm Atheros Communications Inc.)
S3 wdf_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [43128 2011-12-05] (MediaTek Inc.)
S3 BdApiUtil; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [X]
S3 BdCameraProtect; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-23 02:15 - 2014-03-23 02:16 - 00000000 ____D () C:\FRST
2014-03-23 02:14 - 2014-03-23 02:13 - 00001191 _____ () C:\Users\7Heaven\Desktop\ZHPFixReport.txt
2014-03-23 02:04 - 2014-02-13 17:21 - 00000426 _____ () C:\AVScanner.ini
2014-03-23 01:51 - 2014-03-23 01:51 - 00041402 _____ () C:\Users\7Heaven\Desktop\ZHPDiag.txt
2014-03-23 00:46 - 2014-03-23 02:13 - 00000000 ____D () C:\Users\7Heaven\AppData\Roaming\ZHP
2014-03-23 00:46 - 2014-03-23 02:13 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-03-23 00:46 - 2014-03-23 00:46 - 00002004 _____ () C:\Users\7Heaven\Desktop\ZHPFix.lnk
2014-03-23 00:46 - 2014-03-23 00:46 - 00001877 _____ () C:\Users\7Heaven\Desktop\ZHPDiag.lnk
2014-03-23 00:28 - 2014-03-23 00:31 - 00000396 _____ () C:\Users\7Heaven\Desktop\jvh.txt
2014-03-23 00:07 - 2014-03-23 00:07 - 00000000 ____D () C:\zoek_backup
2014-03-22 23:52 - 2014-03-22 23:52 - 01950720 _____ () C:\Users\7Heaven\Desktop\AdwCleaner.exe
2014-03-22 22:51 - 2014-03-22 22:51 - 00000000 ____D () C:\Program Files\Loaris
2014-03-22 14:58 - 2014-03-22 22:32 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-03-22 14:58 - 2014-03-22 22:31 - 00000000 ____D () C:\Users\7Heaven\AppData\Roaming\IrfanView
2014-03-22 14:57 - 2014-03-22 14:57 - 01883792 _____ (Irfan Skiljan) C:\Users\7Heaven\Downloads\133-iview437_setup.exe
2014-03-22 14:18 - 2014-03-22 23:18 - 00000000 ____D () C:\Program Files\Recuva
2014-03-22 14:18 - 2014-03-22 14:18 - 00001675 _____ () C:\Users\Public\Desktop\Recuva.lnk
2014-03-22 14:17 - 2014-03-22 14:17 - 04092088 _____ (Piriform Ltd) C:\Users\7Heaven\Desktop\488-rcsetup150.exe
2014-03-18 15:27 - 2014-03-18 15:27 - 00399592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-17 23:51 - 2014-03-17 23:51 - 00001203 _____ () C:\Users\Public\Desktop\aTube Catcher.lnk
2014-03-17 08:52 - 2014-03-17 08:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-17 08:52 - 2014-03-17 08:52 - 00000000 _____ () C:\Windows\setupact.log
2014-03-13 21:49 - 2014-03-23 02:09 - 00040204 _____ () C:\Windows\PFRO.log
2014-03-13 11:21 - 2014-03-23 02:13 - 00939043 _____ () C:\Windows\WindowsUpdate.log
2014-03-12 23:19 - 2014-02-23 05:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 23:19 - 2014-02-23 05:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 23:19 - 2014-02-23 05:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-03-12 23:19 - 2014-02-23 05:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-03-12 23:19 - 2014-02-23 05:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 23:19 - 2014-02-23 05:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 23:19 - 2014-02-23 05:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 23:19 - 2014-02-23 05:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 23:19 - 2014-02-23 05:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 23:19 - 2014-02-23 05:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 23:19 - 2014-02-23 05:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 23:19 - 2014-02-23 05:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-12 23:19 - 2014-02-23 05:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-12 23:19 - 2014-02-23 05:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 23:19 - 2014-02-23 05:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 23:19 - 2014-02-23 05:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 23:19 - 2014-02-23 03:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 23:19 - 2014-02-23 03:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 23:19 - 2014-02-23 03:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-03-12 23:19 - 2014-02-23 03:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 23:19 - 2014-02-23 03:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 23:19 - 2014-02-23 03:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 23:19 - 2014-02-23 03:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 23:19 - 2014-02-23 03:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-12 23:19 - 2014-02-23 03:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 23:19 - 2014-02-23 03:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 23:19 - 2014-02-23 03:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-12 23:19 - 2014-02-23 03:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 23:19 - 2014-02-23 03:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 23:19 - 2014-02-23 03:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 23:19 - 2014-02-23 03:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 23:19 - 2014-02-23 03:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 23:19 - 2014-02-23 01:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-03-12 23:19 - 2014-02-08 01:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 23:19 - 2013-10-25 04:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-03-12 23:19 - 2013-10-24 19:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-03-12 23:18 - 2014-02-05 20:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 23:18 - 2014-02-05 20:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 23:18 - 2014-01-30 21:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 23:18 - 2014-01-30 21:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 23:18 - 2013-12-07 03:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-12 23:18 - 2013-12-07 02:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-12 18:52 - 2014-03-21 18:32 - 00000000 ____D () C:\Users\7Heaven\Desktop\SEBRAE
2014-03-09 23:28 - 2014-03-10 00:39 - 00000000 ____D () C:\Users\7Heaven\Desktop\CURRICULO
2014-03-09 23:18 - 2014-03-09 23:18 - 00026836 _____ () C:\Users\7Heaven\Documents\CURRICULO PRE VESTIBULAR II.txt
2014-03-08 10:42 - 2014-03-08 10:43 - 00000000 ____D () C:\Users\7Heaven\Desktop\DECLARAÇÃO ACADÊMICA - 08-03-14
2014-03-06 21:48 - 2014-03-07 00:03 - 00000000 ____D () C:\Users\7Heaven\Desktop\PACTO 2014
2014-02-24 18:50 - 2014-02-24 18:50 - 00000029 _____ () C:\Windows\SysWOW64\config.ini
2014-02-24 18:50 - 2014-01-21 11:14 - 00052032 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfilter.sys
2014-02-24 18:50 - 2014-01-21 11:14 - 00034624 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfmon.sys
2014-02-24 18:50 - 2014-01-21 07:01 - 00128992 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bprotect.sys
2014-02-24 18:45 - 2014-02-24 18:45 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-24 18:45 - 2014-02-24 18:45 - 00000839 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-24 18:45 - 2014-02-24 18:45 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-24 18:42 - 2014-02-24 18:42 - 04721920 _____ (Piriform Ltd) C:\Users\7Heaven\Downloads\744-ccsetup410.exe
2014-02-24 18:41 - 2014-02-24 18:41 - 00677824 _____ ( ) C:\Users\7Heaven\Downloads\ccleaner-4104570-gerenciador-32-bits.exe
2014-02-24 18:27 - 2014-03-22 22:33 - 00000000 ____D () C:\Users\Todos os Usuários\1fe18c60706bcd7c
2014-02-24 18:27 - 2014-03-22 22:33 - 00000000 ____D () C:\ProgramData\1fe18c60706bcd7c
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Convidado\AppData\Local\Torch
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Convidado\AppData\Local\Google
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Convidado\AppData\Local\Comodo
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Convidado
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Torch
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Google
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Comodo
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Administrador
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\7Heaven\AppData\Local\Comodo
2014-02-24 18:25 - 2014-02-24 18:25 - 00000000 ____D () C:\Users\Todos os Usuários\SafeSoft
2014-02-24 18:25 - 2014-02-24 18:25 - 00000000 ____D () C:\ProgramData\SafeSoft
==================== One Month Modified Files and Folders =======
2014-03-23 02:16 - 2014-03-23 02:15 - 00000000 ____D () C:\FRST
2014-03-23 02:13 - 2014-03-23 02:14 - 00001191 _____ () C:\Users\7Heaven\Desktop\ZHPFixReport.txt
2014-03-23 02:13 - 2014-03-23 00:46 - 00000000 ____D () C:\Users\7Heaven\AppData\Roaming\ZHP
2014-03-23 02:13 - 2014-03-23 00:46 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-03-23 02:13 - 2014-03-13 11:21 - 00939043 _____ () C:\Windows\WindowsUpdate.log
