Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ ZHPDiag v2015.7.20.20 Por Nicolas Coolman (2015/07/20)
~ iniciado por Odair (Administrator) (2015/07/20 21:40:37)
~ Site: http://www.nicolascoolman.fr
~ Facebook: https://www.facebook.com/nicolascoolman1
~ Status da versão: Version KO
~ Modo: Scanner
~ Relatório: C:\Users\Odair\Desktop\ZHPDiag.txt
~ Relatório: C:\Users\Odair\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ Inicialização do sistema: Normal (Normal boot)
~ Windows 8, 32-bit (Build 9200)
---\\ Navegadores Internet (3) - 0s
GCIE: Google Chrome v43.0.2357.134
MFIE: Mozilla Firefox 36.0.1 (x86 pt-BR) v36.0.1
MSIE: Internet Explorer v10.0.9200.17413
---\\ Informações sobre os produtos Windows (4) - 102s
~ Windows Server License Manager Script : OK
System - VBScript Engine not found
Windows Automatic Updates : OK (Auto)
Windows Activation Technologies : OK
---\\ Softwares d'optimização do sistema (1) - 5s
CCleaner v3.20
---\\ Monitoramento dos softwares (2) - 5s
Adobe Flash Player 18 NPAPI
Adobe Reader XI
---\\ Informações sobre o sistema (6) - 0s
~ Operating System: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 1038.516 MB (16% free)
~ System Restore: Activé (Enable)
~ System drive C: has 14 GB free of 49 GB
---\\ Modo de conexão ao sistema (3) - 0s
~ Computer Name: PC-ODAIR
~ User Name: Odair
~ Logged in as Administrator
---\\ Enumeração das unidades dos discos (3) - 1s
~ Drive C: has 14 GB free of 49 GB (System)
~ Drive D: has 27 GB free of 102 GB
~ Drive F: has GB free of 1 GB
---\\ Estado do Centro de Segurança do Windows (11) - 1s
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
---\\ Pesquisa particular de ficheiros genéricos (22) - 13s
[MD5.EAFE46B0292D2BD2467835E2ACF717CC] - (.Microsoft Corporation - Windows Explorer.) () -- C:\Windows\Explorer.exe [2106176]
[MD5.224F6B374852153C8C24BED141AE3A20] - (.Microsoft Corporation - Processo de host do Windows (Rundll32).) () -- C:\Windows\System32\rundll32.exe [48640]
[MD5.7109FF769FFF962869C50D720F7AA7D7] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) () -- C:\Windows\System32\Wininit.exe [101376]
[MD5.E0103806C6CD91CFA8696A8A9EB4C822] - (.Microsoft Corporation - Internet Extensions para Win32.) () -- C:\Windows\System32\wininet.dll [1763328]
[MD5.89D6AFD5B257049375008BAA512910EE] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) () -- C:\Windows\System32\Winlogon.exe [429056]
[MD5.FAB11E1AC62579A9BE21593319F8E464] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) () -- C:\Windows\System32\sppcomapi.dll [246784]
[MD5.B92C9A8C3CAE22129CC5B4A920B00608] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) () -- C:\Windows\System32\drivers\AFD.sys [439296]
[MD5.48D8C3F2006698691F5AE0BB595FDCC8] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) () -- C:\Windows\System32\drivers\atapi.sys [22768]
[MD5.00B4FA77732C7823D292ECD672660882] - (.Microsoft Corporation - CD-ROM File System Driver.) () -- C:\Windows\System32\drivers\Cdfs.sys [89088]
[MD5.4E707EC5071DD8F5C29A7410780BD4C3] - (.Microsoft Corporation - SCSI CD-ROM Driver.) () -- C:\Windows\System32\drivers\Cdrom.sys [135680]
[MD5.E608E26B536A42B5ACC145D25CB9F2AC] - (.Microsoft Corporation - DFS Namespace Client Driver.) () -- C:\Windows\System32\drivers\DfsC.sys [92160]
[MD5.6BFEBBA25AD34E5922E60349C721B1DD] - (.Microsoft Corporation - High Definition Audio Bus Driver.) () -- C:\Windows\System32\drivers\HDAudBus.sys [62464]
[MD5.11EDC37780E8A2F8E311D73F7658A4D7] - (.Microsoft Corporation - Driver de porta i8042.) () -- C:\Windows\System32\drivers\i8042prt.sys [89600]
[MD5.57B0C0D982013C72911A3F5CBA795034] - (.Microsoft Corporation - IP Network Address Translator.) () -- C:\Windows\System32\drivers\IpNat.sys [126976]
[MD5.60978139E6942772545EAB1BC2DB1393] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) () -- C:\Windows\System32\drivers\MRxSmb.sys [341504]
[MD5.303A053C25E468B9925C22288BEF8484] - (.Microsoft Corporation - MBT Transport driver.) () -- C:\Windows\System32\drivers\netBT.sys [254464]
[MD5.6C816842AC5E2B0E033ED0BD1058E077] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) () -- C:\Windows\System32\drivers\ntfs.sys [1618264]
[MD5.8BCE63AF5B52642E832630F862DE96EF] - (.Microsoft Corporation - Driver de porta paralela.) () -- C:\Windows\System32\drivers\Parport.sys [90624]
[MD5.6E0649D7325D85C47C844EB3267E4625] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) () -- C:\Windows\System32\drivers\Rasl2tp.sys [88064]
[MD5.2CAD2A13569741C67CD9C52F97E0F992] - (.Microsoft Corporation - Microsoft RDP Device redirector.) () -- C:\Windows\System32\drivers\rdpdr.sys [156160]
[MD5.0886D9F1B5A5334FBB143A260E4BFB5C] - (.Microsoft Corporation - TDI Translation Driver.) () -- C:\Windows\System32\drivers\tdx.sys [97792]
[MD5.BF079843E272759BAE587FB980163293] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) () -- C:\Windows\System32\drivers\volsnap.sys [281408]
---\\ Processos lançados (20) - 29s
[MD5.81326EB34AF569365437B52E4328C1C4] - (.IvoSoft - Classic Shell Service.) -- C:\Program Files\Classic Shell\ClassicShellService.exe [63488] [PID.1104]
[MD5.27F0F57135638D87B3632A9B9B4B8485] - (.IvoSoft - Classic Start Menu.) -- C:\Program Files\Classic Shell\ClassicStartMenu.exe [147456] [PID.1420]
[MD5.A24BC735ECC34C0AD26DD0A3454FB18F] - (...) -- C:\ProgramData\AppMgr1.66.6715824\AppMgr.exe [483064] [PID.1800]
[MD5.A18A406635674E006B86110B7E41E45A] - (...) -- C:\Users\Odair\AppData\Roaming\FFFFFFFF-1424791665-FFFF-FFFF-FFFFFFFFFFFF\nsj7FC2.tmpfs [141312] [PID.1828] =>PUP.Optional.CrossRider
[MD5.4FBC2C440FC2DC0EA15BC39F72A59704] - (...) -- C:\Program Files\Helpless Club\Helpless Club.exe [8016173] [PID.1872]
[MD5.A271A66ABF8CAC3606FB114D7E8C517B] - (...) -- C:\Users\Odair\AppData\Roaming\NetService\netservice.exe [173088] [PID.1404]
[MD5.875E4E0661F3A5994DF9E5E3A0A4F96B] - (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) -- C:\Windows\System32\IoctlSvc.exe [81920] [PID.1696]
[MD5.5B0A379F7FBB5D7B0757DE5E5AC4F798] - (...) -- C:\Program Files\Spotless Valuable\Spotless Valuable.exe [8015944] [PID.1164]
[MD5.D62865BA2DC2C4DCE3075A60AE734901] - (...) -- C:\Users\Odair\AppData\Roaming\FFFFFFFF-1424791665-FFFF-FFFF-FFFFFFFFFFFF\jnszB836.tmp [95232] [PID.2380] =>PUP.Optional.CrossRider
[MD5.14D7A3545CC1DE3E3EC6DC900B96ADD2] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\Windows\RTHDCPL.exe [16126464] [PID.2152]
[MD5.FF4C51DEFC5C46C269DF2220EDEECA23] - (...) -- C:\ProgramData\AppMgr1.66.6715824\1\plugin.exe [142072] [PID.424]
[MD5.255E405D801CF01247390F38F92D8042] - (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe [17408] [PID.720]
[MD5.153F088DFDB3F940AD9DAEB04A3ACC4D] - (.SoftBrain Technologies Ltd. - SmartWeb helper.) -- C:\Users\Odair\AppData\Local\SmartWeb\SmartWebHelper.exe [270368] [PID.3956] =>PUP.Optional.SmartWebSearch
[MD5.44069C2AC699C8DAD80A96FB1C8DFE57] - (.SoftBrain Technologies Ltd. - SmartWeb Application.) -- C:\Users\Odair\AppData\Local\SmartWeb\SmartWebApp.exe [557088] [PID.2176] =>PUP.Optional.SmartWebSearch
[MD5.CCAE21B374C52AFCBFF3CB72836BAA7A] - (.Copyright © 2015 - uiviruah.) -- C:\ProgramData\Hoeaslnoju\1.0.4.1\uiviruah.exe [153600] [PID.1888]
[MD5.CCAE21B374C52AFCBFF3CB72836BAA7A] - (.Copyright © 2015 - uiviruah.) -- C:\ProgramData\Hoeaslnoju\1.0.4.1\uiviruah.exe [153600] [PID.2716]
[MD5.F4FFFF8240696FB9ED47459731517B3A] - (.HQ-Video2.5dV19.07 - HQ-VidPro-2.5cV19.07 exe.) -- C:\Program Files\HQ-VidPro-2.5cV19.07\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-6.exe [1553488] [PID.1732] =>PUP.Optional.CrossRider
[MD5.E55D0D5D5A3A585BFF48B990708007A5] - (.©1999-2014 Jonathan Bennett & AutoIt Team - Aut2Exe.) -- C:\Users\Odair\Desktop\adwcleaner_4.200.exe [2208768] [PID.2128]
[MD5.86EDADCF360DBD7BF4309372332F9D71] - (...) -- c:\programdata\{2eba7930-dd82-a6ce-2eba-a7930dd8e4c3}\2258593142552187033c.exe [221184] [PID.5304]
[MD5.6C83EA1093ECB6C0375A9450F65E361C] - (.PC Utilities Software Limited - OptimizerPro Clean up your PC.) -- c:\programdata\{e8b0b77e-0f29-17b4-e8b0-0b77e0f2ddf8}\hqghumeaylnlf.exe [6636232] [PID.5396]
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2 (1) - 1s
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.facebook.com/
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3) (25) - 8s
M0 - MFSP: prefs.js [Odair - 7o9palbe.default] http://www.seekmx.com/?bd=hp&oem=Cube&uid=SAMSUNGXHD161GJ_S1ZWJ50Z128305&version=2.3.0.10324&pid=414031160&tid=653
P2 - EXT FILE: (...) -- C:\Users\Odair\AppData\Roaming\Mozilla\Firefox\Profiles\7o9palbe.default\extensions\{b9ef2fca-9fe6-4589-b97a-90379e9f2f5e}.xpi
P2 - EXT FILE: (...) -- C:\Users\Odair\AppData\Roaming\Mozilla\Firefox\Profiles\7o9palbe.default\searchplugins\Google.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\bing.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\buscape.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\ddg.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\google.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\mercadolivre.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\navegaki.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\twitter.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\wikipedia-br.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo-br.xml
P2 - EXT: (.Mozilla - Default.) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
P2 - EXT: (.HQ-Video2.5dV16.07 - HQ-VidPro-2.5cV16.07.) -- C:\Users\Odair\AppData\Roaming\Mozilla\Firefox\Profiles\7o9palbe.default\extensions\AVJYFVOD75109374@HCDE39471360.com
P2 - EXT: (.roc - Default SearchProtected .) -- C:\Users\Odair\AppData\Roaming\Mozilla\Firefox\Profiles\7o9palbe.default\extensions\defsearchp@gmail.com
P2 - EXT: (.lightningnewtab.com - deskCut.) -- C:\Users\Odair\AppData\Roaming\Mozilla\Firefox\Profiles\7o9palbe.default\extensions\deskCutv2@gmail.com
P2 - EXT: (. - searchyoutubesearchyoutubefr.) -- C:\Users\Odair\AppData\Roaming\Mozilla\Firefox\Profiles\7o9palbe.default\extensions\searchyoutube@searchyoutube.fr
P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited.) -- C:\Users\Odair\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc..) -- C:\Users\Odair\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc..) -- C:\Users\Odair\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Macromed\Flash\NPSWF32_18_0_0_209.dll
P2 - FPN: [HKLM] [@real.com/nppl3260;version=6.0.12.450] - (.RealNetworks, Inc..) -- C:\Program Files\Real Alternative\Browser\Plugins\nppl3260.dll
P2 - FPN: [HKLM] [@real.com/nprpjplug;version=6.0.12.448] - (.RealNetworks, Inc..) -- C:\Program Files\Real Alternative\Browser\Plugins\nprpjplug.dll
P2 - FPN: [HKLM] [@staging.google.com/globalUpdate Update;version=10] - (.globalUpdate.) -- C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll =>PUP.Optional.GlobalUpdate
P2 - FPN: [HKLM] [@staging.google.com/globalUpdate Update;version=4] - (.globalUpdate.) -- C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll =>PUP.Optional.GlobalUpdate
---\\ Opera, Plugins,Arranque,Pesquisa (B0,B1,B2) (4) - 1s
B2 - EXT: [ajgnnllmjadopdlmpplonojbfogkjlcl] C:\Users\Odair\AppData\Roaming\Opera Software\Opera Stable\Extensions\ajgnnllmjadopdlmpplonojbfogkjlcl
B2 - EXT: [cobbaepnkejfnljmjgimdhoefifdhcak] C:\Users\Odair\AppData\Roaming\Opera Software\Opera Stable\Extensions\cobbaepnkejfnljmjgimdhoefifdhcak
B2 - EXT: [eekfhcmpmchbhkdeplplcljcggddkffb] C:\Users\Odair\AppData\Roaming\Opera Software\Opera Stable\Extensions\eekfhcmpmchbhkdeplplcljcggddkffb
B2 - EXT: [ekhagklcjbdpajgpjgmbionohlpdbjgc] C:\Users\Odair\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4) (14) - 1s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/ =>PUP.Optional.Browser
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/ =>PUP.Optional.Browser
R0 - HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\Main,Start Page = www.123rede.com?oem=mbtkv6&uid=S1ZWJ50Z128305_SAMSUNGHD161GJ&tm=1436910426
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/ =>PUP.Optional.IsStart
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.seekmx.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/ =>PUP.Optional.IsStart
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.seekmx.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 0
---\\ Internet Explorer, Gestão do Proxy (R5) (4) - 0s
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas (3) - 1s
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe (.Microsoft Corporation.)
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.)
F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe (.Microsoft Corporation.)
---\\ Redireção do ficheiro Hosts (O1) (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (21)
---\\ Browser Helper Objects do navegador (O2) (1) - 2s
O2 - BHO: Product Deals 1.0.0.7 - {dd01946e-5501-4e11-b279-efdffd4c1487} . (...) -- C:\Program Files\Product Deals\ProductDealsbho.dll (.not file.) =>PUP.Optional.ProductDeals
---\\ Aplicações iniciadas por registo & pastas (O4) (40) - 4s
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\Windows\RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Windows\SkyTel.EXE
O4 - HKLM\..\Run: [SoundMan] . (.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- C:\Windows\SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] . (.RealTek Semicoductor Corp. - RealTek AlcWzrd Application.) -- C:\Windows\ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe
O4 - HKLM\..\Run: [mbot_br_620] (Orphean)
O4 - HKLM\..\Run: [gmsd_br_252] (Orphean)
O4 - HKLM\..\Run: [gmsd_br_528] (Orphean)
O4 - HKLM\..\Run: [UnlockerAssistant] . (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [gmsd_br_564] (Orphean)
O4 - HKLM\..\Run: [gmsd_br_005010013] (Orphean)
O4 - HKLM\..\Run: [gmsd_br_005010014] (Orphean)
O4 - HKLM\..\Run: [gmsd_br_005010017] (Orphean)
O4 - HKLM\..\Run: [gmsd_br_005010027] (Orphean)
O4 - HKLM\..\Run: [gmsd_br_005010028] (Orphean)
O4 - HKLM\..\Run: [gmsd_br_005010034] (Orphean)
O4 - HKLM\..\Run: [SpaceSoundPro] C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe (.not file.) =>PUP.Optional.SpaceSondPro
O4 - HKLM\..\Run: [gmsd_en_027010034] (Orphean)
O4 - HKLM\..\Run: [gmsd_br_009010034] (Orphean)
O4 - HKLM\..\Run: [SmartWeb] . (.SoftBrain Technologies Ltd. - SmartWeb helper.) -- C:\Users\Odair\AppData\Local\SmartWeb\SmartWebHelper.exe =>PUP.Optional.SmartWebSearch
O4 - HKLM\..\Run: [gmsd_br_005010036] (Orphean)
O4 - HKLM\..\Run: [3D BubbleSound] C:\Program Files\BubbleSound\3D BubbleSound.exe (.not file.) =>PUP.Optional.BubbleSound
O4 - HKCU\..\Run: [Facebook Update] C:\Users\Odair\AppData\Local\Facebook\Update\FacebookUpdate.exe (.not file.)
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [Google Update] C:\Users\Odair\AppData\Local\Google\Update\GoogleUpdate.exe (.not file.)
O4 - HKCU\..\Run: [Google+ Auto Backup] C:\Users\Odair\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe (.not file.)
O4 - HKCU\..\Run: [ares] C:\Program Files\Ares\Ares.exe (.not file.)
O4 - HKCU\..\Run: [MinhaBox.br] . (...) -- C:\Program Files\Minhateca.com.br Box\MinhaBox.exe
O4 - HKCU\..\Run: [DesktopSearch] C:\ProgramData\DesktopSearch\DesktopSearch.exe (.not file.) =>PUP.Optional.DesktopSearch
O4 - HKUS\S-1-5-21-468734458-1884841994-1836443768-1001\..\Run: [Facebook Update] C:\Users\Odair\AppData\Local\Facebook\Update\FacebookUpdate.exe (.not file.)
O4 - HKUS\S-1-5-21-468734458-1884841994-1836443768-1001\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-468734458-1884841994-1836443768-1001\..\Run: [Google Update] C:\Users\Odair\AppData\Local\Google\Update\GoogleUpdate.exe (.not file.)
O4 - HKUS\S-1-5-21-468734458-1884841994-1836443768-1001\..\Run: [Google+ Auto Backup] C:\Users\Odair\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe (.not file.)
O4 - HKUS\S-1-5-21-468734458-1884841994-1836443768-1001\..\Run: [ares] C:\Program Files\Ares\Ares.exe (.not file.)
O4 - HKUS\S-1-5-21-468734458-1884841994-1836443768-1001\..\Run: [MinhaBox.br] . (...) -- C:\Program Files\Minhateca.com.br Box\MinhaBox.exe
O4 - HKUS\S-1-5-21-468734458-1884841994-1836443768-1001\..\Run: [DesktopSearch] C:\ProgramData\DesktopSearch\DesktopSearch.exe (.not file.) =>PUP.Optional.DesktopSearch
---\\ Atalhos globais Startup (O4G) (16) - 17s
O4 - GS\Desktop [Administrador]: GUPlayer.lnk . (...) C:\Program Files\GUPlayer\GuPlayer.exe =>PUP.Optional.GUPlayer
O4 - GS\Quicklaunch [Administrador]: Crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse
O4 - GS\TaskBar [Administrador]: Crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse
O4 - GS\Startup [Administrador]: crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse
O4 - GS\Startup [Administrador]: SmartWeb.lnk . (.SoftBrain Technologies Ltd. - SmartWeb helper.) C:\Users\Odair\AppData\Local\SmartWeb\SmartWebHelper.exe =>PUP.Optional.SmartWebSearch
O4 - GS\Desktop [Convidado]: GUPlayer.lnk . (...) C:\Program Files\GUPlayer\GuPlayer.exe =>PUP.Optional.GUPlayer
O4 - GS\Quicklaunch [Convidado]: Crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse
O4 - GS\TaskBar [Convidado]: Crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse
O4 - GS\Startup [Convidado]: crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse
O4 - GS\Startup [Convidado]: SmartWeb.lnk . (.SoftBrain Technologies Ltd. - SmartWeb helper.) C:\Users\Odair\AppData\Local\SmartWeb\SmartWebHelper.exe =>PUP.Optional.SmartWebSearch
O4 - GS\Desktop [Odair]: GUPlayer.lnk . (...) C:\Program Files\GUPlayer\GuPlayer.exe =>PUP.Optional.GUPlayer
O4 - GS\Quicklaunch [Odair]: Crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse
O4 - GS\TaskBar [Odair]: Crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse
O4 - GS\Startup [Odair]: crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse
O4 - GS\Startup [Odair]: SmartWeb.lnk . (.SoftBrain Technologies Ltd. - SmartWeb helper.) C:\Users\Odair\AppData\Local\SmartWeb\SmartWebHelper.exe =>PUP.Optional.SmartWebSearch
O4 - GS\CommonDesktop [Public]: Crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse
---\\ Alteração Dominio/Clientes DNS (017) (2) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.0.1
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20) (1) - 0s
O20 - AppInit_DLLs: . (.Autores - .) - C:\Windows\System32\
---\\ Lista dos serviços NT não Microsoft e não desativados (023) (13) - 3s
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Application Manager 1.66.6715824 (AppMgr1.66.6715824) . (...) - C:\ProgramData\AppMgr1.66.6715824\AppMgr.exe
O23 - Service: Rename Save (biwejizu) . (...) - C:\Users\Odair\AppData\Roaming\FFFFFFFF-1424791665-FFFF-FFFF-FFFFFFFFFFFF\nsj7FC2.tmpfs =>PUP.Optional.CrossRider
O23 - Service: Classic Shell Service (ClassicShellService) . (.IvoSoft - Classic Shell Service.) - C:\Program Files\Classic Shell\ClassicShellService.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (...) - C:\Program Files\globalUpdate\Update\globalupdate.exe (.not file.) =>PUP.Optional.GlobalUpdate
O23 - Service: GOSafer (GOSafer) . (...) - C:\Program Files\GOSafer\GOSafer.exe (.not file.)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) . (...) - C:\Program Files\Google\Update\GoogleUpdate.exe (.not file.)
