Re: Máquina com erros devido virus

por **Power Max** Qua 30 Abr 2014, 16:53

Como está o PC e pendrive depois destes procedimentos?

por **luizvilarinho** Qua 30 Abr 2014, 16:56

de inicio melhorou muito , perfeito mas o avast não me aparece então vou ver se removo e reinstalo vou desabilitar programas iniciados com o windows e realizar limpezas com purera.

por **Power Max** Qua 30 Abr 2014, 16:58

luizvilarinho escreveu:de inicio melhorou muito , perfeito mas o avast não me aparece então vou ver se removo e reinstalo vou desabilitar programas iniciados com o windows e realizar limpezas com purera.

Sim, faça isto e depois nos diga se os problemas foram resolvidos.

por **luizvilarinho** Qua 30 Abr 2014, 19:30

Desabilitei os programas iniciados com o Windows, rodei o Ccleaner, ATFCleaner, Advanced System Care, o PureRa já está com uns minutos rodando mas ainda não conclui o está escaneando files, tem um programa que ta instalado na maquina mas não aparece no adicionar e remover programas como removo até tenho uma lembrança que é pelo hijack.

por **Power Max** Qua 30 Abr 2014, 19:32

tem um programa que ta instalado na maquina mas não aparece no adicionar e remover programas como removo até tenho uma lembrança que é pelo hijack

Qual é o programa que você quer excluir?

por **luizvilarinho** Qua 30 Abr 2014, 19:34

Um tal de RocketPDF.

por **Power Max** Qua 30 Abr 2014, 19:41

Você pode desinstalar ele com o Revo Uninstaller.

por **luizvilarinho** Qua 30 Abr 2014, 19:43

Tenho instalado o Iobit Unistaler mas não aparece nele também, o PureRa ainda hoje roda sem termino vou rodar no modo de segurança para ver se conclui.

por **Power Max** Qua 30 Abr 2014, 19:44

Sim, inicie no modo seguro com rede que é mais fácil de fazer as limpezas.
____________________________________________________________

E depois poste novos logs do Farbar e do ZHP para a gente localizar e remover os itens pertencentes a este RocketPDF.

por **Power Max** Qua 30 Abr 2014, 19:45

Ou melhor: poste os logs antes de estar no modo seguro para que não fique oculto algum resultado.

por **luizvilarinho** Qua 30 Abr 2014, 19:51

Quais logs?

por **Power Max** Qua 30 Abr 2014, 19:51

luizvilarinho escreveu:Quais logs?

do Farbar e ZHP.

por **luizvilarinho** Qua 30 Abr 2014, 19:53

Mas é para usar novamente eles o são os logs anteriores?

por **Power Max** Qua 30 Abr 2014, 19:53

luizvilarinho escreveu:Mas é para usar novamente eles o são os logs anteriores?

Usar novamente.

por **luizvilarinho** Qua 30 Abr 2014, 20:02

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-04-2014 03
Ran by Daniel (administrator) on DANIEL-PC on 30-04-2014 20:01:35
Running from C:\Users\Daniel\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Portuguese Brazilian
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link for 64-Bit Version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
(Orolix Desenvolvimento de Software LTDA.) C:\Program Files\TIM Communicator\module\devicemon.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-30] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-06-08] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\zp3i0ezp.default
FF user.js: detected! => C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\zp3i0ezp.default\user.js
FF Homepage: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Daniel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Daniel\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Daniel\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-br.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\zp3i0ezp.default\Extensions\ascsurfingprotection@iobit.com [2014-04-30]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-11-03]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-30]

Chrome:
=======
CHR RestoreOnStartup: "translate_accepted_count"
CHR StartupUrls: "startup_urls_migration_time": "13043342668475398"
CHR DefaultSearchKeyword: google.com.br
CHR Extension: (Google Docs) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-30]
CHR Extension: (Google Drive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-30]
CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-03]
CHR Extension: (Pesquisa do Google) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-03]
CHR Extension: (Skype Click to Call) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-10-02]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-04-30]
CHR Extension: (Google Wallet) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-30]
CHR Extension: (Gmail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-30]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-30]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-10-02]
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2014-04-30]