2014-03-23 02:12 - 2012-10-16 00:44 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-03-23 02:09 - 2014-03-13 21:49 - 00040204 _____ () C:\Windows\PFRO.log
2014-03-23 02:09 - 2012-12-03 13:51 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-23 02:09 - 2012-07-26 04:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-23 02:08 - 2012-07-26 02:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-23 02:06 - 2012-12-03 13:51 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-23 02:00 - 2012-07-26 05:12 - 00000000 ____D () C:\Windows\system32\sru
2014-03-23 01:51 - 2014-03-23 01:51 - 00041402 _____ () C:\Users\7Heaven\Desktop\ZHPDiag.txt
2014-03-23 01:21 - 2013-07-10 22:16 - 00000954 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1945482154-598400869-252928238-1002UA.job
2014-03-23 00:46 - 2014-03-23 00:46 - 00002004 _____ () C:\Users\7Heaven\Desktop\ZHPFix.lnk
2014-03-23 00:46 - 2014-03-23 00:46 - 00001877 _____ () C:\Users\7Heaven\Desktop\ZHPDiag.lnk
2014-03-23 00:31 - 2014-03-23 00:28 - 00000396 _____ () C:\Users\7Heaven\Desktop\jvh.txt
2014-03-23 00:07 - 2014-03-23 00:07 - 00000000 ____D () C:\zoek_backup
2014-03-22 23:56 - 2013-12-18 13:58 - 00000000 ____D () C:\AdwCleaner
2014-03-22 23:52 - 2014-03-22 23:52 - 01950720 _____ () C:\Users\7Heaven\Desktop\AdwCleaner.exe
2014-03-22 23:32 - 2013-12-07 22:20 - 00000000 ____D () C:\Users\7Heaven\Desktop\negile
2014-03-22 23:18 - 2014-03-22 14:18 - 00000000 ____D () C:\Program Files\Recuva
2014-03-22 22:51 - 2014-03-22 22:51 - 00000000 ____D () C:\Program Files\Loaris
2014-03-22 22:38 - 2013-12-07 12:05 - 00001392 _____ () C:\Users\Todos os Usuários\hpzinstall.log
2014-03-22 22:38 - 2013-12-07 12:05 - 00001392 _____ () C:\ProgramData\hpzinstall.log
2014-03-22 22:33 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Todos os Usuários\1fe18c60706bcd7c
2014-03-22 22:33 - 2014-02-24 18:27 - 00000000 ____D () C:\ProgramData\1fe18c60706bcd7c
2014-03-22 22:32 - 2014-03-22 14:58 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-03-22 22:31 - 2014-03-22 14:58 - 00000000 ____D () C:\Users\7Heaven\AppData\Roaming\IrfanView
2014-03-22 22:24 - 2012-07-26 07:32 - 00763854 _____ () C:\Windows\system32\prfh0416.dat
2014-03-22 22:24 - 2012-07-26 07:32 - 00155144 _____ () C:\Windows\system32\prfc0416.dat
2014-03-22 22:24 - 2012-07-26 04:28 - 01769104 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-22 22:21 - 2013-07-10 22:16 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1945482154-598400869-252928238-1002Core.job
2014-03-22 22:21 - 2012-11-27 17:09 - 00000000 ___RD () C:\Users\7Heaven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-22 15:51 - 2012-11-27 17:07 - 00000000 ____D () C:\Users\7Heaven
2014-03-22 14:57 - 2014-03-22 14:57 - 01883792 _____ (Irfan Skiljan) C:\Users\7Heaven\Downloads\133-iview437_setup.exe
2014-03-22 14:26 - 2014-01-15 16:38 - 00000000 ____D () C:\Users\Todos os Usuários\Log
2014-03-22 14:26 - 2014-01-15 16:38 - 00000000 ____D () C:\ProgramData\Log
2014-03-22 14:18 - 2014-03-22 14:18 - 00001675 _____ () C:\Users\Public\Desktop\Recuva.lnk
2014-03-22 14:17 - 2014-03-22 14:17 - 04092088 _____ (Piriform Ltd) C:\Users\7Heaven\Desktop\488-rcsetup150.exe
2014-03-21 18:32 - 2014-03-12 18:52 - 00000000 ____D () C:\Users\7Heaven\Desktop\SEBRAE
2014-03-21 16:41 - 2012-07-26 02:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-03-19 23:26 - 2012-07-26 05:12 - 00000000 ____D () C:\Windows\rescache
2014-03-18 15:27 - 2014-03-18 15:27 - 00399592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-18 01:58 - 2012-07-26 05:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-18 00:27 - 2013-07-13 21:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 00:25 - 2012-12-21 18:11 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 23:55 - 2013-06-11 20:15 - 00000000 ____D () C:\Users\7Heaven\Desktop\Arquivos
2014-03-17 23:54 - 2013-05-13 20:12 - 00000000 ____D () C:\Users\7Heaven\Desktop\CEUMA -
2014-03-17 23:51 - 2014-03-17 23:51 - 00001203 _____ () C:\Users\Public\Desktop\aTube Catcher.lnk
2014-03-17 23:51 - 2013-12-14 16:47 - 00002133 _____ () C:\Users\Public\Desktop\Video Search.lnk
2014-03-17 23:50 - 2012-11-28 17:20 - 00000000 ____D () C:\Program Files (x86)\DsNET Corp
2014-03-17 08:52 - 2014-03-17 08:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-17 08:52 - 2014-03-17 08:52 - 00000000 _____ () C:\Windows\setupact.log
2014-03-14 11:11 - 2014-02-20 14:24 - 00000000 ____D () C:\Users\7Heaven\Desktop\j.mill
2014-03-13 23:13 - 2012-11-27 17:14 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1945482154-598400869-252928238-1002
2014-03-13 21:52 - 2012-11-27 17:09 - 00000000 ___RD () C:\Users\7Heaven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-13 21:50 - 2012-10-16 00:41 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-03-13 21:49 - 2013-03-15 03:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 21:49 - 2013-03-15 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 21:47 - 2012-07-26 05:12 - 00000000 ___RD () C:\Windows\ToastData
2014-03-13 21:47 - 2012-07-26 05:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-13 21:47 - 2012-07-26 05:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-13 21:47 - 2012-07-26 05:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-13 12:14 - 2012-11-28 17:29 - 00000000 ____D () C:\Users\Todos os Usuários\Microsoft Help
2014-03-13 12:14 - 2012-11-28 17:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-13 11:36 - 2012-07-26 05:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-12 22:57 - 2012-10-16 00:41 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-03-10 00:39 - 2014-03-09 23:28 - 00000000 ____D () C:\Users\7Heaven\Desktop\CURRICULO
2014-03-09 23:18 - 2014-03-09 23:18 - 00026836 _____ () C:\Users\7Heaven\Documents\CURRICULO PRE VESTIBULAR II.txt
2014-03-09 21:10 - 2013-03-04 16:05 - 00000040 _____ () C:\Users\7Heaven\AppData\Roaming\cdr.ini
2014-03-08 10:43 - 2014-03-08 10:42 - 00000000 ____D () C:\Users\7Heaven\Desktop\DECLARAÇÃO ACADÊMICA - 08-03-14
2014-03-07 00:03 - 2014-03-06 21:48 - 00000000 ____D () C:\Users\7Heaven\Desktop\PACTO 2014
2014-03-04 19:52 - 2013-11-20 15:34 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-04 19:52 - 2013-11-20 15:34 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-02 02:18 - 2013-02-09 15:51 - 00000000 ____D () C:\Users\7Heaven\AppData\Local\Windows Live
2014-02-25 02:50 - 2013-05-15 12:31 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1945482154-598400869-252928238-1002
2014-02-25 02:50 - 2013-05-15 12:31 - 00003214 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1945482154-598400869-252928238-1002
2014-02-24 19:37 - 2012-11-27 17:09 - 00000986 _____ () C:\Users\7Heaven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-24 19:15 - 2013-05-19 00:10 - 00000000 ____D () C:\Users\7Heaven\AppData\Roaming\Media Player Classic
2014-02-24 19:15 - 2013-04-18 22:55 - 00000000 ____D () C:\Users\7Heaven\AppData\Roaming\uTorrent
2014-02-24 19:15 - 2012-10-16 04:49 - 00000000 ____D () C:\Windows\Panther
2014-02-24 19:14 - 2012-11-28 14:40 - 00000000 ____D () C:\Users\7Heaven\AppData\Local\CrashDumps
2014-02-24 18:50 - 2014-02-24 18:50 - 00000029 _____ () C:\Windows\SysWOW64\config.ini
2014-02-24 18:45 - 2014-02-24 18:45 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-24 18:45 - 2014-02-24 18:45 - 00000839 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-24 18:45 - 2014-02-24 18:45 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-24 18:42 - 2014-02-24 18:42 - 04721920 _____ (Piriform Ltd) C:\Users\7Heaven\Downloads\744-ccsetup410.exe
2014-02-24 18:41 - 2014-02-24 18:41 - 00677824 _____ ( ) C:\Users\7Heaven\Downloads\ccleaner-4104570-gerenciador-32-bits.exe
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Convidado\AppData\Local\Torch
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Convidado\AppData\Local\Google
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Convidado\AppData\Local\Comodo
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Convidado
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Torch
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Google
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Comodo
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\Administrador
2014-02-24 18:27 - 2014-02-24 18:27 - 00000000 ____D () C:\Users\7Heaven\AppData\Local\Comodo
2014-02-24 18:27 - 2012-12-03 13:51 - 00000000 ____D () C:\Users\7Heaven\AppData\Local\Google
2014-02-24 18:25 - 2014-02-24 18:25 - 00000000 ____D () C:\Users\Todos os Usuários\SafeSoft
2014-02-24 18:25 - 2014-02-24 18:25 - 00000000 ____D () C:\ProgramData\SafeSoft