O23 - Service: Helpless Club (Helpless Club) . (...) - C:\Program Files\Helpless Club\Helpless Club.exe
O23 - Service: Net.Tcp Service Handler (NetTcpHandler) . (...) - C:\Users\Odair\AppData\Roaming\NetService\netservice.exe
O23 - Service: PLFlash DeviceIoControl Service (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) - C:\Windows\System32\IoctlSvc.exe
O23 - Service: Service KMSELDI (Service KMSELDI) . (. - Service_KMS.) - C:\Program Files\KMSpico\Service_KMS.exe =>PUA.KMSpico
O23 - Service: Spotless Valuable (Spotless Valuable) . (...) - C:\Program Files\Spotless Valuable\Spotless Valuable.exe
O23 - Service: Form Letter Text Direction (wonykuri) . (...) - C:\Users\Odair\AppData\Roaming\FFFFFFFF-1424791665-FFFF-FFFF-FFFFFFFFFFFF\jnszB836.tmp =>PUP.Optional.CrossRider
---\\ Tarefas planificadas automaticamente (039) (76) - 6s
O39 - APT: - (...) -- C:\Windows\Tasks\2gJNRTD1m6knhqr2d7XwZ5mNBN.job [1042]
O39 - APT: - (...) -- C:\Windows\Tasks\4pf1TdbUx.job [1008]
O39 - APT: - (...) -- C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-6.job [3142] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-7.job [3142] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-10_user.job [2116] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-3.job [4162] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-4.job [4162] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-5.job [2450] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-5_user.job [2450] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-6.job [5522] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-7.job [5186] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [902]
O39 - APT: - (...) -- C:\Windows\Tasks\APSnotifierPP1.job [366] =>PUP.Optional.AnyProtect
O39 - APT: - (...) -- C:\Windows\Tasks\APSnotifierPP2.job [364] =>PUP.Optional.AnyProtect
O39 - APT: - (...) -- C:\Windows\Tasks\APSnotifierPP3.job [364] =>PUP.Optional.AnyProtect
O39 - APT: - (...) -- C:\Windows\Tasks\atO4Zw5rXevAcaBSBH.job [1026]
O39 - APT: - (...) -- C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job [358] =>PUP.Optional.BidailySync
O39 - APT: - (...) -- C:\Windows\Tasks\cSJgnGXh98hMRjaD4Qhu7.job [1032]
O39 - APT: - (...) -- C:\Windows\Tasks\fiRuxnOSf5XOBqPvh.job [1024]
O39 - APT: - (...) -- C:\Windows\Tasks\fmybgmVJG9gvYuSEew.job [1026]
O39 - APT: - (...) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [982] =>PUP.Optional.GlobalUpdate
O39 - APT: - (...) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job [986] =>PUP.Optional.GlobalUpdate
O39 - APT: - (...) -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-468734458-1884841994-1836443768-1001Core.job [1044]
O39 - APT: - (...) -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-468734458-1884841994-1836443768-1001UA.job [1096]
O39 - APT: - (...) -- C:\Windows\Tasks\LaCmoICEKYr.job [1012]
O39 - APT: - (...) -- C:\Windows\Tasks\s7w3sScfL4tfUF4b1cTgjWIU6.job [1040]
O39 - APT: - (...) -- C:\Windows\Tasks\SoccerGrind.job [372]
O39 - APT: - (...) -- C:\Windows\Tasks\zwAwJbRiIW0KQoZBKcOLwVCYUx.job [1042]
O39 - APT: - (...) -- C:\Windows\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}.job [282]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\2gJNRTD1m6knhqr2d7XwZ5mNBN [4048]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\4pf1TdbUx [4014]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-6 [6146] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-7 [6146] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-10_user [5116] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-3 [7166] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-4 [7166] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-5 [5454] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-5_user [5450] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-6 [8526] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-7 [8190] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-1-6 [5776] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-1-7 [6120] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-10_user [5090] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-4 [7820] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-5 [5428] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-5_user [5424] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-6 [8164] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-7 [8164] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\Adobe Acrobat Update Task [3874]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [3790]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\APSnotifierPP1 [2796] =>PUP.Optional.AnyProtect
O39 - APT: - (...) -- C:\Windows\System32\Tasks\APSnotifierPP2 [2794] =>PUP.Optional.AnyProtect
O39 - APT: - (...) -- C:\Windows\System32\Tasks\APSnotifierPP3 [2794] =>PUP.Optional.AnyProtect
O39 - APT: - (...) -- C:\Windows\System32\Tasks\atO4Zw5rXevAcaBSBH [4032]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\AutoPico Daily Restart [3704] =>PUA.KMSpico
O39 - APT: - (...) -- C:\Windows\System32\Tasks\Bidaily Synchronize Task[8da6] [3244] =>PUP.Optional.BidailySync
O39 - APT: - (...) -- C:\Windows\System32\Tasks\CCleanerSkipUAC [2772]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\cSJgnGXh98hMRjaD4Qhu7 [4038]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-468734458-1884841994-1836443768-1001Core [3444]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-468734458-1884841994-1836443768-1001UA [3794]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\fiRuxnOSf5XOBqPvh [4032]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\fmybgmVJG9gvYuSEew [4034]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [3722] =>PUP.Optional.GlobalUpdate
O39 - APT: - (...) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA [3958] =>PUP.Optional.GlobalUpdate
O39 - APT: - (...) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-468734458-1884841994-1836443768-1001Core [3662]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-468734458-1884841994-1836443768-1001UA [4042]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\Hoeaslnoju [3456]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\klcp_update [3666]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\LaCmoICEKYr [4016]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\s7w3sScfL4tfUF4b1cTgjWIU6 [4046]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task [4034] =>PUP.Optional.SmartWebSearch
O39 - APT: - (...) -- C:\Windows\System32\Tasks\SoccerGrind [3258]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\zwAwJbRiIW0KQoZBKcOLwVCYUx [4048]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\{1D2ED8B5-950D-4DD8-BE18-D38774C0A513} [3152]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\{42504C4D-F411-42EE-BE3B-B67FFBC564B6} [3152]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200} [3128]
---\\ Software instalados (042) (37) - 13s
O42 - Logiciel: Adobe Flash Player 18 NPAPI - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player NPAPI
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Crossbrowse - (.The Crossbrowse Authors.) [HKLM] -- Crossbrowse =>PUP.Optional.CrossBrowse
O42 - Logiciel: FormatFactory 2.60 - (.Free Time.) [HKLM] -- FormatFactory
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI
O42 - Logiciel: HQ-VidPro-2.5cV19.07 - (.HQ-Video2.5dV19.07.) [HKLM] -- HQ-VidPro-2.5cV19.07 =>PUP.Optional.CrossRider
O42 - Logiciel: K-Lite Mega Codec Pack 10.8.0 - (...) [HKLM] -- KLiteCodecPack_is1
O42 - Logiciel: KMSpico v9.0.6.20131120 - (...) [HKLM] -- KMSpico_is1 =>PUA.KMSpico
O42 - Logiciel: Mozilla Firefox 36.0.1 (x86 pt-BR) - (.Mozilla.) [HKLM] -- Mozilla Firefox 36.0.1 (x86 pt-BR)
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] -- MozillaMaintenanceService
O42 - Logiciel: Naviextras Toolbox - (.NNG Llc..) [HKLM] -- Naviextras Toolbox
O42 - Logiciel: PhotoScape - (...) [HKLM] -- PhotoScape
O42 - Logiciel: Picasa 3 - (.Google, Inc..) [HKLM] -- Picasa 3
O42 - Logiciel: Plugin Letras.mus.br 1.30 - (.Letras.mus.br.) [HKLM] -- Plugin Letras.mus.br
O42 - Logiciel: Real Alternative 2.0.2 Lite - (...) [HKLM] -- RealAlt_is1
O42 - Logiciel: Unlocker 1.9.2 - (.Cedrick Collomb.) [HKLM] -- Unlocker
O42 - Logiciel: Winkochan Djmixer-PRO 4.0 - (.Winkochan Sistemas de áudio Ltda..) [HKLM] -- Winkochan DJMIXER-PRO IV - FREEWARE_is1
O42 - Logiciel: Arquivo do WinRAR - (...) [HKLM] -- WinRAR archiver
O42 - Logiciel: Facebook Video Calling 3.1.0.521 - (.Skype Limited.) [HKLM] -- {2091F234-EB58-4B80-8C96-8EB78C808CF7}
O42 - Logiciel: Classic Shell - (.IvoSoft.) [HKLM] -- {4D39908B-D289-43E2-91EA-E2DD35058870}
O42 - Logiciel: Naviextras Toolbox Prerequesities - (.NNG Llc..) [HKLM] -- {537575D6-3B96-474C-BD8F-DFF667363DBD}
O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
O42 - Logiciel: Minhateca.com.br Box - (.Minhateca.com.br.) [HKLM] -- {6A22B145-83AD-4320-946C-73E04E4D3E90}
O42 - Logiciel: The Sims 2 Grandes Negócios Coleção - (.Electronic Arts.) [HKLM] -- {6CB35178-9E25-48fb-9F86-E40ADC7043B6}
O42 - Logiciel: The Sims 2 - (...) [HKLM] -- {6E7DD182-9FC6-4651-0095-2E666CC6AF35}
O42 - Logiciel: The Sims 2 Mundo Universitário Coleção - (.Electronic Arts.) [HKLM] -- {76703039-C98C-4e62-A12C-4D7066BE9985}
O42 - Logiciel: Nero 7 Ultra Edition - (.Nero AG.) [HKLM] -- {98EFD8F0-08DE-48DB-B922-A2EBAB711046}
O42 - Logiciel: globalupdate Helper - (.globalupdate Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>PUP.Optional.GlobalUpdate
O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-0804-1033-1959-001824147215}
O42 - Logiciel: Adobe Reader XI (11.0.11) - Português - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1046-7B44-AB0000000001}
O42 - Logiciel: aTube Catcher versão 3.8 - (.DsNET Corp.) [HKLM] -- {D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Google+ Auto Backup - (.Google, Inc..) [HKCU] -- Google+ Auto Backup
O42 - Logiciel: GUPlayer (remove only) - (...) [HKCU] -- GUPlayer =>PUP.Optional.GUPlayer
O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU] -- uTorrent
---\\ HKCU & HKLM Software Keys (162) - 14s
HKLM\SOFTWARE\38d0e584-8e29-4a19-ad12-0f7fe1d403c7 =>PUP.Optional.CrossRider
HKLM\SOFTWARE\Adobe
HKLM\SOFTWARE\AdwCleaner
HKLM\SOFTWARE\Ahead
HKLM\SOFTWARE\AppDataLow
HKLM\SOFTWARE\ArenaHD =>PUP.Optional.CrossRider
HKLM\SOFTWARE\ATI Technologies
HKLM\SOFTWARE\Audible
HKLM\SOFTWARE\Auslogics
HKLM\SOFTWARE\AviSynth
HKLM\SOFTWARE\Baidu Security
HKLM\SOFTWARE\Baidu_Drp_pos
HKLM\SOFTWARE\BubbleSound =>PUP.Optional.BubbleSound
HKLM\SOFTWARE\Chromium
HKLM\SOFTWARE\COMODO
HKLM\SOFTWARE\ComodoGroup
HKLM\SOFTWARE\Crossbrowse =>PUP.Optional.CrossBrowse
HKLM\SOFTWARE\Disc Soft
HKLM\SOFTWARE\DivXNetworks
HKLM\SOFTWARE\EA GAMES
HKLM\SOFTWARE\Electronic Arts
HKLM\SOFTWARE\EVP
HKLM\SOFTWARE\GlobalUpdate =>PUP.Optional.GlobalUpdate
HKLM\SOFTWARE\GNU
HKLM\SOFTWARE\Google
HKLM\SOFTWARE\GOSafer
HKLM\SOFTWARE\HaaliMkx
HKLM\SOFTWARE\Hewlett-Packard
HKLM\SOFTWARE\HighDefAction =>PUP.Optional.CrossRider
HKLM\SOFTWARE\HQ-VidPro-2.5cV16.07 =>PUP.Optional.CrossRider
HKLM\SOFTWARE\HQ-VidPro-2.5cV16.07-nv =>PUP.Optional.CrossRider
HKLM\SOFTWARE\HQ-VidPro-2.5cV16.07-nv-ie =>PUP.Optional.CrossRider
HKLM\SOFTWARE\HQ-VidPro-2.5cV19.07 =>PUP.Optional.CrossRider
HKLM\SOFTWARE\HQ-VidPro-2.5cV19.07-nv =>PUP.Optional.CrossRider
HKLM\SOFTWARE\HQ-VidPro-2.5cV19.07-nv-ie =>PUP.Optional.CrossRider
HKLM\SOFTWARE\Icaros
HKLM\SOFTWARE\Infonaut_1.10.0.14 =>PUP.Optional.Infonaut
HKLM\SOFTWARE\InstalledBrowserExtensions =>PUP.Optional.BrowserExtensions
HKLM\SOFTWARE\Intel
HKLM\SOFTWARE\istartsurfSoftware =>PUP.Optional.IsStart
HKLM\SOFTWARE\IvoSoft
HKLM\SOFTWARE\KLCodecPack
HKLM\SOFTWARE\LAV
HKLM\SOFTWARE\LogMeInRescueCallingCard
HKLM\SOFTWARE\Macromedia
HKLM\SOFTWARE\Minhateca.com.br Box
HKLM\SOFTWARE\Mooii
HKLM\SOFTWARE\Mozilla
HKLM\SOFTWARE\mozilla.org
HKLM\SOFTWARE\MozillaPlugins
HKLM\SOFTWARE\Naviextras
HKLM\SOFTWARE\Nero
HKLM\SOFTWARE\NetTcpHandler
HKLM\SOFTWARE\NtIObits
HKLM\SOFTWARE\NtSvcHandler
HKLM\SOFTWARE\ODBC
HKLM\SOFTWARE\Opera Software
HKLM\SOFTWARE\Piriform
HKLM\SOFTWARE\Product Deals =>ProductDeals
HKLM\SOFTWARE\ProtectedHp
HKLM\SOFTWARE\raptor
HKLM\SOFTWARE\RealAlternative
HKLM\SOFTWARE\RealNetworks
HKLM\SOFTWARE\Realtek
HKLM\SOFTWARE\Realtek Semiconductor Corp.
HKLM\SOFTWARE\Reg
HKLM\SOFTWARE\RegisteredApplications
HKLM\SOFTWARE\seekmx
HKLM\SOFTWARE\Skype
HKLM\SOFTWARE\SuperClick_1.10.0.16 =>PUP.Optional.SuperClick
HKLM\SOFTWARE\Tutorials =>PUP.Optional.AgenceExclusive
HKLM\SOFTWARE\Volatile
HKLM\SOFTWARE\WinRAR
HKLM\SOFTWARE\WordSurfer_1.10.0.19 =>PUP.Optional.WordSurfer
HKLM\SOFTWARE\YorkNewCin =>PUP.Optional.CrossRider
HKCU\SOFTWARE\2gJNRTD1m6knhqr2d7XwZ5mNBN
HKCU\SOFTWARE\4pf1TdbUx
HKCU\SOFTWARE\Adobe
HKCU\SOFTWARE\Ahead
HKCU\SOFTWARE\AnyProtect =>PUP.Optional.AnyProtect
HKCU\SOFTWARE\AOL
HKCU\SOFTWARE\App Lid-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\AppDataLow
HKCU\SOFTWARE\ArenaHD =>PUP.Optional.CrossRider
HKCU\SOFTWARE\atO4Zw5rXevAcaBSBH
HKCU\SOFTWARE\Baidu Security
HKCU\SOFTWARE\Baixaki
HKCU\SOFTWARE\BitTorrent
HKCU\SOFTWARE\BrowserV17.07-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\BrowserV20.07-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\BrowserV25.06-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\Chromium
HKCU\SOFTWARE\CinemaPlus-3.2cV10.07-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\CinemaPlus-3.2cV25.05-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\CinemaPlus-4.2vV10.07-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\Crossbrowse =>PUP.Optional.CrossBrowse
HKCU\SOFTWARE\Disc Soft
HKCU\SOFTWARE\Facebook
HKCU\SOFTWARE\fiRuxnOSf5XOBqPvh
HKCU\SOFTWARE\fmybgmVJG9gvYuSEew
HKCU\SOFTWARE\FreeTime
HKCU\SOFTWARE\Gabest
HKCU\SOFTWARE\gamesdesktop =>PUP.Optional.GamesDesktop
HKCU\SOFTWARE\Ge-Force-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\globalUpdate =>PUP.Optional.GlobalUpdate
HKCU\SOFTWARE\GNU
HKCU\SOFTWARE\GoHD-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\GoldenGate
HKCU\SOFTWARE\Google
HKCU\SOFTWARE\Haali
HKCU\SOFTWARE\Hewlett-Packard
HKCU\SOFTWARE\HighDefAction =>PUP.Optional.CrossRider
HKCU\SOFTWARE\HQ-Video-Pro-2.1cV24.02-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\HQ-Video-Pro-2.1cV24.05-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\HQ-VidPro-2.5cV16.07-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\HQ-VidPro-2.5cV19.07-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\HQ-VidPro-2.5cV24.06-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\I - Cinema-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\I-Cinema =>PUP.Optional.CrossRider
HKCU\SOFTWARE\Icaros
HKCU\SOFTWARE\IM Providers
HKCU\SOFTWARE\InstallPath
HKCU\SOFTWARE\Intel
HKCU\SOFTWARE\IvoSoft
HKCU\SOFTWARE\LaCmoICEKYr
HKCU\SOFTWARE\Licenses
HKCU\SOFTWARE\Local AppWizard-Generated Applications
HKCU\SOFTWARE\LogMeInRescueCallingCard
HKCU\SOFTWARE\Macromedia
HKCU\SOFTWARE\MakeMSI
HKCU\SOFTWARE\Mooii
HKCU\SOFTWARE\Mozilla
HKCU\SOFTWARE\MozillaPlugins
HKCU\SOFTWARE\MPC-HC
HKCU\SOFTWARE\Naviextras
HKCU\SOFTWARE\Netscape
HKCU\SOFTWARE\OB
HKCU\SOFTWARE\ODBC
HKCU\SOFTWARE\Opera Software
HKCU\SOFTWARE\Piriform
HKCU\SOFTWARE\Product Deals =>ProductDeals
HKCU\SOFTWARE\ProtectedHp
HKCU\SOFTWARE\RealNetworks
HKCU\SOFTWARE\Realtek
HKCU\SOFTWARE\Reg
HKCU\SOFTWARE\RegisteredApplications
HKCU\SOFTWARE\s7w3sScfL4tfUF4b1cTgjWIU6
HKCU\SOFTWARE\SavePass 1.1-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\SecuROM
HKCU\SOFTWARE\Sense-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\Skype
HKCU\SOFTWARE\Trolltech
HKCU\SOFTWARE\tstamptoken =>PUP.Optional.MaxComputerCleaner
HKCU\SOFTWARE\VB and VBA Program Settings
HKCU\SOFTWARE\WebApp
HKCU\SOFTWARE\WinRAR
HKCU\SOFTWARE\WinRAR SFX
HKCU\SOFTWARE\YorkNewCin =>PUP.Optional.CrossRider
HKCU\SOFTWARE\ZebHelpProcess Helper
HKCU\SOFTWARE\AppDataLow\Software
HKCU\SOFTWARE\AppDataLow\Software\Crossrider =>PUP.Optional.CrossRider
HKCU\SOFTWARE\AppDataLow\Software\SmartWeb =>PUP.Optional.SmartWebSearch
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43) (156) - 16s
O43 - CFD: 2015/07/20 21:07:15 - [] D -- C:\Program Files\Adobe
O43 - CFD: 2014/10/21 10:06:09 - [0] SHD -- C:\Program Files\Arquivos Comuns
O43 - CFD: 2014/10/21 12:17:18 - [] D -- C:\Program Files\CCleaner
O43 - CFD: 2014/10/21 10:24:52 - [] D -- C:\Program Files\Classic Shell
O43 - CFD: 2015/07/17 19:30:13 - [] D -- C:\Program Files\Common Files
O43 - CFD: 2015/07/20 21:34:04 - [] D -- C:\Program Files\Crossbrowse =>PUP.Optional.CrossBrowse
O43 - CFD: 2015/03/01 18:50:43 - [] D -- C:\Program Files\DsNET Corp
O43 - CFD: 2014/12/25 18:00:40 - [] D -- C:\Program Files\EA GAMES
O43 - CFD: 2014/10/21 10:35:07 - [] D -- C:\Program Files\FreeTime
O43 - CFD: 2015/04/30 11:32:48 - [] D -- C:\Program Files\Google
O43 - CFD: 2014/10/21 10:32:52 - [] D -- C:\Program Files\GUM1303.tmp
O43 - CFD: 2015/07/09 15:35:33 - [] D -- C:\Program Files\Helpless Club
O43 - CFD: 2015/07/20 21:17:45 - [] D -- C:\Program Files\HQ-VidPro-2.5cV19.07 =>PUP.Optional.CrossRider
O43 - CFD: 2014/12/23 15:02:31 - [] HD -- C:\Program Files\InstallShield Installation Information
O43 - CFD: 2015/07/17 17:57:46 - [] D -- C:\Program Files\Internet Explorer
O43 - CFD: 2014/10/21 12:23:39 - [] D -- C:\Program Files\K-Lite Codec Pack
O43 - CFD: 2014/12/23 14:55:27 - [] D -- C:\Program Files\KMSpico =>PUA.KMSpico
O43 - CFD: 2014/10/21 10:51:51 - [] D -- C:\Program Files\Microsoft Analysis Services
O43 - CFD: 2014/10/21 10:53:04 - [] D -- C:\Program Files\Microsoft Office
O43 - CFD: 2014/10/21 10:53:02 - [] D -- C:\Program Files\Microsoft Sync Framework
O43 - CFD: 2014/10/21 10:52:20 - [] D -- C:\Program Files\Microsoft Visual Studio 8
O43 - CFD: 2014/10/21 10:53:02 - [] D -- C:\Program Files\Microsoft.NET
O43 - CFD: 2015/04/01 17:55:30 - [] D -- C:\Program Files\Minhateca.com.br Box
O43 - CFD: 2015/03/09 18:04:03 - [] D -- C:\Program Files\MiniGet
O43 - CFD: 2015/07/17 22:11:08 - [] D -- C:\Program Files\Mozilla Firefox
O43 - CFD: 2015/04/30 10:51:03 - [] D -- C:\Program Files\Mozilla Maintenance Service
O43 - CFD: 2015/07/17 19:32:44 - [] D -- C:\Program Files\MSBuild
O43 - CFD: 2015/03/16 13:52:42 - [] D -- C:\Program Files\Naviextras
O43 - CFD: 2014/10/21 11:09:02 - [] D -- C:\Program Files\Nero
O43 - CFD: 2015/02/24 16:42:21 - [] D -- C:\Program Files\Opera
O43 - CFD: 2015/02/24 15:58:01 - [] D -- C:\Program Files\OperaHelper
O43 - CFD: 2014/10/21 10:37:44 - [] D -- C:\Program Files\PhotoScape
O43 - CFD: 2014/10/21 12:10:38 - [] D -- C:\Program Files\PluginLetras
O43 - CFD: 2014/10/21 10:37:16 - [] D -- C:\Program Files\Real Alternative
O43 - CFD: 2014/10/21 13:18:00 - [] D -- C:\Program Files\Realtek
O43 - CFD: 2015/05/16 22:22:00 - [0] D -- C:\Program Files\Recuva
O43 - CFD: 2015/05/25 10:24:17 - [] D -- C:\Program Files\Reference Assemblies
O43 - CFD: 2015/03/16 13:48:17 - [] D -- C:\Program Files\SaveSys
O43 - CFD: 2015/07/08 21:36:06 - [] D -- C:\Program Files\Spotless Valuable
O43 - CFD: 2012/07/26 03:04:59 - [0] HD -- C:\Program Files\Uninstall Information
O43 - CFD: 2015/07/14 18:50:02 - [] D -- C:\Program Files\Unlocker
O43 - CFD: 2015/04/01 10:54:33 - [] D -- C:\Program Files\Windows Defender
O43 - CFD: 2015/05/16 22:19:45 - [] D -- C:\Program Files\Windows Journal
O43 - CFD: 2012/07/26 05:53:52 - [] D -- C:\Program Files\Windows Mail
O43 - CFD: 2014/10/29 17:47:08 - [] D -- C:\Program Files\Windows Media Player
O43 - CFD: 2012/07/26 03:53:56 - [] D -- C:\Program Files\Windows Multimedia Platform
O43 - CFD: 2014/10/21 10:06:09 - [] D -- C:\Program Files\Windows NT
O43 - CFD: 2014/10/26 19:15:25 - [] D -- C:\Program Files\Windows Photo Viewer
O43 - CFD: 2012/07/26 03:53:56 - [] D -- C:\Program Files\Windows Portable Devices
O43 - CFD: 2012/07/26 03:53:43 - [] SHD -- C:\Program Files\Windows Sidebar
O43 - CFD: 2015/07/17 00:34:13 - [] HD -- C:\Program Files\WindowsApps
O43 - CFD: 2014/10/21 12:10:14 - [] D -- C:\Program Files\WinRAR
O43 - CFD: 2012/07/26 03:53:44 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
O43 - CFD: 2014/10/26 19:15:31 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 2014/11/01 22:32:38 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 2015/04/07 10:32:03 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
