~ ZHPDiag v2015.7.20.20 Por Nicolas Coolman (2015/07/20) ~ iniciado por Odair (Administrator) (2015/07/20 21:40:37) ~ Site: http://www.nicolascoolman.fr ~ Facebook: https://www.facebook.com/nicolascoolman1 ~ Status da versão: Version KO ~ Modo: Scanner ~ Relatório: C:\Users\Odair\Desktop\ZHPDiag.txt ~ Relatório: C:\Users\Odair\AppData\Roaming\ZHP\ZHPDiag.txt ~ UAC: Activate ~ Inicialização do sistema: Normal (Normal boot) ~ Windows 8, 32-bit (Build 9200) ---\\ Navegadores Internet (3) - 0s GCIE: Google Chrome v43.0.2357.134 MFIE: Mozilla Firefox 36.0.1 (x86 pt-BR) v36.0.1 MSIE: Internet Explorer v10.0.9200.17413 ---\\ Informações sobre os produtos Windows (4) - 102s ~ Windows Server License Manager Script : OK System - VBScript Engine not found Windows Automatic Updates : OK (Auto) Windows Activation Technologies : OK ---\\ Softwares d'optimização do sistema (1) - 5s CCleaner v3.20 ---\\ Monitoramento dos softwares (2) - 5s Adobe Flash Player 18 NPAPI Adobe Reader XI ---\\ Informações sobre o sistema (6) - 0s ~ Operating System: x86 Family 6 Model 15 Stepping 13, GenuineIntel ~ Operating System: 32-bit ~ Boot mode: Normal (Normal boot) Total RAM: 1038.516 MB (16% free) ~ System Restore: Activé (Enable) ~ System drive C: has 14 GB free of 49 GB ---\\ Modo de conexão ao sistema (3) - 0s ~ Computer Name: PC-ODAIR ~ User Name: Odair ~ Logged in as Administrator ---\\ Enumeração das unidades dos discos (3) - 1s ~ Drive C: has 14 GB free of 49 GB (System) ~ Drive D: has 27 GB free of 102 GB ~ Drive F: has GB free of 1 GB ---\\ Estado do Centro de Segurança do Windows (11) - 1s [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ---\\ Pesquisa particular de ficheiros genéricos (22) - 13s [MD5.EAFE46B0292D2BD2467835E2ACF717CC] - (.Microsoft Corporation - Windows Explorer.) () -- C:\Windows\Explorer.exe [2106176] [MD5.224F6B374852153C8C24BED141AE3A20] - (.Microsoft Corporation - Processo de host do Windows (Rundll32).) () -- C:\Windows\System32\rundll32.exe [48640] [MD5.7109FF769FFF962869C50D720F7AA7D7] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) () -- C:\Windows\System32\Wininit.exe [101376] [MD5.E0103806C6CD91CFA8696A8A9EB4C822] - (.Microsoft Corporation - Internet Extensions para Win32.) () -- C:\Windows\System32\wininet.dll [1763328] [MD5.89D6AFD5B257049375008BAA512910EE] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) () -- C:\Windows\System32\Winlogon.exe [429056] [MD5.FAB11E1AC62579A9BE21593319F8E464] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) () -- C:\Windows\System32\sppcomapi.dll [246784] [MD5.B92C9A8C3CAE22129CC5B4A920B00608] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) () -- C:\Windows\System32\drivers\AFD.sys [439296] [MD5.48D8C3F2006698691F5AE0BB595FDCC8] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) () -- C:\Windows\System32\drivers\atapi.sys [22768] [MD5.00B4FA77732C7823D292ECD672660882] - (.Microsoft Corporation - CD-ROM File System Driver.) () -- C:\Windows\System32\drivers\Cdfs.sys [89088] [MD5.4E707EC5071DD8F5C29A7410780BD4C3] - (.Microsoft Corporation - SCSI CD-ROM Driver.) () -- C:\Windows\System32\drivers\Cdrom.sys [135680] [MD5.E608E26B536A42B5ACC145D25CB9F2AC] - (.Microsoft Corporation - DFS Namespace Client Driver.) () -- C:\Windows\System32\drivers\DfsC.sys [92160] [MD5.6BFEBBA25AD34E5922E60349C721B1DD] - (.Microsoft Corporation - High Definition Audio Bus