2014-02-24 16:40 - 2012-07-26 05:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-02-23 05:13 - 2014-03-12 23:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 05:13 - 2014-03-12 23:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 05:13 - 2014-03-12 23:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-02-23 05:13 - 2014-03-12 23:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-02-23 05:13 - 2014-03-12 23:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-23 05:12 - 2014-03-12 23:19 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 05:12 - 2014-03-12 23:19 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 05:12 - 2014-03-12 23:19 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-23 05:11 - 2014-03-12 23:19 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 05:11 - 2014-03-12 23:19 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 05:11 - 2014-03-12 23:19 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 05:11 - 2014-03-12 23:19 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 05:11 - 2014-03-12 23:19 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-23 05:11 - 2014-03-12 23:19 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-23 05:11 - 2014-03-12 23:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 05:11 - 2014-03-12 23:19 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-23 03:54 - 2014-03-12 23:19 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-23 03:54 - 2014-03-12 23:19 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-23 03:54 - 2014-03-12 23:19 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-02-23 03:53 - 2014-03-12 23:19 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-23 03:53 - 2014-03-12 23:19 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-23 03:53 - 2014-03-12 23:19 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-23 03:53 - 2014-03-12 23:19 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-23 03:53 - 2014-03-12 23:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-23 03:53 - 2014-03-12 23:19 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-23 03:53 - 2014-03-12 23:19 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-23 03:53 - 2014-03-12 23:19 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-23 03:53 - 2014-03-12 23:19 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-23 03:53 - 2014-03-12 23:19 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-23 03:53 - 2014-03-12 23:19 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-23 03:35 - 2014-03-12 23:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 03:31 - 2014-03-12 23:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-23 01:06 - 2014-03-12 23:19 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-18 11:40
==================== End Of Log ============================
ViniciusDorneles- Membro
- Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 30
Localização : MA
Re: Problemas com o "View-Password".
por ViniciusDorneles Dom 23 Mar 2014, 02:20
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by 7Heaven at 2014-03-23 02:16:49
Running from C:\Users\7Heaven\Videos
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.3.28705 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Reader X (10.1.9) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AMCap (HKLM-x32\...\AMCap) (Version: 9.20.132.2 - Noël Danjou)
Any Video Converter 5 5.0.3 (HKLM-x32\...\Any Video Converter 5_is1) (Version: - Any-Video-Converter.com)
Ares 2.1.7 (HKLM-x32\...\Ares) (Version: 2.1.7-Build#3041 - Ares Development Group)
Atualizações da NVIDIA 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 3.8.6610 - DsNET Corp)
Bing Bar (HKLM-x32\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C4400 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.40.0 - Conexant)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.1913 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1904 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version: - Microsoft)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.209 - ALPS ELECTRIC CO., LTD.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DiscadorOi.exe (HKLM-x32\...\oigsm_is1) (Version: 1.4.1.0 - LightComm Tecnologia)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
DVDShrink 2008 (HKLM-x32\...\{EE3FBA20-AB77-46E0-9825-565807A24A66}) (Version: 1.0.0 - BitByteSoft)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Free CD to MP3 Converter (HKLM-x32\...\Free CD to MP3 Converter) (Version: - Eusing Software)
Galeria de Fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart C4400 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{886E586A-9121-4515-9C18-2C04202614B2}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2817 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417000FF}) (Version: 7.0.0 - Oracle)
LibreOffice 3.3 (HKLM-x32\...\{3D33A4EB-957B-4212-BF0D-7F7FB02F1BE3}) (Version: 3.3.301 - LibreOffice)
Loaris Trojan Remover (HKLM\...\{29988DC6-9C4A-49B2-AC86-5C380B29ADB9}_is1) (Version: - Loaris, Inc.)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
McAfee AntiVirus (HKLM-x32\...\MSC) (Version: 12.8.934 - McAfee, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Monitor da tecnologia Intel® Turbo Boost 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MPC-HC 1.7.1 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.1.0 - MPC-HC Team)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6422.14 - PC-Doctor, Inc.)
NVIDIA Driver de gráficos 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Olicard160 (HKLM-x32\...\{49B40A1F-2AB0-4EE1-A6B0-56E7A85BEBFB}) (Version: 1.000.00001 - Olivetti)
Painel de controle da NVIDIA 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PS_AIO_03_C4400_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.204 - Nome de sua empresa:)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.27 - Dell Inc.)
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
TeamViewer 6 (HKLM-x32\...\TeamViewer 6) (Version: 6.0.9699 Beta - TeamViewer GmbH)
TIM Communicator (HKLM-x32\...\OrolixCommunicator) (Version: - )
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0416-0000-0000000FF1CE}_Office14.SingleImage_{956FF6E4-8BBB-4B9A-9279-8A34D8C1FF9D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0416-0000-0000000FF1CE}_Office14.SingleImage_{9B4198E0-0876-4492-986C-0913A8BF81E9}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft)
Vivo - Guia Vivo Internet versão 1.0 (HKLM-x32\...\{C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1) (Version: 1.0 - Vivo)
VIVO INTERNET (HKLM-x32\...\VIVO INTERNET) (Version: 16.002.10.19.149 - Huawei Technologies Co.,Ltd)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Watchtower Library 2012 - Português (HKLM-x32\...\{BB706B9B-B7D3-478B-8BB1-FB412C76E408}) (Version: 14.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
ZHPDiag 2014 (HKLM-x32\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)
==================== Restore Points =========================
05-03-2014 00:41:34 Ponto de Verificação Agendado
13-03-2014 15:09:30 Windows Update
18-03-2014 03:25:29 Windows Update
23-03-2014 04:34:18 ZHPFix Restore System Point
==================== Hosts content: ==========================
2012-07-26 02:26 - 2012-07-26 02:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {04633C92-32CA-42E4-A8DA-0C5768CA8329} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {09E49529-E2E8-47A5-ACB5-E77A5145C540} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-12-03] (PC-Doctor, Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1B15E560-42F8-422C-BC6D-FCFBB3A1E625} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1945482154-598400869-252928238-1002Core => C:\Users\7Heaven\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-10] (Facebook Inc.)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {242F9E08-F76F-45E0-A4AC-C0E2BC9A7F6E} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {2EFB6EEF-E3DD-4CD7-AEFD-591B5D51C1C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {31274EFA-820C-4B30-8CB9-2222F60DDAD4} - \Plus-HD-7.5-codedownloader No Task File
Task: {346B909C-A7EA-4D33-8CA7-1526A607E6C2} - \DealPly No Task File
Task: {4770D7EE-41E5-44DF-A838-78BEB5CD8D76} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {55C29433-B97E-465F-A9B0-7C69CD307261} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {5C9065BC-7847-4C52-9A5A-5986E2353449} - \GoforFilesUpdate No Task File
Task: {6020638A-52D4-4D29-93D3-170F19DBF484} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1945482154-598400869-252928238-1002UA => C:\Users\7Heaven\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-10] (Facebook Inc.)