O43 - CFD: 2014/10/21 10:18:59 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
O43 - CFD: 2014/10/21 10:24:52 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
O43 - CFD: 2014/12/25 18:04:53 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
O43 - CFD: 2014/10/24 18:34:20 - [0] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
O43 - CFD: 2015/07/11 18:57:06 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
O43 - CFD: 2014/10/21 12:23:45 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
O43 - CFD: 2012/07/26 03:53:44 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 2015/07/17 19:29:49 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
O43 - CFD: 2015/04/01 17:55:31 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minhateca.com.br
O43 - CFD: 2014/10/21 11:11:09 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition
O43 - CFD: 2014/10/21 10:37:44 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
O43 - CFD: 2015/04/01 10:54:11 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
O43 - CFD: 2014/10/21 10:37:16 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Alternative
O43 - CFD: 2015/07/17 19:29:48 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
O43 - CFD: 2014/12/25 18:00:30 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
O43 - CFD: 2014/11/01 22:32:27 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
O43 - CFD: 2012/07/26 05:57:57 - [0] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 2014/10/21 10:29:05 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
O43 - CFD: 2015/07/16 15:39:35 - [] D -- C:\ProgramData\8502260805179791820
O43 - CFD: 2015/03/16 13:49:35 - [] D -- C:\ProgramData\Adobe
O43 - CFD: 2014/10/21 11:10:36 - [] D -- C:\ProgramData\Ahead
O43 - CFD: 2012/07/26 03:04:44 - [0] SHD -- C:\ProgramData\Application Data
O43 - CFD: 2015/07/20 19:29:02 - [] D -- C:\ProgramData\AppMgr1.66.6715824
O43 - CFD: 2014/10/21 12:16:58 - [] D -- C:\ProgramData\Auslogics
O43 - CFD: 2015/01/05 09:50:29 - [] D -- C:\ProgramData\Baidu Security
O43 - CFD: 2014/10/21 10:06:09 - [0] SHD -- C:\ProgramData\Dados de Aplicativos
O43 - CFD: 2014/10/21 11:01:39 - [0] D -- C:\ProgramData\DAEMON Tools Lite
O43 - CFD: 2012/07/26 03:04:44 - [0] SHD -- C:\ProgramData\Desktop
O43 - CFD: 2014/10/21 10:06:08 - [0] SHD -- C:\ProgramData\Documentos
O43 - CFD: 2012/07/26 03:04:44 - [0] SHD -- C:\ProgramData\Documents
O43 - CFD: 2014/10/21 15:38:21 - [] D -- C:\ProgramData\Hewlett-Packard
O43 - CFD: 2015/07/20 20:22:33 - [] D -- C:\ProgramData\Hoeaslnoju
O43 - CFD: 2014/10/21 10:06:09 - [0] SHD -- C:\ProgramData\Menu Iniciar
O43 - CFD: 2015/06/03 16:40:46 - [] SD -- C:\ProgramData\Microsoft
O43 - CFD: 2015/07/20 12:13:32 - [] D -- C:\ProgramData\Microsoft Help
O43 - CFD: 2014/10/21 10:06:09 - [0] SHD -- C:\ProgramData\Modelos
O43 - CFD: 2014/10/21 10:33:58 - [] D -- C:\ProgramData\Mozilla
O43 - CFD: 2014/10/21 11:09:02 - [] D -- C:\ProgramData\Nero
O43 - CFD: 2014/10/21 11:16:19 - [] D -- C:\ProgramData\PRICache
O43 - CFD: 2012/07/26 05:57:57 - [] D -- C:\ProgramData\regid.1991-06.com.microsoft
O43 - CFD: 2015/05/28 10:02:16 - [] D -- C:\ProgramData\Rlutoacaiinoo
O43 - CFD: 2014/12/07 21:34:58 - [] D -- C:\ProgramData\Skype
O43 - CFD: 2012/07/26 03:04:44 - [0] SHD -- C:\ProgramData\Start Menu
O43 - CFD: 2012/07/26 03:04:44 - [0] SHD -- C:\ProgramData\Templates
O43 - CFD: 2015/07/20 21:00:19 - [] D -- C:\ProgramData\ToolsUpdatePlatform
O43 - CFD: 2015/07/16 15:34:35 - [] D -- C:\ProgramData\{2eba7930-dd82-a6ce-2eba-a7930dd8e4c3}
O43 - CFD: 2015/07/02 15:34:19 - [] D -- C:\ProgramData\{e8b0b77e-0f29-17b4-e8b0-0b77e0f2ddf8}
O43 - CFD: 2015/02/24 22:04:54 - [] D -- C:\Program Files\Common Files\Adobe
O43 - CFD: 2014/10/21 11:10:19 - [] D -- C:\Program Files\Common Files\Ahead
O43 - CFD: 2015/07/17 19:30:13 - [] D -- C:\Program Files\Common Files\DESIGNER
O43 - CFD: 2014/10/21 13:17:54 - [] D -- C:\Program Files\Common Files\InstallShield
O43 - CFD: 2015/07/17 19:34:46 - [] D -- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 2012/07/26 03:53:56 - [] D -- C:\Program Files\Common Files\Services
O43 - CFD: 2014/10/21 10:06:09 - [0] SHD -- C:\Program Files\Common Files\Sistema
O43 - CFD: 2015/07/17 19:04:07 - [] D -- C:\Program Files\Common Files\System
O43 - CFD: 2015/05/20 09:30:56 - [] D -- C:\Users\Odair\AppData\Roaming\Adobe
O43 - CFD: 2014/10/21 11:10:49 - [] D -- C:\Users\Odair\AppData\Roaming\Ahead
O43 - CFD: 2015/07/20 11:04:33 - [] SHD -- C:\Users\Odair\AppData\Roaming\AnyProtectEx =>PUP.Optional.AnyProtect
O43 - CFD: 2015/02/24 15:28:54 - [] D -- C:\Users\Odair\AppData\Roaming\FFFFFFFF-1424791665-FFFF-FFFF-FFFFFFFFFFFF
O43 - CFD: 2015/02/24 15:41:14 - [] HD -- C:\Users\Odair\AppData\Roaming\GoldenGate
O43 - CFD: 2014/12/23 14:59:11 - [] D -- C:\Users\Odair\AppData\Roaming\IGC
O43 - CFD: 2014/12/23 16:34:33 - [0] D -- C:\Users\Odair\AppData\Roaming\IrfanView
O43 - CFD: 2014/10/21 12:12:28 - [] D -- C:\Users\Odair\AppData\Roaming\Macromedia
O43 - CFD: 2015/07/20 21:04:05 - [] SD -- C:\Users\Odair\AppData\Roaming\Microsoft
O43 - CFD: 2015/03/09 17:52:09 - [] D -- C:\Users\Odair\AppData\Roaming\MiniGet
O43 - CFD: 2014/10/21 11:54:19 - [] D -- C:\Users\Odair\AppData\Roaming\Mozilla
O43 - CFD: 2014/10/21 12:24:26 - [] D -- C:\Users\Odair\AppData\Roaming\MPC-HC
O43 - CFD: 2015/03/16 13:55:54 - [] D -- C:\Users\Odair\AppData\Roaming\naviextras
O43 - CFD: 2015/07/11 18:39:48 - [] D -- C:\Users\Odair\AppData\Roaming\NetService
O43 - CFD: 2015/02/24 15:57:37 - [] D -- C:\Users\Odair\AppData\Roaming\Opera Software
O43 - CFD: 2015/07/14 18:47:02 - [] D -- C:\Users\Odair\AppData\Roaming\RunDir
O43 - CFD: 2015/06/03 15:34:10 - [0] D -- C:\Users\Odair\AppData\Roaming\searchult
O43 - CFD: 2014/10/21 10:43:52 - [] D -- C:\Users\Odair\AppData\Roaming\Skype
O43 - CFD: 2015/07/18 23:21:06 - [] D -- C:\Users\Odair\AppData\Roaming\UG
O43 - CFD: 2015/06/03 16:34:22 - [] D -- C:\Users\Odair\AppData\Roaming\uTorrent
O43 - CFD: 2014/10/21 12:08:28 - [0] D -- C:\Users\Odair\AppData\Roaming\WinRAR
O43 - CFD: 2015/07/20 21:43:49 - [] D -- C:\Users\Odair\AppData\Roaming\ZHP
O43 - CFD: 2015/07/20 21:03:32 - [] D -- C:\Users\Odair\AppData\Local\Adobe
O43 - CFD: 2015/07/20 21:11:19 - [] D -- C:\Users\Odair\AppData\Local\Ahead
O43 - CFD: 2015/07/18 15:16:10 - [] D -- C:\Users\Odair\AppData\Local\Crossbrowse =>PUP.Optional.CrossBrowse
O43 - CFD: 2015/07/20 20:30:48 - [] D -- C:\Users\Odair\AppData\Local\globalUpdate =>PUP.Optional.GlobalUpdate
O43 - CFD: 2015/07/20 20:26:41 - [] D -- C:\Users\Odair\AppData\Local\Google
O43 - CFD: 2015/07/20 21:08:40 - [] D -- C:\Users\Odair\AppData\Local\Microsoft
O43 - CFD: 2015/07/20 20:27:14 - [] D -- C:\Users\Odair\AppData\Local\Packages
O43 - CFD: 2015/07/20 21:08:06 - [] D -- C:\Users\Odair\AppData\Local\Programs
O43 - CFD: 2015/07/20 20:27:15 - [] D -- C:\Users\Odair\AppData\Local\SmartWeb =>PUP.Optional.SmartWebSearch
O43 - CFD: 2015/07/20 21:44:06 - [] D -- C:\Users\Odair\AppData\Local\Temp
O43 - CFD: 2015/07/20 21:03:16 - [0] D -- C:\Users\Odair\AppData\Local\VirtualStore
O43 - CFD: 2012/07/26 03:53:44 - [] RD -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
O43 - CFD: 2012/07/26 03:53:43 - [] RD -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 2015/03/23 14:53:24 - [] RD -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 2014/10/21 10:35:30 - [] D -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
O43 - CFD: 2014/10/21 20:44:25 - [] D -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
O43 - CFD: 2015/07/20 21:13:34 - [] D -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer =>PUP.Optional.GUPlayer
O43 - CFD: 2012/07/26 03:53:44 - [] D -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 2015/03/16 13:52:58 - [] D -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Naviextras
O43 - CFD: 2015/07/20 21:43:44 - [] RD -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 2012/07/26 03:53:43 - [] RD -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
O43 - CFD: 2015/06/03 14:58:45 - [] D -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
O43 - CFD: 2014/10/21 10:29:05 - [] D -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
---\\ Últimos arquivos criados no Windows Prefetcher (045) (30) - 120s
O45 - LFCP:[MD5.D7672E4C99C0DAFC82A2C1A4F68C33BF] 2015/07/20 20:17:58 A -- C:\Windows\Prefetch\3DBUBBLESOUND.EXE-1ABDC950.pf =>PUP.Optional.BubbleSound
O45 - LFCP:[MD5.9E7369E270B7D36AEFA6DF6E60080C9C] 2015/07/20 20:44:02 A -- C:\Windows\Prefetch\ANYPROTECT.EXE-A6F01169.pf =>PUP.Optional.AnyProtect
O45 - LFCP:[MD5.B0AA55BED8EF7F0F75832089D538DCB6] 2015/07/20 21:04:16 A -- C:\Windows\Prefetch\CROSSBROWSE.EXE-F6F882CE.pf =>PUP.Optional.CrossBrowse
O45 - LFCP:[MD5.42DA6B5D27C52E8E477B54CB27F6CE94] 2015/07/20 20:16:04 A -- C:\Windows\Prefetch\DESKTOPSEARCH_SOFT_PARTNER.EX-4FC46A60.pf =>PUP.Optional.DesktopSearch
O45 - LFCP:[MD5.CC0D39AD87CCB7887185D7B1CDCB8A98] 2015/07/17 18:08:42 A -- C:\Windows\Prefetch\GAMESDESKTOP.TMP-97BB6E03.pf =>PUP.Optional.GamesDesktop
O45 - LFCP:[MD5.6756AA81F930D80B1B0A19B8A311C093] 2015/07/20 21:16:41 A -- C:\Windows\Prefetch\GLOBALUPDATE.EXE-0DB303A0.pf =>PUP.Optional.GlobalUpdate
O45 - LFCP:[MD5.E1F1F50666BFDBEBB1BEAFD927855C47] 2015/07/17 19:52:46 A -- C:\Windows\Prefetch\GLOBALUPDATE.EXE-4D9FC7B8.pf =>PUP.Optional.GlobalUpdate
O45 - LFCP:[MD5.F09FCE3121A932FA7F7FB5E5014E1DB3] 2015/07/20 20:30:57 A -- C:\Windows\Prefetch\GLOBALUPDATE.EXE-71FDB23E.pf =>PUP.Optional.GlobalUpdate
O45 - LFCP:[MD5.965F863B3C99932DCE14359E7E090162] 2015/07/20 21:16:33 A -- C:\Windows\Prefetch\GLOBALUPDATE.EXE-B66D5BF9.pf =>PUP.Optional.GlobalUpdate
O45 - LFCP:[MD5.A865120B7A683C0E9DF0FA582563F88E] 2015/07/20 20:21:43 A -- C:\Windows\Prefetch\GLOBALUPDATE.EXE-CD2F91D1.pf =>PUP.Optional.GlobalUpdate
O45 - LFCP:[MD5.D98CEF8653A0541AF9DEED8BBF298B54] 2015/07/20 21:06:20 A -- C:\Windows\Prefetch\GLOBALUPDATECRASHHANDLER.EXE-C9210A99.pf =>PUP.Optional.GlobalUpdate
O45 - LFCP:[MD5.FDBD68C716C4C4CE121CA2CF2F152DB9] 2015/07/20 20:13:49 A -- C:\Windows\Prefetch\PACKAGE_BUBBLESOUND_INSTALLER-2E7842F8.pf =>PUP.Optional.BubbleSound
O45 - LFCP:[MD5.E51D4066227ED9E438C29677B683A38D] 2015/07/20 20:13:52 A -- C:\Windows\Prefetch\PACKAGE_BUBBLESOUND_INSTALLER-4FA350A7.pf =>PUP.Optional.BubbleSound
O45 - LFCP:[MD5.BB45AC9432CF0570D1DF34D91D837575] 2015/07/20 20:12:49 A -- C:\Windows\Prefetch\PACKAGE_PCROSSBROWSER_INSTALL-339B90D5.pf =>PUP.Optional.CrossBrowser
O45 - LFCP:[MD5.48E3C39FAEC77E958B2483FD2BEF35F5] 2015/07/20 20:12:50 A -- C:\Windows\Prefetch\PACKAGE_PCROSSBROWSER_INSTALL-7A7A8F3E.pf =>PUP.Optional.CrossBrowser
O45 - LFCP:[MD5.5278FCDF857BD0F46E2087C757B6E9A1] 2015/07/11 18:47:14 A -- C:\Windows\Prefetch\PACKAGE_PCROSSBROWSER_INSTALL-CA7897B4.pf =>PUP.Optional.CrossBrowser
O45 - LFCP:[MD5.949BE26C5389214B393F4FF5C9047855] 2015/07/17 17:24:31 A -- C:\Windows\Prefetch\PACKAGE_PCROSSBROWSER_INSTALL-D7E7BC33.pf =>PUP.Optional.CrossBrowser
O45 - LFCP:[MD5.A13372362E6561B16209FACE6749927B] 2015/07/17 17:47:21 A -- C:\Windows\Prefetch\PACKAGE_SPACESOUNDPRO_INSTALL-E1D2F33A.pf =>PUP.Optional.SpaceSondPro
O45 - LFCP:[MD5.7ADC3C0323E614E14A5E1E1BC7CF2E80] 2015/07/20 20:16:21 A -- C:\Windows\Prefetch\PCROSSBROWSER_SOFT_PARTNER.EX-46399A3D.pf =>PUP.Optional.CrossBrowser
O45 - LFCP:[MD5.FE4743F3C8A012534C71ECE294ADCB7E] 2015/07/20 11:16:15 A -- C:\Windows\Prefetch\PREDM.EXE-8A61870C.pf =>PUP.Optional.Downware
O45 - LFCP:[MD5.8481072861FE39203EE72DB0929454A8] 2015/07/20 21:08:22 A -- C:\Windows\Prefetch\PREDM.EXE-AEC52FA2.pf =>PUP.Optional.Downware
O45 - LFCP:[MD5.E1EB25477CF5EDBC0AE574ACEA1BFBB1] 2015/07/11 10:46:57 A -- C:\Windows\Prefetch\PREDM.TMP-540339AA.pf =>PUP.Optional.Downware
O45 - LFCP:[MD5.09984D15FBC947EAFB7B74752A6372A7] 2015/07/17 19:43:36 A -- C:\Windows\Prefetch\PREDM.TMP-55860D93.pf =>PUP.Optional.Downware
O45 - LFCP:[MD5.54AEB8AEE118FA23B7AF996E0463F6B4] 2015/07/20 21:08:22 A -- C:\Windows\Prefetch\PREDM.TMP-9A98624C.pf =>PUP.Optional.Downware
O45 - LFCP:[MD5.7A12A2D34024A6F2C393824ED5600083] 2015/07/11 18:57:32 A -- C:\Windows\Prefetch\PREDM.TMP-BE0B9E15.pf =>PUP.Optional.Downware
O45 - LFCP:[MD5.DA42F754709C4B84407641611BAC9DB2] 2015/07/17 17:45:20 A -- C:\Windows\Prefetch\PREDM.TMP-C18828B4.pf =>PUP.Optional.Downware
O45 - LFCP:[MD5.59D009D29BBE933769E2489B91B1D694] 2015/07/20 11:16:18 A -- C:\Windows\Prefetch\PREDM.TMP-DEFDB9E3.pf =>PUP.Optional.Downware
O45 - LFCP:[MD5.D468A410C96392BAC028F9FB3028E8B5] 2015/07/20 21:38:06 A -- C:\Windows\Prefetch\SMARTWEBAPP.EXE-789679B5.pf =>PUP.Optional.SmartWebSearch
O45 - LFCP:[MD5.580E13E0B50D9EF48D8F71102D33E06D] 2015/07/20 21:04:05 A -- C:\Windows\Prefetch\SMARTWEBHELPER.EXE-EBECEAF8.pf =>PUP.Optional.SmartWebSearch
O45 - LFCP:[MD5.FF68900AD76CCF60DF76B2D754E2AB0D] 2015/07/20 20:57:57 A -- C:\Windows\Prefetch\WORDSURFERAUTOUPDATECLIENT.EX-7802AD0F.pf =>PUP.Optional.WordSurfer
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53) (1) - 1s
O53 - SMSR:HKLM\...\startupreg\UnlockerAssistant [Key] . (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe
---\\ Lista dos drivers do sistema (SDL) (O58) (51) - 92s
O58 - SDL:2012/07/26 00:42:31 A . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\drivers\3ware.sys [85232]
O58 - SDL:2012/07/26 00:42:31 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\drivers\adp94xx.sys [424176]
O58 - SDL:2012/07/26 00:42:31 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\drivers\adpahci.sys [298736]
O58 - SDL:2012/07/26 00:42:31 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\System32\drivers\adpu320.sys [147696]
O58 - SDL:2012/07/26 00:42:31 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys [67312]
O58 - SDL:2012/07/26 00:42:31 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys [213744]
O58 - SDL:2012/07/26 00:42:31 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys [22256]
O58 - SDL:2012/07/26 00:42:30 A . (.PMC-Sierra, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\drivers\arc.sys [91888]
O58 - SDL:2012/07/26 00:42:30 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys [94448]
O58 - SDL:2012/10/19 03:52:30 A . (.Windows (R) Win 7 DDK provider - IEEE-1284.4-1999 Driver.) -- C:\Windows\System32\drivers\Dot4.sys [137632]
O58 - SDL:2012/10/19 03:52:32 A . (.Windows (R) Win 7 DDK provider - IEEE-1284.4 Print Class Driver.) -- C:\Windows\System32\drivers\Dot4Prt.sys [22432]
O58 - SDL:2015/01/19 10:00:08 A . (.Windows (R) Win 7 DDK provider - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\drivers\gosaferdrv.sys [45360]
O58 - SDL:2012/07/26 00:42:33 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys [56048]
O58 - SDL:2012/07/26 00:42:33 A . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\drivers\iaStorV.sys [333552]
O58 - SDL:2009/09/23 11:18:14 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\drivers\igdkmd32.sys [4808192]
O58 - SDL:2012/07/26 00:42:33 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\drivers\iirsp.sys [42224]
O58 - SDL:2012/07/26 00:42:33 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys [93424]
O58 - SDL:2012/07/26 00:42:33 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys [78576]
O58 - SDL:2012/07/26 00:42:33 A . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_scsi.sys [100592]
O58 - SDL:2012/07/26 00:42:33 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sss.sys [68848]
O58 - SDL:2012/07/26 00:42:33 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys [45296]
O58 - SDL:2012/07/26 00:42:15 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\MegaSR.sys [283888]
O58 - SDL:2012/07/26 00:42:15 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) -- C:\Windows\System32\drivers\mvumis.sys [59120]
O58 - SDL:2012/07/26 00:42:15 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\drivers\nfrd960.sys [45808]
O58 - SDL:2012/07/26 00:42:15 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [120048]
O58 - SDL:2012/07/26 00:42:15 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [141552]
O58 - SDL:2012/07/25 19:49:40 A . (.Realtek - Driver Realtek 8101E/8168/8169 NDIS 6.30 de.) -- C:\Windows\System32\drivers\Rt630x86.sys [495104]
O58 - SDL:2007/04/10 18:04:40 RA . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\Windows\System32\drivers\RtkHDAud.sys [4397568]
O58 - SDL:2012/07/26 03:52:42 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys [20480]
O58 - SDL:2012/07/26 00:42:15 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys [41200]
O58 - SDL:2012/07/26 00:42:16 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys [79088]
O58 - SDL:2012/07/26 00:42:15 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) -- C:\Windows\System32\drivers\stexstor.sys [26352]
O58 - SDL:2012/07/26 00:42:18 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys [18160]
O58 - SDL:2012/07/26 00:42:19 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\drivers\vsmraid.sys [155376]
O58 - SDL:2012/07/26 00:42:19 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) -- C:\Windows\System32\drivers\VSTXRAID.SYS [285424]
O58 - SDL:2014/12/23 05:23:14 A . (.StdLib - StdLib.) -- C:\Windows\System32\drivers\{8aefbcaf-640f-4dca-9a92-ed05ee387238}Gw.sys [43144] =>PUP.Optional.LinkiDoo
O58 - SDL:2012/07/25 19:52:51 A . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:2012/07/25 19:52:51 A . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:2012/07/25 19:52:51 A . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:2012/07/25 19:52:52 A . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:2012/07/25 19:52:52 A . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:2012/07/25 19:52:54 A . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:2012/07/25 19:52:54 A . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:2012/07/25 19:52:54 A . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:2012/07/25 19:52:54 A . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:2012/07/25 19:52:54 A . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:2012/07/25 19:52:51 A . (...) -- C:\Windows\System32\NTIO.SYS [33968]
O58 - SDL:2012/07/25 19:52:51 A . (...) -- C:\Windows\System32\NTIO404.SYS [34688]
O58 - SDL:2012/07/25 19:52:51 A . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:2012/07/25 19:52:51 A . (...) -- C:\Windows\System32\NTIO412.SYS [35552]
O58 - SDL:2012/07/25 19:52:51 A . (...) -- C:\Windows\System32\NTIO804.SYS [34688]
---\\ Últimos ficheiros alterados ou criados (Utilizador) (061) (4) - 105s
O61 - LFC: 2015/07/20 11:50:17 A . (..) -- C:\Users\Odair\AppData\Roaming\appdataFr25.bin [24]
O61 - LFC: 2015/07/13 23:42:42 A . (..) -- C:\Users\Odair\AppData\Roaming\RunDir\bn1.exe [578008]
O61 - LFC: 2015/07/13 23:42:42 A . (..) -- C:\Users\Odair\AppData\Roaming\RunDir\temp\bn1.exe [578008]
O61 - LFC: 2015/07/20 21:03:08 A . (..) -- C:\Users\Odair\AppData\Local\Microsoft\Windows\1046\StructuredQuerySchema.bin [339857]
---\\ Associações Shell Spawning (O67) (1) - 1s
O67 - Shell Spawning: <.evt>[HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos.) -- C:\Windows\System32\eventvwr.exe
---\\ Menu de inicialização Internet (068) (12) - 1s
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Mozilla Firefox\firefox.ex http://www.istartsurf.com/ =>PUP.Optional.IsStart
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe http://www.seekmx.com/
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- iexplore.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - Utilitário de Inicialização por Usuário do.) -- C:\Windows\System32\ie4uinit.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - Utilitário de Inicialização por Usuário do.) -- C:\Windows\System32\ie4uinit.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - Utilitário de Inicialização por Usuário do.) -- C:\Windows\System32\ie4uinit.exe
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069) (24) - 31s
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("browser.search.searchengine.alias", "istartsurf"); =>PUP.Optional.IsStart
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine"); =>PUP.Optional.SearchEngine
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("browser.search.searchengine.iconURL", "http://www.istartsurf.com/favicon.ico"); =>PUP.Optional.IsStart