Driver.) () -- C:\Windows\System32\drivers\HDAudBus.sys [62464] [MD5.11EDC37780E8A2F8E311D73F7658A4D7] - (.Microsoft Corporation - Driver de porta i8042.) () -- C:\Windows\System32\drivers\i8042prt.sys [89600] [MD5.57B0C0D982013C72911A3F5CBA795034] - (.Microsoft Corporation - IP Network Address Translator.) () -- C:\Windows\System32\drivers\IpNat.sys [126976] [MD5.60978139E6942772545EAB1BC2DB1393] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) () -- C:\Windows\System32\drivers\MRxSmb.sys [341504] [MD5.303A053C25E468B9925C22288BEF8484] - (.Microsoft Corporation - MBT Transport driver.) () -- C:\Windows\System32\drivers\netBT.sys [254464] [MD5.6C816842AC5E2B0E033ED0BD1058E077] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) () -- C:\Windows\System32\drivers\ntfs.sys [1618264] [MD5.8BCE63AF5B52642E832630F862DE96EF] - (.Microsoft Corporation - Driver de porta paralela.) () -- C:\Windows\System32\drivers\Parport.sys [90624] [MD5.6E0649D7325D85C47C844EB3267E4625] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) () -- C:\Windows\System32\drivers\Rasl2tp.sys [88064] [MD5.2CAD2A13569741C67CD9C52F97E0F992] - (.Microsoft Corporation - Microsoft RDP Device redirector.) () -- C:\Windows\System32\drivers\rdpdr.sys [156160] [MD5.0886D9F1B5A5334FBB143A260E4BFB5C] - (.Microsoft Corporation - TDI Translation Driver.) () -- C:\Windows\System32\drivers\tdx.sys [97792] [MD5.BF079843E272759BAE587FB980163293] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) () -- C:\Windows\System32\drivers\volsnap.sys [281408] ---\\ Processos lançados (20) - 29s [MD5.81326EB34AF569365437B52E4328C1C4] - (.IvoSoft - Classic Shell Service.) -- C:\Program Files\Classic Shell\ClassicShellService.exe [63488] [PID.1104] [MD5.27F0F57135638D87B3632A9B9B4B8485] - (.IvoSoft - Classic Start Menu.) -- C:\Program Files\Classic Shell\ClassicStartMenu.exe [147456] [PID.1420] [MD5.A24BC735ECC34C0AD26DD0A3454FB18F] - (...) -- C:\ProgramData\AppMgr1.66.6715824\AppMgr.exe [483064] [PID.1800] [MD5.A18A406635674E006B86110B7E41E45A] - (...) -- C:\Users\Odair\AppData\Roaming\FFFFFFFF-1424791665-FFFF-FFFF-FFFFFFFFFFFF\nsj7FC2.tmpfs [141312] [PID.1828] =>PUP.Optional.CrossRider [MD5.4FBC2C440FC2DC0EA15BC39F72A59704] - (...) -- C:\Program Files\Helpless Club\Helpless Club.exe [8016173] [PID.1872] [MD5.A271A66ABF8CAC3606FB114D7E8C517B] - (...) -- C:\Users\Odair\AppData\Roaming\NetService\netservice.exe [173088] [PID.1404] [MD5.875E4E0661F3A5994DF9E5E3A0A4F96B] - (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) -- C:\Windows\System32\IoctlSvc.exe [81920] [PID.1696] [MD5.5B0A379F7FBB5D7B0757DE5E5AC4F798] - (...) -- C:\Program Files\Spotless Valuable\Spotless Valuable.exe [8015944] [PID.1164] [MD5.D62865BA2DC2C4DCE3075A60AE734901] - (...) -- C:\Users\Odair\AppData\Roaming\FFFFFFFF-1424791665-FFFF-FFFF-FFFFFFFFFFFF\jnszB836.tmp [95232] [PID.2380] =>PUP.Optional.CrossRider [MD5.14D7A3545CC1DE3E3EC6DC900B96ADD2] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\Windows\RTHDCPL.exe [16126464] [PID.2152] [MD5.FF4C51DEFC5C46C269DF2220EDEECA23] - (...) -- C:\ProgramData\AppMgr1.66.6715824\1\plugin.exe [142072] [PID.424] [MD5.255E405D801CF01247390F38F92D8042] - (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe [17408] [PID.720] [MD5.153F088DFDB3F940AD9DAEB04A3ACC4D] - (.SoftBrain Technologies Ltd. - SmartWeb helper.) -- C:\Users\Odair\AppData\Local\SmartWeb\SmartWebHelper.exe [270368] [PID.3956] =>PUP.Optional.SmartWebSearch [MD5.44069C2AC699C8DAD80A96FB1C8DFE57] - (.SoftBrain Technologies Ltd. - SmartWeb Application.) -- C:\Users\Odair\AppData\Local\SmartWeb\SmartWebApp.exe [557088] [PID.2176] =>PUP.Optional.SmartWebSearch [MD5.CCAE21B374C52AFCBFF3CB72836BAA7A] - (.Copyright © 2015 - uiviruah.) -- C:\ProgramData\Hoeaslnoju\1.0.4.1\uiviruah.exe [153600] [PID.1888] [MD5.CCAE21B374C52AFCBFF3CB72836BAA7A] - (.Copyright © 2015 - uiviruah.) -- C:\ProgramData\Hoeaslnoju\1.0.4.1\uiviruah.exe [153600] [PID.2716] [MD5.F4FFFF8240696FB9ED47459731517B3A] - (.HQ-Video2.5dV19.07 - HQ-VidPro-2.5cV19.07 exe.) -- C:\Program Files\HQ-VidPro-2.5cV19.07\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-6.exe [1553488] [PID.1732] =>PUP.Optional.CrossRider [MD5.E55D0D5D5A3A585BFF48B990708007A5] - (.©1999-2014 Jonathan Bennett & AutoIt Team - Aut2Exe.) -- C:\Users\Odair\Desktop\adwcleaner_4.200.exe [2208768] [PID.2128] [MD5.86EDADCF360DBD7BF4309372332F9D71] - (...) -- c:\programdata\{2eba7930-dd82-a6ce-2eba-a7930dd8e4c3}\2258593142552187033c.exe [221184] [PID.5304] [MD5.6C83EA1093ECB6C0375A9450F65E361C] - (.PC Utilities Software Limited - OptimizerPro – Clean up your PC.) -- c:\programdata\{e8b0b77e-0f29-17b4-e8b0-0b77e0f2ddf8}\hqghumeaylnlf.exe [6636232] [PID.5396] ---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2 (1) - 1s G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.facebook.com/ ---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3) (25) - 8s M0 - MFSP: prefs.js [Odair - 7o9palbe.default] http://www.seekmx.com/?bd=hp&oem=Cube&uid=SAMSUNGXHD161GJ_S1ZWJ50Z128305&version=2.3.0.10324&pid=414031160&tid=653 P2 - EXT FILE: (...) -- C:\Users\Odair\AppData\Roaming\Mozilla\Firefox\Profiles\7o9palbe.default\extensions\{b9ef2fca-9fe6-4589-b97a-90379e9f2f5e}.xpi P2 - EXT FILE: (...) -- C:\Users\Odair\AppData\Roaming\Mozilla\Firefox\Profiles\7o9palbe.default\searchplugins\Google.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\bing.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\buscape.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\ddg.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\google.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\mercadolivre.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\navegaki.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\twitter.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\wikipedia-br.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo-br.xml P2 - EXT: (.Mozilla - Default.) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} P2 - EXT: (.HQ-Video2.5dV16.07 - HQ-VidPro-2.5cV16.07.) -- C:\Users\Odair\AppData\Roaming\Mozilla\Firefox\Profiles\7o9palbe.default\extensions\AVJYFVOD75109374@HCDE39471360.com P2 - EXT: (.roc - Default SearchProtected .) -- C:\Users\Odair\AppData\Roaming\Mozilla\Firefox\Profiles\7o9palbe.default\extensions\defsearchp@gmail.com P2 - EXT: (.lightningnewtab.com - deskCut.) -- C:\Users\Odair\AppData\Roaming\Mozilla\Firefox\Profiles\7o9palbe.default\extensions\deskCutv2@gmail.com P2 - EXT: (. - searchyoutubesearchyoutubefr.) -- C:\Users\Odair\AppData\Roaming\Mozilla\Firefox\Profiles\7o9palbe.default\extensions\searchyoutube@searchyoutube.fr P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited.) -- C:\Users\Odair\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc..) -- C:\Users\Odair\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc..) -- C:\Users\Odair\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Macromed\Flash\NPSWF32_18_0_0_209.dll