========================== Services (Whitelisted) =================

R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [881440 2013-12-09] (IObit)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-30] (AVAST Software)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
R2 OrolixDeviceMonitor; C:\Program Files\TIM Communicator\module\devicemon.exe [32672 2011-10-05] (Orolix Desenvolvimento de Software LTDA.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-30] ()
R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [21576 2013-03-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-04-30] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [776976 2014-04-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411552 2014-04-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [67776 2014-04-30] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-30] ()
S3 Olicard160net; C:\Windows\System32\DRIVERS\Olicard160Usbnet.sys [118272 2009-12-10] (TCT International Mobile Ltd)
S3 Olicard160ser; C:\Windows\System32\DRIVERS\Olicard160ser.sys [105344 2010-04-07] (Olivetti)
S3 OLICARD160USB; C:\Windows\System32\Drivers\Olicard160Usb.sys [19968 2010-06-10] (Windows (R) Codename Longhorn DDK provider)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347136 2009-07-13] (Realtek Semiconductor Corporation )
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-30 19:51 - 2014-04-30 19:54 - 03837360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-30 19:18 - 2014-04-30 19:52 - 00000112 _____ () C:\Windows\setupact.log
2014-04-30 19:18 - 2014-04-30 19:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-30 18:59 - 2014-04-30 19:44 - 00002746 _____ () C:\PureRa.txt
2014-04-30 18:55 - 2014-04-30 18:55 - 55193600 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-04-30 18:55 - 2014-04-30 18:55 - 29204480 _____ () C:\Windows\system32\config\COMPONENTS.iodefrag.bak
2014-04-30 18:55 - 2014-04-30 18:55 - 00233472 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-04-30 18:55 - 2014-04-30 18:55 - 00065536 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-04-30 18:55 - 2014-04-30 18:55 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-04-30 18:55 - 2014-04-30 18:55 - 00000000 _____ () C:\asc_rdflag
2014-04-30 18:53 - 2013-06-27 18:05 - 00024384 _____ (IObit) C:\Windows\system32\RegistryDefragBootTime.exe
2014-04-30 18:49 - 2014-04-30 18:49 - 55193600 _____ () C:\Windows\system32\config\SOFTWARE.iobit
2014-04-30 18:49 - 2014-04-30 18:49 - 29175808 _____ () C:\Windows\system32\config\COMPONENTS.iobit
2014-04-30 18:49 - 2014-04-30 18:49 - 00233472 _____ () C:\Windows\system32\config\DEFAULT.iobit
2014-04-30 18:49 - 2014-04-30 18:49 - 00065536 _____ () C:\Windows\system32\config\SAM.iobit
2014-04-30 18:49 - 2014-04-30 18:49 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit
2014-04-30 18:39 - 2014-04-30 18:53 - 00002118 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-04-30 18:39 - 2014-04-30 18:42 - 00000000 ____D () C:\Users\Todos os Usuários\ProductData
2014-04-30 18:39 - 2014-04-30 18:42 - 00000000 ____D () C:\ProgramData\ProductData
2014-04-30 18:39 - 2014-04-30 18:39 - 00001162 _____ () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-04-30 18:39 - 2014-04-30 18:39 - 00001138 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-04-30 18:39 - 2014-04-30 18:39 - 00000000 ____D () C:\Users\Todos os Usuários\IObit
2014-04-30 18:39 - 2014-04-30 18:39 - 00000000 ____D () C:\Users\Todos os Usuários\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-04-30 18:39 - 2014-04-30 18:39 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\IObit
2014-04-30 18:39 - 2014-04-30 18:39 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Apple Computer
2014-04-30 18:39 - 2014-04-30 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-04-30 18:39 - 2014-04-30 18:39 - 00000000 ____D () C:\ProgramData\IObit
2014-04-30 18:39 - 2014-04-30 18:39 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-04-30 18:39 - 2014-04-30 18:39 - 00000000 ____D () C:\Program Files\IObit
2014-04-30 18:30 - 2014-04-30 19:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-04-30 18:30 - 2014-04-30 18:30 - 00001956 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-04-30 18:30 - 2014-04-30 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-04-30 18:30 - 2013-12-20 15:00 - 00112640 _____ () C:\Windows\system32\ff_vfw.dll
2014-04-30 18:30 - 2013-03-17 14:21 - 03649536 _____ (x264vfw project) C:\Windows\system32\x264vfw.dll
2014-04-30 18:30 - 2012-07-21 08:54 - 00122880 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2014-04-30 18:30 - 2011-12-07 15:32 - 00216064 _____ ( ) C:\Windows\system32\lagarith.dll
2014-04-30 18:30 - 2011-06-24 12:44 - 00243200 _____ () C:\Windows\system32\xvidvfw.dll
2014-04-30 18:30 - 2011-06-24 12:28 - 00650752 _____ () C:\Windows\system32\xvidcore.dll
2014-04-30 18:29 - 2014-04-30 18:30 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2014-04-30 18:25 - 2014-04-30 18:25 - 00000000 _____ () C:\Users\Daniel\Desktop\Novo Documento de Texto.txt
2014-04-30 18:24 - 2014-04-30 18:24 - 00001084 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-30 18:24 - 2014-04-30 18:24 - 00000000 ____D () C:\Users\Todos os Usuários\Mozilla
2014-04-30 18:24 - 2014-04-30 18:24 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Mozilla
2014-04-30 18:24 - 2014-04-30 18:24 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-30 18:24 - 2014-04-30 18:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-30 18:07 - 2014-04-30 18:07 - 00001111 _____ () C:\Users\Public\Desktop\aTube Catcher.lnk
2014-04-30 18:07 - 2014-04-30 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2014-04-30 17:53 - 2014-04-30 17:53 - 00067776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-30 17:53 - 2014-04-30 17:53 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-30 17:53 - 2014-04-30 17:53 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-30 17:30 - 2014-04-30 17:30 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\AVAST Software
2014-04-30 17:29 - 2014-04-30 17:54 - 00002014 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-30 17:29 - 2014-04-30 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-04-30 17:28 - 2014-04-30 17:53 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-30 17:28 - 2014-04-30 17:53 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-04-30 17:28 - 2014-04-30 17:53 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-30 17:28 - 2014-04-30 17:53 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-30 17:28 - 2014-04-30 17:53 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-30 17:28 - 2014-04-30 17:53 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-30 17:28 - 2014-04-30 17:28 - 00403440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1398889774
2014-04-30 17:26 - 2014-04-30 17:26 - 00000932 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-30 17:26 - 2014-04-30 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-04-30 17:26 - 2014-04-30 17:26 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-30 17:25 - 2013-11-05 10:46 - 00050688 _____ (Atribune.org) C:\Users\Daniel\Desktop\ATF-Cleaner.exe
2014-04-30 17:25 - 2011-07-31 16:14 - 00076565 _____ (RaProducts.org) C:\Users\Daniel\Desktop\PureRa.exe
2014-04-30 16:47 - 2014-04-30 16:48 - 00000000 ____D () C:\Users\Todos os Usuários\MCShield
2014-04-30 16:47 - 2014-04-30 16:48 - 00000000 ____D () C:\ProgramData\MCShield
2014-04-30 16:47 - 2014-04-30 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2014-04-30 16:47 - 2014-04-30 16:47 - 00000000 ____D () C:\Program Files\MCShield
2014-04-30 16:36 - 2014-04-30 16:36 - 00011470 _____ () C:\Users\Daniel\Desktop\UsbFix_Report.txt
2014-04-30 16:35 - 2014-04-30 16:36 - 00011470 _____ () C:\UsbFix [Clean 2] DANIEL-PC.txt
2014-04-30 16:33 - 2014-04-30 16:53 - 00000000 ____D () C:\UsbFix
2014-04-30 16:33 - 2014-04-30 16:35 - 00001455 _____ () C:\Users\Daniel\Desktop\UsbFix.lnk
2014-04-30 15:41 - 2014-04-30 20:01 - 00012736 _____ () C:\Users\Daniel\Desktop\FRST.txt
2014-04-30 15:41 - 2014-04-30 20:01 - 00000000 ____D () C:\FRST
2014-04-30 15:41 - 2014-04-30 15:41 - 00026340 _____ () C:\Users\Daniel\Desktop\Addition.txt
2014-04-30 15:38 - 2014-04-30 15:40 - 01050624 _____ (Farbar) C:\Users\Daniel\Desktop\FRST.exe
2014-04-30 15:05 - 2014-04-30 15:05 - 00028357 _____ () C:\Users\Daniel\Desktop\ZHPDiag.txt
2014-04-30 14:50 - 2014-04-30 14:50 - 00003021 _____ () C:\Users\Daniel\Desktop\ZHPFixReport.txt
2014-04-30 14:16 - 2014-04-30 15:04 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\ZHP
2014-04-30 14:16 - 2014-04-30 15:03 - 00000000 ____D () C:\Program Files\ZHPDiag
2014-04-30 14:16 - 2014-04-30 14:16 - 00001940 _____ () C:\Users\Daniel\Desktop\ZHPFix.lnk
2014-04-30 14:16 - 2014-04-30 14:16 - 00001813 _____ () C:\Users\Daniel\Desktop\ZHPDiag.lnk
2014-04-30 14:16 - 2014-04-30 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-04-30 14:12 - 2014-04-30 14:15 - 06780391 _____ (Nicolas Coolman ) C:\Users\Daniel\Desktop\ZHPDiag2.exe
2014-04-30 13:51 - 2014-04-30 13:51 - 00001608 _____ () C:\Users\Daniel\Desktop\JRT.txt
2014-04-30 13:48 - 2014-04-30 13:48 - 00000000 ____D () C:\Windows\ERUNT
2014-04-30 13:46 - 2014-04-30 13:47 - 01016261 _____ (Thisisu) C:\Users\Daniel\Desktop\JRT.exe
2014-04-30 13:46 - 2014-04-30 13:46 - 00001794 _____ () C:\Users\Daniel\Desktop\sc-cleaner.txt
2014-04-30 13:45 - 2014-04-30 13:45 - 00001794 ____N () C:\sc-cleaner.txt
2014-04-30 13:44 - 2014-04-30 13:45 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Daniel\Desktop\sc-cleaner.exe
2014-04-30 12:17 - 2014-04-30 12:17 - 00006358 _____ () C:\Users\Daniel\Desktop\install.txt
2014-04-30 11:41 - 2014-02-13 23:59 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-30 11:24 - 2014-04-30 10:57 - 00001223 ____N () C:\zoek-results2014-04-30-135738.log
2014-04-30 10:57 - 2014-04-30 11:43 - 00019356 ____N () C:\zoek-results.log
2014-04-30 10:53 - 2014-04-30 11:39 - 00000000 ____D () C:\zoek_backup
2014-04-30 10:53 - 2014-03-08 11:05 - 01414742 _____ () C:\Users\Daniel\Desktop\zoek.scr
2014-04-30 10:53 - 2014-03-08 11:05 - 01414742 _____ () C:\Users\Daniel\Desktop\zoek.pif
2014-04-30 10:53 - 2014-03-08 11:05 - 01414742 _____ () C:\Users\Daniel\Desktop\zoek.com
2014-04-30 10:48 - 2014-04-30 10:53 - 04235514 _____ () C:\Users\Daniel\Desktop\zoek.rar
2014-04-29 22:55 - 2014-04-30 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-29 22:55 - 2014-04-29 23:03 - 00001067 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-29 22:55 - 2014-04-29 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-29 22:55 - 2014-04-29 23:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-29 22:55 - 2014-04-29 22:55 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2014-04-29 22:55 - 2014-04-29 22:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-29 22:55 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-29 22:55 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-29 22:55 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-29 22:37 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-04-29 22:36 - 2014-04-29 22:38 - 00000000 ____D () C:\AdwCleaner
2014-04-29 22:06 - 2014-04-29 22:06 - 00013029 _____ () C:\Users\Daniel\Desktop\hijackthis.log
2014-04-14 10:06 - 2014-04-14 10:07 - 00000000 ____D () C:\Users\Daniel\Desktop\VIDEO_TS