Task: {698C1F30-C4BD-4AD7-AFBE-42D7CE432A7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {A1AB78C5-A9CE-43B0-A204-501FB2843435} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-12-03] (PC-Doctor, Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AD6256B3-D90A-4110-841D-F33DA47A708D} - \Funmoods No Task File
Task: {B94E1555-B92E-4C49-B2D4-5428A37FC2D7} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1945482154-598400869-252928238-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C7F93DEC-1AFA-429C-9153-86974E284C73} - \Plus-HD-7.5-enabler No Task File
Task: {C977C4AC-5518-4873-B8FD-2C31B60FDED8} - \Plus-HD-7.5-firefoxinstaller No Task File
Task: {E270A632-70C1-437E-8EF8-8304659D8436} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1945482154-598400869-252928238-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {E45BB0FB-9528-45B0-B0FE-A2B6579B5DC7} - \Plus-HD-7.5-updater No Task File
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F45F5F47-6B1C-413D-9154-7F5586F3CA46} - \AmiUpdXp No Task File
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1945482154-598400869-252928238-1002Core.job => C:\Users\7Heaven\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1945482154-598400869-252928238-1002UA.job => C:\Users\7Heaven\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-03-28 11:49 - 2010-10-01 12:49 - 00620032 _____ () C:\Windows\SysWOW64\GSMSrvEjector.exe
2011-03-14 12:27 - 2011-03-14 12:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-04-16 03:07 - 2013-04-16 03:07 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-10-16 00:39 - 2012-04-24 23:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-07-26 07:37 - 2012-07-26 07:35 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-07-31 19:10 - 2012-07-31 19:10 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2012-07-31 19:05 - 2012-07-31 19:05 - 00020992 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\L10n\pt-BR\BtTray.pt-BR.dll
2012-10-16 00:30 - 2012-07-18 11:03 - 00165024 _____ () C:\Program Files\Conexant\SA3\MaxxAudioWrapper.dll
2012-10-16 04:53 - 2012-07-25 17:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-16 00:38 - 2012-06-08 00:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-02-16 13:13 - 2014-02-16 13:13 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\b1c5b85477b09ceb4fa27fdf6e37e617\PSIClient.ni.dll
2012-10-16 00:29 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-03-16 23:07 - 2014-03-14 21:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-16 23:07 - 2014-03-14 21:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-16 23:07 - 2014-03-14 21:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-16 23:07 - 2014-03-14 21:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-16 23:07 - 2014-03-14 21:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-16 23:07 - 2014-03-14 21:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-16 23:07 - 2014-03-14 21:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:373E1720
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Dell Wireless 1703 Bluetooth
Description: Dell Wireless 1703 Bluetooth
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/23/2014 01:48:48 AM) (Source: Application Hang) (User: )
Description: O programa ZHPDiag.exe versão 2014.3.22.25 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.
ID do Processo: 1628
Hora de Início: 01cf4652ed6c57a8
Hora de Término: 4
Caminho do Aplicativo: C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe
ID do Relatório: 65992a75-b246-11e3-bef5-782bcbbe36d9
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:
Error: (03/22/2014 07:21:05 PM) (Source: Google Update) (User: AcesHigh)
Description: Network Request Error.
Error: 0x80072f78. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, named proxy=http=127.0.0.1:13828, bypass=.
trying CUP:WinHTTP.
Send request returned 0x80072f78. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, named proxy=http=127.0.0.1:13828, bypass=
Error: (03/21/2014 10:21:05 PM) (Source: Google Update) (User: AcesHigh)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
Error: (03/21/2014 05:17:01 PM) (Source: AVLogEvent) (User: AUTORIDADE NT)
Description: McShield crashed.
Error Code:c0000005
Error: (03/21/2014 05:17:01 PM) (Source: Application Error) (User: )
Description: Nome do aplicativo com falha: mcshield.exe, versão: 1.1.3.136, carimbo de data/hora: 0x52d998be
Nome do módulo com falha: ntdll.dll, versão: 6.2.9200.16579, carimbo de data/hora: 0x51637f77
Código de exceção: 0xc0000005
Deslocamento da falha: 0x000000000005ab00
ID do processo com falha: 0xc8c
Hora de início do aplicativo com falha: 0xmcshield.exe0
Caminho do aplicativo com falha: mcshield.exe1
Caminho do módulo com falha: mcshield.exe2
ID do Relatório: mcshield.exe3
Nome completo do pacote com falha: mcshield.exe4
ID do aplicativo relativo ao pacote com falha: mcshield.exe5
Error: (03/21/2014 05:17:00 PM) (Source: AVLogEvent) (User: AUTORIDADE NT)
Description: McShield crashed.
Error Code:c0000005
Error: (03/20/2014 00:02:25 PM) (Source: Application Error) (User: )
Description: Nome do aplicativo com falha: mcshield.exe, versão: 1.1.3.136, carimbo de data/hora: 0x52d998be
Nome do módulo com falha: ntdll.dll, versão: 6.2.9200.16579, carimbo de data/hora: 0x51637f77
Código de exceção: 0xc0000005
Deslocamento da falha: 0x000000000005ab00
ID do processo com falha: 0x9dc
Hora de início do aplicativo com falha: 0xmcshield.exe0
Caminho do aplicativo com falha: mcshield.exe1
Caminho do módulo com falha: mcshield.exe2
ID do Relatório: mcshield.exe3
Nome completo do pacote com falha: mcshield.exe4
ID do aplicativo relativo ao pacote com falha: mcshield.exe5
Error: (03/20/2014 00:02:10 PM) (Source: AVLogEvent) (User: AUTORIDADE NT)
Description: McShield crashed.
Error Code:c0000005
Error: (03/20/2014 00:02:09 PM) (Source: AVLogEvent) (User: AUTORIDADE NT)
Description: McShield crashed.
Error Code:c0000005
Error: (03/19/2014 10:20:50 PM) (Source: Application Error) (User: )
Description: Nome do aplicativo com falha: mcshield.exe, versão: 1.1.3.136, carimbo de data/hora: 0x52d998be
Nome do módulo com falha: ntdll.dll, versão: 6.2.9200.16579, carimbo de data/hora: 0x51637f77
Código de exceção: 0xc0000005
Deslocamento da falha: 0x000000000005ab00
ID do processo com falha: 0x974
Hora de início do aplicativo com falha: 0xmcshield.exe0
Caminho do aplicativo com falha: mcshield.exe1
Caminho do módulo com falha: mcshield.exe2
ID do Relatório: mcshield.exe3
Nome completo do pacote com falha: mcshield.exe4
ID do aplicativo relativo ao pacote com falha: mcshield.exe5
System errors:
=============
Error: (03/23/2014 02:11:52 AM) (Source: Service Control Manager) (User: )
Description: O serviço Dell Digital Delivery Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es).
Error: (03/23/2014 02:09:30 AM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço McAfee Inc. mfeapfk devido ao seguinte erro:
%%1243
Error: (03/23/2014 01:45:58 AM) (Source: Service Control Manager) (User: )
Description: O serviço Dell Digital Delivery Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es).
Error: (03/23/2014 01:43:10 AM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço McAfee Inc. mfeapfk devido ao seguinte erro:
%%1243
Error: (03/22/2014 10:44:15 PM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço Dell Digital Delivery Service devido ao seguinte erro:
%%1053
Error: (03/22/2014 10:44:15 PM) (Source: Service Control Manager) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Dell Digital Delivery Service.