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("browser.search.searchengine.name", "istartsurf"); =>PUP.Optional.IsStart
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("browser.search.searchengine.ptid", "face"); =>PUP.Optional.SearchEngine
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("browser.search.searchengine.uid", "SAMSUNGXHD161GJ_S1ZWJ50Z128305"); =>PUP.Optional.SearchEngine
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("browser.search.searchengine.url", "http://www.istartsurf.com/web/?type=ds&ts=1437270335&z=4772a9c738417152e95d4f8gbz4ce[...] =>PUP.Optional.IsStart
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb [...] =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri [...] =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_bundledWithHash.value", "null"); =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri F[...] =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D"); =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_regBundledWithSoftware.expiration"[...] =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7[...] =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.ae2b0dff561784e3db84ed9e2815a71a2f5d474691ed6bbee47c02com69129.69129.description", "Ge-Force"); =>PUP.Optional.CrossRider
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.ae2b0dff561784e3db84ed9e2815a71a2f5d474691ed6bbee47c02com69129.69129.internaldb.monetization_plugin_bundledU[...] =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.ae2b0dff561784e3db84ed9e2815a71a2f5d474691ed6bbee47c02com69129.69129.internaldb.monetization_plugin_bundledW[...] =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.ae2b0dff561784e3db84ed9e2815a71a2f5d474691ed6bbee47c02com69129.69129.internaldb.monetization_plugin_notBundl[...] =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.ae2b0dff561784e3db84ed9e2815a71a2f5d474691ed6bbee47c02com69129.69129.internaldb.monetization_plugin_regBundl[...] =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.ae2b0dff561784e3db84ed9e2815a71a2f5d474691ed6bbee47c02com69129.69129.name", "Ge-Forces 1.1"); =>PUP.Optional.CrossRider
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.ae2b0dff561784e3db84ed9e2815a71a2f5d474691ed6bbee47c02com69129.69129.publisher", "iWebar"); =>PUP.Optional.CrossRider
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.enabledAddons", "deskCutv2%40gmail.com:0.0.10,defsearchp%40gmail.com:1.0.0.1039,sweetsearch%40gmail.com:1.0.[...] =>PUP.Optional.DeskCut
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("browser.startup.homepage", "http://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&fr=EUsc4l0yRP999idrAAps6xFMHedVIAm3Mg%3[...] =>PUP.Optional.Browser
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/
---\\ Listagem dos serviços iniciados pelo Svchost (SSS) (O83) (35) - 9s
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Serviço de Experiência com Aplicativo.) -- C:\Windows\System32\aelupsvc.dll [168960]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Car.) -- C:\Windows\System32\certprop.dll [115200]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Car.) -- C:\Windows\System32\certprop.dll [115200]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll [236544]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Cliente da Política de Grupo.) -- C:\Windows\System32\gpsvc.dll [1285632]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\System32\IKEEXT.DLL [683520]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gerenciador de Discagem Automática de Acess.) -- C:\Windows\System32\rasauto.dll [87552]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\System32\rasmans.dll [302080]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gerenciador de Interface Dinâmica.) -- C:\Windows\System32\mprdim.dll [81920]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistem.) -- C:\Windows\System32\Sens.dll [49152]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\System32\ipnathlp.dll [392192]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft(R) Windo.) -- C:\Windows\System32\tapisrv.dll [245760]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [2601472]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de tel.) -- C:\Windows\System32\qmgr.dll [630272]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\System32\shsvcs.dll [506368]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 em u.) -- C:\Windows\System32\iphlpsvc.dll [741376]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\Windows\System32\seclogon.dll [20992]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações de Aplicativos.) -- C:\Windows\System32\appinfo.dll [52224]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Descoberta iSCSI.) -- C:\Windows\System32\iscsiexe.dll [115200]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Serviço Microsoft EAPHost.) -- C:\Windows\System32\eapsvc.dll [89088]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll [944640]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [166400]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Serviço Agendador de Classes de Multimídia.) -- C:\Windows\System32\mmcss.dll [60928]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\System32\browser.dll [105472]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [170496]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração da Área de Trabalho.) -- C:\Windows\System32\SessEnv.dll [249344]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\System32\wercplsupport.dll [59392]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\Windows\System32\KMSVC.DLL [73216]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\System32\themeservice.dll [33280]
O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Serviço Conta da Microsoft®.) -- C:\Windows\System32\wlidsvc.dll [1532928]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Serviço BDE.) -- C:\Windows\System32\bdesvc.dll [154112]
O83 - Search Svchost Services: SystemEventsBroker (SystemEventsBroker) . (.Microsoft Corporation - Agente de Eventos do Sistema.) -- C:\Windows\System32\SystemEventsBrokerServer.dll [117760]
O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Gerenciador de Instalação de Dispositivo.) -- C:\Windows\System32\DeviceSetupManager.dll [161792]
O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Serviço Assistente de Conectividade de Rede.) -- C:\Windows\System32\NcaSvc.dll [138752]
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Serviço de instalação do software.) -- C:\Windows\System32\appmgmts.dll [152064]
---\\ Lista das exceções do FireWall (FirewallRules) (O87) (10) - 8s
O87 - FAEL: "{F2CAE05A-579A-419D-B1D8-260667188D63}" [In-None-P6-TRUE] .(. - AutoPico.) -- C:\Program Files\KMSpico\AutoPico.exe =>PUA.KMSpico
O87 - FAEL: "{DFA214DC-2D67-4C58-951F-A33CB1DFABE9}" [In-None-P17-TRUE] .(. - AutoPico.) -- C:\Program Files\KMSpico\AutoPico.exe =>PUA.KMSpico
O87 - FAEL: "{D6F56D50-B685-4938-9C1E-96078F319280}" [In-None-P6-TRUE] .(. - Service_KMS.) -- C:\Program Files\KMSpico\Service_KMS.exe =>PUA.KMSpico
O87 - FAEL: "{59F68C6E-EDED-4EF9-A33D-E2D65E2E7AD3}" [In-None-P17-TRUE] .(. - Service_KMS.) -- C:\Program Files\KMSpico\Service_KMS.exe =>PUA.KMSpico
O87 - FAEL: "{12F4CBF9-5B21-4B70-93DA-6C49BF51B497}" [In-None-P6-TRUE] .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Odair\AppData\Roaming\uTorrent\uTorrent.exe
O87 - FAEL: "{78893C2E-C6F1-48FC-A29D-5B4D9A58881D}" [In-None-P17-TRUE] .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Odair\AppData\Roaming\uTorrent\uTorrent.exe
O87 - FAEL: "{89570795-B45A-4112-88A7-35FEE8EF9E52}" [In-None-P6-TRUE] .(. - Service_KMS.) -- C:\Program Files\KMSpico\Service_KMS.exe =>PUA.KMSpico
O87 - FAEL: "{CBF2B70A-0A9E-42EF-88A0-9525E6DCBB71}" [In-None-P17-TRUE] .(. - Service_KMS.) -- C:\Program Files\KMSpico\Service_KMS.exe =>PUA.KMSpico
O87 - FAEL: "{A8600965-2B0D-459D-B00B-794B4716DE6D}" [In-None-P6-TRUE] .(. - AutoPico.) -- C:\Program Files\KMSpico\AutoPico.exe =>PUA.KMSpico
O87 - FAEL: "{E0E20DBC-65A2-472A-9ABF-9098BABB8D18}" [In-None-P17-TRUE] .(. - AutoPico.) -- C:\Program Files\KMSpico\AutoPico.exe =>PUA.KMSpico
---\\ Listagem dos códigos dos software (PUC) (090) (1) - 2s
O90 - PUC: "93BAD29AC2E44034A96BCB446EB8552E" . (.globalupdate Helper.) =>PUP.Optional.GlobalUpdate
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS) (1) - 2s
[MD5.] [WIS][2015/07/17 17:48:02] (.globalupdate - Windows Installer XML Toolset (3.9.1208.0).) -- C:\Windows\Installer\58dfcc6.msi [32768] =>PUP.Optional.GlobalUpdate
---\\ Search Tracing Registry Key (O100) (2) - 1s
HKLM\SOFTWARE\Microsoft\Tracing\WordSurferAutoUpdateClient_RASAPI32 =>PUP.Optional.WordSurfer
HKLM\SOFTWARE\Microsoft\Tracing\WordSurferAutoUpdateClient_RASMANCS =>PUP.Optional.WordSurfer
---\\ Scâner Aditional (088) (148) - 0s
C:\Users\Odair\AppData\Roaming\FFFFFFFF-1424791665-FFFF-FFFF-FFFFFFFFFFFF\nsj7FC2.tmpfs =>PUP.Optional.CrossRider
C:\Users\Odair\AppData\Roaming\FFFFFFFF-1424791665-FFFF-FFFF-FFFFFFFFFFFF\jnszB836.tmp =>PUP.Optional.CrossRider
C:\Users\Odair\AppData\Local\SmartWeb\SmartWebHelper.exe =>PUP.Optional.SmartWebSearch
C:\Users\Odair\AppData\Local\SmartWeb\SmartWebApp.exe =>PUP.Optional.SmartWebSearch
C:\Program Files\HQ-VidPro-2.5cV19.07\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-6.exe =>PUP.Optional.CrossRider
HKLM\SYSTEM\CurrentControlSet\Services\biwejizu =>PUP.Optional.CrossRider
HKLM\SYSTEM\CurrentControlSet\Services\globalUpdate =>PUP.Optional.GlobalUpdate
HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI =>PUA.KMSpico
C:\Program Files\KMSpico\Service_KMS.exe =>PUA.KMSpico
HKLM\SYSTEM\CurrentControlSet\Services\wonykuri =>PUP.Optional.CrossRider
C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-6.job =>PUP.Optional.CrossRider
C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-7.job =>PUP.Optional.CrossRider
C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-10_user.job =>PUP.Optional.CrossRider
C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-3.job =>PUP.Optional.CrossRider
C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-4.job =>PUP.Optional.CrossRider
C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-5.job =>PUP.Optional.CrossRider
C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-5_user.job =>PUP.Optional.CrossRider
C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-6.job =>PUP.Optional.CrossRider
C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-7.job =>PUP.Optional.CrossRider
C:\Windows\Tasks\APSnotifierPP1.job =>PUP.Optional.AnyProtect
C:\Windows\Tasks\APSnotifierPP2.job =>PUP.Optional.AnyProtect
C:\Windows\Tasks\APSnotifierPP3.job =>PUP.Optional.AnyProtect
C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job =>PUP.Optional.BidailySync
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job =>PUP.Optional.GlobalUpdate
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job =>PUP.Optional.GlobalUpdate
C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-6 =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-7 =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-10_user =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-3 =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-4 =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-5 =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-5_user =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-6 =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-7 =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-1-6 =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-1-7 =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-10_user =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-4 =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-5 =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-5_user =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-6 =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-7 =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\APSnotifierPP1 =>PUP.Optional.AnyProtect
C:\Windows\System32\Tasks\APSnotifierPP2 =>PUP.Optional.AnyProtect
C:\Windows\System32\Tasks\APSnotifierPP3 =>PUP.Optional.AnyProtect
C:\Windows\System32\Tasks\AutoPico Daily Restart =>PUA.KMSpico
C:\Windows\System32\Tasks\Bidaily Synchronize Task[8da6] =>PUP.Optional.BidailySync
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore =>PUP.Optional.GlobalUpdate
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA =>PUP.Optional.GlobalUpdate
C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task =>PUP.Optional.SmartWebSearch
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Crossbrowse =>PUP.Optional.CrossBrowse
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HQ-VidPro-2.5cV19.07 =>PUP.Optional.CrossRider
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1 =>PUA.KMSpico
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>PUP.Optional.GlobalUpdate
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GUPlayer =>PUP.Optional.GUPlayer
HKLM\SOFTWARE\ArenaHD =>PUP.Optional.CrossRider
HKLM\SOFTWARE\BubbleSound =>PUP.Optional.BubbleSound
HKLM\SOFTWARE\Crossbrowse =>PUP.Optional.CrossBrowse
HKLM\SOFTWARE\GlobalUpdate =>PUP.Optional.GlobalUpdate
HKLM\SOFTWARE\HighDefAction =>PUP.Optional.CrossRider
HKLM\SOFTWARE\HQ-VidPro-2.5cV16.07 =>PUP.Optional.CrossRider
HKLM\SOFTWARE\HQ-VidPro-2.5cV16.07-nv =>PUP.Optional.CrossRider
HKLM\SOFTWARE\HQ-VidPro-2.5cV16.07-nv-ie =>PUP.Optional.CrossRider
HKLM\SOFTWARE\HQ-VidPro-2.5cV19.07 =>PUP.Optional.CrossRider
HKLM\SOFTWARE\HQ-VidPro-2.5cV19.07-nv =>PUP.Optional.CrossRider
HKLM\SOFTWARE\HQ-VidPro-2.5cV19.07-nv-ie =>PUP.Optional.CrossRider
HKLM\SOFTWARE\Infonaut_1.10.0.14 =>PUP.Optional.Infonaut
HKLM\SOFTWARE\InstalledBrowserExtensions =>PUP.Optional.BrowserExtensions
HKLM\SOFTWARE\istartsurfSoftware =>PUP.Optional.IsStart
HKLM\SOFTWARE\Product Deals =>ProductDeals
HKLM\SOFTWARE\SuperClick_1.10.0.16 =>PUP.Optional.SuperClick
HKLM\SOFTWARE\Tutorials =>PUP.Optional.AgenceExclusive
HKLM\SOFTWARE\WordSurfer_1.10.0.19 =>PUP.Optional.WordSurfer
HKLM\SOFTWARE\YorkNewCin =>PUP.Optional.CrossRider
HKCU\SOFTWARE\AnyProtect =>PUP.Optional.AnyProtect
HKCU\SOFTWARE\App Lid-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\ArenaHD =>PUP.Optional.CrossRider
HKCU\SOFTWARE\BrowserV17.07-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\BrowserV20.07-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\BrowserV25.06-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\CinemaPlus-3.2cV10.07-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\CinemaPlus-3.2cV25.05-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\CinemaPlus-4.2vV10.07-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\Crossbrowse =>PUP.Optional.CrossBrowse
HKCU\SOFTWARE\gamesdesktop =>PUP.Optional.GamesDesktop
HKCU\SOFTWARE\Ge-Force-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\globalUpdate =>PUP.Optional.GlobalUpdate
HKCU\SOFTWARE\GoHD-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\HighDefAction =>PUP.Optional.CrossRider
HKCU\SOFTWARE\HQ-Video-Pro-2.1cV24.02-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\HQ-Video-Pro-2.1cV24.05-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\HQ-VidPro-2.5cV16.07-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\HQ-VidPro-2.5cV19.07-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\HQ-VidPro-2.5cV24.06-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\I - Cinema-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\I-Cinema =>PUP.Optional.CrossRider
HKCU\SOFTWARE\Product Deals =>ProductDeals
HKCU\SOFTWARE\SavePass 1.1-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\Sense-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\tstamptoken =>PUP.Optional.MaxComputerCleaner
HKCU\SOFTWARE\YorkNewCin =>PUP.Optional.CrossRider
HKCU\SOFTWARE\AppDataLow\Software\Crossrider =>PUP.Optional.CrossRider =>PUP.Optional.CrossRider
HKCU\SOFTWARE\AppDataLow\Software\SmartWeb =>PUP.Optional.SmartWebSearch =>PUP.Optional.SmartWebSearch
C:\Program Files\Crossbrowse =>PUP.Optional.CrossBrowse
C:\Program Files\HQ-VidPro-2.5cV19.07 =>PUP.Optional.CrossRider
C:\Program Files\KMSpico =>PUA.KMSpico
C:\Users\Odair\AppData\Roaming\AnyProtectEx =>PUP.Optional.AnyProtect
C:\Users\Odair\AppData\Local\Crossbrowse =>PUP.Optional.CrossBrowse
C:\Users\Odair\AppData\Local\globalUpdate =>PUP.Optional.GlobalUpdate
C:\Users\Odair\AppData\Local\SmartWeb =>PUP.Optional.SmartWebSearch
C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer =>PUP.Optional.GUPlayer
C:\Windows\Prefetch\3DBUBBLESOUND.EXE-1ABDC950.pf =>PUP.Optional.BubbleSound
C:\Windows\Prefetch\ANYPROTECT.EXE-A6F01169.pf =>PUP.Optional.AnyProtect
C:\Windows\Prefetch\CROSSBROWSE.EXE-F6F882CE.pf =>PUP.Optional.CrossBrowse
C:\Windows\Prefetch\DESKTOPSEARCH_SOFT_PARTNER.EX-4FC46A60.pf =>PUP.Optional.DesktopSearch
C:\Windows\Prefetch\GAMESDESKTOP.TMP-97BB6E03.pf =>PUP.Optional.GamesDesktop
C:\Windows\Prefetch\GLOBALUPDATE.EXE-0DB303A0.pf =>PUP.Optional.GlobalUpdate
C:\Windows\Prefetch\GLOBALUPDATE.EXE-4D9FC7B8.pf =>PUP.Optional.GlobalUpdate
C:\Windows\Prefetch\GLOBALUPDATE.EXE-71FDB23E.pf =>PUP.Optional.GlobalUpdate
C:\Windows\Prefetch\GLOBALUPDATE.EXE-B66D5BF9.pf =>PUP.Optional.GlobalUpdate
C:\Windows\Prefetch\GLOBALUPDATE.EXE-CD2F91D1.pf =>PUP.Optional.GlobalUpdate
C:\Windows\Prefetch\GLOBALUPDATECRASHHANDLER.EXE-C9210A99.pf =>PUP.Optional.GlobalUpdate
C:\Windows\Prefetch\PACKAGE_BUBBLESOUND_INSTALLER-2E7842F8.pf =>PUP.Optional.BubbleSound
C:\Windows\Prefetch\PACKAGE_BUBBLESOUND_INSTALLER-4FA350A7.pf =>PUP.Optional.BubbleSound
C:\Windows\Prefetch\PACKAGE_PCROSSBROWSER_INSTALL-339B90D5.pf =>PUP.Optional.CrossBrowser
C:\Windows\Prefetch\PACKAGE_PCROSSBROWSER_INSTALL-7A7A8F3E.pf =>PUP.Optional.CrossBrowser
C:\Windows\Prefetch\PACKAGE_PCROSSBROWSER_INSTALL-CA7897B4.pf =>PUP.Optional.CrossBrowser
C:\Windows\Prefetch\PACKAGE_PCROSSBROWSER_INSTALL-D7E7BC33.pf =>PUP.Optional.CrossBrowser
C:\Windows\Prefetch\PACKAGE_SPACESOUNDPRO_INSTALL-E1D2F33A.pf =>PUP.Optional.SpaceSondPro
C:\Windows\Prefetch\PCROSSBROWSER_SOFT_PARTNER.EX-46399A3D.pf =>PUP.Optional.CrossBrowser
C:\Windows\Prefetch\PREDM.EXE-8A61870C.pf =>PUP.Optional.Downware
C:\Windows\Prefetch\PREDM.EXE-AEC52FA2.pf =>PUP.Optional.Downware
C:\Windows\Prefetch\PREDM.TMP-540339AA.pf =>PUP.Optional.Downware
C:\Windows\Prefetch\PREDM.TMP-55860D93.pf =>PUP.Optional.Downware
C:\Windows\Prefetch\PREDM.TMP-9A98624C.pf =>PUP.Optional.Downware
C:\Windows\Prefetch\PREDM.TMP-BE0B9E15.pf =>PUP.Optional.Downware
C:\Windows\Prefetch\PREDM.TMP-C18828B4.pf =>PUP.Optional.Downware
C:\Windows\Prefetch\PREDM.TMP-DEFDB9E3.pf =>PUP.Optional.Downware
C:\Windows\Prefetch\SMARTWEBAPP.EXE-789679B5.pf =>PUP.Optional.SmartWebSearch
C:\Windows\Prefetch\SMARTWEBHELPER.EXE-EBECEAF8.pf =>PUP.Optional.SmartWebSearch
C:\Windows\Prefetch\WORDSURFERAUTOUPDATECLIENT.EX-7802AD0F.pf =>PUP.Optional.WordSurfer
C:\Windows\System32\drivers\{8aefbcaf-640f-4dca-9a92-ed05ee387238}Gw.sys =>PUP.Optional.LinkiDoo
C:\Program Files\KMSpico\AutoPico.exe =>PUA.KMSpico
HKLM\Software\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E =>PUP.Optional.GlobalUpdate
HKLM\Software\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E =>PUP.Optional.GlobalUpdate
C:\Windows\Installer\58dfcc6.msi =>PUP.Optional.GlobalUpdate
HKLM\SOFTWARE\Microsoft\Tracing\WordSurferAutoUpdateClient_RASAPI32 =>PUP.Optional.WordSurfer
HKLM\SOFTWARE\Microsoft\Tracing\WordSurferAutoUpdateClient_RASMANCS =>PUP.Optional.WordSurfer
---\\ Resumo dos elementos encontrados na sua estação de trabalho (28) - 0s
http://www.nicolascoolman.fr/pup-crossrider/ =>PUP.Optional.CrossRider
http://www.nicolascoolman.fr/pup-smartwebsearch/ =>PUP.Optional.SmartWebSearch
http://www.nicolascoolman.fr/pup-globalupdate/ =>PUP.Optional.GlobalUpdate
http://www.nicolascoolman.fr/hijacker-browsers/ =>PUP.Optional.Browser
http://www.nicolascoolman.fr/pup-isstart/ =>PUP.Optional.IsStart
http://www.nicolascoolman.fr/pup-product-deals/ =>PUP.Optional.ProductDeals
http://www.nicolascoolman.fr/blog =>PUP.Optional.SpaceSondPro
http://www.nicolascoolman.fr/blog =>PUP.Optional.BubbleSound
http://www.nicolascoolman.fr/blog =>PUP.Optional.DesktopSearch
http://www.nicolascoolman.fr/blog =>PUP.Optional.GUPlayer