==================== One Month Modified Files and Folders =======

2014-04-30 20:01 - 2014-04-30 15:41 - 00012736 _____ () C:\Users\Daniel\Desktop\FRST.txt
2014-04-30 20:01 - 2014-04-30 15:41 - 00000000 ____D () C:\FRST
2014-04-30 20:00 - 2009-07-14 01:34 - 00023312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-30 20:00 - 2009-07-14 01:34 - 00023312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-30 19:57 - 2012-11-03 13:15 - 01524858 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-30 19:57 - 2009-07-14 05:31 - 00666708 _____ () C:\Windows\system32\prfh0416.dat
2014-04-30 19:57 - 2009-07-14 05:31 - 00128938 _____ () C:\Windows\system32\prfc0416.dat
2014-04-30 19:54 - 2014-04-30 19:51 - 03837360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-30 19:52 - 2014-04-30 19:18 - 00000112 _____ () C:\Windows\setupact.log
2014-04-30 19:52 - 2013-02-19 22:01 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-30 19:52 - 2009-07-14 01:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-30 19:44 - 2014-04-30 18:59 - 00002746 _____ () C:\PureRa.txt
2014-04-30 19:41 - 2012-11-03 12:58 - 01349396 _____ () C:\Windows\WindowsUpdate.log
2014-04-30 19:31 - 2014-04-30 18:30 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-04-30 19:18 - 2014-04-30 19:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-30 19:14 - 2013-02-19 22:01 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-30 19:03 - 2012-11-03 15:51 - 00001082 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-840133867-106172080-2313266223-1000UA.job
2014-04-30 19:02 - 2014-02-11 17:11 - 00000000 ____D () C:\Users\Daniel\Documents\Paleolitico
2014-04-30 19:02 - 2014-02-11 17:10 - 00000000 ____D () C:\Users\Daniel\Documents\Neolitico
2014-04-30 19:02 - 2014-02-11 17:10 - 00000000 ____D () C:\Users\Daniel\Documents\idade dos Metais
2014-04-30 19:02 - 2013-11-22 13:06 - 00000000 ____D () C:\Users\Daniel\Documents\Kalline aulas 2013
2014-04-30 19:02 - 2013-10-03 00:05 - 00000000 ____D () C:\Users\Daniel\Documents\SIMONE E SIMARIA OUTUBRO 2013
2014-04-30 19:02 - 2013-03-07 22:38 - 00000000 ____D () C:\Users\Daniel\Documents\TRio Da HuaNNa BLoCo da ReSSaCa - Joaquim Nabuco-PE -
2014-04-30 19:02 - 2013-02-17 19:07 - 00000000 ____D () C:\Users\Daniel\Documents\MALLA 100 ALÇA EM PIRIPIRI
2014-04-30 19:02 - 2013-01-31 19:58 - 00000000 ____D () C:\Users\Daniel\Documents\Leo Magalhaes
2014-04-30 19:02 - 2012-12-25 14:03 - 00000000 ____D () C:\Users\Daniel\Documents\brega do avioes
2014-04-30 18:55 - 2014-04-30 18:55 - 55193600 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-04-30 18:55 - 2014-04-30 18:55 - 29204480 _____ () C:\Windows\system32\config\COMPONENTS.iodefrag.bak
2014-04-30 18:55 - 2014-04-30 18:55 - 00233472 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-04-30 18:55 - 2014-04-30 18:55 - 00065536 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-04-30 18:55 - 2014-04-30 18:55 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-04-30 18:55 - 2014-04-30 18:55 - 00000000 _____ () C:\asc_rdflag
2014-04-30 18:55 - 2012-11-03 13:12 - 00000000 ____D () C:\Users\Daniel
2014-04-30 18:53 - 2014-04-30 18:39 - 00002118 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-04-30 18:53 - 2014-01-30 15:50 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RocketPDF
2014-04-30 18:53 - 2013-03-13 22:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-04-30 18:53 - 2012-11-04 12:00 - 00000000 ____D () C:\Users\Daniel\Tracing
2014-04-30 18:53 - 2012-11-03 13:54 - 00000000 ____D () C:\Windows\Panther
2014-04-30 18:53 - 2012-11-03 10:30 - 00000000 ___RD () C:\Users\Daniel\Documents\progamas
2014-04-30 18:52 - 2013-01-17 12:20 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-30 18:49 - 2014-04-30 18:49 - 55193600 _____ () C:\Windows\system32\config\SOFTWARE.iobit
2014-04-30 18:49 - 2014-04-30 18:49 - 29175808 _____ () C:\Windows\system32\config\COMPONENTS.iobit
2014-04-30 18:49 - 2014-04-30 18:49 - 00233472 _____ () C:\Windows\system32\config\DEFAULT.iobit
2014-04-30 18:49 - 2014-04-30 18:49 - 00065536 _____ () C:\Windows\system32\config\SAM.iobit
2014-04-30 18:49 - 2014-04-30 18:49 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit
2014-04-30 18:42 - 2014-04-30 18:39 - 00000000 ____D () C:\Users\Todos os Usuários\ProductData
2014-04-30 18:42 - 2014-04-30 18:39 - 00000000 ____D () C:\ProgramData\ProductData
2014-04-30 18:39 - 2014-04-30 18:39 - 00001162 _____ () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-04-30 18:39 - 2014-04-30 18:39 - 00001138 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-04-30 18:39 - 2014-04-30 18:39 - 00000000 ____D () C:\Users\Todos os Usuários\IObit
2014-04-30 18:39 - 2014-04-30 18:39 - 00000000 ____D () C:\Users\Todos os Usuários\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-04-30 18:39 - 2014-04-30 18:39 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\IObit
2014-04-30 18:39 - 2014-04-30 18:39 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Apple Computer
2014-04-30 18:39 - 2014-04-30 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-04-30 18:39 - 2014-04-30 18:39 - 00000000 ____D () C:\ProgramData\IObit
2014-04-30 18:39 - 2014-04-30 18:39 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-04-30 18:39 - 2014-04-30 18:39 - 00000000 ____D () C:\Program Files\IObit
2014-04-30 18:31 - 2013-11-21 09:23 - 00000000 ____D () C:\Users\Todos os Usuários\Adobe
2014-04-30 18:31 - 2013-11-21 09:23 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-30 18:31 - 2013-01-17 18:33 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Adobe
2014-04-30 18:30 - 2014-04-30 18:30 - 00001956 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-04-30 18:30 - 2014-04-30 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-04-30 18:30 - 2014-04-30 18:29 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2014-04-30 18:30 - 2013-11-21 09:29 - 00000000 ____D () C:\Program Files\Adobe
2014-04-30 18:30 - 2013-11-21 09:22 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-30 18:25 - 2014-04-30 18:25 - 00000000 _____ () C:\Users\Daniel\Desktop\Novo Documento de Texto.txt
2014-04-30 18:24 - 2014-04-30 18:24 - 00001084 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-30 18:24 - 2014-04-30 18:24 - 00000000 ____D () C:\Users\Todos os Usuários\Mozilla
2014-04-30 18:24 - 2014-04-30 18:24 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Mozilla
2014-04-30 18:24 - 2014-04-30 18:24 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-30 18:24 - 2014-04-30 18:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-30 18:24 - 2013-01-19 20:35 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Mozilla