Error: (03/22/2014 10:41:40 PM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço Update Kozaka devido ao seguinte erro:
%%2
Error: (03/22/2014 10:41:40 PM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço McAfee Inc. mfeapfk devido ao seguinte erro:
%%1243
Error: (03/22/2014 10:40:46 PM) (Source: DCOM) (User: AcesHigh)
Description: {132DB361-34A1-43A3-9ECC-5BE245730365}
Error: (03/22/2014 10:40:46 PM) (Source: DCOM) (User: AcesHigh)
Description: {132DB361-34A1-43A3-9ECC-5BE245730365}
Microsoft Office Sessions:
=========================
Error: (03/23/2014 01:48:48 AM) (Source: Application Hang)(User: )
Description: ZHPDiag.exe2014.3.22.25162801cf4652ed6c57a84C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe65992a75-b246-11e3-bef5-782bcbbe36d9
Error: (03/22/2014 07:21:05 PM) (Source: Google Update)(User: AcesHigh)
Description: Network Request Error.
Error: 0x80072f78. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, named proxy=http=127.0.0.1:13828, bypass=.
trying CUP:WinHTTP.
Send request returned 0x80072f78. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, named proxy=http=127.0.0.1:13828, bypass=
Error: (03/21/2014 10:21:05 PM) (Source: Google Update)(User: AcesHigh)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
Error: (03/21/2014 05:17:01 PM) (Source: AVLogEvent)(User: AUTORIDADE NT)
Description: c0000005
Error: (03/21/2014 05:17:01 PM) (Source: Application Error)(User: )
Description: mcshield.exe1.1.3.13652d998bentdll.dll6.2.9200.1657951637f77c0000005000000000005ab00c8c01cf444d798e90e0C:\Program Files\Common Files\McAfee\AMCore\mcshield.exeC:\Windows\SYSTEM32\ntdll.dllc234096a-b135-11e3-bef1-782bcbbe36d9
Error: (03/21/2014 05:17:00 PM) (Source: AVLogEvent)(User: AUTORIDADE NT)
Description: c0000005
Error: (03/20/2014 00:02:25 PM) (Source: Application Error)(User: )
Description: mcshield.exe1.1.3.13652d998bentdll.dll6.2.9200.1657951637f77c0000005000000000005ab009dc01cf43dac5bbfcefC:\Program Files\Common Files\McAfee\AMCore\mcshield.exeC:\Windows\SYSTEM32\ntdll.dlla554c781-b040-11e3-bef1-782bcbbe36d9
Error: (03/20/2014 00:02:10 PM) (Source: AVLogEvent)(User: AUTORIDADE NT)
Description: c0000005
Error: (03/20/2014 00:02:09 PM) (Source: AVLogEvent)(User: AUTORIDADE NT)
Description: c0000005
Error: (03/19/2014 10:20:50 PM) (Source: Application Error)(User: )
Description: mcshield.exe1.1.3.13652d998bentdll.dll6.2.9200.1657951637f77c0000005000000000005ab0097401cf42d7c0258be3C:\Program Files\Common Files\McAfee\AMCore\mcshield.exeC:\Windows\SYSTEM32\ntdll.dllded45905-afcd-11e3-bef1-782bcbbe36d9
CodeIntegrity Errors:
===================================
Date: 2013-11-26 00:07:48.020
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-11-05 11:10:53.147
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-11-05 10:41:13.609
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-08-09 00:28:07.823
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-15 08:49:11.387
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-12 23:22:41.662
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-11 03:15:34.529
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-11 03:15:34.505
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-11 02:51:03.293
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-11 02:49:29.521
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 33%
Total physical RAM: 6002.92 MB
Available physical RAM: 3973.58 MB
Total Pagefile: 6962.92 MB
Available Pagefile: 4636.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
==================== Drives ================================
Drive c: (Inspiron 14R 3540) (Fixed) (Total:923.19 GB) (Free:826.99 GB) NTFS
Drive y: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.22 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: C2C88BB0)
Partition: GPT Partition Type.
==================== End Of Log ============================
Ran by 7Heaven at 2014-03-23 02:16:49
Running from C:\Users\7Heaven\Videos
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.3.28705 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Reader X (10.1.9) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AMCap (HKLM-x32\...\AMCap) (Version: 9.20.132.2 - Noël Danjou)
Any Video Converter 5 5.0.3 (HKLM-x32\...\Any Video Converter 5_is1) (Version: - Any-Video-Converter.com)
Ares 2.1.7 (HKLM-x32\...\Ares) (Version: 2.1.7-Build#3041 - Ares Development Group)
Atualizações da NVIDIA 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 3.8.6610 - DsNET Corp)
Bing Bar (HKLM-x32\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C4400 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.40.0 - Conexant)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.1913 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1904 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version: - Microsoft)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.209 - ALPS ELECTRIC CO., LTD.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DiscadorOi.exe (HKLM-x32\...\oigsm_is1) (Version: 1.4.1.0 - LightComm Tecnologia)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
DVDShrink 2008 (HKLM-x32\...\{EE3FBA20-AB77-46E0-9825-565807A24A66}) (Version: 1.0.0 - BitByteSoft)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Free CD to MP3 Converter (HKLM-x32\...\Free CD to MP3 Converter) (Version: - Eusing Software)
Galeria de Fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart C4400 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{886E586A-9121-4515-9C18-2C04202614B2}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2817 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417000FF}) (Version: 7.0.0 - Oracle)
LibreOffice 3.3 (HKLM-x32\...\{3D33A4EB-957B-4212-BF0D-7F7FB02F1BE3}) (Version: 3.3.301 - LibreOffice)
Loaris Trojan Remover (HKLM\...\{29988DC6-9C4A-49B2-AC86-5C380B29ADB9}_is1) (Version: - Loaris, Inc.)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
McAfee AntiVirus (HKLM-x32\...\MSC) (Version: 12.8.934 - McAfee, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Monitor da tecnologia Intel® Turbo Boost 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MPC-HC 1.7.1 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.1.0 - MPC-HC Team)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6422.14 - PC-Doctor, Inc.)
NVIDIA Driver de gráficos 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Olicard160 (HKLM-x32\...\{49B40A1F-2AB0-4EE1-A6B0-56E7A85BEBFB}) (Version: 1.000.00001 - Olivetti)
Painel de controle da NVIDIA 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PS_AIO_03_C4400_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.204 - Nome de sua empresa:)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.27 - Dell Inc.)
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
TeamViewer 6 (HKLM-x32\...\TeamViewer 6) (Version: 6.0.9699 Beta - TeamViewer GmbH)
TIM Communicator (HKLM-x32\...\OrolixCommunicator) (Version: - )
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0416-0000-0000000FF1CE}_Office14.SingleImage_{956FF6E4-8BBB-4B9A-9279-8A34D8C1FF9D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0416-0000-0000000FF1CE}_Office14.SingleImage_{9B4198E0-0876-4492-986C-0913A8BF81E9}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft)
Vivo - Guia Vivo Internet versão 1.0 (HKLM-x32\...\{C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1) (Version: 1.0 - Vivo)
VIVO INTERNET (HKLM-x32\...\VIVO INTERNET) (Version: 16.002.10.19.149 - Huawei Technologies Co.,Ltd)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Watchtower Library 2012 - Português (HKLM-x32\...\{BB706B9B-B7D3-478B-8BB1-FB412C76E408}) (Version: 14.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
ZHPDiag 2014 (HKLM-x32\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)
==================== Restore Points =========================
05-03-2014 00:41:34 Ponto de Verificação Agendado
13-03-2014 15:09:30 Windows Update
18-03-2014 03:25:29 Windows Update
23-03-2014 04:34:18 ZHPFix Restore System Point
==================== Hosts content: ==========================
2012-07-26 02:26 - 2012-07-26 02:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {04633C92-32CA-42E4-A8DA-0C5768CA8329} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {09E49529-E2E8-47A5-ACB5-E77A5145C540} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-12-03] (PC-Doctor, Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1B15E560-42F8-422C-BC6D-FCFBB3A1E625} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1945482154-598400869-252928238-1002Core => C:\Users\7Heaven\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-10] (Facebook Inc.)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {242F9E08-F76F-45E0-A4AC-C0E2BC9A7F6E} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {2EFB6EEF-E3DD-4CD7-AEFD-591B5D51C1C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {31274EFA-820C-4B30-8CB9-2222F60DDAD4} - \Plus-HD-7.5-codedownloader No Task File
Task: {346B909C-A7EA-4D33-8CA7-1526A607E6C2} - \DealPly No Task File
Task: {4770D7EE-41E5-44DF-A838-78BEB5CD8D76} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {55C29433-B97E-465F-A9B0-7C69CD307261} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {5C9065BC-7847-4C52-9A5A-5986E2353449} - \GoforFilesUpdate No Task File
Task: {6020638A-52D4-4D29-93D3-170F19DBF484} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1945482154-598400869-252928238-1002UA => C:\Users\7Heaven\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-10] (Facebook Inc.)