http://www.nicolascoolman.fr/blog =>PUP.Optional.CrossBrowse
http://www.nicolascoolman.fr/pup-kmspico/ =>PUA.KMSpico
http://www.nicolascoolman.fr/pup-anyprotect/ =>PUP.Optional.AnyProtect
http://www.nicolascoolman.fr/blog =>PUP.Optional.BidailySync
http://www.nicolascoolman.fr/blog =>PUP.Optional.Infonaut
http://www.nicolascoolman.fr/blog =>PUP.Optional.BrowserExtensions
http://www.nicolascoolman.fr/blog =>ProductDeals
http://www.nicolascoolman.fr/pup-superClick/ =>PUP.Optional.SuperClick
http://www.nicolascoolman.fr/spyware-agenceexclusive/ =>PUP.Optional.AgenceExclusive
http://www.nicolascoolman.fr/blog =>PUP.Optional.WordSurfer
http://www.nicolascoolman.fr/blog =>PUP.Optional.GamesDesktop
http://www.nicolascoolman.fr/blog =>PUP.Optional.MaxComputerCleaner
http://www.nicolascoolman.fr/blog =>PUP.Optional.CrossBrowser
http://www.nicolascoolman.fr/adware-downware/ =>PUP.Optional.Downware
http://www.nicolascoolman.fr/pup-linkidoo/ =>PUP.Optional.LinkiDoo
http://www.nicolascoolman.fr/blog =>PUP.Optional.SearchEngine
http://www.nicolascoolman.fr/blog =>PUP.Optional.Monetization
http://www.nicolascoolman.fr/blog =>PUP.Optional.DeskCut
~ End of the scan, 22158 items in 637 seconds (1020)(0)()
~ iniciado por Odair (Administrator) (2015/07/20 21:40:37)
~ Site: http://www.nicolascoolman.fr
~ Facebook: https://www.facebook.com/nicolascoolman1
~ Status da versão: Version KO
~ Modo: Scanner
~ Relatório: C:\Users\Odair\Desktop\ZHPDiag.txt
~ Relatório: C:\Users\Odair\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ Inicialização do sistema: Normal (Normal boot)
~ Windows 8, 32-bit (Build 9200)
---\\ Navegadores Internet (3) - 0s
GCIE: Google Chrome v43.0.2357.134
MFIE: Mozilla Firefox 36.0.1 (x86 pt-BR) v36.0.1
MSIE: Internet Explorer v10.0.9200.17413
---\\ Informações sobre os produtos Windows (4) - 102s
~ Windows Server License Manager Script : OK
System - VBScript Engine not found
Windows Automatic Updates : OK (Auto)
Windows Activation Technologies : OK
---\\ Softwares d'optimização do sistema (1) - 5s
CCleaner v3.20
---\\ Monitoramento dos softwares (2) - 5s
Adobe Flash Player 18 NPAPI
Adobe Reader XI
---\\ Informações sobre o sistema (6) - 0s
~ Operating System: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 1038.516 MB (16% free)
~ System Restore: Activé (Enable)
~ System drive C: has 14 GB free of 49 GB
---\\ Modo de conexão ao sistema (3) - 0s
~ Computer Name: PC-ODAIR
~ User Name: Odair
~ Logged in as Administrator
---\\ Enumeração das unidades dos discos (3) - 1s
~ Drive C: has 14 GB free of 49 GB (System)
~ Drive D: has 27 GB free of 102 GB
~ Drive F: has GB free of 1 GB
---\\ Estado do Centro de Segurança do Windows (11) - 1s
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
---\\ Pesquisa particular de ficheiros genéricos (22) - 13s
[MD5.EAFE46B0292D2BD2467835E2ACF717CC] - (.Microsoft Corporation - Windows Explorer.) () -- C:\Windows\Explorer.exe [2106176]
[MD5.224F6B374852153C8C24BED141AE3A20] - (.Microsoft Corporation - Processo de host do Windows (Rundll32).) () -- C:\Windows\System32\rundll32.exe [48640]
[MD5.7109FF769FFF962869C50D720F7AA7D7] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) () -- C:\Windows\System32\Wininit.exe [101376]
[MD5.E0103806C6CD91CFA8696A8A9EB4C822] - (.Microsoft Corporation - Internet Extensions para Win32.) () -- C:\Windows\System32\wininet.dll [1763328]
[MD5.89D6AFD5B257049375008BAA512910EE] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) () -- C:\Windows\System32\Winlogon.exe [429056]
[MD5.FAB11E1AC62579A9BE21593319F8E464] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) () -- C:\Windows\System32\sppcomapi.dll [246784]
[MD5.B92C9A8C3CAE22129CC5B4A920B00608] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) () -- C:\Windows\System32\drivers\AFD.sys [439296]
[MD5.48D8C3F2006698691F5AE0BB595FDCC8] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) () -- C:\Windows\System32\drivers\atapi.sys [22768]
[MD5.00B4FA77732C7823D292ECD672660882] - (.Microsoft Corporation - CD-ROM File System Driver.) () -- C:\Windows\System32\drivers\Cdfs.sys [89088]
[MD5.4E707EC5071DD8F5C29A7410780BD4C3] - (.Microsoft Corporation - SCSI CD-ROM Driver.) () -- C:\Windows\System32\drivers\Cdrom.sys [135680]
[MD5.E608E26B536A42B5ACC145D25CB9F2AC] - (.Microsoft Corporation - DFS Namespace Client Driver.) () -- C:\Windows\System32\drivers\DfsC.sys [92160]
[MD5.6BFEBBA25AD34E5922E60349C721B1DD] - (.Microsoft Corporation - High Definition Audio Bus Driver.) () -- C:\Windows\System32\drivers\HDAudBus.sys [62464]
[MD5.11EDC37780E8A2F8E311D73F7658A4D7] - (.Microsoft Corporation - Driver de porta i8042.) () -- C:\Windows\System32\drivers\i8042prt.sys [89600]
[MD5.57B0C0D982013C72911A3F5CBA795034] - (.Microsoft Corporation - IP Network Address Translator.) () -- C:\Windows\System32\drivers\IpNat.sys [126976]
[MD5.60978139E6942772545EAB1BC2DB1393] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) () -- C:\Windows\System32\drivers\MRxSmb.sys [341504]
[MD5.303A053C25E468B9925C22288BEF8484] - (.Microsoft Corporation - MBT Transport driver.) () -- C:\Windows\System32\drivers\netBT.sys [254464]
[MD5.6C816842AC5E2B0E033ED0BD1058E077] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) () -- C:\Windows\System32\drivers\ntfs.sys [1618264]
[MD5.8BCE63AF5B52642E832630F862DE96EF] - (.Microsoft Corporation - Driver de porta paralela.) () -- C:\Windows\System32\drivers\Parport.sys [90624]
[MD5.6E0649D7325D85C47C844EB3267E4625] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) () -- C:\Windows\System32\drivers\Rasl2tp.sys [88064]
[MD5.2CAD2A13569741C67CD9C52F97E0F992] - (.Microsoft Corporation - Microsoft RDP Device redirector.) () -- C:\Windows\System32\drivers\rdpdr.sys [156160]
[MD5.0886D9F1B5A5334FBB143A260E4BFB5C] - (.Microsoft Corporation - TDI Translation Driver.) () -- C:\Windows\System32\drivers\tdx.sys [97792]
[MD5.BF079843E272759BAE587FB980163293] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) () -- C:\Windows\System32\drivers\volsnap.sys [281408]
---\\ Processos lançados (20) - 29s
[MD5.81326EB34AF569365437B52E4328C1C4] - (.IvoSoft - Classic Shell Service.) -- C:\Program Files\Classic Shell\ClassicShellService.exe [63488] [PID.1104]
[MD5.27F0F57135638D87B3632A9B9B4B8485] - (.IvoSoft - Classic Start Menu.) -- C:\Program Files\Classic Shell\ClassicStartMenu.exe [147456] [PID.1420]
[MD5.A24BC735ECC34C0AD26DD0A3454FB18F] - (...) -- C:\ProgramData\AppMgr1.66.6715824\AppMgr.exe [483064] [PID.1800]
[MD5.A18A406635674E006B86110B7E41E45A] - (...) -- C:\Users\Odair\AppData\Roaming\FFFFFFFF-1424791665-FFFF-FFFF-FFFFFFFFFFFF\nsj7FC2.tmpfs [141312] [PID.1828] =>PUP.Optional.CrossRider
[MD5.4FBC2C440FC2DC0EA15BC39F72A59704] - (...) -- C:\Program Files\Helpless Club\Helpless Club.exe [8016173] [PID.1872]
[MD5.A271A66ABF8CAC3606FB114D7E8C517B] - (...) -- C:\Users\Odair\AppData\Roaming\NetService\netservice.exe [173088] [PID.1404]
[MD5.875E4E0661F3A5994DF9E5E3A0A4F96B] - (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) -- C:\Windows\System32\IoctlSvc.exe [81920] [PID.1696]
[MD5.5B0A379F7FBB5D7B0757DE5E5AC4F798] - (...) -- C:\Program Files\Spotless Valuable\Spotless Valuable.exe [8015944] [PID.1164]
[MD5.D62865BA2DC2C4DCE3075A60AE734901] - (...) -- C:\Users\Odair\AppData\Roaming\FFFFFFFF-1424791665-FFFF-FFFF-FFFFFFFFFFFF\jnszB836.tmp [95232] [PID.2380] =>PUP.Optional.CrossRider
[MD5.14D7A3545CC1DE3E3EC6DC900B96ADD2] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\Windows\RTHDCPL.exe [16126464] [PID.2152]
[MD5.FF4C51DEFC5C46C269DF2220EDEECA23] - (...) -- C:\ProgramData\AppMgr1.66.6715824\1\plugin.exe [142072] [PID.424]
[MD5.255E405D801CF01247390F38F92D8042] - (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe [17408] [PID.720]
[MD5.153F088DFDB3F940AD9DAEB04A3ACC4D] - (.SoftBrain Technologies Ltd. - SmartWeb helper.) -- C:\Users\Odair\AppData\Local\SmartWeb\SmartWebHelper.exe [270368] [PID.3956] =>PUP.Optional.SmartWebSearch
[MD5.44069C2AC699C8DAD80A96FB1C8DFE57] - (.SoftBrain Technologies Ltd. - SmartWeb Application.) -- C:\Users\Odair\AppData\Local\SmartWeb\SmartWebApp.exe [557088] [PID.2176] =>PUP.Optional.SmartWebSearch
[MD5.CCAE21B374C52AFCBFF3CB72836BAA7A] - (.Copyright © 2015 - uiviruah.) -- C:\ProgramData\Hoeaslnoju\1.0.4.1\uiviruah.exe [153600] [PID.1888]
[MD5.CCAE21B374C52AFCBFF3CB72836BAA7A] - (.Copyright © 2015 - uiviruah.) -- C:\ProgramData\Hoeaslnoju\1.0.4.1\uiviruah.exe [153600] [PID.2716]
[MD5.F4FFFF8240696FB9ED47459731517B3A] - (.HQ-Video2.5dV19.07 - HQ-VidPro-2.5cV19.07 exe.) -- C:\Program Files\HQ-VidPro-2.5cV19.07\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-6.exe [1553488] [PID.1732] =>PUP.Optional.CrossRider
[MD5.E55D0D5D5A3A585BFF48B990708007A5] - (.©1999-2014 Jonathan Bennett & AutoIt Team - Aut2Exe.) -- C:\Users\Odair\Desktop\adwcleaner_4.200.exe [2208768] [PID.2128]
[MD5.86EDADCF360DBD7BF4309372332F9D71] - (...) -- c:\programdata\{2eba7930-dd82-a6ce-2eba-a7930dd8e4c3}\2258593142552187033c.exe [221184] [PID.5304]
[MD5.6C83EA1093ECB6C0375A9450F65E361C] - (.PC Utilities Software Limited - OptimizerPro Clean up your PC.) -- c:\programdata\{e8b0b77e-0f29-17b4-e8b0-0b77e0f2ddf8}\hqghumeaylnlf.exe [6636232] [PID.5396]
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2 (1) - 1s
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.facebook.com/
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3) (25) - 8s
M0 - MFSP: prefs.js [Odair - 7o9palbe.default] http://www.seekmx.com/?bd=hp&oem=Cube&uid=SAMSUNGXHD161GJ_S1ZWJ50Z128305&version=2.3.0.10324&pid=414031160&tid=653
P2 - EXT FILE: (...) -- C:\Users\Odair\AppData\Roaming\Mozilla\Firefox\Profiles\7o9palbe.default\extensions\{b9ef2fca-9fe6-4589-b97a-90379e9f2f5e}.xpi
P2 - EXT FILE: (...) -- C:\Users\Odair\AppData\Roaming\Mozilla\Firefox\Profiles\7o9palbe.default\searchplugins\Google.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\bing.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\buscape.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\ddg.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\google.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\mercadolivre.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\navegaki.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\twitter.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\wikipedia-br.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo-br.xml
P2 - EXT: (.Mozilla - Default.) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
P2 - EXT: (.HQ-Video2.5dV16.07 - HQ-VidPro-2.5cV16.07.) -- C:\Users\Odair\AppData\Roaming\Mozilla\Firefox\Profiles\7o9palbe.default\extensions\AVJYFVOD75109374@HCDE39471360.com
P2 - EXT: (.roc - Default SearchProtected .) -- C:\Users\Odair\AppData\Roaming\Mozilla\Firefox\Profiles\7o9palbe.default\extensions\defsearchp@gmail.com
P2 - EXT: (.lightningnewtab.com - deskCut.) -- C:\Users\Odair\AppData\Roaming\Mozilla\Firefox\Profiles\7o9palbe.default\extensions\deskCutv2@gmail.com
P2 - EXT: (. - searchyoutubesearchyoutubefr.) -- C:\Users\Odair\AppData\Roaming\Mozilla\Firefox\Profiles\7o9palbe.default\extensions\searchyoutube@searchyoutube.fr
P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited.) -- C:\Users\Odair\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc..) -- C:\Users\Odair\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc..) -- C:\Users\Odair\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Macromed\Flash\NPSWF32_18_0_0_209.dll
P2 - FPN: [HKLM] [@real.com/nppl3260;version=6.0.12.450] - (.RealNetworks, Inc..) -- C:\Program Files\Real Alternative\Browser\Plugins\nppl3260.dll
P2 - FPN: [HKLM] [@real.com/nprpjplug;version=6.0.12.448] - (.RealNetworks, Inc..) -- C:\Program Files\Real Alternative\Browser\Plugins\nprpjplug.dll
P2 - FPN: [HKLM] [@staging.google.com/globalUpdate Update;version=10] - (.globalUpdate.) -- C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll =>PUP.Optional.GlobalUpdate
P2 - FPN: [HKLM] [@staging.google.com/globalUpdate Update;version=4] - (.globalUpdate.) -- C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll =>PUP.Optional.GlobalUpdate
---\\ Opera, Plugins,Arranque,Pesquisa (B0,B1,B2) (4) - 1s
B2 - EXT: [ajgnnllmjadopdlmpplonojbfogkjlcl] C:\Users\Odair\AppData\Roaming\Opera Software\Opera Stable\Extensions\ajgnnllmjadopdlmpplonojbfogkjlcl
B2 - EXT: [cobbaepnkejfnljmjgimdhoefifdhcak] C:\Users\Odair\AppData\Roaming\Opera Software\Opera Stable\Extensions\cobbaepnkejfnljmjgimdhoefifdhcak
B2 - EXT: [eekfhcmpmchbhkdeplplcljcggddkffb] C:\Users\Odair\AppData\Roaming\Opera Software\Opera Stable\Extensions\eekfhcmpmchbhkdeplplcljcggddkffb
B2 - EXT: [ekhagklcjbdpajgpjgmbionohlpdbjgc] C:\Users\Odair\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4) (14) - 1s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/ =>PUP.Optional.Browser
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/ =>PUP.Optional.Browser
R0 - HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\Main,Start Page = www.123rede.com?oem=mbtkv6&uid=S1ZWJ50Z128305_SAMSUNGHD161GJ&tm=1436910426
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/ =>PUP.Optional.IsStart
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.seekmx.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/ =>PUP.Optional.IsStart
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.seekmx.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 0
---\\ Internet Explorer, Gestão do Proxy (R5) (4) - 0s
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas (3) - 1s
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe (.Microsoft Corporation.)
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.)
F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe (.Microsoft Corporation.)
---\\ Redireção do ficheiro Hosts (O1) (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (21)
---\\ Browser Helper Objects do navegador (O2) (1) - 2s
O2 - BHO: Product Deals 1.0.0.7 - {dd01946e-5501-4e11-b279-efdffd4c1487} . (...) -- C:\Program Files\Product Deals\ProductDealsbho.dll (.not file.) =>PUP.Optional.ProductDeals
---\\ Aplicações iniciadas por registo & pastas (O4) (40) - 4s
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\Windows\RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Windows\SkyTel.EXE
O4 - HKLM\..\Run: [SoundMan] . (.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- C:\Windows\SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] . (.RealTek Semicoductor Corp. - RealTek AlcWzrd Application.) -- C:\Windows\ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe
O4 - HKLM\..\Run: [mbot_br_620] (Orphean)
O4 - HKLM\..\Run: [gmsd_br_252] (Orphean)
O4 - HKLM\..\Run: [gmsd_br_528] (Orphean)
O4 - HKLM\..\Run: [UnlockerAssistant] . (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [gmsd_br_564] (Orphean)
O4 - HKLM\..\Run: [gmsd_br_005010013] (Orphean)
O4 - HKLM\..\Run: [gmsd_br_005010014] (Orphean)
O4 - HKLM\..\Run: [gmsd_br_005010017] (Orphean)
O4 - HKLM\..\Run: [gmsd_br_005010027] (Orphean)
O4 - HKLM\..\Run: [gmsd_br_005010028] (Orphean)
O4 - HKLM\..\Run: [gmsd_br_005010034] (Orphean)
O4 - HKLM\..\Run: [SpaceSoundPro] C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe (.not file.) =>PUP.Optional.SpaceSondPro
O4 - HKLM\..\Run: [gmsd_en_027010034] (Orphean)
O4 - HKLM\..\Run: [gmsd_br_009010034] (Orphean)
O4 - HKLM\..\Run: [SmartWeb] . (.SoftBrain Technologies Ltd. - SmartWeb helper.) -- C:\Users\Odair\AppData\Local\SmartWeb\SmartWebHelper.exe =>PUP.Optional.SmartWebSearch
O4 - HKLM\..\Run: [gmsd_br_005010036] (Orphean)
O4 - HKLM\..\Run: [3D BubbleSound] C:\Program Files\BubbleSound\3D BubbleSound.exe (.not file.) =>PUP.Optional.BubbleSound
O4 - HKCU\..\Run: [Facebook Update] C:\Users\Odair\AppData\Local\Facebook\Update\FacebookUpdate.exe (.not file.)
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [Google Update] C:\Users\Odair\AppData\Local\Google\Update\GoogleUpdate.exe (.not file.)
O4 - HKCU\..\Run: [Google+ Auto Backup] C:\Users\Odair\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe (.not file.)
O4 - HKCU\..\Run: [ares] C:\Program Files\Ares\Ares.exe (.not file.)
O4 - HKCU\..\Run: [MinhaBox.br] . (...) -- C:\Program Files\Minhateca.com.br Box\MinhaBox.exe
O4 - HKCU\..\Run: [DesktopSearch] C:\ProgramData\DesktopSearch\DesktopSearch.exe (.not file.) =>PUP.Optional.DesktopSearch
O4 - HKUS\S-1-5-21-468734458-1884841994-1836443768-1001\..\Run: [Facebook Update] C:\Users\Odair\AppData\Local\Facebook\Update\FacebookUpdate.exe (.not file.)
O4 - HKUS\S-1-5-21-468734458-1884841994-1836443768-1001\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-468734458-1884841994-1836443768-1001\..\Run: [Google Update] C:\Users\Odair\AppData\Local\Google\Update\GoogleUpdate.exe (.not file.)
O4 - HKUS\S-1-5-21-468734458-1884841994-1836443768-1001\..\Run: [Google+ Auto Backup] C:\Users\Odair\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe (.not file.)
O4 - HKUS\S-1-5-21-468734458-1884841994-1836443768-1001\..\Run: [ares] C:\Program Files\Ares\Ares.exe (.not file.)
O4 - HKUS\S-1-5-21-468734458-1884841994-1836443768-1001\..\Run: [MinhaBox.br] . (...) -- C:\Program Files\Minhateca.com.br Box\MinhaBox.exe
O4 - HKUS\S-1-5-21-468734458-1884841994-1836443768-1001\..\Run: [DesktopSearch] C:\ProgramData\DesktopSearch\DesktopSearch.exe (.not file.) =>PUP.Optional.DesktopSearch
---\\ Atalhos globais Startup (O4G) (16) - 17s
O4 - GS\Desktop [Administrador]: GUPlayer.lnk . (...) C:\Program Files\GUPlayer\GuPlayer.exe =>PUP.Optional.GUPlayer
O4 - GS\Quicklaunch [Administrador]: Crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse
O4 - GS\TaskBar [Administrador]: Crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse
O4 - GS\Startup [Administrador]: crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse
O4 - GS\Startup [Administrador]: SmartWeb.lnk . (.SoftBrain Technologies Ltd. - SmartWeb helper.) C:\Users\Odair\AppData\Local\SmartWeb\SmartWebHelper.exe =>PUP.Optional.SmartWebSearch
O4 - GS\Desktop [Convidado]: GUPlayer.lnk . (...) C:\Program Files\GUPlayer\GuPlayer.exe =>PUP.Optional.GUPlayer
O4 - GS\Quicklaunch [Convidado]: Crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse
O4 - GS\TaskBar [Convidado]: Crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse
O4 - GS\Startup [Convidado]: crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse
O4 - GS\Startup [Convidado]: SmartWeb.lnk . (.SoftBrain Technologies Ltd. - SmartWeb helper.) C:\Users\Odair\AppData\Local\SmartWeb\SmartWebHelper.exe =>PUP.Optional.SmartWebSearch
O4 - GS\Desktop [Odair]: GUPlayer.lnk . (...) C:\Program Files\GUPlayer\GuPlayer.exe =>PUP.Optional.GUPlayer
O4 - GS\Quicklaunch [Odair]: Crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse
O4 - GS\TaskBar [Odair]: Crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse
O4 - GS\Startup [Odair]: crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse
O4 - GS\Startup [Odair]: SmartWeb.lnk . (.SoftBrain Technologies Ltd. - SmartWeb helper.) C:\Users\Odair\AppData\Local\SmartWeb\SmartWebHelper.exe =>PUP.Optional.SmartWebSearch
O4 - GS\CommonDesktop [Public]: Crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse
---\\ Alteração Dominio/Clientes DNS (017) (2) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.0.1
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20) (1) - 0s
O20 - AppInit_DLLs: . (.Autores - .) - C:\Windows\System32\
---\\ Lista dos serviços NT não Microsoft e não desativados (023) (13) - 3s
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Application Manager 1.66.6715824 (AppMgr1.66.6715824) . (...) - C:\ProgramData\AppMgr1.66.6715824\AppMgr.exe
O23 - Service: Rename Save (biwejizu) . (...) - C:\Users\Odair\AppData\Roaming\FFFFFFFF-1424791665-FFFF-FFFF-FFFFFFFFFFFF\nsj7FC2.tmpfs =>PUP.Optional.CrossRider
O23 - Service: Classic Shell Service (ClassicShellService) . (.IvoSoft - Classic Shell Service.) - C:\Program Files\Classic Shell\ClassicShellService.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (...) - C:\Program Files\globalUpdate\Update\globalupdate.exe (.not file.) =>PUP.Optional.GlobalUpdate
O23 - Service: GOSafer (GOSafer) . (...) - C:\Program Files\GOSafer\GOSafer.exe (.not file.)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) . (...) - C:\Program Files\Google\Update\GoogleUpdate.exe (.not file.)