2014-04-30 18:24 - 2013-01-19 20:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-30 18:10 - 2014-01-30 15:49 - 00000000 ____D () C:\Program Files\RocketPDF
2014-04-30 18:07 - 2014-04-30 18:07 - 00001111 _____ () C:\Users\Public\Desktop\aTube Catcher.lnk
2014-04-30 18:07 - 2014-04-30 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2014-04-30 18:07 - 2013-02-12 11:42 - 00002039 _____ () C:\Users\Public\Desktop\Video Search.lnk
2014-04-30 18:06 - 2013-02-12 11:41 - 00000000 ____D () C:\Program Files\DsNET Corp
2014-04-30 17:54 - 2014-04-30 17:29 - 00002014 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-30 17:53 - 2014-04-30 17:53 - 00067776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-30 17:53 - 2014-04-30 17:53 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-30 17:53 - 2014-04-30 17:53 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-30 17:53 - 2014-04-30 17:28 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-30 17:53 - 2014-04-30 17:28 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-04-30 17:53 - 2014-04-30 17:28 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-30 17:53 - 2014-04-30 17:28 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-30 17:53 - 2014-04-30 17:28 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-30 17:53 - 2014-04-30 17:28 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-30 17:53 - 2012-11-04 16:38 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-30 17:42 - 2013-02-12 11:46 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\WinZip
2014-04-30 17:30 - 2014-04-30 17:30 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\AVAST Software
2014-04-30 17:29 - 2014-04-30 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-04-30 17:28 - 2014-04-30 17:28 - 00403440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1398889774
2014-04-30 17:27 - 2012-11-04 16:38 - 00000000 ____D () C:\Users\Todos os Usuários\AVAST Software
2014-04-30 17:27 - 2012-11-04 16:38 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-30 17:26 - 2014-04-30 17:26 - 00000932 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-30 17:26 - 2014-04-30 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-04-30 17:26 - 2014-04-30 17:26 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-30 17:22 - 2013-02-12 19:17 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-840133867-106172080-2313266223-1000UA.job
2014-04-30 16:53 - 2014-04-30 16:33 - 00000000 ____D () C:\UsbFix
2014-04-30 16:48 - 2014-04-30 16:47 - 00000000 ____D () C:\Users\Todos os Usuários\MCShield
2014-04-30 16:48 - 2014-04-30 16:47 - 00000000 ____D () C:\ProgramData\MCShield
2014-04-30 16:47 - 2014-04-30 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2014-04-30 16:47 - 2014-04-30 16:47 - 00000000 ____D () C:\Program Files\MCShield
2014-04-30 16:36 - 2014-04-30 16:36 - 00011470 _____ () C:\Users\Daniel\Desktop\UsbFix_Report.txt
2014-04-30 16:36 - 2014-04-30 16:35 - 00011470 _____ () C:\UsbFix [Clean 2] DANIEL-PC.txt
2014-04-30 16:35 - 2014-04-30 16:33 - 00001455 _____ () C:\Users\Daniel\Desktop\UsbFix.lnk
2014-04-30 15:41 - 2014-04-30 15:41 - 00026340 _____ () C:\Users\Daniel\Desktop\Addition.txt
2014-04-30 15:40 - 2014-04-30 15:38 - 01050624 _____ (Farbar) C:\Users\Daniel\Desktop\FRST.exe
2014-04-30 15:05 - 2014-04-30 15:05 - 00028357 _____ () C:\Users\Daniel\Desktop\ZHPDiag.txt
2014-04-30 15:04 - 2014-04-30 14:16 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\ZHP
2014-04-30 15:03 - 2014-04-30 14:16 - 00000000 ____D () C:\Program Files\ZHPDiag
2014-04-30 14:50 - 2014-04-30 14:50 - 00003021 _____ () C:\Users\Daniel\Desktop\ZHPFixReport.txt
2014-04-30 14:16 - 2014-04-30 14:16 - 00001940 _____ () C:\Users\Daniel\Desktop\ZHPFix.lnk
2014-04-30 14:16 - 2014-04-30 14:16 - 00001813 _____ () C:\Users\Daniel\Desktop\ZHPDiag.lnk
2014-04-30 14:16 - 2014-04-30 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-04-30 14:15 - 2014-04-30 14:12 - 06780391 _____ (Nicolas Coolman ) C:\Users\Daniel\Desktop\ZHPDiag2.exe
2014-04-30 13:51 - 2014-04-30 13:51 - 00001608 _____ () C:\Users\Daniel\Desktop\JRT.txt
2014-04-30 13:48 - 2014-04-30 13:48 - 00000000 ____D () C:\Windows\ERUNT
2014-04-30 13:47 - 2014-04-30 13:46 - 01016261 _____ (Thisisu) C:\Users\Daniel\Desktop\JRT.exe
2014-04-30 13:46 - 2014-04-30 13:46 - 00001794 _____ () C:\Users\Daniel\Desktop\sc-cleaner.txt
2014-04-30 13:45 - 2014-04-30 13:45 - 00001794 ____N () C:\sc-cleaner.txt
2014-04-30 13:45 - 2014-04-30 13:44 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Daniel\Desktop\sc-cleaner.exe
2014-04-30 13:42 - 2012-11-21 09:39 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Skype
2014-04-30 12:17 - 2014-04-30 12:17 - 00006358 _____ () C:\Users\Daniel\Desktop\install.txt
2014-04-30 11:43 - 2014-04-30 10:57 - 00019356 ____N () C:\zoek-results.log
2014-04-30 11:39 - 2014-04-30 10:53 - 00000000 ____D () C:\zoek_backup
2014-04-30 10:57 - 2014-04-30 11:24 - 00001223 ____N () C:\zoek-results2014-04-30-135738.log
2014-04-30 10:53 - 2014-04-30 10:48 - 04235514 _____ () C:\Users\Daniel\Desktop\zoek.rar
2014-04-30 07:25 - 2013-02-24 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-04-30 06:15 - 2014-04-29 22:55 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-29 23:03 - 2014-04-29 22:55 - 00001067 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-29 23:03 - 2014-04-29 22:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-29 23:03 - 2014-04-29 22:55 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-29 22:55 - 2014-04-29 22:55 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2014-04-29 22:55 - 2014-04-29 22:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-29 22:38 - 2014-04-29 22:36 - 00000000 ____D () C:\AdwCleaner
2014-04-29 22:06 - 2014-04-29 22:06 - 00013029 _____ () C:\Users\Daniel\Desktop\hijackthis.log
2014-04-29 22:03 - 2012-11-03 15:51 - 00001030 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-840133867-106172080-2313266223-1000Core.job
2014-04-14 10:14 - 2014-02-12 16:37 - 00005144 _____ () C:\Users\Daniel\Desktop\Kalline - Atalho.lnk
2014-04-14 10:07 - 2014-04-14 10:06 - 00000000 ____D () C:\Users\Daniel\Desktop\VIDEO_TS
2014-04-10 22:32 - 2014-02-06 14:53 - 00000000 ____D () C:\Users\Daniel\Documents\Kalline aulas 2014
2014-04-10 22:29 - 2012-12-25 14:04 - 00000000 ____D () C:\Users\Daniel\Documents\Eduardo Costa
2014-04-03 09:51 - 2014-04-29 22:55 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-29 22:55 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-29 22:55 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 09:35 - 2012-11-03 14:30 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-30 15:23