Task: {698C1F30-C4BD-4AD7-AFBE-42D7CE432A7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {A1AB78C5-A9CE-43B0-A204-501FB2843435} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-12-03] (PC-Doctor, Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AD6256B3-D90A-4110-841D-F33DA47A708D} - \Funmoods No Task File
Task: {B94E1555-B92E-4C49-B2D4-5428A37FC2D7} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1945482154-598400869-252928238-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C7F93DEC-1AFA-429C-9153-86974E284C73} - \Plus-HD-7.5-enabler No Task File
Task: {C977C4AC-5518-4873-B8FD-2C31B60FDED8} - \Plus-HD-7.5-firefoxinstaller No Task File
Task: {E270A632-70C1-437E-8EF8-8304659D8436} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1945482154-598400869-252928238-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {E45BB0FB-9528-45B0-B0FE-A2B6579B5DC7} - \Plus-HD-7.5-updater No Task File
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F45F5F47-6B1C-413D-9154-7F5586F3CA46} - \AmiUpdXp No Task File
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1945482154-598400869-252928238-1002Core.job => C:\Users\7Heaven\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1945482154-598400869-252928238-1002UA.job => C:\Users\7Heaven\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-03-28 11:49 - 2010-10-01 12:49 - 00620032 _____ () C:\Windows\SysWOW64\GSMSrvEjector.exe
2011-03-14 12:27 - 2011-03-14 12:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-04-16 03:07 - 2013-04-16 03:07 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-10-16 00:39 - 2012-04-24 23:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-07-26 07:37 - 2012-07-26 07:35 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-07-31 19:10 - 2012-07-31 19:10 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2012-07-31 19:05 - 2012-07-31 19:05 - 00020992 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\L10n\pt-BR\BtTray.pt-BR.dll
2012-10-16 00:30 - 2012-07-18 11:03 - 00165024 _____ () C:\Program Files\Conexant\SA3\MaxxAudioWrapper.dll
2012-10-16 04:53 - 2012-07-25 17:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-16 00:38 - 2012-06-08 00:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-02-16 13:13 - 2014-02-16 13:13 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\b1c5b85477b09ceb4fa27fdf6e37e617\PSIClient.ni.dll
2012-10-16 00:29 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-03-16 23:07 - 2014-03-14 21:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-16 23:07 - 2014-03-14 21:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-16 23:07 - 2014-03-14 21:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-16 23:07 - 2014-03-14 21:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-16 23:07 - 2014-03-14 21:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-16 23:07 - 2014-03-14 21:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-16 23:07 - 2014-03-14 21:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:373E1720
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Dell Wireless 1703 Bluetooth
Description: Dell Wireless 1703 Bluetooth
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/23/2014 01:48:48 AM) (Source: Application Hang) (User: )
Description: O programa ZHPDiag.exe versão 2014.3.22.25 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.
ID do Processo: 1628
Hora de Início: 01cf4652ed6c57a8
Hora de Término: 4
Caminho do Aplicativo: C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe
ID do Relatório: 65992a75-b246-11e3-bef5-782bcbbe36d9
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:
Error: (03/22/2014 07:21:05 PM) (Source: Google Update) (User: AcesHigh)
Description: Network Request Error.
Error: 0x80072f78. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, named proxy=http=127.0.0.1:13828, bypass=
trying CUP:WinHTTP.
Send request returned 0x80072f78. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, named proxy=http=127.0.0.1:13828, bypass=
Error: (03/21/2014 10:21:05 PM) (Source: Google Update) (User: AcesHigh)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
Error: (03/21/2014 05:17:01 PM) (Source: AVLogEvent) (User: AUTORIDADE NT)
Description: McShield crashed.
Error Code:c0000005
Error: (03/21/2014 05:17:01 PM) (Source: Application Error) (User: )
Description: Nome do aplicativo com falha: mcshield.exe, versão: 1.1.3.136, carimbo de data/hora: 0x52d998be
Nome do módulo com falha: ntdll.dll, versão: 6.2.9200.16579, carimbo de data/hora: 0x51637f77
Código de exceção: 0xc0000005
Deslocamento da falha: 0x000000000005ab00
ID do processo com falha: 0xc8c
Hora de início do aplicativo com falha: 0xmcshield.exe0
Caminho do aplicativo com falha: mcshield.exe1
Caminho do módulo com falha: mcshield.exe2
ID do Relatório: mcshield.exe3
Nome completo do pacote com falha: mcshield.exe4
ID do aplicativo relativo ao pacote com falha: mcshield.exe5
Error: (03/21/2014 05:17:00 PM) (Source: AVLogEvent) (User: AUTORIDADE NT)
Description: McShield crashed.
Error Code:c0000005
Error: (03/20/2014 00:02:25 PM) (Source: Application Error) (User: )
Description: Nome do aplicativo com falha: mcshield.exe, versão: 1.1.3.136, carimbo de data/hora: 0x52d998be
Nome do módulo com falha: ntdll.dll, versão: 6.2.9200.16579, carimbo de data/hora: 0x51637f77
Código de exceção: 0xc0000005
Deslocamento da falha: 0x000000000005ab00
ID do processo com falha: 0x9dc
Hora de início do aplicativo com falha: 0xmcshield.exe0
Caminho do aplicativo com falha: mcshield.exe1
Caminho do módulo com falha: mcshield.exe2
ID do Relatório: mcshield.exe3
Nome completo do pacote com falha: mcshield.exe4
ID do aplicativo relativo ao pacote com falha: mcshield.exe5
Error: (03/20/2014 00:02:10 PM) (Source: AVLogEvent) (User: AUTORIDADE NT)
Description: McShield crashed.
Error Code:c0000005
Error: (03/20/2014 00:02:09 PM) (Source: AVLogEvent) (User: AUTORIDADE NT)
Description: McShield crashed.
Error Code:c0000005
Error: (03/19/2014 10:20:50 PM) (Source: Application Error) (User: )
Description: Nome do aplicativo com falha: mcshield.exe, versão: 1.1.3.136, carimbo de data/hora: 0x52d998be
Nome do módulo com falha: ntdll.dll, versão: 6.2.9200.16579, carimbo de data/hora: 0x51637f77
Código de exceção: 0xc0000005
Deslocamento da falha: 0x000000000005ab00
ID do processo com falha: 0x974
Hora de início do aplicativo com falha: 0xmcshield.exe0
Caminho do aplicativo com falha: mcshield.exe1
Caminho do módulo com falha: mcshield.exe2
ID do Relatório: mcshield.exe3
Nome completo do pacote com falha: mcshield.exe4
ID do aplicativo relativo ao pacote com falha: mcshield.exe5
System errors:
=============
Error: (03/23/2014 02:11:52 AM) (Source: Service Control Manager) (User: )
Description: O serviço Dell Digital Delivery Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es).
Error: (03/23/2014 02:09:30 AM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço McAfee Inc. mfeapfk devido ao seguinte erro:
%%1243
Error: (03/23/2014 01:45:58 AM) (Source: Service Control Manager) (User: )
Description: O serviço Dell Digital Delivery Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es).