O23 - Service: Helpless Club (Helpless Club) . (...) - C:\Program Files\Helpless Club\Helpless Club.exe
O23 - Service: Net.Tcp Service Handler (NetTcpHandler) . (...) - C:\Users\Odair\AppData\Roaming\NetService\netservice.exe
O23 - Service: PLFlash DeviceIoControl Service (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) - C:\Windows\System32\IoctlSvc.exe
O23 - Service: Service KMSELDI (Service KMSELDI) . (. - Service_KMS.) - C:\Program Files\KMSpico\Service_KMS.exe =>PUA.KMSpico
O23 - Service: Spotless Valuable (Spotless Valuable) . (...) - C:\Program Files\Spotless Valuable\Spotless Valuable.exe
O23 - Service: Form Letter Text Direction (wonykuri) . (...) - C:\Users\Odair\AppData\Roaming\FFFFFFFF-1424791665-FFFF-FFFF-FFFFFFFFFFFF\jnszB836.tmp =>PUP.Optional.CrossRider
---\\ Tarefas planificadas automaticamente (039) (76) - 6s
O39 - APT: - (...) -- C:\Windows\Tasks\2gJNRTD1m6knhqr2d7XwZ5mNBN.job [1042]
O39 - APT: - (...) -- C:\Windows\Tasks\4pf1TdbUx.job [1008]
O39 - APT: - (...) -- C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-6.job [3142] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-7.job [3142] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-10_user.job [2116] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-3.job [4162] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-4.job [4162] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-5.job [2450] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-5_user.job [2450] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-6.job [5522] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-7.job [5186] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [902]
O39 - APT: - (...) -- C:\Windows\Tasks\APSnotifierPP1.job [366] =>PUP.Optional.AnyProtect
O39 - APT: - (...) -- C:\Windows\Tasks\APSnotifierPP2.job [364] =>PUP.Optional.AnyProtect
O39 - APT: - (...) -- C:\Windows\Tasks\APSnotifierPP3.job [364] =>PUP.Optional.AnyProtect
O39 - APT: - (...) -- C:\Windows\Tasks\atO4Zw5rXevAcaBSBH.job [1026]
O39 - APT: - (...) -- C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job [358] =>PUP.Optional.BidailySync
O39 - APT: - (...) -- C:\Windows\Tasks\cSJgnGXh98hMRjaD4Qhu7.job [1032]
O39 - APT: - (...) -- C:\Windows\Tasks\fiRuxnOSf5XOBqPvh.job [1024]
O39 - APT: - (...) -- C:\Windows\Tasks\fmybgmVJG9gvYuSEew.job [1026]
O39 - APT: - (...) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [982] =>PUP.Optional.GlobalUpdate
O39 - APT: - (...) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job [986] =>PUP.Optional.GlobalUpdate
O39 - APT: - (...) -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-468734458-1884841994-1836443768-1001Core.job [1044]
O39 - APT: - (...) -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-468734458-1884841994-1836443768-1001UA.job [1096]
O39 - APT: - (...) -- C:\Windows\Tasks\LaCmoICEKYr.job [1012]
O39 - APT: - (...) -- C:\Windows\Tasks\s7w3sScfL4tfUF4b1cTgjWIU6.job [1040]
O39 - APT: - (...) -- C:\Windows\Tasks\SoccerGrind.job [372]
O39 - APT: - (...) -- C:\Windows\Tasks\zwAwJbRiIW0KQoZBKcOLwVCYUx.job [1042]
O39 - APT: - (...) -- C:\Windows\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}.job [282]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\2gJNRTD1m6knhqr2d7XwZ5mNBN [4048]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\4pf1TdbUx [4014]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-6 [6146] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-7 [6146] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-10_user [5116] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-3 [7166] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-4 [7166] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-5 [5454] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-5_user [5450] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-6 [8526] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-7 [8190] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-1-6 [5776] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-1-7 [6120] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-10_user [5090] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-4 [7820] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-5 [5428] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-5_user [5424] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-6 [8164] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-7 [8164] =>PUP.Optional.CrossRider
O39 - APT: - (...) -- C:\Windows\System32\Tasks\Adobe Acrobat Update Task [3874]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [3790]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\APSnotifierPP1 [2796] =>PUP.Optional.AnyProtect
O39 - APT: - (...) -- C:\Windows\System32\Tasks\APSnotifierPP2 [2794] =>PUP.Optional.AnyProtect
O39 - APT: - (...) -- C:\Windows\System32\Tasks\APSnotifierPP3 [2794] =>PUP.Optional.AnyProtect
O39 - APT: - (...) -- C:\Windows\System32\Tasks\atO4Zw5rXevAcaBSBH [4032]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\AutoPico Daily Restart [3704] =>PUA.KMSpico
O39 - APT: - (...) -- C:\Windows\System32\Tasks\Bidaily Synchronize Task[8da6] [3244] =>PUP.Optional.BidailySync
O39 - APT: - (...) -- C:\Windows\System32\Tasks\CCleanerSkipUAC [2772]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\cSJgnGXh98hMRjaD4Qhu7 [4038]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-468734458-1884841994-1836443768-1001Core [3444]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-468734458-1884841994-1836443768-1001UA [3794]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\fiRuxnOSf5XOBqPvh [4032]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\fmybgmVJG9gvYuSEew [4034]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [3722] =>PUP.Optional.GlobalUpdate
O39 - APT: - (...) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA [3958] =>PUP.Optional.GlobalUpdate
O39 - APT: - (...) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-468734458-1884841994-1836443768-1001Core [3662]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-468734458-1884841994-1836443768-1001UA [4042]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\Hoeaslnoju [3456]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\klcp_update [3666]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\LaCmoICEKYr [4016]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\s7w3sScfL4tfUF4b1cTgjWIU6 [4046]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task [4034] =>PUP.Optional.SmartWebSearch
O39 - APT: - (...) -- C:\Windows\System32\Tasks\SoccerGrind [3258]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\zwAwJbRiIW0KQoZBKcOLwVCYUx [4048]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\{1D2ED8B5-950D-4DD8-BE18-D38774C0A513} [3152]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\{42504C4D-F411-42EE-BE3B-B67FFBC564B6} [3152]
O39 - APT: - (...) -- C:\Windows\System32\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200} [3128]
---\\ Software instalados (042) (37) - 13s
O42 - Logiciel: Adobe Flash Player 18 NPAPI - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player NPAPI
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Crossbrowse - (.The Crossbrowse Authors.) [HKLM] -- Crossbrowse =>PUP.Optional.CrossBrowse
O42 - Logiciel: FormatFactory 2.60 - (.Free Time.) [HKLM] -- FormatFactory
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI
O42 - Logiciel: HQ-VidPro-2.5cV19.07 - (.HQ-Video2.5dV19.07.) [HKLM] -- HQ-VidPro-2.5cV19.07 =>PUP.Optional.CrossRider
O42 - Logiciel: K-Lite Mega Codec Pack 10.8.0 - (...) [HKLM] -- KLiteCodecPack_is1
O42 - Logiciel: KMSpico v9.0.6.20131120 - (...) [HKLM] -- KMSpico_is1 =>PUA.KMSpico
O42 - Logiciel: Mozilla Firefox 36.0.1 (x86 pt-BR) - (.Mozilla.) [HKLM] -- Mozilla Firefox 36.0.1 (x86 pt-BR)
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] -- MozillaMaintenanceService
O42 - Logiciel: Naviextras Toolbox - (.NNG Llc..) [HKLM] -- Naviextras Toolbox
O42 - Logiciel: PhotoScape - (...) [HKLM] -- PhotoScape
O42 - Logiciel: Picasa 3 - (.Google, Inc..) [HKLM] -- Picasa 3
O42 - Logiciel: Plugin Letras.mus.br 1.30 - (.Letras.mus.br.) [HKLM] -- Plugin Letras.mus.br
O42 - Logiciel: Real Alternative 2.0.2 Lite - (...) [HKLM] -- RealAlt_is1
O42 - Logiciel: Unlocker 1.9.2 - (.Cedrick Collomb.) [HKLM] -- Unlocker
O42 - Logiciel: Winkochan Djmixer-PRO 4.0 - (.Winkochan Sistemas de áudio Ltda..) [HKLM] -- Winkochan DJMIXER-PRO IV - FREEWARE_is1
O42 - Logiciel: Arquivo do WinRAR - (...) [HKLM] -- WinRAR archiver
O42 - Logiciel: Facebook Video Calling 3.1.0.521 - (.Skype Limited.) [HKLM] -- {2091F234-EB58-4B80-8C96-8EB78C808CF7}
O42 - Logiciel: Classic Shell - (.IvoSoft.) [HKLM] -- {4D39908B-D289-43E2-91EA-E2DD35058870}
O42 - Logiciel: Naviextras Toolbox Prerequesities - (.NNG Llc..) [HKLM] -- {537575D6-3B96-474C-BD8F-DFF667363DBD}
O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
O42 - Logiciel: Minhateca.com.br Box - (.Minhateca.com.br.) [HKLM] -- {6A22B145-83AD-4320-946C-73E04E4D3E90}
O42 - Logiciel: The Sims 2 Grandes Negócios Coleção - (.Electronic Arts.) [HKLM] -- {6CB35178-9E25-48fb-9F86-E40ADC7043B6}
O42 - Logiciel: The Sims 2 - (...) [HKLM] -- {6E7DD182-9FC6-4651-0095-2E666CC6AF35}
O42 - Logiciel: The Sims 2 Mundo Universitário Coleção - (.Electronic Arts.) [HKLM] -- {76703039-C98C-4e62-A12C-4D7066BE9985}
O42 - Logiciel: Nero 7 Ultra Edition - (.Nero AG.) [HKLM] -- {98EFD8F0-08DE-48DB-B922-A2EBAB711046}
O42 - Logiciel: globalupdate Helper - (.globalupdate Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>PUP.Optional.GlobalUpdate
O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-0804-1033-1959-001824147215}
O42 - Logiciel: Adobe Reader XI (11.0.11) - Português - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1046-7B44-AB0000000001}
O42 - Logiciel: aTube Catcher versão 3.8 - (.DsNET Corp.) [HKLM] -- {D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Google+ Auto Backup - (.Google, Inc..) [HKCU] -- Google+ Auto Backup
O42 - Logiciel: GUPlayer (remove only) - (...) [HKCU] -- GUPlayer =>PUP.Optional.GUPlayer
O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU] -- uTorrent
---\\ HKCU & HKLM Software Keys (162) - 14s
HKLM\SOFTWARE\38d0e584-8e29-4a19-ad12-0f7fe1d403c7 =>PUP.Optional.CrossRider
HKLM\SOFTWARE\Adobe
HKLM\SOFTWARE\AdwCleaner
HKLM\SOFTWARE\Ahead
HKLM\SOFTWARE\AppDataLow
HKLM\SOFTWARE\ArenaHD =>PUP.Optional.CrossRider
HKLM\SOFTWARE\ATI Technologies
HKLM\SOFTWARE\Audible
HKLM\SOFTWARE\Auslogics
HKLM\SOFTWARE\AviSynth
HKLM\SOFTWARE\Baidu Security
HKLM\SOFTWARE\Baidu_Drp_pos
HKLM\SOFTWARE\BubbleSound =>PUP.Optional.BubbleSound
HKLM\SOFTWARE\Chromium
HKLM\SOFTWARE\COMODO
HKLM\SOFTWARE\ComodoGroup
HKLM\SOFTWARE\Crossbrowse =>PUP.Optional.CrossBrowse
HKLM\SOFTWARE\Disc Soft
HKLM\SOFTWARE\DivXNetworks
HKLM\SOFTWARE\EA GAMES
HKLM\SOFTWARE\Electronic Arts
HKLM\SOFTWARE\EVP
HKLM\SOFTWARE\GlobalUpdate =>PUP.Optional.GlobalUpdate
HKLM\SOFTWARE\GNU
HKLM\SOFTWARE\Google
HKLM\SOFTWARE\GOSafer
HKLM\SOFTWARE\HaaliMkx
HKLM\SOFTWARE\Hewlett-Packard
HKLM\SOFTWARE\HighDefAction =>PUP.Optional.CrossRider
HKLM\SOFTWARE\HQ-VidPro-2.5cV16.07 =>PUP.Optional.CrossRider
HKLM\SOFTWARE\HQ-VidPro-2.5cV16.07-nv =>PUP.Optional.CrossRider
HKLM\SOFTWARE\HQ-VidPro-2.5cV16.07-nv-ie =>PUP.Optional.CrossRider
HKLM\SOFTWARE\HQ-VidPro-2.5cV19.07 =>PUP.Optional.CrossRider
HKLM\SOFTWARE\HQ-VidPro-2.5cV19.07-nv =>PUP.Optional.CrossRider
HKLM\SOFTWARE\HQ-VidPro-2.5cV19.07-nv-ie =>PUP.Optional.CrossRider
HKLM\SOFTWARE\Icaros
HKLM\SOFTWARE\Infonaut_1.10.0.14 =>PUP.Optional.Infonaut
HKLM\SOFTWARE\InstalledBrowserExtensions =>PUP.Optional.BrowserExtensions
HKLM\SOFTWARE\Intel
HKLM\SOFTWARE\istartsurfSoftware =>PUP.Optional.IsStart
HKLM\SOFTWARE\IvoSoft
HKLM\SOFTWARE\KLCodecPack
HKLM\SOFTWARE\LAV
HKLM\SOFTWARE\LogMeInRescueCallingCard
HKLM\SOFTWARE\Macromedia
HKLM\SOFTWARE\Minhateca.com.br Box
HKLM\SOFTWARE\Mooii
HKLM\SOFTWARE\Mozilla
HKLM\SOFTWARE\mozilla.org
HKLM\SOFTWARE\MozillaPlugins
HKLM\SOFTWARE\Naviextras
HKLM\SOFTWARE\Nero
HKLM\SOFTWARE\NetTcpHandler
HKLM\SOFTWARE\NtIObits
HKLM\SOFTWARE\NtSvcHandler
HKLM\SOFTWARE\ODBC
HKLM\SOFTWARE\Opera Software
HKLM\SOFTWARE\Piriform
HKLM\SOFTWARE\Product Deals =>ProductDeals
HKLM\SOFTWARE\ProtectedHp
HKLM\SOFTWARE\raptor
HKLM\SOFTWARE\RealAlternative
HKLM\SOFTWARE\RealNetworks
HKLM\SOFTWARE\Realtek
HKLM\SOFTWARE\Realtek Semiconductor Corp.
HKLM\SOFTWARE\Reg
HKLM\SOFTWARE\RegisteredApplications
HKLM\SOFTWARE\seekmx
HKLM\SOFTWARE\Skype
HKLM\SOFTWARE\SuperClick_1.10.0.16 =>PUP.Optional.SuperClick
HKLM\SOFTWARE\Tutorials =>PUP.Optional.AgenceExclusive
HKLM\SOFTWARE\Volatile
HKLM\SOFTWARE\WinRAR
HKLM\SOFTWARE\WordSurfer_1.10.0.19 =>PUP.Optional.WordSurfer
HKLM\SOFTWARE\YorkNewCin =>PUP.Optional.CrossRider
HKCU\SOFTWARE\2gJNRTD1m6knhqr2d7XwZ5mNBN
HKCU\SOFTWARE\4pf1TdbUx
HKCU\SOFTWARE\Adobe
HKCU\SOFTWARE\Ahead
HKCU\SOFTWARE\AnyProtect =>PUP.Optional.AnyProtect
HKCU\SOFTWARE\AOL
HKCU\SOFTWARE\App Lid-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\AppDataLow
HKCU\SOFTWARE\ArenaHD =>PUP.Optional.CrossRider
HKCU\SOFTWARE\atO4Zw5rXevAcaBSBH
HKCU\SOFTWARE\Baidu Security
HKCU\SOFTWARE\Baixaki
HKCU\SOFTWARE\BitTorrent
HKCU\SOFTWARE\BrowserV17.07-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\BrowserV20.07-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\BrowserV25.06-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\Chromium
HKCU\SOFTWARE\CinemaPlus-3.2cV10.07-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\CinemaPlus-3.2cV25.05-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\CinemaPlus-4.2vV10.07-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\Crossbrowse =>PUP.Optional.CrossBrowse
HKCU\SOFTWARE\Disc Soft
HKCU\SOFTWARE\Facebook
HKCU\SOFTWARE\fiRuxnOSf5XOBqPvh
HKCU\SOFTWARE\fmybgmVJG9gvYuSEew
HKCU\SOFTWARE\FreeTime
HKCU\SOFTWARE\Gabest
HKCU\SOFTWARE\gamesdesktop =>PUP.Optional.GamesDesktop
HKCU\SOFTWARE\Ge-Force-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\globalUpdate =>PUP.Optional.GlobalUpdate
HKCU\SOFTWARE\GNU
HKCU\SOFTWARE\GoHD-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\GoldenGate
HKCU\SOFTWARE\Google
HKCU\SOFTWARE\Haali
HKCU\SOFTWARE\Hewlett-Packard
HKCU\SOFTWARE\HighDefAction =>PUP.Optional.CrossRider
HKCU\SOFTWARE\HQ-Video-Pro-2.1cV24.02-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\HQ-Video-Pro-2.1cV24.05-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\HQ-VidPro-2.5cV16.07-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\HQ-VidPro-2.5cV19.07-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\HQ-VidPro-2.5cV24.06-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\I - Cinema-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\I-Cinema =>PUP.Optional.CrossRider
HKCU\SOFTWARE\Icaros
HKCU\SOFTWARE\IM Providers
HKCU\SOFTWARE\InstallPath
HKCU\SOFTWARE\Intel
HKCU\SOFTWARE\IvoSoft
HKCU\SOFTWARE\LaCmoICEKYr
HKCU\SOFTWARE\Licenses
HKCU\SOFTWARE\Local AppWizard-Generated Applications
HKCU\SOFTWARE\LogMeInRescueCallingCard
HKCU\SOFTWARE\Macromedia
HKCU\SOFTWARE\MakeMSI
HKCU\SOFTWARE\Mooii
HKCU\SOFTWARE\Mozilla
HKCU\SOFTWARE\MozillaPlugins
HKCU\SOFTWARE\MPC-HC
HKCU\SOFTWARE\Naviextras
HKCU\SOFTWARE\Netscape
HKCU\SOFTWARE\OB
HKCU\SOFTWARE\ODBC
HKCU\SOFTWARE\Opera Software
HKCU\SOFTWARE\Piriform
HKCU\SOFTWARE\Product Deals =>ProductDeals
HKCU\SOFTWARE\ProtectedHp
HKCU\SOFTWARE\RealNetworks
HKCU\SOFTWARE\Realtek
HKCU\SOFTWARE\Reg
HKCU\SOFTWARE\RegisteredApplications
HKCU\SOFTWARE\s7w3sScfL4tfUF4b1cTgjWIU6
HKCU\SOFTWARE\SavePass 1.1-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\SecuROM
HKCU\SOFTWARE\Sense-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\Skype
HKCU\SOFTWARE\Trolltech
HKCU\SOFTWARE\tstamptoken =>PUP.Optional.MaxComputerCleaner
HKCU\SOFTWARE\VB and VBA Program Settings
HKCU\SOFTWARE\WebApp
HKCU\SOFTWARE\WinRAR
HKCU\SOFTWARE\WinRAR SFX
HKCU\SOFTWARE\YorkNewCin =>PUP.Optional.CrossRider
HKCU\SOFTWARE\ZebHelpProcess Helper
HKCU\SOFTWARE\AppDataLow\Software
HKCU\SOFTWARE\AppDataLow\Software\Crossrider =>PUP.Optional.CrossRider
HKCU\SOFTWARE\AppDataLow\Software\SmartWeb =>PUP.Optional.SmartWebSearch
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43) (156) - 16s
O43 - CFD: 2015/07/20 21:07:15 - [] D -- C:\Program Files\Adobe
O43 - CFD: 2014/10/21 10:06:09 - [0] SHD -- C:\Program Files\Arquivos Comuns
O43 - CFD: 2014/10/21 12:17:18 - [] D -- C:\Program Files\CCleaner
O43 - CFD: 2014/10/21 10:24:52 - [] D -- C:\Program Files\Classic Shell
O43 - CFD: 2015/07/17 19:30:13 - [] D -- C:\Program Files\Common Files
O43 - CFD: 2015/07/20 21:34:04 - [] D -- C:\Program Files\Crossbrowse =>PUP.Optional.CrossBrowse
O43 - CFD: 2015/03/01 18:50:43 - [] D -- C:\Program Files\DsNET Corp
O43 - CFD: 2014/12/25 18:00:40 - [] D -- C:\Program Files\EA GAMES
O43 - CFD: 2014/10/21 10:35:07 - [] D -- C:\Program Files\FreeTime
O43 - CFD: 2015/04/30 11:32:48 - [] D -- C:\Program Files\Google
O43 - CFD: 2014/10/21 10:32:52 - [] D -- C:\Program Files\GUM1303.tmp
O43 - CFD: 2015/07/09 15:35:33 - [] D -- C:\Program Files\Helpless Club
O43 - CFD: 2015/07/20 21:17:45 - [] D -- C:\Program Files\HQ-VidPro-2.5cV19.07 =>PUP.Optional.CrossRider
O43 - CFD: 2014/12/23 15:02:31 - [] HD -- C:\Program Files\InstallShield Installation Information
O43 - CFD: 2015/07/17 17:57:46 - [] D -- C:\Program Files\Internet Explorer
O43 - CFD: 2014/10/21 12:23:39 - [] D -- C:\Program Files\K-Lite Codec Pack
O43 - CFD: 2014/12/23 14:55:27 - [] D -- C:\Program Files\KMSpico =>PUA.KMSpico
O43 - CFD: 2014/10/21 10:51:51 - [] D -- C:\Program Files\Microsoft Analysis Services
O43 - CFD: 2014/10/21 10:53:04 - [] D -- C:\Program Files\Microsoft Office
O43 - CFD: 2014/10/21 10:53:02 - [] D -- C:\Program Files\Microsoft Sync Framework
O43 - CFD: 2014/10/21 10:52:20 - [] D -- C:\Program Files\Microsoft Visual Studio 8
O43 - CFD: 2014/10/21 10:53:02 - [] D -- C:\Program Files\Microsoft.NET
O43 - CFD: 2015/04/01 17:55:30 - [] D -- C:\Program Files\Minhateca.com.br Box
O43 - CFD: 2015/03/09 18:04:03 - [] D -- C:\Program Files\MiniGet
O43 - CFD: 2015/07/17 22:11:08 - [] D -- C:\Program Files\Mozilla Firefox
O43 - CFD: 2015/04/30 10:51:03 - [] D -- C:\Program Files\Mozilla Maintenance Service
O43 - CFD: 2015/07/17 19:32:44 - [] D -- C:\Program Files\MSBuild
O43 - CFD: 2015/03/16 13:52:42 - [] D -- C:\Program Files\Naviextras
O43 - CFD: 2014/10/21 11:09:02 - [] D -- C:\Program Files\Nero
O43 - CFD: 2015/02/24 16:42:21 - [] D -- C:\Program Files\Opera
O43 - CFD: 2015/02/24 15:58:01 - [] D -- C:\Program Files\OperaHelper
O43 - CFD: 2014/10/21 10:37:44 - [] D -- C:\Program Files\PhotoScape
O43 - CFD: 2014/10/21 12:10:38 - [] D -- C:\Program Files\PluginLetras
O43 - CFD: 2014/10/21 10:37:16 - [] D -- C:\Program Files\Real Alternative
O43 - CFD: 2014/10/21 13:18:00 - [] D -- C:\Program Files\Realtek
O43 - CFD: 2015/05/16 22:22:00 - [0] D -- C:\Program Files\Recuva
O43 - CFD: 2015/05/25 10:24:17 - [] D -- C:\Program Files\Reference Assemblies
O43 - CFD: 2015/03/16 13:48:17 - [] D -- C:\Program Files\SaveSys
O43 - CFD: 2015/07/08 21:36:06 - [] D -- C:\Program Files\Spotless Valuable
O43 - CFD: 2012/07/26 03:04:59 - [0] HD -- C:\Program Files\Uninstall Information
O43 - CFD: 2015/07/14 18:50:02 - [] D -- C:\Program Files\Unlocker
O43 - CFD: 2015/04/01 10:54:33 - [] D -- C:\Program Files\Windows Defender
O43 - CFD: 2015/05/16 22:19:45 - [] D -- C:\Program Files\Windows Journal
O43 - CFD: 2012/07/26 05:53:52 - [] D -- C:\Program Files\Windows Mail
O43 - CFD: 2014/10/29 17:47:08 - [] D -- C:\Program Files\Windows Media Player
O43 - CFD: 2012/07/26 03:53:56 - [] D -- C:\Program Files\Windows Multimedia Platform
O43 - CFD: 2014/10/21 10:06:09 - [] D -- C:\Program Files\Windows NT
O43 - CFD: 2014/10/26 19:15:25 - [] D -- C:\Program Files\Windows Photo Viewer
O43 - CFD: 2012/07/26 03:53:56 - [] D -- C:\Program Files\Windows Portable Devices
O43 - CFD: 2012/07/26 03:53:43 - [] SHD -- C:\Program Files\Windows Sidebar
O43 - CFD: 2015/07/17 00:34:13 - [] HD -- C:\Program Files\WindowsApps
O43 - CFD: 2014/10/21 12:10:14 - [] D -- C:\Program Files\WinRAR
O43 - CFD: 2012/07/26 03:53:44 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
O43 - CFD: 2014/10/26 19:15:31 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 2014/11/01 22:32:38 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 2015/04/07 10:32:03 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
O43 - CFD: 2014/10/21 10:18:59 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