==================== End Of Log ============================

por **luizvilarinho** Qua 30 Abr 2014, 20:05

~ Relatório do ZHPDiag v2014.4.28.48 - Nicolas Coolman (28/04/2014)
~ Iniciado por Daniel (30/04/2014 20:03:17)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16721
MFIE: Mozilla Firefox 29.0 (Defaut)
GCIE: Google Chrome v34.0.1847.131

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Malwarebytes Anti-Malware versão 2.0.1.1004
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.13

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 11 ActiveX
Adobe Reader XI

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3055 MB (64% free)
System Restore: Désactivé (Disabled)
System drive C: has 304 GB (65%) free of 466 GB

---\\ Modo de conexão ao sistema
~ Computer Name: DANIEL-PC
~ User Name: Daniel
~ All Users Names: Daniel, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Daniel\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Daniel\AppData\Roaming\
~ %Desktop% : C:\Users\Daniel\Desktop\
~ %Favorites% : C:\Users\Daniel\Favorites\
~ %LocalAppData% : C:\Users\Daniel\AppData\Local\
~ %StartMenu% : C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 304 Go of 466 Go)
D: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
~ Security Center: 46 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4FEB264B47360B7296AEA4E052F88D8] - (.Microsoft Corporation - Internet Extensions para Win32.) (.22/09/2013 - 20:28:06.) -- C:\Windows\System32\wininet.dll [1767936]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 09:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/04/2011 - 23:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/176
~ Mes musiques (My Musics) : 1/229
~ Mes Videos (My Videos) : 1/26
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 5/4216
~ Mon Bureau (My Desktop) : 1/587
~ Menu demarrer (Programs) : 1/28
~ Hidden Files: Scanned in 00mn 01s

---\\ Processos lançados
[MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704] [PID.2856]
[MD5.3FDBC28DEF3378089C5EE301637970BA] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.3724]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe [841032] [PID.2216]
[MD5.1780A53FCE5975B94604775CD9460F22] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7865344] [PID.2724]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.0]
~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 01s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\zp3i0ezp.default\prefs.js
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\zp3i0ezp.default\user.js
M2 - MFEP: prefs.js [Daniel - zp3i0ezp.default\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (..)
P2 - FPN: [HKLM] [yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1] - (...) -- C:\Program Files\Yahoo!\Common\npyaxmpb.dll (.not file.)
~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - ((no name)) - (.not file.) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
~ Objets ActiveX: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{851865D1-9202-4C68-816F-C87B29B8FD55}: DhcpNameServer = 192.168.137.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{87CEAEEB-A90C-4934-843A-ADC7B002D59B}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{9667CC6D-F475-4674-ACEA-50765139E584}: DhcpNameServer = 192.168.135.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA454AB3-0392-4A52-932D-98E5C7A3476C}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{851865D1-9202-4C68-816F-C87B29B8FD55}: DhcpDomain = mshome.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{851865D1-9202-4C68-816F-C87B29B8FD55}: DhcpNameServer = 192.168.137.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{87CEAEEB-A90C-4934-843A-ADC7B002D59B}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{9667CC6D-F475-4674-ACEA-50765139E584}: DhcpNameServer = 192.168.135.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CA454AB3-0392-4A52-932D-98E5C7A3476C}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{851865D1-9202-4C68-816F-C87B29B8FD55}: DhcpDomain = mshome.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{851865D1-9202-4C68-816F-C87B29B8FD55}: DhcpNameServer = 192.168.137.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{87CEAEEB-A90C-4934-843A-ADC7B002D59B}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{9667CC6D-F475-4674-ACEA-50765139E584}: DhcpNameServer = 192.168.135.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{CA454AB3-0392-4A52-932D-98E5C7A3476C}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{851865D1-9202-4C68-816F-C87B29B8FD55}: DhcpDomain = mshome.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.0.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Orolix Device Monitor (OrolixDeviceMonitor) . (.Orolix Desenvolvimento de Software LTDA. - USB Device monitor.) - C:\Program Files\TIM Communicator\module\devicemon.exe
~ Services: 8 Legitimates Filtered in 00mn 05s

---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-840133867-106172080-2313266223-1000Core [910]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-840133867-106172080-2313266223-1000UA [932]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-840133867-106172080-2313266223-1000Core [1030]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-840133867-106172080-2313266223-1000UA [1082]
~ Scheduled Task: 25 Legitimates Filtered in 00mn 03s