Error: (03/23/2014 01:43:10 AM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço McAfee Inc. mfeapfk devido ao seguinte erro:
%%1243
Error: (03/22/2014 10:44:15 PM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço Dell Digital Delivery Service devido ao seguinte erro:
%%1053
Error: (03/22/2014 10:44:15 PM) (Source: Service Control Manager) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Dell Digital Delivery Service.
Error: (03/22/2014 10:41:40 PM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço Update Kozaka devido ao seguinte erro:
%%2
Error: (03/22/2014 10:41:40 PM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço McAfee Inc. mfeapfk devido ao seguinte erro:
%%1243
Error: (03/22/2014 10:40:46 PM) (Source: DCOM) (User: AcesHigh)
Description: {132DB361-34A1-43A3-9ECC-5BE245730365}
Error: (03/22/2014 10:40:46 PM) (Source: DCOM) (User: AcesHigh)
Description: {132DB361-34A1-43A3-9ECC-5BE245730365}
Microsoft Office Sessions:
=========================
Error: (03/23/2014 01:48:48 AM) (Source: Application Hang)(User: )
Description: ZHPDiag.exe2014.3.22.25162801cf4652ed6c57a84C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe65992a75-b246-11e3-bef5-782bcbbe36d9
Error: (03/22/2014 07:21:05 PM) (Source: Google Update)(User: AcesHigh)
Description: Network Request Error.
Error: 0x80072f78. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, named proxy=http=127.0.0.1:13828, bypass=
trying CUP:WinHTTP.
Send request returned 0x80072f78. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, named proxy=http=127.0.0.1:13828, bypass=
Error: (03/21/2014 10:21:05 PM) (Source: Google Update)(User: AcesHigh)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
Error: (03/21/2014 05:17:01 PM) (Source: AVLogEvent)(User: AUTORIDADE NT)
Description: c0000005
Error: (03/21/2014 05:17:01 PM) (Source: Application Error)(User: )
Description: mcshield.exe1.1.3.13652d998bentdll.dll6.2.9200.1657951637f77c0000005000000000005ab00c8c01cf444d798e90e0C:\Program Files\Common Files\McAfee\AMCore\mcshield.exeC:\Windows\SYSTEM32\ntdll.dllc234096a-b135-11e3-bef1-782bcbbe36d9
Error: (03/21/2014 05:17:00 PM) (Source: AVLogEvent)(User: AUTORIDADE NT)
Description: c0000005
Error: (03/20/2014 00:02:25 PM) (Source: Application Error)(User: )
Description: mcshield.exe1.1.3.13652d998bentdll.dll6.2.9200.1657951637f77c0000005000000000005ab009dc01cf43dac5bbfcefC:\Program Files\Common Files\McAfee\AMCore\mcshield.exeC:\Windows\SYSTEM32\ntdll.dlla554c781-b040-11e3-bef1-782bcbbe36d9
Error: (03/20/2014 00:02:10 PM) (Source: AVLogEvent)(User: AUTORIDADE NT)
Description: c0000005
Error: (03/20/2014 00:02:09 PM) (Source: AVLogEvent)(User: AUTORIDADE NT)
Description: c0000005
Error: (03/19/2014 10:20:50 PM) (Source: Application Error)(User: )
Description: mcshield.exe1.1.3.13652d998bentdll.dll6.2.9200.1657951637f77c0000005000000000005ab0097401cf42d7c0258be3C:\Program Files\Common Files\McAfee\AMCore\mcshield.exeC:\Windows\SYSTEM32\ntdll.dllded45905-afcd-11e3-bef1-782bcbbe36d9
CodeIntegrity Errors:
===================================
Date: 2013-11-26 00:07:48.020
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-11-05 11:10:53.147
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-11-05 10:41:13.609
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-08-09 00:28:07.823
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-15 08:49:11.387
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-12 23:22:41.662
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-11 03:15:34.529
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-11 03:15:34.505
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-11 02:51:03.293
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-11 02:49:29.521
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 33%
Total physical RAM: 6002.92 MB
Available physical RAM: 3973.58 MB
Total Pagefile: 6962.92 MB
Available Pagefile: 4636.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
==================== Drives ================================
Drive c: (Inspiron 14R 3540) (Fixed) (Total:923.19 GB) (Free:826.99 GB) NTFS
Drive y: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.22 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: C2C88BB0)
Partition: GPT Partition Type.
==================== End Of Log ============================
ViniciusDorneles- Membro
- Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 30
Localização : MA
Re: Problemas com o "View-Password".
por ViniciusDorneles Dom 23 Mar 2014, 02:41
O malware sumiu e meu notebook ficou muito mais rápido.
Não tenho palavras para lhe agradecer, por isso a reputação de vocês lhes precedem, irei recomendá-los a meus amigos e familiares.
Este é um exemplo de apoio a sociedade e bom trabalho.
Há algo a mais a ser feito?
Não tenho palavras para lhe agradecer, por isso a reputação de vocês lhes precedem, irei recomendá-los a meus amigos e familiares.
Este é um exemplo de apoio a sociedade e bom trabalho.
Há algo a mais a ser feito?
ViniciusDorneles- Membro
- Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 30
Localização : MA
Re: Problemas com o "View-Password".
por Power Max Dom 23 Mar 2014, 02:43
estou analisando o seu relatório e daqui há pouco te passo o script de remoção de mais alguns itens que constam no relatório.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
ViniciusDorneles- Membro
- Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 30
Localização : MA
Re: Problemas com o "View-Password".
por Power Max Dom 23 Mar 2014, 03:07
Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o no mesmo local que você salvou o Farbar, que é este abaixo:C:\Users\7Heaven\Videos
Execute o FRST. Clique no botão Fix.
Aguarde e ao final, o log Fixlog.txt será salvo.
Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Problemas com o "View-Password".
por ViniciusDorneles Dom 23 Mar 2014, 12:36
Desculpe a demora, acabei pegando no sono e acordei agora. Trabalhei o dia inteiro ontem. Perdão.
___________________________________________________________
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by 7Heaven at 2014-03-23 12:34:38 Run:1
Running from C:\Users\7Heaven\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] - [X]
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {88EEA455-6930-4A70-AE73-27A57A329272} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKLM-x32 - {88EEA455-6930-4A70-AE73-27A57A329272} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - Web URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {88EEA455-6930-4A70-AE73-27A57A329272} URL =
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: SearchNewTab - {4FB224F4-DE24-0D9D-9F6C-21DC1655E34E} - C:\ProgramData\SearchNewTab\518a63f0efe6f.dll No File
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
S3 BdApiUtil; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [X]
S3 BdCameraProtect; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
2014-02-24 18:50 - 2014-01-21 11:14 - 00052032 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfilter.sys
2014-02-24 18:50 - 2014-01-21 11:14 - 00034624 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfmon.sys
2014-02-24 18:50 - 2014-01-21 07:01 - 00128992 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bprotect.sys
2014-03-22 22:51 - 2014-03-22 22:51 - 00000000 ____D () C:\Program Files\Loaris
Bing Bar (HKLM-x32\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
Loaris Trojan Remover (HKLM\...\{29988DC6-9C4A-49B2-AC86-5C380B29ADB9}_is1) (Version: - Loaris, Inc.)
Task: {31274EFA-820C-4B30-8CB9-2222F60DDAD4} - \Plus-HD-7.5-codedownloader No Task File
Task: {346B909C-A7EA-4D33-8CA7-1526A607E6C2} - \DealPly No Task File
Task: {5C9065BC-7847-4C52-9A5A-5986E2353449} - \GoforFilesUpdate No Task File
Task: {AD6256B3-D90A-4110-841D-F33DA47A708D} - \Funmoods No Task File
Task: {C7F93DEC-1AFA-429C-9153-86974E284C73} - \Plus-HD-7.5-enabler No Task File
Task: {C977C4AC-5518-4873-B8FD-2C31B60FDED8} - \Plus-HD-7.5-firefoxinstaller No Task File
Task: {E45BB0FB-9528-45B0-B0FE-A2B6579B5DC7} - \Plus-HD-7.5-updater No Task File
Task: {F45F5F47-6B1C-413D-9154-7F5586F3CA46} - \AmiUpdXp No Task File
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:373E1720
end
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{88EEA455-6930-4A70-AE73-27A57A329272} => Key deleted successfully.