O43 - CFD: 2014/10/21 10:24:52 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
O43 - CFD: 2014/12/25 18:04:53 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
O43 - CFD: 2014/10/24 18:34:20 - [0] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
O43 - CFD: 2015/07/11 18:57:06 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
O43 - CFD: 2014/10/21 12:23:45 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
O43 - CFD: 2012/07/26 03:53:44 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 2015/07/17 19:29:49 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
O43 - CFD: 2015/04/01 17:55:31 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minhateca.com.br
O43 - CFD: 2014/10/21 11:11:09 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition
O43 - CFD: 2014/10/21 10:37:44 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
O43 - CFD: 2015/04/01 10:54:11 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
O43 - CFD: 2014/10/21 10:37:16 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Alternative
O43 - CFD: 2015/07/17 19:29:48 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
O43 - CFD: 2014/12/25 18:00:30 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
O43 - CFD: 2014/11/01 22:32:27 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
O43 - CFD: 2012/07/26 05:57:57 - [0] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 2014/10/21 10:29:05 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
O43 - CFD: 2015/07/16 15:39:35 - [] D -- C:\ProgramData\8502260805179791820
O43 - CFD: 2015/03/16 13:49:35 - [] D -- C:\ProgramData\Adobe
O43 - CFD: 2014/10/21 11:10:36 - [] D -- C:\ProgramData\Ahead
O43 - CFD: 2012/07/26 03:04:44 - [0] SHD -- C:\ProgramData\Application Data
O43 - CFD: 2015/07/20 19:29:02 - [] D -- C:\ProgramData\AppMgr1.66.6715824
O43 - CFD: 2014/10/21 12:16:58 - [] D -- C:\ProgramData\Auslogics
O43 - CFD: 2015/01/05 09:50:29 - [] D -- C:\ProgramData\Baidu Security
O43 - CFD: 2014/10/21 10:06:09 - [0] SHD -- C:\ProgramData\Dados de Aplicativos
O43 - CFD: 2014/10/21 11:01:39 - [0] D -- C:\ProgramData\DAEMON Tools Lite
O43 - CFD: 2012/07/26 03:04:44 - [0] SHD -- C:\ProgramData\Desktop
O43 - CFD: 2014/10/21 10:06:08 - [0] SHD -- C:\ProgramData\Documentos
O43 - CFD: 2012/07/26 03:04:44 - [0] SHD -- C:\ProgramData\Documents
O43 - CFD: 2014/10/21 15:38:21 - [] D -- C:\ProgramData\Hewlett-Packard
O43 - CFD: 2015/07/20 20:22:33 - [] D -- C:\ProgramData\Hoeaslnoju
O43 - CFD: 2014/10/21 10:06:09 - [0] SHD -- C:\ProgramData\Menu Iniciar
O43 - CFD: 2015/06/03 16:40:46 - [] SD -- C:\ProgramData\Microsoft
O43 - CFD: 2015/07/20 12:13:32 - [] D -- C:\ProgramData\Microsoft Help
O43 - CFD: 2014/10/21 10:06:09 - [0] SHD -- C:\ProgramData\Modelos
O43 - CFD: 2014/10/21 10:33:58 - [] D -- C:\ProgramData\Mozilla
O43 - CFD: 2014/10/21 11:09:02 - [] D -- C:\ProgramData\Nero
O43 - CFD: 2014/10/21 11:16:19 - [] D -- C:\ProgramData\PRICache
O43 - CFD: 2012/07/26 05:57:57 - [] D -- C:\ProgramData\regid.1991-06.com.microsoft
O43 - CFD: 2015/05/28 10:02:16 - [] D -- C:\ProgramData\Rlutoacaiinoo
O43 - CFD: 2014/12/07 21:34:58 - [] D -- C:\ProgramData\Skype
O43 - CFD: 2012/07/26 03:04:44 - [0] SHD -- C:\ProgramData\Start Menu
O43 - CFD: 2012/07/26 03:04:44 - [0] SHD -- C:\ProgramData\Templates
O43 - CFD: 2015/07/20 21:00:19 - [] D -- C:\ProgramData\ToolsUpdatePlatform
O43 - CFD: 2015/07/16 15:34:35 - [] D -- C:\ProgramData\{2eba7930-dd82-a6ce-2eba-a7930dd8e4c3}
O43 - CFD: 2015/07/02 15:34:19 - [] D -- C:\ProgramData\{e8b0b77e-0f29-17b4-e8b0-0b77e0f2ddf8}
O43 - CFD: 2015/02/24 22:04:54 - [] D -- C:\Program Files\Common Files\Adobe
O43 - CFD: 2014/10/21 11:10:19 - [] D -- C:\Program Files\Common Files\Ahead
O43 - CFD: 2015/07/17 19:30:13 - [] D -- C:\Program Files\Common Files\DESIGNER
O43 - CFD: 2014/10/21 13:17:54 - [] D -- C:\Program Files\Common Files\InstallShield
O43 - CFD: 2015/07/17 19:34:46 - [] D -- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 2012/07/26 03:53:56 - [] D -- C:\Program Files\Common Files\Services
O43 - CFD: 2014/10/21 10:06:09 - [0] SHD -- C:\Program Files\Common Files\Sistema
O43 - CFD: 2015/07/17 19:04:07 - [] D -- C:\Program Files\Common Files\System
O43 - CFD: 2015/05/20 09:30:56 - [] D -- C:\Users\Odair\AppData\Roaming\Adobe
O43 - CFD: 2014/10/21 11:10:49 - [] D -- C:\Users\Odair\AppData\Roaming\Ahead
O43 - CFD: 2015/07/20 11:04:33 - [] SHD -- C:\Users\Odair\AppData\Roaming\AnyProtectEx =>PUP.Optional.AnyProtect
O43 - CFD: 2015/02/24 15:28:54 - [] D -- C:\Users\Odair\AppData\Roaming\FFFFFFFF-1424791665-FFFF-FFFF-FFFFFFFFFFFF
O43 - CFD: 2015/02/24 15:41:14 - [] HD -- C:\Users\Odair\AppData\Roaming\GoldenGate
O43 - CFD: 2014/12/23 14:59:11 - [] D -- C:\Users\Odair\AppData\Roaming\IGC
O43 - CFD: 2014/12/23 16:34:33 - [0] D -- C:\Users\Odair\AppData\Roaming\IrfanView
O43 - CFD: 2014/10/21 12:12:28 - [] D -- C:\Users\Odair\AppData\Roaming\Macromedia
O43 - CFD: 2015/07/20 21:04:05 - [] SD -- C:\Users\Odair\AppData\Roaming\Microsoft
O43 - CFD: 2015/03/09 17:52:09 - [] D -- C:\Users\Odair\AppData\Roaming\MiniGet
O43 - CFD: 2014/10/21 11:54:19 - [] D -- C:\Users\Odair\AppData\Roaming\Mozilla
O43 - CFD: 2014/10/21 12:24:26 - [] D -- C:\Users\Odair\AppData\Roaming\MPC-HC
O43 - CFD: 2015/03/16 13:55:54 - [] D -- C:\Users\Odair\AppData\Roaming\naviextras
O43 - CFD: 2015/07/11 18:39:48 - [] D -- C:\Users\Odair\AppData\Roaming\NetService
O43 - CFD: 2015/02/24 15:57:37 - [] D -- C:\Users\Odair\AppData\Roaming\Opera Software
O43 - CFD: 2015/07/14 18:47:02 - [] D -- C:\Users\Odair\AppData\Roaming\RunDir
O43 - CFD: 2015/06/03 15:34:10 - [0] D -- C:\Users\Odair\AppData\Roaming\searchult
O43 - CFD: 2014/10/21 10:43:52 - [] D -- C:\Users\Odair\AppData\Roaming\Skype
O43 - CFD: 2015/07/18 23:21:06 - [] D -- C:\Users\Odair\AppData\Roaming\UG
O43 - CFD: 2015/06/03 16:34:22 - [] D -- C:\Users\Odair\AppData\Roaming\uTorrent
O43 - CFD: 2014/10/21 12:08:28 - [0] D -- C:\Users\Odair\AppData\Roaming\WinRAR
O43 - CFD: 2015/07/20 21:43:49 - [] D -- C:\Users\Odair\AppData\Roaming\ZHP
O43 - CFD: 2015/07/20 21:03:32 - [] D -- C:\Users\Odair\AppData\Local\Adobe
O43 - CFD: 2015/07/20 21:11:19 - [] D -- C:\Users\Odair\AppData\Local\Ahead
O43 - CFD: 2015/07/18 15:16:10 - [] D -- C:\Users\Odair\AppData\Local\Crossbrowse =>PUP.Optional.CrossBrowse
O43 - CFD: 2015/07/20 20:30:48 - [] D -- C:\Users\Odair\AppData\Local\globalUpdate =>PUP.Optional.GlobalUpdate
O43 - CFD: 2015/07/20 20:26:41 - [] D -- C:\Users\Odair\AppData\Local\Google
O43 - CFD: 2015/07/20 21:08:40 - [] D -- C:\Users\Odair\AppData\Local\Microsoft
O43 - CFD: 2015/07/20 20:27:14 - [] D -- C:\Users\Odair\AppData\Local\Packages
O43 - CFD: 2015/07/20 21:08:06 - [] D -- C:\Users\Odair\AppData\Local\Programs
O43 - CFD: 2015/07/20 20:27:15 - [] D -- C:\Users\Odair\AppData\Local\SmartWeb =>PUP.Optional.SmartWebSearch
O43 - CFD: 2015/07/20 21:44:06 - [] D -- C:\Users\Odair\AppData\Local\Temp
O43 - CFD: 2015/07/20 21:03:16 - [0] D -- C:\Users\Odair\AppData\Local\VirtualStore
O43 - CFD: 2012/07/26 03:53:44 - [] RD -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
O43 - CFD: 2012/07/26 03:53:43 - [] RD -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 2015/03/23 14:53:24 - [] RD -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 2014/10/21 10:35:30 - [] D -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
O43 - CFD: 2014/10/21 20:44:25 - [] D -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
O43 - CFD: 2015/07/20 21:13:34 - [] D -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer =>PUP.Optional.GUPlayer
O43 - CFD: 2012/07/26 03:53:44 - [] D -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 2015/03/16 13:52:58 - [] D -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Naviextras
O43 - CFD: 2015/07/20 21:43:44 - [] RD -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 2012/07/26 03:53:43 - [] RD -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
O43 - CFD: 2015/06/03 14:58:45 - [] D -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
O43 - CFD: 2014/10/21 10:29:05 - [] D -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
---\\ Últimos arquivos criados no Windows Prefetcher (045) (30) - 120s
O45 - LFCP:[MD5.D7672E4C99C0DAFC82A2C1A4F68C33BF] 2015/07/20 20:17:58 A -- C:\Windows\Prefetch\3DBUBBLESOUND.EXE-1ABDC950.pf =>PUP.Optional.BubbleSound
O45 - LFCP:[MD5.9E7369E270B7D36AEFA6DF6E60080C9C] 2015/07/20 20:44:02 A -- C:\Windows\Prefetch\ANYPROTECT.EXE-A6F01169.pf =>PUP.Optional.AnyProtect
O45 - LFCP:[MD5.B0AA55BED8EF7F0F75832089D538DCB6] 2015/07/20 21:04:16 A -- C:\Windows\Prefetch\CROSSBROWSE.EXE-F6F882CE.pf =>PUP.Optional.CrossBrowse
O45 - LFCP:[MD5.42DA6B5D27C52E8E477B54CB27F6CE94] 2015/07/20 20:16:04 A -- C:\Windows\Prefetch\DESKTOPSEARCH_SOFT_PARTNER.EX-4FC46A60.pf =>PUP.Optional.DesktopSearch
O45 - LFCP:[MD5.CC0D39AD87CCB7887185D7B1CDCB8A98] 2015/07/17 18:08:42 A -- C:\Windows\Prefetch\GAMESDESKTOP.TMP-97BB6E03.pf =>PUP.Optional.GamesDesktop
O45 - LFCP:[MD5.6756AA81F930D80B1B0A19B8A311C093] 2015/07/20 21:16:41 A -- C:\Windows\Prefetch\GLOBALUPDATE.EXE-0DB303A0.pf =>PUP.Optional.GlobalUpdate
O45 - LFCP:[MD5.E1F1F50666BFDBEBB1BEAFD927855C47] 2015/07/17 19:52:46 A -- C:\Windows\Prefetch\GLOBALUPDATE.EXE-4D9FC7B8.pf =>PUP.Optional.GlobalUpdate
O45 - LFCP:[MD5.F09FCE3121A932FA7F7FB5E5014E1DB3] 2015/07/20 20:30:57 A -- C:\Windows\Prefetch\GLOBALUPDATE.EXE-71FDB23E.pf =>PUP.Optional.GlobalUpdate
O45 - LFCP:[MD5.965F863B3C99932DCE14359E7E090162] 2015/07/20 21:16:33 A -- C:\Windows\Prefetch\GLOBALUPDATE.EXE-B66D5BF9.pf =>PUP.Optional.GlobalUpdate
O45 - LFCP:[MD5.A865120B7A683C0E9DF0FA582563F88E] 2015/07/20 20:21:43 A -- C:\Windows\Prefetch\GLOBALUPDATE.EXE-CD2F91D1.pf =>PUP.Optional.GlobalUpdate
O45 - LFCP:[MD5.D98CEF8653A0541AF9DEED8BBF298B54] 2015/07/20 21:06:20 A -- C:\Windows\Prefetch\GLOBALUPDATECRASHHANDLER.EXE-C9210A99.pf =>PUP.Optional.GlobalUpdate
O45 - LFCP:[MD5.FDBD68C716C4C4CE121CA2CF2F152DB9] 2015/07/20 20:13:49 A -- C:\Windows\Prefetch\PACKAGE_BUBBLESOUND_INSTALLER-2E7842F8.pf =>PUP.Optional.BubbleSound
O45 - LFCP:[MD5.E51D4066227ED9E438C29677B683A38D] 2015/07/20 20:13:52 A -- C:\Windows\Prefetch\PACKAGE_BUBBLESOUND_INSTALLER-4FA350A7.pf =>PUP.Optional.BubbleSound
O45 - LFCP:[MD5.BB45AC9432CF0570D1DF34D91D837575] 2015/07/20 20:12:49 A -- C:\Windows\Prefetch\PACKAGE_PCROSSBROWSER_INSTALL-339B90D5.pf =>PUP.Optional.CrossBrowser
O45 - LFCP:[MD5.48E3C39FAEC77E958B2483FD2BEF35F5] 2015/07/20 20:12:50 A -- C:\Windows\Prefetch\PACKAGE_PCROSSBROWSER_INSTALL-7A7A8F3E.pf =>PUP.Optional.CrossBrowser
O45 - LFCP:[MD5.5278FCDF857BD0F46E2087C757B6E9A1] 2015/07/11 18:47:14 A -- C:\Windows\Prefetch\PACKAGE_PCROSSBROWSER_INSTALL-CA7897B4.pf =>PUP.Optional.CrossBrowser
O45 - LFCP:[MD5.949BE26C5389214B393F4FF5C9047855] 2015/07/17 17:24:31 A -- C:\Windows\Prefetch\PACKAGE_PCROSSBROWSER_INSTALL-D7E7BC33.pf =>PUP.Optional.CrossBrowser
O45 - LFCP:[MD5.A13372362E6561B16209FACE6749927B] 2015/07/17 17:47:21 A -- C:\Windows\Prefetch\PACKAGE_SPACESOUNDPRO_INSTALL-E1D2F33A.pf =>PUP.Optional.SpaceSondPro
O45 - LFCP:[MD5.7ADC3C0323E614E14A5E1E1BC7CF2E80] 2015/07/20 20:16:21 A -- C:\Windows\Prefetch\PCROSSBROWSER_SOFT_PARTNER.EX-46399A3D.pf =>PUP.Optional.CrossBrowser
O45 - LFCP:[MD5.FE4743F3C8A012534C71ECE294ADCB7E] 2015/07/20 11:16:15 A -- C:\Windows\Prefetch\PREDM.EXE-8A61870C.pf =>PUP.Optional.Downware
O45 - LFCP:[MD5.8481072861FE39203EE72DB0929454A8] 2015/07/20 21:08:22 A -- C:\Windows\Prefetch\PREDM.EXE-AEC52FA2.pf =>PUP.Optional.Downware
O45 - LFCP:[MD5.E1EB25477CF5EDBC0AE574ACEA1BFBB1] 2015/07/11 10:46:57 A -- C:\Windows\Prefetch\PREDM.TMP-540339AA.pf =>PUP.Optional.Downware
O45 - LFCP:[MD5.09984D15FBC947EAFB7B74752A6372A7] 2015/07/17 19:43:36 A -- C:\Windows\Prefetch\PREDM.TMP-55860D93.pf =>PUP.Optional.Downware
O45 - LFCP:[MD5.54AEB8AEE118FA23B7AF996E0463F6B4] 2015/07/20 21:08:22 A -- C:\Windows\Prefetch\PREDM.TMP-9A98624C.pf =>PUP.Optional.Downware
O45 - LFCP:[MD5.7A12A2D34024A6F2C393824ED5600083] 2015/07/11 18:57:32 A -- C:\Windows\Prefetch\PREDM.TMP-BE0B9E15.pf =>PUP.Optional.Downware
O45 - LFCP:[MD5.DA42F754709C4B84407641611BAC9DB2] 2015/07/17 17:45:20 A -- C:\Windows\Prefetch\PREDM.TMP-C18828B4.pf =>PUP.Optional.Downware
O45 - LFCP:[MD5.59D009D29BBE933769E2489B91B1D694] 2015/07/20 11:16:18 A -- C:\Windows\Prefetch\PREDM.TMP-DEFDB9E3.pf =>PUP.Optional.Downware
O45 - LFCP:[MD5.D468A410C96392BAC028F9FB3028E8B5] 2015/07/20 21:38:06 A -- C:\Windows\Prefetch\SMARTWEBAPP.EXE-789679B5.pf =>PUP.Optional.SmartWebSearch
O45 - LFCP:[MD5.580E13E0B50D9EF48D8F71102D33E06D] 2015/07/20 21:04:05 A -- C:\Windows\Prefetch\SMARTWEBHELPER.EXE-EBECEAF8.pf =>PUP.Optional.SmartWebSearch
O45 - LFCP:[MD5.FF68900AD76CCF60DF76B2D754E2AB0D] 2015/07/20 20:57:57 A -- C:\Windows\Prefetch\WORDSURFERAUTOUPDATECLIENT.EX-7802AD0F.pf =>PUP.Optional.WordSurfer
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53) (1) - 1s
O53 - SMSR:HKLM\...\startupreg\UnlockerAssistant [Key] . (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe
---\\ Lista dos drivers do sistema (SDL) (O58) (51) - 92s
O58 - SDL:2012/07/26 00:42:31 A . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\drivers\3ware.sys [85232]
O58 - SDL:2012/07/26 00:42:31 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\drivers\adp94xx.sys [424176]
O58 - SDL:2012/07/26 00:42:31 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\drivers\adpahci.sys [298736]
O58 - SDL:2012/07/26 00:42:31 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\System32\drivers\adpu320.sys [147696]
O58 - SDL:2012/07/26 00:42:31 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys [67312]
O58 - SDL:2012/07/26 00:42:31 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys [213744]
O58 - SDL:2012/07/26 00:42:31 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys [22256]
O58 - SDL:2012/07/26 00:42:30 A . (.PMC-Sierra, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\drivers\arc.sys [91888]
O58 - SDL:2012/07/26 00:42:30 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys [94448]
O58 - SDL:2012/10/19 03:52:30 A . (.Windows (R) Win 7 DDK provider - IEEE-1284.4-1999 Driver.) -- C:\Windows\System32\drivers\Dot4.sys [137632]
O58 - SDL:2012/10/19 03:52:32 A . (.Windows (R) Win 7 DDK provider - IEEE-1284.4 Print Class Driver.) -- C:\Windows\System32\drivers\Dot4Prt.sys [22432]
O58 - SDL:2015/01/19 10:00:08 A . (.Windows (R) Win 7 DDK provider - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\drivers\gosaferdrv.sys [45360]
O58 - SDL:2012/07/26 00:42:33 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys [56048]
O58 - SDL:2012/07/26 00:42:33 A . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\drivers\iaStorV.sys [333552]
O58 - SDL:2009/09/23 11:18:14 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\drivers\igdkmd32.sys [4808192]
O58 - SDL:2012/07/26 00:42:33 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\drivers\iirsp.sys [42224]
O58 - SDL:2012/07/26 00:42:33 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys [93424]
O58 - SDL:2012/07/26 00:42:33 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys [78576]
O58 - SDL:2012/07/26 00:42:33 A . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_scsi.sys [100592]
O58 - SDL:2012/07/26 00:42:33 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sss.sys [68848]
O58 - SDL:2012/07/26 00:42:33 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys [45296]
O58 - SDL:2012/07/26 00:42:15 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\MegaSR.sys [283888]
O58 - SDL:2012/07/26 00:42:15 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) -- C:\Windows\System32\drivers\mvumis.sys [59120]
O58 - SDL:2012/07/26 00:42:15 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\drivers\nfrd960.sys [45808]
O58 - SDL:2012/07/26 00:42:15 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [120048]
O58 - SDL:2012/07/26 00:42:15 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [141552]
O58 - SDL:2012/07/25 19:49:40 A . (.Realtek - Driver Realtek 8101E/8168/8169 NDIS 6.30 de.) -- C:\Windows\System32\drivers\Rt630x86.sys [495104]
O58 - SDL:2007/04/10 18:04:40 RA . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\Windows\System32\drivers\RtkHDAud.sys [4397568]
O58 - SDL:2012/07/26 03:52:42 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys [20480]
O58 - SDL:2012/07/26 00:42:15 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys [41200]
O58 - SDL:2012/07/26 00:42:16 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys [79088]
O58 - SDL:2012/07/26 00:42:15 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) -- C:\Windows\System32\drivers\stexstor.sys [26352]
O58 - SDL:2012/07/26 00:42:18 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys [18160]
O58 - SDL:2012/07/26 00:42:19 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\drivers\vsmraid.sys [155376]
O58 - SDL:2012/07/26 00:42:19 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) -- C:\Windows\System32\drivers\VSTXRAID.SYS [285424]
O58 - SDL:2014/12/23 05:23:14 A . (.StdLib - StdLib.) -- C:\Windows\System32\drivers\{8aefbcaf-640f-4dca-9a92-ed05ee387238}Gw.sys [43144] =>PUP.Optional.LinkiDoo
O58 - SDL:2012/07/25 19:52:51 A . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:2012/07/25 19:52:51 A . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:2012/07/25 19:52:51 A . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:2012/07/25 19:52:52 A . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:2012/07/25 19:52:52 A . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:2012/07/25 19:52:54 A . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:2012/07/25 19:52:54 A . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:2012/07/25 19:52:54 A . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:2012/07/25 19:52:54 A . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:2012/07/25 19:52:54 A . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:2012/07/25 19:52:51 A . (...) -- C:\Windows\System32\NTIO.SYS [33968]
O58 - SDL:2012/07/25 19:52:51 A . (...) -- C:\Windows\System32\NTIO404.SYS [34688]
O58 - SDL:2012/07/25 19:52:51 A . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:2012/07/25 19:52:51 A . (...) -- C:\Windows\System32\NTIO412.SYS [35552]
O58 - SDL:2012/07/25 19:52:51 A . (...) -- C:\Windows\System32\NTIO804.SYS [34688]
---\\ Últimos ficheiros alterados ou criados (Utilizador) (061) (4) - 105s
O61 - LFC: 2015/07/20 11:50:17 A . (..) -- C:\Users\Odair\AppData\Roaming\appdataFr25.bin [24]
O61 - LFC: 2015/07/13 23:42:42 A . (..) -- C:\Users\Odair\AppData\Roaming\RunDir\bn1.exe [578008]
O61 - LFC: 2015/07/13 23:42:42 A . (..) -- C:\Users\Odair\AppData\Roaming\RunDir\temp\bn1.exe [578008]
O61 - LFC: 2015/07/20 21:03:08 A . (..) -- C:\Users\Odair\AppData\Local\Microsoft\Windows\1046\StructuredQuerySchema.bin [339857]
---\\ Associações Shell Spawning (O67) (1) - 1s
O67 - Shell Spawning: <.evt>
---\\ Menu de inicialização Internet (068) (12) - 1s
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069) (24) - 31s
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("browser.search.searchengine.alias", "istartsurf"); =>PUP.Optional.IsStart
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine"); =>PUP.Optional.SearchEngine
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("browser.search.searchengine.iconURL", "http://www.istartsurf.com/favicon.ico"); =>PUP.Optional.IsStart
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("browser.search.searchengine.name", "istartsurf"); =>PUP.Optional.IsStart
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("browser.search.searchengine.ptid", "face"); =>PUP.Optional.SearchEngine
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("browser.search.searchengine.uid", "SAMSUNGXHD161GJ_S1ZWJ50Z128305"); =>PUP.Optional.SearchEngine
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("browser.search.searchengine.url", "http://www.istartsurf.com/web/?type=ds&ts=1437270335&z=4772a9c738417152e95d4f8gbz4ce[...] =>PUP.Optional.IsStart
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb [...] =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri [...] =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_bundledWithHash.value", "null"); =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri F[...] =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D"); =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_regBundledWithSoftware.expiration"[...] =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7[...] =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.ae2b0dff561784e3db84ed9e2815a71a2f5d474691ed6bbee47c02com69129.69129.description", "Ge-Force"); =>PUP.Optional.CrossRider