---\\ Software instalados (042)
O42 - Logiciel: MCShield ::Anti-Malware Tool:: - (.MyCity.) [HKLM] -- MCShield
O42 - Logiciel: TIM Communicator - (...) [HKLM] -- OrolixCommunicator
~ Logic: 7 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\MCShield]
[HKCU\Software\OrolixCommunicator]
[HKCU\Software\Orolix]
[HKLM\Software\Orolix]
~ Key Software: 163 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 30/04/2014 - 16:47:55 - [] ----D C:\Program Files\MCShield
O43 - CFD: 28/04/2013 - 19:15:33 - [] ----D C:\Program Files\TIM Communicator
O43 - CFD: 30/04/2014 - 16:48:24 - [] ----D C:\ProgramData\MCShield
O43 - CFD: 28/04/2013 - 19:15:32 - [] ----D C:\ProgramData\OrolixCommunicator
O43 - CFD: 30/04/2014 - 18:42:30 - [] ----D C:\ProgramData\ProductData
O43 - CFD: 30/04/2014 - 18:39:46 - [0] ----D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
~ Program Folder: 129 Legitimates Filtered in 00mn 00s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 29/04/2014 - 22:37:25 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.296602155630573B095018EEBFBCF22E] - 30/04/2014 - 10:57:38 ----- . (...) -- C:\zoek-results2014-04-30-135738.log [1223]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 30/04/2014 - 11:41:46 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.B15ECF6DDA8EC0F67D7FE47301F924BD] - 30/04/2014 - 11:43:13 ----- . (...) -- C:\zoek-results.log [19356]
O44 - LFC:[MD5.05CB4731C8DB99A319FC450E218A32B3] - 30/04/2014 - 13:45:49 ----- . (...) -- C:\sc-cleaner.txt [1794]
O44 - LFC:[MD5.9E34BCAD732FDB5E83457F0AF953B9C3] - 30/04/2014 - 16:36:38 ---A- . (...) -- C:\UsbFix [Clean 2] DANIEL-PC.txt [11470]
O44 - LFC:[MD5.4D6C6E0505A8E5A0656DCB223497D37C] - 30/04/2014 - 17:53:13 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O44 - LFC:[MD5.A29F5E7630B2238A43B4B0D11DFF755A] - 30/04/2014 - 18:30:02 ---A- . (.No owner - ffdshow VFW.) -- C:\Windows\System32\ff_vfw.dll [112640]
O44 - LFC:[MD5.56552C7C36B6237704CE3BA9DF49FECF] - 30/04/2014 - 18:30:05 ---A- . (...) -- C:\Windows\System32\xvidvfw.dll [243200]
O44 - LFC:[MD5.C26B7B8CA40C627B9DE399F9F8FACC69] - 30/04/2014 - 18:30:06 ---A- . (...) -- C:\Windows\System32\xvidcore.dll [650752]
O44 - LFC:[MD5.FA425C74CE2EB719B2A77A7A2ADDAE32] - 30/04/2014 - 18:30:06 ---A- . (.No owner - Lagarith.) -- C:\Windows\System32\lagarith.dll [216064]
O44 - LFC:[MD5.FBE5C2BDED0E85F6F0E68D1D6F2521DF] - 30/04/2014 - 18:30:06 ---A- . (.x264vfw project - x264vfw - H.264/MPEG-4 AVC codec.) -- C:\Windows\System32\x264vfw.dll [3649536]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 30/04/2014 - 18:55:05 ---A- . (...) -- C:\asc_rdflag [0]
O44 - LFC:[MD5.320071DCC7A0B51144D1F96FD8E7C991] - 30/04/2014 - 19:42:37 ---A- . (...) -- C:\Windows\ntbtlog.txt [64006]
O44 - LFC:[MD5.B00ABC4FB8C9A84243DFF86A4C9AEA61] - 30/04/2014 - 19:44:49 ---A- . (...) -- C:\PureRa.txt [2746]
O44 - LFC:[MD5.3682000F5778223A9AA474BF9FD180A1] - 30/04/2014 - 19:57:05 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [128938]
O44 - LFC:[MD5.F94D5FA2A70B5CF8B749A598516FF39A] - 30/04/2014 - 19:57:05 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [666708]
~ Files: 41 Legitimates Filtered in 00mn 26s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\MCShield Monitor [Key] . (.MyCity - MCShield Real-Time Monitor.) -- C:\Program Files\MCShield\mcshieldrtm.exe
~ SMSR Keys: 9 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:30/04/2014 - 17:53:13 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O58 - SDL:30/04/2014 - 17:53:13 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944]
O58 - SDL:30/04/2014 - 17:53:14 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:10/06/2010 - 02:14:34 ---A- . (.Windows (R) Codename Longhorn DDK provider - Alcatelusb Driver.) -- C:\Windows\System32\Drivers\Olicard160Usb.sys [19968]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 79 Legitimates Filtered in 00mn 01s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: UsbFix - (.El Desaparecido - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 30/04/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 79 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.D9DE89F0FAF18019BC9595F0F47BCA61] [SPRF][05/11/2013] (.Atribune.org - ATF Cleaner.exe.) -- C:\Users\Daniel\Desktop\ATF-Cleaner.exe [50688]
[MD5.64BAEC464B396B66A353D8FC2F42A4E3] [SPRF][31/07/2011] (.RaProducts.org - System Purification Tool.) -- C:\Users\Daniel\Desktop\PureRa.exe [76565]
[MD5.C1974F029A2E6A44E6BB5A75762235B8] [SPRF][30/04/2014] (.Bleeping Computer, LLC - Windows shortcut cleaner..) -- C:\Users\Daniel\Desktop\sc-cleaner.exe [441592]
[MD5.DCF741DF9F654F5A2C1BEC789F53AEB3] [SPRF][08/03/2014] (...) -- C:\Users\Daniel\Desktop\zoek.com [1414742]
~ Files: 8 Legitimates Filtered in 00mn 00s

---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.0E4185F75C1394897DB73CCC3368CA4B] [WIS][11/06/2012] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\2595fe.msi [475136] =>Toolbar.Bing
~ WIS: 1 Legitimates Filtered in 00mn 04s

---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update_JUNE2013_TB_RASAPI32 =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update_JUNE2013_TB_RASMANCS =>Toolbar.AVGSearch
~ BTK: 196 Legitimates Filtered in 00mn 00s

---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper) =>Toolbar.Bing
~ BCK: 6273 Legitimates Filtered in 00mn 09s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 17/01/2013 250808 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 03/11/2012 651720 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 19/02/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 19/02/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 03/12/2013 2151200 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
SS - | Demand 22/04/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 09/12/2013 881440 | (AdvancedSystemCareService7) . (.IObit.) - C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
SR - | Auto 30/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 11/06/2012 193616 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe =>Toolbar.Bing
SR - | Demand 11/06/2012 240208 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe =>Toolbar.Bing
SR - | Auto 05/10/2011 32672 | (OrolixDeviceMonitor) . (.Orolix Desenvolvimento de Software LTDA..) - C:\Program Files\TIM Communicator\module\devicemon.exe
SR - | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s

---\\ Scâner Aditional (088)
Database Version : 13045 - (28/04/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion] =>Toolbar.Yahoo
C:\Windows\Installer\2595fe.msi =>Toolbar.Bing^
[HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper) =>Toolbar.Bing^
~ Additionnel Scan: 313246 Items scanned in 00mn 35s

---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s

~ 704 Legitimates filtered by white list
End of the scan (438 lines in 01mn 47s)(0)

por **Power Max** Qua 30 Abr 2014, 20:10

faltou só o Addition do Farbar.

por **luizvilarinho** Qua 30 Abr 2014, 20:16

Não gerou esse log.

por **Power Max** Qua 30 Abr 2014, 20:18

Use novamente o Farbar seguindo as dicas do tutorial abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

E aí quando ele terminar ele irá gerar dois logs, só que você só precisa postar o Adittion.

por **luizvilarinho** Qua 30 Abr 2014, 20:22

Descobri o pro ta desmarcado o campo do Adittion

por **Power Max** Qua 30 Abr 2014, 20:25

Quando você abre o Farbar, tem uma caixinha escrito assim: Addition.txt e você deve deixar marcada esta caixinha. E depois você clica em Scan. Aí ele vai gerar este log.