HKCR\CLSID\{88EEA455-6930-4A70-AE73-27A57A329272} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{88EEA455-6930-4A70-AE73-27A57A329272} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{88EEA455-6930-4A70-AE73-27A57A329272} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Web => Key deleted successfully.
HKCR\CLSID\Web => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{88EEA455-6930-4A70-AE73-27A57A329272} => Key deleted successfully.
HKCR\CLSID\{88EEA455-6930-4A70-AE73-27A57A329272} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key deleted successfully.
HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4FB224F4-DE24-0D9D-9F6C-21DC1655E34E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{4FB224F4-DE24-0D9D-9F6C-21DC1655E34E} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} => Key deleted successfully.
BdApiUtil => Service deleted successfully.
BdCameraProtect => Service deleted successfully.
BprotectEx => Service deleted successfully.
PCFApiUtil => Service deleted successfully.
C:\Windows\system32\Drivers\Bfilter.sys => Moved successfully.
C:\Windows\system32\Drivers\Bfmon.sys => Moved successfully.
C:\Windows\system32\Drivers\Bprotect.sys => Moved successfully.
C:\Program Files\Loaris => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{31274EFA-820C-4B30-8CB9-2222F60DDAD4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31274EFA-820C-4B30-8CB9-2222F60DDAD4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-7.5-codedownloader => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{346B909C-A7EA-4D33-8CA7-1526A607E6C2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{346B909C-A7EA-4D33-8CA7-1526A607E6C2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5C9065BC-7847-4C52-9A5A-5986E2353449} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C9065BC-7847-4C52-9A5A-5986E2353449} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoforFilesUpdate => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD6256B3-D90A-4110-841D-F33DA47A708D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD6256B3-D90A-4110-841D-F33DA47A708D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C7F93DEC-1AFA-429C-9153-86974E284C73} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7F93DEC-1AFA-429C-9153-86974E284C73} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-7.5-enabler => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C977C4AC-5518-4873-B8FD-2C31B60FDED8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C977C4AC-5518-4873-B8FD-2C31B60FDED8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-7.5-firefoxinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E45BB0FB-9528-45B0-B0FE-A2B6579B5DC7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E45BB0FB-9528-45B0-B0FE-A2B6579B5DC7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-7.5-updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F45F5F47-6B1C-413D-9154-7F5586F3CA46} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F45F5F47-6B1C-413D-9154-7F5586F3CA46} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp => Key deleted successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
"C:\Users\Todos os Usuários\Temp" => ":373E1720" ADS not found.
==== End of Fixlog ====
___________________________________________________________
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by 7Heaven at 2014-03-23 12:34:38 Run:1
Running from C:\Users\7Heaven\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] - [X]
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {88EEA455-6930-4A70-AE73-27A57A329272} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKLM-x32 - {88EEA455-6930-4A70-AE73-27A57A329272} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - Web URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {88EEA455-6930-4A70-AE73-27A57A329272} URL =
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: SearchNewTab - {4FB224F4-DE24-0D9D-9F6C-21DC1655E34E} - C:\ProgramData\SearchNewTab\518a63f0efe6f.dll No File
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
S3 BdApiUtil; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [X]
S3 BdCameraProtect; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
2014-02-24 18:50 - 2014-01-21 11:14 - 00052032 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfilter.sys
2014-02-24 18:50 - 2014-01-21 11:14 - 00034624 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfmon.sys
2014-02-24 18:50 - 2014-01-21 07:01 - 00128992 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bprotect.sys
2014-03-22 22:51 - 2014-03-22 22:51 - 00000000 ____D () C:\Program Files\Loaris
Bing Bar (HKLM-x32\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
Loaris Trojan Remover (HKLM\...\{29988DC6-9C4A-49B2-AC86-5C380B29ADB9}_is1) (Version: - Loaris, Inc.)
Task: {31274EFA-820C-4B30-8CB9-2222F60DDAD4} - \Plus-HD-7.5-codedownloader No Task File
Task: {346B909C-A7EA-4D33-8CA7-1526A607E6C2} - \DealPly No Task File
Task: {5C9065BC-7847-4C52-9A5A-5986E2353449} - \GoforFilesUpdate No Task File
Task: {AD6256B3-D90A-4110-841D-F33DA47A708D} - \Funmoods No Task File
Task: {C7F93DEC-1AFA-429C-9153-86974E284C73} - \Plus-HD-7.5-enabler No Task File
Task: {C977C4AC-5518-4873-B8FD-2C31B60FDED8} - \Plus-HD-7.5-firefoxinstaller No Task File
Task: {E45BB0FB-9528-45B0-B0FE-A2B6579B5DC7} - \Plus-HD-7.5-updater No Task File
Task: {F45F5F47-6B1C-413D-9154-7F5586F3CA46} - \AmiUpdXp No Task File
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:373E1720
end
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{88EEA455-6930-4A70-AE73-27A57A329272} => Key deleted successfully.
HKCR\CLSID\{88EEA455-6930-4A70-AE73-27A57A329272} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{88EEA455-6930-4A70-AE73-27A57A329272} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{88EEA455-6930-4A70-AE73-27A57A329272} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Web => Key deleted successfully.
HKCR\CLSID\Web => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{88EEA455-6930-4A70-AE73-27A57A329272} => Key deleted successfully.
HKCR\CLSID\{88EEA455-6930-4A70-AE73-27A57A329272} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key deleted successfully.
HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4FB224F4-DE24-0D9D-9F6C-21DC1655E34E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{4FB224F4-DE24-0D9D-9F6C-21DC1655E34E} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} => Key deleted successfully.
BdApiUtil => Service deleted successfully.
BdCameraProtect => Service deleted successfully.
BprotectEx => Service deleted successfully.
PCFApiUtil => Service deleted successfully.
C:\Windows\system32\Drivers\Bfilter.sys => Moved successfully.
C:\Windows\system32\Drivers\Bfmon.sys => Moved successfully.
C:\Windows\system32\Drivers\Bprotect.sys => Moved successfully.
C:\Program Files\Loaris => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{31274EFA-820C-4B30-8CB9-2222F60DDAD4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31274EFA-820C-4B30-8CB9-2222F60DDAD4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-7.5-codedownloader => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{346B909C-A7EA-4D33-8CA7-1526A607E6C2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{346B909C-A7EA-4D33-8CA7-1526A607E6C2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5C9065BC-7847-4C52-9A5A-5986E2353449} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C9065BC-7847-4C52-9A5A-5986E2353449} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoforFilesUpdate => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD6256B3-D90A-4110-841D-F33DA47A708D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD6256B3-D90A-4110-841D-F33DA47A708D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C7F93DEC-1AFA-429C-9153-86974E284C73} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7F93DEC-1AFA-429C-9153-86974E284C73} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-7.5-enabler => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C977C4AC-5518-4873-B8FD-2C31B60FDED8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C977C4AC-5518-4873-B8FD-2C31B60FDED8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-7.5-firefoxinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E45BB0FB-9528-45B0-B0FE-A2B6579B5DC7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E45BB0FB-9528-45B0-B0FE-A2B6579B5DC7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-7.5-updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F45F5F47-6B1C-413D-9154-7F5586F3CA46} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F45F5F47-6B1C-413D-9154-7F5586F3CA46} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp => Key deleted successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
"C:\Users\Todos os Usuários\Temp" => ":373E1720" ADS not found.
==== End of Fixlog ====
ViniciusDorneles- Membro
- Mensagens : 121
Reputação : 0
Data de inscrição : 22/03/2014
Idade : 30
Localização : MA
Página 1 de 2 • 1, 2
Tópicos semelhantes» Remoção de Ads by View Password
» Remoção do View Password
» Como remover o View Password
» Remover ads by View-Password windows 8
» Quero tirar o ads by View-Password do meu notebook
» Remoção do View Password
» Como remover o View Password
» Remover ads by View-Password windows 8
» Quero tirar o ads by View-Password do meu notebook
Página 1 de 2
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|