P2 - FPN: [HKLM] [@real.com/nppl3260;version=6.0.12.450] - (.RealNetworks, Inc..) -- C:\Program Files\Real Alternative\Browser\Plugins\nppl3260.dll P2 - FPN: [HKLM] [@real.com/nprpjplug;version=6.0.12.448] - (.RealNetworks, Inc..) -- C:\Program Files\Real Alternative\Browser\Plugins\nprpjplug.dll P2 - FPN: [HKLM] [@staging.google.com/globalUpdate Update;version=10] - (.globalUpdate.) -- C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll =>PUP.Optional.GlobalUpdate P2 - FPN: [HKLM] [@staging.google.com/globalUpdate Update;version=4] - (.globalUpdate.) -- C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll =>PUP.Optional.GlobalUpdate ---\\ Opera, Plugins,Arranque,Pesquisa (B0,B1,B2) (4) - 1s B2 - EXT: [ajgnnllmjadopdlmpplonojbfogkjlcl] C:\Users\Odair\AppData\Roaming\Opera Software\Opera Stable\Extensions\ajgnnllmjadopdlmpplonojbfogkjlcl B2 - EXT: [cobbaepnkejfnljmjgimdhoefifdhcak] C:\Users\Odair\AppData\Roaming\Opera Software\Opera Stable\Extensions\cobbaepnkejfnljmjgimdhoefifdhcak B2 - EXT: [eekfhcmpmchbhkdeplplcljcggddkffb] C:\Users\Odair\AppData\Roaming\Opera Software\Opera Stable\Extensions\eekfhcmpmchbhkdeplplcljcggddkffb B2 - EXT: [ekhagklcjbdpajgpjgmbionohlpdbjgc] C:\Users\Odair\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc ---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4) (14) - 1s R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/ =>PUP.Optional.Browser R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/ =>PUP.Optional.Browser R0 - HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\Main,Start Page = www.123rede.com?oem=mbtkv6&uid=S1ZWJ50Z128305_SAMSUNGHD161GJ&tm=1436910426 R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/ =>PUP.Optional.IsStart R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.seekmx.com/ R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/ =>PUP.Optional.IsStart R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.seekmx.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 0 ---\\ Internet Explorer, Gestão do Proxy (R5) (4) - 0s R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas (3) - 1s F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe (.Microsoft Corporation.) F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe (.Microsoft Corporation.) ---\\ Redireção do ficheiro Hosts (O1) (1) - 0s ~ Le fichier hôte est sain (The hosts file is clean) (21) ---\\ Browser Helper Objects do navegador (O2) (1) - 2s O2 - BHO: Product Deals 1.0.0.7 - {dd01946e-5501-4e11-b279-efdffd4c1487} . (...) -- C:\Program Files\Product Deals\ProductDealsbho.dll (.not file.) =>PUP.Optional.ProductDeals ---\\ Aplicações iniciadas por registo & pastas (O4) (40) - 4s O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\Windows\RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Windows\SkyTel.EXE O4 - HKLM\..\Run: [SoundMan] . (.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- C:\Windows\SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] . (.RealTek Semicoductor Corp. - RealTek AlcWzrd Application.) -- C:\Windows\ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe O4 - HKLM\..\Run: [mbot_br_620] (Orphean) O4 - HKLM\..\Run: [gmsd_br_252] (Orphean) O4 - HKLM\..\Run: [gmsd_br_528] (Orphean) O4 - HKLM\..