por **luizvilarinho** Qua 30 Abr 2014, 20:25

Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-04-2014 03
Ran by Daniel at 2014-04-30 20:24:43
Running from C:\Users\Daniel\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.5.502.135 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM\...\Advanced SystemCare 7_is1) (Version: 7.2.0 - IObit)
aTube Catcher (HKLM\...\aTube Catcher) (Version: 3.8.7955 - DsNET Corp)
AutoCAD 2010 - English (HKLM\...\AutoCAD 2010 - English) (Version: 18.0.55.0 - Autodesk)
AutoCAD 2010 - English (Version: 18.0.55.0 - Autodesk) Hidden
AutoCAD 2010 Language Pack - English (Version: 18.0.55.0 - Autodesk) Hidden
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software)
Barra de Ferramentas do Yahoo! com bloqueador de pop-up (HKLM\...\Yahoo! Companion) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E581F27C-B798-42D8-9BD1-0A469A2C97AE}) (Version: - Microsoft)
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Ferramenta de Carregamento do Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Drive (HKLM\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 3.1.8.2434 - IObit)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 10.2.0 (HKLM\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
Malwarebytes Anti-Malware versão 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MCShield ::Anti-Malware Tool:: (HKLM\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 29.0 (x86 pt-BR) (HKLM\...\Mozilla Firefox 29.0 (x86 pt-BR)) (Version: 29.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
Olicard160 (HKLM\...\{49B40A1F-2AB0-4EE1-A6B0-56E7A85BEBFB}) (Version: 1.000.00001 - Olivetti)
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.)
Skype

6.9 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.9.106 - Skype Technologies S.A.)
SpeedAnalysis.com (HKLM\...\SpeedAnalysis.com) (Version: 1.0.0.1 - SpeedAnalysis.com) <==== ATTENTION
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
TIM Communicator (HKLM\...\OrolixCommunicator) (Version: - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM\...\{90140000-001F-0416-0000-0000000FF1CE}_Office14.PROPLUS_{ACBCC818-8E67-43A8-B877-A821A3C6FAD2}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM\...\{90140000-006E-0416-0000-0000000FF1CE}_Office14.PROPLUS_{BDE8DD25-D017-443C-AD04-B4FC21489EFB}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{D7D96A96-F61F-48AD-B2DC-4F4B6938D2AB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM\...\{90140000-00A1-0416-0000-0000000FF1CE}_Office14.PROPLUS_{435C0D41-8F38-42CE-9DCB-23676CB6A6A1}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM\...\{90140000-001A-0416-0000-0000000FF1CE}_Office14.PROPLUS_{95A00CA3-1B0C-465C-BC8C-94EA5070CE7A}) (Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM\...\{90140000-001A-0416-0000-0000000FF1CE}_Office14.PROPLUS_{B95699E7-EEEB-45EC-865F-37E3E746BFB4}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{190EC86F-5867-4D7A-B9F3-D14D82C26F3D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM\...\{90140000-0018-0416-0000-0000000FF1CE}_Office14.PROPLUS_{9B4198E0-0876-4492-986C-0913A8BF81E9}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2B7EA7DF-B822-4C58-B90A-961B6BAF454B}) (Version: - Microsoft)
UsbFix (HKLM\...\Usbfix) (Version: 7.169 - El Desaparecido - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
VideoPerformer (HKLM\...\VideoPerformer) (Version: - PerformerSoft LLC) <==== ATTENTION
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version: - )
Yahoo! Toolbar (HKLM\...\Yahoo! Toolbar) (Version: - )
ZHPDiag 2014 (HKLM\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)

==================== Restore Points =========================

==================== Hosts content: ==========================

2009-07-13 23:04 - 2014-04-30 11:24 - 00000840 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {26B0292F-2950-4451-A90F-7A8E3560160A} - System32\Tasks\RealCreateProcessScheduledTask8504625S-1-5-21-840133867-106172080-2313266223-1000 => C:\Program Files\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)
Task: {30694E57-7920-4E89-94AF-CB24D3B2A4FA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-840133867-106172080-2313266223-1000UA => C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-12] (Facebook Inc.)
Task: {3B1C7F66-038A-4300-8E5D-6A1BC0C346BF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-840133867-106172080-2313266223-1000UA => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-03] (Google Inc.)
Task: {3F46C323-E38C-4D23-AACE-F5FC5DDABAAB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-840133867-106172080-2313266223-1000Core => C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-12] (Facebook Inc.)
Task: {502425DD-6DFE-4C0E-A532-5B40C0FCC9C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-19] (Google Inc.)
Task: {51F82A8E-D280-4746-963D-4AB6E9C07D88} - System32\Tasks\AdobeAAMUpdater-1.0-Daniel-PC-Daniel => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {868BC796-6089-4FAD-9612-0EFD29165581} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-840133867-106172080-2313266223-1000Core => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-03] (Google Inc.)
Task: {8B91AC76-8C94-4465-8478-C8C306E8613D} - System32\Tasks\ASC7_SkipUac_Daniel => C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe [2014-02-14] (IObit)
Task: {9FEF5B8B-97C0-4553-8DB4-E91714E48BA4} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-840133867-106172080-2313266223-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {AAB8DD89-F94E-44F9-A1F2-C398C9099A8E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-840133867-106172080-2313266223-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {C9EA046C-9FC7-4628-9CC9-C6746B7DAADE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {D343FDA6-52DE-476D-A92B-3F2F091FC426} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-17] (Adobe Systems Incorporated)
Task: {DA9DC0F2-FB5B-4742-ADD6-B9FDCC6E95CA} - System32\Tasks\RealCreateProcessScheduledTask12057546S-1-5-21-840133867-106172080-2313266223-1000 => C:\Program Files\Real\RealPlayer\update\realsched.exe [2012-11-03] (RealNetworks, Inc.)
Task: {F5106589-F980-4220-ADAF-FADC8F5ECBCC} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-02-13] (IObit)
Task: {F5AA31F2-D51F-49D1-9FC9-04CDC9787DCB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-30] (AVAST Software)
Task: {F85DAD4B-F1E8-4324-8CB0-CD561F8EE545} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-19] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-840133867-106172080-2313266223-1000Core.job => C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-840133867-106172080-2313266223-1000UA.job => C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-840133867-106172080-2313266223-1000Core.job => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-840133867-106172080-2313266223-1000UA.job => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-30 17:43 - 2014-04-30 16:31 - 02252800 _____ () C:\Program Files\AVAST Software\Avast\defs\14043002\algo.dll
2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-04-30 17:28 - 2014-04-30 17:28 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-30 18:24 - 2014-04-22 06:25 - 03845232 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-04-29 22:26 - 2014-04-23 21:33 - 00065352 _____ () C:\Users\Daniel\AppData\Local\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-04-29 22:26 - 2014-04-23 21:33 - 04081480 _____ () C:\Users\Daniel\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-29 22:26 - 2014-04-23 21:33 - 00390472 _____ () C:\Users\Daniel\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-29 22:26 - 2014-04-23 21:33 - 01647432 _____ () C:\Users\Daniel\AppData\Local\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
2014-04-30 18:39 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files\IObit\Advanced SystemCare 7\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Facebook Update => "C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: MCShield Monitor => C:\Program Files\MCShield\mcshieldrtm.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/30/2014 06:38:09 PM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: Explorer.EXE, versão: 6.1.7601.17567, carimbo de hora: 0x4d6727a7
Nome do módulo de falhas: DUI70.dll, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bda05
Código de exceção: 0xc0000005
Deslocamento com falha: 0x0003b304
Identificação do processo com falha: 0x9fc
Hora de início do aplicativo com falha: 0xExplorer.EXE0
Caminho do aplicativo com falha: Explorer.EXE1
FCaminho do módulo de falhas: Explorer.EXE2
Identificação do Relatório: Explorer.EXE3