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.ae2b0dff561784e3db84ed9e2815a71a2f5d474691ed6bbee47c02com69129.69129.internaldb.monetization_plugin_bundledU[...] =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.ae2b0dff561784e3db84ed9e2815a71a2f5d474691ed6bbee47c02com69129.69129.internaldb.monetization_plugin_bundledW[...] =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.ae2b0dff561784e3db84ed9e2815a71a2f5d474691ed6bbee47c02com69129.69129.internaldb.monetization_plugin_notBundl[...] =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.ae2b0dff561784e3db84ed9e2815a71a2f5d474691ed6bbee47c02com69129.69129.internaldb.monetization_plugin_regBundl[...] =>PUP.Optional.Monetization
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.ae2b0dff561784e3db84ed9e2815a71a2f5d474691ed6bbee47c02com69129.69129.name", "Ge-Forces 1.1"); =>PUP.Optional.CrossRider
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.ae2b0dff561784e3db84ed9e2815a71a2f5d474691ed6bbee47c02com69129.69129.publisher", "iWebar"); =>PUP.Optional.CrossRider
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.enabledAddons", "deskCutv2%40gmail.com:0.0.10,defsearchp%40gmail.com:1.0.0.1039,sweetsearch%40gmail.com:1.0.[...] =>PUP.Optional.DeskCut
O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("browser.startup.homepage", "http://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&fr=EUsc4l0yRP999idrAAps6xFMHedVIAm3Mg%3[...] =>PUP.Optional.Browser
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/
---\\ Listagem dos serviços iniciados pelo Svchost (SSS) (O83) (35) - 9s
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Serviço de Experiência com Aplicativo.) -- C:\Windows\System32\aelupsvc.dll [168960]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Car.) -- C:\Windows\System32\certprop.dll [115200]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Car.) -- C:\Windows\System32\certprop.dll [115200]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll [236544]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Cliente da Política de Grupo.) -- C:\Windows\System32\gpsvc.dll [1285632]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\System32\IKEEXT.DLL [683520]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gerenciador de Discagem Automática de Acess.) -- C:\Windows\System32\rasauto.dll [87552]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\System32\rasmans.dll [302080]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gerenciador de Interface Dinâmica.) -- C:\Windows\System32\mprdim.dll [81920]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistem.) -- C:\Windows\System32\Sens.dll [49152]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\System32\ipnathlp.dll [392192]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft(R) Windo.) -- C:\Windows\System32\tapisrv.dll [245760]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [2601472]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de tel.) -- C:\Windows\System32\qmgr.dll [630272]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\System32\shsvcs.dll [506368]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 em u.) -- C:\Windows\System32\iphlpsvc.dll [741376]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\Windows\System32\seclogon.dll [20992]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações de Aplicativos.) -- C:\Windows\System32\appinfo.dll [52224]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Descoberta iSCSI.) -- C:\Windows\System32\iscsiexe.dll [115200]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Serviço Microsoft EAPHost.) -- C:\Windows\System32\eapsvc.dll [89088]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll [944640]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [166400]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Serviço Agendador de Classes de Multimídia.) -- C:\Windows\System32\mmcss.dll [60928]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\System32\browser.dll [105472]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [170496]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração da Área de Trabalho.) -- C:\Windows\System32\SessEnv.dll [249344]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\System32\wercplsupport.dll [59392]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\Windows\System32\KMSVC.DLL [73216]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\System32\themeservice.dll [33280]
O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Serviço Conta da Microsoft®.) -- C:\Windows\System32\wlidsvc.dll [1532928]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Serviço BDE.) -- C:\Windows\System32\bdesvc.dll [154112]
O83 - Search Svchost Services: SystemEventsBroker (SystemEventsBroker) . (.Microsoft Corporation - Agente de Eventos do Sistema.) -- C:\Windows\System32\SystemEventsBrokerServer.dll [117760]
O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Gerenciador de Instalação de Dispositivo.) -- C:\Windows\System32\DeviceSetupManager.dll [161792]
O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Serviço Assistente de Conectividade de Rede.) -- C:\Windows\System32\NcaSvc.dll [138752]
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Serviço de instalação do software.) -- C:\Windows\System32\appmgmts.dll [152064]
---\\ Lista das exceções do FireWall (FirewallRules) (O87) (10) - 8s
O87 - FAEL: "{F2CAE05A-579A-419D-B1D8-260667188D63}" [In-None-P6-TRUE] .(. - AutoPico.) -- C:\Program Files\KMSpico\AutoPico.exe =>PUA.KMSpico
O87 - FAEL: "{DFA214DC-2D67-4C58-951F-A33CB1DFABE9}" [In-None-P17-TRUE] .(. - AutoPico.) -- C:\Program Files\KMSpico\AutoPico.exe =>PUA.KMSpico
O87 - FAEL: "{D6F56D50-B685-4938-9C1E-96078F319280}" [In-None-P6-TRUE] .(. - Service_KMS.) -- C:\Program Files\KMSpico\Service_KMS.exe =>PUA.KMSpico
O87 - FAEL: "{59F68C6E-EDED-4EF9-A33D-E2D65E2E7AD3}" [In-None-P17-TRUE] .(. - Service_KMS.) -- C:\Program Files\KMSpico\Service_KMS.exe =>PUA.KMSpico
O87 - FAEL: "{12F4CBF9-5B21-4B70-93DA-6C49BF51B497}" [In-None-P6-TRUE] .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Odair\AppData\Roaming\uTorrent\uTorrent.exe
O87 - FAEL: "{78893C2E-C6F1-48FC-A29D-5B4D9A58881D}" [In-None-P17-TRUE] .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Odair\AppData\Roaming\uTorrent\uTorrent.exe
O87 - FAEL: "{89570795-B45A-4112-88A7-35FEE8EF9E52}" [In-None-P6-TRUE] .(. - Service_KMS.) -- C:\Program Files\KMSpico\Service_KMS.exe =>PUA.KMSpico
O87 - FAEL: "{CBF2B70A-0A9E-42EF-88A0-9525E6DCBB71}" [In-None-P17-TRUE] .(. - Service_KMS.) -- C:\Program Files\KMSpico\Service_KMS.exe =>PUA.KMSpico
O87 - FAEL: "{A8600965-2B0D-459D-B00B-794B4716DE6D}" [In-None-P6-TRUE] .(. - AutoPico.) -- C:\Program Files\KMSpico\AutoPico.exe =>PUA.KMSpico
O87 - FAEL: "{E0E20DBC-65A2-472A-9ABF-9098BABB8D18}" [In-None-P17-TRUE] .(. - AutoPico.) -- C:\Program Files\KMSpico\AutoPico.exe =>PUA.KMSpico
---\\ Listagem dos códigos dos software (PUC) (090) (1) - 2s
O90 - PUC: "93BAD29AC2E44034A96BCB446EB8552E" . (.globalupdate Helper.) =>PUP.Optional.GlobalUpdate
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS) (1) - 2s
[MD5.] [WIS][2015/07/17 17:48:02] (.globalupdate - Windows Installer XML Toolset (3.9.1208.0).) -- C:\Windows\Installer\58dfcc6.msi [32768] =>PUP.Optional.GlobalUpdate
---\\ Search Tracing Registry Key (O100) (2) - 1s
HKLM\SOFTWARE\Microsoft\Tracing\WordSurferAutoUpdateClient_RASAPI32 =>PUP.Optional.WordSurfer
HKLM\SOFTWARE\Microsoft\Tracing\WordSurferAutoUpdateClient_RASMANCS =>PUP.Optional.WordSurfer
---\\ Scâner Aditional (088) (148) - 0s
C:\Users\Odair\AppData\Roaming\FFFFFFFF-1424791665-FFFF-FFFF-FFFFFFFFFFFF\nsj7FC2.tmpfs =>PUP.Optional.CrossRider
C:\Users\Odair\AppData\Roaming\FFFFFFFF-1424791665-FFFF-FFFF-FFFFFFFFFFFF\jnszB836.tmp =>PUP.Optional.CrossRider
C:\Users\Odair\AppData\Local\SmartWeb\SmartWebHelper.exe =>PUP.Optional.SmartWebSearch
C:\Users\Odair\AppData\Local\SmartWeb\SmartWebApp.exe =>PUP.Optional.SmartWebSearch
C:\Program Files\HQ-VidPro-2.5cV19.07\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-6.exe =>PUP.Optional.CrossRider
HKLM\SYSTEM\CurrentControlSet\Services\biwejizu =>PUP.Optional.CrossRider
HKLM\SYSTEM\CurrentControlSet\Services\globalUpdate =>PUP.Optional.GlobalUpdate
HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI =>PUA.KMSpico
C:\Program Files\KMSpico\Service_KMS.exe =>PUA.KMSpico
HKLM\SYSTEM\CurrentControlSet\Services\wonykuri =>PUP.Optional.CrossRider
C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-6.job =>PUP.Optional.CrossRider
C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-7.job =>PUP.Optional.CrossRider
C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-10_user.job =>PUP.Optional.CrossRider
C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-3.job =>PUP.Optional.CrossRider
C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-4.job =>PUP.Optional.CrossRider
C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-5.job =>PUP.Optional.CrossRider
C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-5_user.job =>PUP.Optional.CrossRider
C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-6.job =>PUP.Optional.CrossRider
C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-7.job =>PUP.Optional.CrossRider
C:\Windows\Tasks\APSnotifierPP1.job =>PUP.Optional.AnyProtect
C:\Windows\Tasks\APSnotifierPP2.job =>PUP.Optional.AnyProtect
C:\Windows\Tasks\APSnotifierPP3.job =>PUP.Optional.AnyProtect
C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job =>PUP.Optional.BidailySync
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job =>PUP.Optional.GlobalUpdate
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job =>PUP.Optional.GlobalUpdate
C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-6 =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-7 =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-10_user =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-3 =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-4 =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-5 =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-5_user =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-6 =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-7 =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-1-6 =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-1-7 =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-10_user =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-4 =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-5 =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-5_user =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-6 =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-7 =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\APSnotifierPP1 =>PUP.Optional.AnyProtect
C:\Windows\System32\Tasks\APSnotifierPP2 =>PUP.Optional.AnyProtect
C:\Windows\System32\Tasks\APSnotifierPP3 =>PUP.Optional.AnyProtect
C:\Windows\System32\Tasks\AutoPico Daily Restart =>PUA.KMSpico
C:\Windows\System32\Tasks\Bidaily Synchronize Task[8da6] =>PUP.Optional.BidailySync
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore =>PUP.Optional.GlobalUpdate
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA =>PUP.Optional.GlobalUpdate
C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task =>PUP.Optional.SmartWebSearch
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Crossbrowse =>PUP.Optional.CrossBrowse
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HQ-VidPro-2.5cV19.07 =>PUP.Optional.CrossRider
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1 =>PUA.KMSpico
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>PUP.Optional.GlobalUpdate
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GUPlayer =>PUP.Optional.GUPlayer
HKLM\SOFTWARE\ArenaHD =>PUP.Optional.CrossRider
HKLM\SOFTWARE\BubbleSound =>PUP.Optional.BubbleSound
HKLM\SOFTWARE\Crossbrowse =>PUP.Optional.CrossBrowse
HKLM\SOFTWARE\GlobalUpdate =>PUP.Optional.GlobalUpdate
HKLM\SOFTWARE\HighDefAction =>PUP.Optional.CrossRider
HKLM\SOFTWARE\HQ-VidPro-2.5cV16.07 =>PUP.Optional.CrossRider
HKLM\SOFTWARE\HQ-VidPro-2.5cV16.07-nv =>PUP.Optional.CrossRider
HKLM\SOFTWARE\HQ-VidPro-2.5cV16.07-nv-ie =>PUP.Optional.CrossRider
HKLM\SOFTWARE\HQ-VidPro-2.5cV19.07 =>PUP.Optional.CrossRider
HKLM\SOFTWARE\HQ-VidPro-2.5cV19.07-nv =>PUP.Optional.CrossRider
HKLM\SOFTWARE\HQ-VidPro-2.5cV19.07-nv-ie =>PUP.Optional.CrossRider
HKLM\SOFTWARE\Infonaut_1.10.0.14 =>PUP.Optional.Infonaut
HKLM\SOFTWARE\InstalledBrowserExtensions =>PUP.Optional.BrowserExtensions
HKLM\SOFTWARE\istartsurfSoftware =>PUP.Optional.IsStart
HKLM\SOFTWARE\Product Deals =>ProductDeals
HKLM\SOFTWARE\SuperClick_1.10.0.16 =>PUP.Optional.SuperClick
HKLM\SOFTWARE\Tutorials =>PUP.Optional.AgenceExclusive
HKLM\SOFTWARE\WordSurfer_1.10.0.19 =>PUP.Optional.WordSurfer
HKLM\SOFTWARE\YorkNewCin =>PUP.Optional.CrossRider
HKCU\SOFTWARE\AnyProtect =>PUP.Optional.AnyProtect
HKCU\SOFTWARE\App Lid-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\ArenaHD =>PUP.Optional.CrossRider
HKCU\SOFTWARE\BrowserV17.07-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\BrowserV20.07-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\BrowserV25.06-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\CinemaPlus-3.2cV10.07-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\CinemaPlus-3.2cV25.05-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\CinemaPlus-4.2vV10.07-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\Crossbrowse =>PUP.Optional.CrossBrowse
HKCU\SOFTWARE\gamesdesktop =>PUP.Optional.GamesDesktop
HKCU\SOFTWARE\Ge-Force-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\globalUpdate =>PUP.Optional.GlobalUpdate
HKCU\SOFTWARE\GoHD-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\HighDefAction =>PUP.Optional.CrossRider
HKCU\SOFTWARE\HQ-Video-Pro-2.1cV24.02-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\HQ-Video-Pro-2.1cV24.05-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\HQ-VidPro-2.5cV16.07-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\HQ-VidPro-2.5cV19.07-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\HQ-VidPro-2.5cV24.06-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\I - Cinema-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\I-Cinema =>PUP.Optional.CrossRider
HKCU\SOFTWARE\Product Deals =>ProductDeals
HKCU\SOFTWARE\SavePass 1.1-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\Sense-nv-ie =>PUP.Optional.CrossRider
HKCU\SOFTWARE\tstamptoken =>PUP.Optional.MaxComputerCleaner
HKCU\SOFTWARE\YorkNewCin =>PUP.Optional.CrossRider
HKCU\SOFTWARE\AppDataLow\Software\Crossrider =>PUP.Optional.CrossRider =>PUP.Optional.CrossRider
HKCU\SOFTWARE\AppDataLow\Software\SmartWeb =>PUP.Optional.SmartWebSearch =>PUP.Optional.SmartWebSearch
C:\Program Files\Crossbrowse =>PUP.Optional.CrossBrowse
C:\Program Files\HQ-VidPro-2.5cV19.07 =>PUP.Optional.CrossRider
C:\Program Files\KMSpico =>PUA.KMSpico
C:\Users\Odair\AppData\Roaming\AnyProtectEx =>PUP.Optional.AnyProtect
C:\Users\Odair\AppData\Local\Crossbrowse =>PUP.Optional.CrossBrowse
C:\Users\Odair\AppData\Local\globalUpdate =>PUP.Optional.GlobalUpdate
C:\Users\Odair\AppData\Local\SmartWeb =>PUP.Optional.SmartWebSearch
C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer =>PUP.Optional.GUPlayer
C:\Windows\Prefetch\3DBUBBLESOUND.EXE-1ABDC950.pf =>PUP.Optional.BubbleSound
C:\Windows\Prefetch\ANYPROTECT.EXE-A6F01169.pf =>PUP.Optional.AnyProtect
C:\Windows\Prefetch\CROSSBROWSE.EXE-F6F882CE.pf =>PUP.Optional.CrossBrowse
C:\Windows\Prefetch\DESKTOPSEARCH_SOFT_PARTNER.EX-4FC46A60.pf =>PUP.Optional.DesktopSearch
C:\Windows\Prefetch\GAMESDESKTOP.TMP-97BB6E03.pf =>PUP.Optional.GamesDesktop
C:\Windows\Prefetch\GLOBALUPDATE.EXE-0DB303A0.pf =>PUP.Optional.GlobalUpdate
C:\Windows\Prefetch\GLOBALUPDATE.EXE-4D9FC7B8.pf =>PUP.Optional.GlobalUpdate
C:\Windows\Prefetch\GLOBALUPDATE.EXE-71FDB23E.pf =>PUP.Optional.GlobalUpdate
C:\Windows\Prefetch\GLOBALUPDATE.EXE-B66D5BF9.pf =>PUP.Optional.GlobalUpdate
C:\Windows\Prefetch\GLOBALUPDATE.EXE-CD2F91D1.pf =>PUP.Optional.GlobalUpdate
C:\Windows\Prefetch\GLOBALUPDATECRASHHANDLER.EXE-C9210A99.pf =>PUP.Optional.GlobalUpdate
C:\Windows\Prefetch\PACKAGE_BUBBLESOUND_INSTALLER-2E7842F8.pf =>PUP.Optional.BubbleSound
C:\Windows\Prefetch\PACKAGE_BUBBLESOUND_INSTALLER-4FA350A7.pf =>PUP.Optional.BubbleSound
C:\Windows\Prefetch\PACKAGE_PCROSSBROWSER_INSTALL-339B90D5.pf =>PUP.Optional.CrossBrowser
C:\Windows\Prefetch\PACKAGE_PCROSSBROWSER_INSTALL-7A7A8F3E.pf =>PUP.Optional.CrossBrowser
C:\Windows\Prefetch\PACKAGE_PCROSSBROWSER_INSTALL-CA7897B4.pf =>PUP.Optional.CrossBrowser
C:\Windows\Prefetch\PACKAGE_PCROSSBROWSER_INSTALL-D7E7BC33.pf =>PUP.Optional.CrossBrowser
C:\Windows\Prefetch\PACKAGE_SPACESOUNDPRO_INSTALL-E1D2F33A.pf =>PUP.Optional.SpaceSondPro
C:\Windows\Prefetch\PCROSSBROWSER_SOFT_PARTNER.EX-46399A3D.pf =>PUP.Optional.CrossBrowser
C:\Windows\Prefetch\PREDM.EXE-8A61870C.pf =>PUP.Optional.Downware
C:\Windows\Prefetch\PREDM.EXE-AEC52FA2.pf =>PUP.Optional.Downware
C:\Windows\Prefetch\PREDM.TMP-540339AA.pf =>PUP.Optional.Downware
C:\Windows\Prefetch\PREDM.TMP-55860D93.pf =>PUP.Optional.Downware
C:\Windows\Prefetch\PREDM.TMP-9A98624C.pf =>PUP.Optional.Downware
C:\Windows\Prefetch\PREDM.TMP-BE0B9E15.pf =>PUP.Optional.Downware
C:\Windows\Prefetch\PREDM.TMP-C18828B4.pf =>PUP.Optional.Downware
C:\Windows\Prefetch\PREDM.TMP-DEFDB9E3.pf =>PUP.Optional.Downware
C:\Windows\Prefetch\SMARTWEBAPP.EXE-789679B5.pf =>PUP.Optional.SmartWebSearch
C:\Windows\Prefetch\SMARTWEBHELPER.EXE-EBECEAF8.pf =>PUP.Optional.SmartWebSearch
C:\Windows\Prefetch\WORDSURFERAUTOUPDATECLIENT.EX-7802AD0F.pf =>PUP.Optional.WordSurfer
C:\Windows\System32\drivers\{8aefbcaf-640f-4dca-9a92-ed05ee387238}Gw.sys =>PUP.Optional.LinkiDoo
C:\Program Files\KMSpico\AutoPico.exe =>PUA.KMSpico
HKLM\Software\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E =>PUP.Optional.GlobalUpdate
HKLM\Software\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E =>PUP.Optional.GlobalUpdate
C:\Windows\Installer\58dfcc6.msi =>PUP.Optional.GlobalUpdate
HKLM\SOFTWARE\Microsoft\Tracing\WordSurferAutoUpdateClient_RASAPI32 =>PUP.Optional.WordSurfer
HKLM\SOFTWARE\Microsoft\Tracing\WordSurferAutoUpdateClient_RASMANCS =>PUP.Optional.WordSurfer
---\\ Resumo dos elementos encontrados na sua estação de trabalho (28) - 0s
http://www.nicolascoolman.fr/pup-crossrider/ =>PUP.Optional.CrossRider
http://www.nicolascoolman.fr/pup-smartwebsearch/ =>PUP.Optional.SmartWebSearch
http://www.nicolascoolman.fr/pup-globalupdate/ =>PUP.Optional.GlobalUpdate
http://www.nicolascoolman.fr/hijacker-browsers/ =>PUP.Optional.Browser
http://www.nicolascoolman.fr/pup-isstart/ =>PUP.Optional.IsStart
http://www.nicolascoolman.fr/pup-product-deals/ =>PUP.Optional.ProductDeals
http://www.nicolascoolman.fr/blog =>PUP.Optional.SpaceSondPro
http://www.nicolascoolman.fr/blog =>PUP.Optional.BubbleSound
http://www.nicolascoolman.fr/blog =>PUP.Optional.DesktopSearch
http://www.nicolascoolman.fr/blog =>PUP.Optional.GUPlayer
http://www.nicolascoolman.fr/blog =>PUP.Optional.CrossBrowse
http://www.nicolascoolman.fr/pup-kmspico/ =>PUA.KMSpico
http://www.nicolascoolman.fr/pup-anyprotect/ =>PUP.Optional.AnyProtect
http://www.nicolascoolman.fr/blog =>PUP.Optional.BidailySync
http://www.nicolascoolman.fr/blog =>PUP.Optional.Infonaut
http://www.nicolascoolman.fr/blog =>PUP.Optional.BrowserExtensions
http://www.nicolascoolman.fr/blog =>ProductDeals
http://www.nicolascoolman.fr/pup-superClick/ =>PUP.Optional.SuperClick
http://www.nicolascoolman.fr/spyware-agenceexclusive/ =>PUP.Optional.AgenceExclusive
http://www.nicolascoolman.fr/blog =>PUP.Optional.WordSurfer
http://www.nicolascoolman.fr/blog =>PUP.Optional.GamesDesktop
http://www.nicolascoolman.fr/blog =>PUP.Optional.MaxComputerCleaner
http://www.nicolascoolman.fr/blog =>PUP.Optional.CrossBrowser
http://www.nicolascoolman.fr/adware-downware/ =>PUP.Optional.Downware
http://www.nicolascoolman.fr/pup-linkidoo/ =>PUP.Optional.LinkiDoo
http://www.nicolascoolman.fr/blog =>PUP.Optional.SearchEngine
http://www.nicolascoolman.fr/blog =>PUP.Optional.Monetization
http://www.nicolascoolman.fr/blog =>PUP.Optional.DeskCut
~ End of the scan, 22158 items in 637 seconds (1020)(0)()