Error: (04/30/2014 06:37:31 PM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: Explorer.EXE, versão: 6.1.7601.17567, carimbo de hora: 0x4d6727a7
Nome do módulo de falhas: DUI70.dll, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bda05
Código de exceção: 0xc0000005
Deslocamento com falha: 0x00039742
Identificação do processo com falha: 0x990
Hora de início do aplicativo com falha: 0xExplorer.EXE0
Caminho do aplicativo com falha: Explorer.EXE1
FCaminho do módulo de falhas: Explorer.EXE2
Identificação do Relatório: Explorer.EXE3

Error: (04/30/2014 06:37:17 PM) (Source: Application Hang) (User: )
Description: O programa DllHost.exe versão 6.1.7600.16385 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID de Processo: 460

Hora de Início: 01cf64bc11f99d47

Hora de Término: 24

Caminho do Aplicativo: C:\Windows\system32\DllHost.exe

Id do Relatório: 93411d45-d0af-11e3-b203-705ab6d95d75

Error: (04/30/2014 03:25:04 PM) (Source: SideBySide) (User: )
Description: Falha na geração de contexto de ativação para "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Assembly dependente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error: (04/30/2014 03:23:48 PM) (Source: SideBySide) (User: )
Description: Falha na geração de contexto de ativação para "assemblyIdentity1". Erro no arquivo de manifesto ou de diretiva assemblyIdentity2", na linha assemblyIdentity3.
O valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" do atributo version no elemento assemblyIdentity é inválido.

Error: (04/30/2014 02:46:01 PM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: explorer.exe, versão: 6.1.7601.17567, carimbo de hora: 0x4d6727a7
Nome do módulo de falhas: SHELL32.dll, versão: 6.1.7601.18222, carimbo de hora: 0x51f1d731
Código de exceção: 0xc0000005
Deslocamento com falha: 0x00108506
Identificação do processo com falha: 0x958
Hora de início do aplicativo com falha: 0xexplorer.exe0
Caminho do aplicativo com falha: explorer.exe1
FCaminho do módulo de falhas: explorer.exe2
Identificação do Relatório: explorer.exe3

Error: (04/30/2014 02:45:52 PM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: explorer.exe, versão: 6.1.7601.17567, carimbo de hora: 0x4d6727a7
Nome do módulo de falhas: SHELL32.dll, versão: 6.1.7601.18222, carimbo de hora: 0x51f1d731
Código de exceção: 0xc0000005
Deslocamento com falha: 0x00108506
Identificação do processo com falha: 0xe54
Hora de início do aplicativo com falha: 0xexplorer.exe0
Caminho do aplicativo com falha: explorer.exe1
FCaminho do módulo de falhas: explorer.exe2
Identificação do Relatório: explorer.exe3

System errors:
=============
Error: (04/30/2014 08:19:10 PM) (Source: Service Control Manager) (User: )
Description: O serviço LiveUpdate foi encerrado inesperadamente. Isso aconteceu 2 vez(es).

Error: (04/30/2014 08:18:47 PM) (Source: Service Control Manager) (User: )
Description: O serviço Advanced SystemCare Service 7 foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (04/30/2014 07:53:36 PM) (Source: Service Control Manager) (User: )
Description: O serviço LiveUpdate foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (04/30/2014 07:52:15 PM) (Source: Service Control Manager) (User: )
Description: O serviço Firewall do Windows terminou com o erro específico de serviço %%13.

Error: (04/30/2014 07:43:20 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (04/30/2014 07:43:20 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (04/30/2014 07:43:17 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (04/30/2014 07:43:12 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/30/2014 07:42:37 PM) (Source: Service Control Manager) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização:
aswRvrt
aswSnx
aswSP
aswVmm
discache
spldr
Wanarpv6

Error: (04/30/2014 07:42:37 PM) (Source: Service Control Manager) (User: )
Description: O serviço Firewall do Windows terminou com o erro específico de serviço %%13.

Microsoft Office Sessions:
=========================
Error: (04/30/2014 06:38:09 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7DUI70.dll6.1.7600.163854a5bda05c00000050003b3049fc01cf64bc683b58dcC:\Windows\Explorer.EXEC:\Windows\system32\DUI70.dllb8626a81-d0af-11e3-b203-705ab6d95d75

Error: (04/30/2014 06:37:31 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7DUI70.dll6.1.7600.163854a5bda05c00000050003974299001cf64b9a2e84e83C:\Windows\Explorer.EXEC:\Windows\system32\DUI70.dlla1ea1eeb-d0af-11e3-b203-705ab6d95d75

Error: (04/30/2014 06:37:17 PM) (Source: Application Hang)(User: )
Description: DllHost.exe6.1.7600.1638546001cf64bc11f99d4724C:\Windows\system32\DllHost.exe93411d45-d0af-11e3-b203-705ab6d95d75

Error: (04/30/2014 03:25:04 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\winzip system utilities suite\WINZIPSSGameOptLauncher64.exe

Error: (04/30/2014 03:23:48 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/30/2014 02:46:01 PM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d6727a7SHELL32.dll6.1.7601.1822251f1d731c00000050010850695801cf649c0c7a9f49C:\Windows\explorer.exeC:\Windows\system32\SHELL32.dll4ab1273c-d08f-11e3-95f4-705ab6d95d75

Error: (04/30/2014 02:45:52 PM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d6727a7SHELL32.dll6.1.7601.1822251f1d731c000000500108506e5401cf6494153e5239C:\Windows\explorer.exeC:\Windows\system32\SHELL32.dll45598652-d08f-11e3-95f4-705ab6d95d75

==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 3055.17 MB
Available physical RAM: 1775.11 MB
Total Pagefile: 6108.63 MB
Available Pagefile: 4838.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1925.03 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:465.56 GB) (Free:303.73 GB) NTFS
Drive e: (LUIZ FCO) (Removable) (Total:3.65 GB) (Free:3.35 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Cool

(Size: 466 GB) (Disk ID: 19CAFE20)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

por **Power Max** Qua 30 Abr 2014, 20:59

virus - Máquina com erros devido virus - Página 2 772309

Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o no desktop (área de trabalho).

Execute o FRST. Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta.

por **luizvilarinho** Qui 01 maio 2014, 09:58

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:30-04-2014 03
Ran by Daniel at 2014-05-01 09:57:51 Run:2
Running from C:\Users\Daniel\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
2014-04-30 18:53 - 2014-01-30 15:50 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RocketPDF
2014-04-30 18:10 - 2014-01-30 15:49 - 00000000 ____D () C:\Program Files\RocketPDF
FF user.js: detected! => C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\zp3i0ezp.default\user.js
SpeedAnalysis.com (HKLM\...\SpeedAnalysis.com) (Version: 1.0.0.1 - SpeedAnalysis.com) <==== ATTENTION
VideoPerformer (HKLM\...\VideoPerformer) (Version: - PerformerSoft LLC) <==== ATTENTION
end
*****************

C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RocketPDF => Moved successfully.
C:\Program Files\RocketPDF => Moved successfully.
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\zp3i0ezp.default\user.js => Moved successfully.

==== End of Fixlog ====

por **Power Max** Qui 01 maio 2014, 10:04

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por Conteúdo patrocinado

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30