\Run: [UnlockerAssistant] . (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe O4 - HKLM\..\Run: [gmsd_br_564] (Orphean) O4 - HKLM\..\Run: [gmsd_br_005010013] (Orphean) O4 - HKLM\..\Run: [gmsd_br_005010014] (Orphean) O4 - HKLM\..\Run: [gmsd_br_005010017] (Orphean) O4 - HKLM\..\Run: [gmsd_br_005010027] (Orphean) O4 - HKLM\..\Run: [gmsd_br_005010028] (Orphean) O4 - HKLM\..\Run: [gmsd_br_005010034] (Orphean) O4 - HKLM\..\Run: [SpaceSoundPro] C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe (.not file.) =>PUP.Optional.SpaceSondPro O4 - HKLM\..\Run: [gmsd_en_027010034] (Orphean) O4 - HKLM\..\Run: [gmsd_br_009010034] (Orphean) O4 - HKLM\..\Run: [SmartWeb] . (.SoftBrain Technologies Ltd. - SmartWeb helper.) -- C:\Users\Odair\AppData\Local\SmartWeb\SmartWebHelper.exe =>PUP.Optional.SmartWebSearch O4 - HKLM\..\Run: [gmsd_br_005010036] (Orphean) O4 - HKLM\..\Run: [3D BubbleSound] C:\Program Files\BubbleSound\3D BubbleSound.exe (.not file.) =>PUP.Optional.BubbleSound O4 - HKCU\..\Run: [Facebook Update] C:\Users\Odair\AppData\Local\Facebook\Update\FacebookUpdate.exe (.not file.) O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe O4 - HKCU\..\Run: [Google Update] C:\Users\Odair\AppData\Local\Google\Update\GoogleUpdate.exe (.not file.) O4 - HKCU\..\Run: [Google+ Auto Backup] C:\Users\Odair\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe (.not file.) O4 - HKCU\..\Run: [ares] C:\Program Files\Ares\Ares.exe (.not file.) O4 - HKCU\..\Run: [MinhaBox.br] . (...) -- C:\Program Files\Minhateca.com.br Box\MinhaBox.exe O4 - HKCU\..\Run: [DesktopSearch] C:\ProgramData\DesktopSearch\DesktopSearch.exe (.not file.) =>PUP.Optional.DesktopSearch O4 - HKUS\S-1-5-21-468734458-1884841994-1836443768-1001\..\Run: [Facebook Update] C:\Users\Odair\AppData\Local\Facebook\Update\FacebookUpdate.exe (.not file.) O4 - HKUS\S-1-5-21-468734458-1884841994-1836443768-1001\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe O4 - HKUS\S-1-5-21-468734458-1884841994-1836443768-1001\..\Run: [Google Update] C:\Users\Odair\AppData\Local\Google\Update\GoogleUpdate.exe (.not file.) O4 - HKUS\S-1-5-21-468734458-1884841994-1836443768-1001\..\Run: [Google+ Auto Backup] C:\Users\Odair\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe (.not file.) O4 - HKUS\S-1-5-21-468734458-1884841994-1836443768-1001\..\Run: [ares] C:\Program Files\Ares\Ares.exe (.not file.) O4 - HKUS\S-1-5-21-468734458-1884841994-1836443768-1001\..\Run: [MinhaBox.br] . (...) -- C:\Program Files\Minhateca.com.br Box\MinhaBox.exe O4 - HKUS\S-1-5-21-468734458-1884841994-1836443768-1001\..\Run: [DesktopSearch] C:\ProgramData\DesktopSearch\DesktopSearch.exe (.not file.) =>PUP.Optional.DesktopSearch ---\\ Atalhos globais Startup (O4G) (16) - 17s O4 - GS\Desktop [Administrador]: GUPlayer.lnk . (...) C:\Program Files\GUPlayer\GuPlayer.exe =>PUP.Optional.GUPlayer O4 - GS\Quicklaunch [Administrador]: Crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse O4 - GS\TaskBar [Administrador]: Crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse O4 - GS\Startup [Administrador]: crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse O4 - GS\Startup [Administrador]: SmartWeb.lnk . (.SoftBrain Technologies Ltd. - SmartWeb helper.) C:\Users\Odair\AppData\Local\SmartWeb\SmartWebHelper.exe =>PUP.Optional.SmartWebSearch O4 - GS\Desktop [Convidado]: GUPlayer.lnk . (...) C:\Program Files\GUPlayer\GuPlayer.exe =>PUP.Optional.GUPlayer O4 - GS\Quicklaunch [Convidado]: Crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse O4 - GS\TaskBar [Convidado]: Crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse O4 - GS\Startup [Convidado]: crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse O4 - GS\Startup [Convidado]: SmartWeb.lnk . (.SoftBrain Technologies Ltd. - SmartWeb helper.) C:\Users\Odair\AppData\Local\SmartWeb\SmartWebHelper.exe =>PUP.Optional.SmartWebSearch O4 - GS\Desktop [Odair]: GUPlayer.lnk . (...) C:\Program Files\GUPlayer\GuPlayer.exe =>PUP.Optional.GUPlayer O4 - GS\Quicklaunch [Odair]: Crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse O4 - GS\TaskBar [Odair]: Crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse O4 - GS\Startup [Odair]: crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse O4 - GS\Startup [Odair]: SmartWeb.lnk . (.SoftBrain Technologies Ltd. - SmartWeb helper.) C:\Users\Odair\AppData\Local\SmartWeb\SmartWebHelper.exe =>PUP.Optional.SmartWebSearch O4 - GS\CommonDesktop [Public]: Crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.Optional.CrossBrowse ---\\ Alteração Dominio/Clientes DNS (017) (2) - 0s O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.0.1 ---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20) (1) - 0s O20 - AppInit_DLLs: . (.Autores - .) - C:\Windows\System32\ ---\\ Lista dos serviços NT não Microsoft e não desativados (023) (13) - 3s O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Application Manager 1.66.6715824 (AppMgr1.66.6715824) . (...) - C:\ProgramData\AppMgr1.66.6715824\AppMgr.exe O23 - Service: Rename Save (biwejizu) . (...) - C:\Users\Odair\AppData\Roaming\FFFFFFFF-1424791665-FFFF-FFFF-FFFFFFFFFFFF\nsj7FC2.tmpfs =>PUP.Optional.CrossRider O23 - Service: Classic Shell Service (ClassicShellService) . (.IvoSoft - Classic Shell Service.) - C:\Program Files\Classic Shell\ClassicShellService.exe O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (...) - C:\Program Files\globalUpdate\Update\globalupdate.exe (.not file.) =>PUP.Optional.GlobalUpdate O23 - Service: GOSafer (GOSafer) . (...) - C:\Program Files\GOSafer\GOSafer.exe (.not file.) O23 - Service: Serviço do Google Update (gupdate) (gupdate) . (...) - C:\Program Files\Google\Update\GoogleUpdate.exe (.not file.) O23 - Service: Helpless Club (Helpless Club) . (...) - C:\Program Files\Helpless Club\Helpless Club.exe O23 - Service: Net.Tcp Service Handler (NetTcpHandler) . (...) - C:\Users\Odair\AppData\Roaming\NetService\netservice.exe O23 - Service: PLFlash DeviceIoControl Service (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) - C:\Windows\System32\IoctlSvc.exe O23 - Service: Service KMSELDI (Service KMSELDI) . (. - Service_KMS.) - C:\Program Files\KMSpico\Service_KMS.exe =>PUA.KMSpico O23 - Service: Spotless Valuable (Spotless Valuable) . (...) - C:\Program Files\Spotless Valuable\Spotless Valuable.exe O23 - Service: Form Letter Text Direction (wonykuri) . (...) - C:\Users\Odair\AppData\Roaming\FFFFFFFF-1424791665-FFFF-FFFF-FFFFFFFFFFFF\jnszB836.tmp =>PUP.Optional.CrossRider ---\\ Tarefas planificadas automaticamente (039) (76) - 6s O39 - APT: - (...) -- C:\Windows\Tasks\2gJNRTD1m6knhqr2d7XwZ5mNBN.job [1042] O39 - APT: - (...) -- C:\Windows\Tasks\4pf1TdbUx.job [1008] O39 - APT: - (...) -- C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-6.job [3142] =>PUP.Optional.CrossRider O39 - APT: - (...) -- C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-7.job [3142] =>PUP.Optional.CrossRider O39 - APT: - (...) -- C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-10_user.job [2116] =>PUP.Optional.CrossRider O39 - APT: - (...) -- C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-3.job [4162] =>PUP.Optional.CrossRider O39 - APT: - (...) -- C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-4.job [4162] =>PUP.Optional.CrossRider O39 - APT: - (...) -- C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-5.job [2450] =>PUP.Optional.CrossRider O39 - APT: - (...) -- C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-5_user.job [2450] =>PUP.Optional.CrossRider O39 - APT: - (...) -- C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-6.job [5522] =>PUP.Optional.CrossRider O39 - APT: - (...) -- C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-7.job [5186] =>PUP.Optional.CrossRider O39 - APT: - (...) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [902] O39 - APT: - (...) -- C:\Windows\Tasks\APSnotifierPP1.job [366] =>PUP.Optional.AnyProtect O39 - APT: - (...) -- C:\Windows\Tasks\APSnotifierPP2.job [364] =>PUP.Optional.AnyProtect O39 - APT: - (...) -- C:\Windows\Tasks\APSnotifierPP3.job [364] =>PUP.Optional.AnyProtect O39 - APT: - (...) -- C:\Windows\Tasks\atO4Zw5rXevAcaBSBH.job [1026] O39 - APT: - (...) -- C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job [358] =>PUP.Optional.BidailySync O39 - APT: - (...) -- C:\Windows\Tasks\cSJgnGXh98hMRjaD4Qhu7.job [1032] O39 - APT: - (...) -- C:\Windows\Tasks\fiRuxnOSf5XOBqPvh.job [1024] O39 - APT: - (...) -- C:\Windows\Tasks\fmybgmVJG9gvYuSEew.job [1026] O39 - APT: - (...) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [982] =>PUP.Optional.GlobalUpdate O39 - APT: - (...) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job [986] =>PUP.Optional.GlobalUpdate O39 - APT: - (...) -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-468734458-1884841994-1836443768-1001Core.job [1044] O39 - APT: - (...) -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-468734458-1884841994-1836443768-1001UA.job [1096] O39 - APT: - (...) -- C:\Windows\Tasks\LaCmoICEKYr.job [1012] O39 - APT: - (...) -- C:\Windows\Tasks\s7w3sScfL4tfUF4b1cTgjWIU6.job [1040] O39 - APT: - (...) -- C:\Windows\Tasks\SoccerGrind.job [372] O39 - APT: - (...) -- C:\Windows\Tasks\zwAwJbRiIW0KQoZBKcOLwVCYUx.job [1042] O39 - APT: - (...) -- C:\Windows\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}.job [282] O39 - APT: - (...) -- C:\Windows\System32\Tasks\2gJNRTD1m6knhqr2d7XwZ5mNBN [4048] O39 - APT: - (...) -- C:\Windows\System32\Tasks\4pf1TdbUx [4014] O39 - APT: - (...) -- C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-6 [6146] =>PUP.Optional.CrossRider O39 - APT: - (...) -- C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-7 [6146] =>PUP.Optional.CrossRider O39 - APT: - (...) -- C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-10_user [5116] =>PUP.Optional.CrossRider O39 - APT: - (...) -- C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-3 [7166] =>PUP.Optional.CrossRider O39 - APT: - (...) -- C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-4 [7166] =>PUP.Optional.CrossRider O39 - APT: - (...) -- C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-5 [5454] =>PUP.Optional.CrossRider O39 - APT: - (...) -- C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-5_user [5450] =>PUP.Optional.CrossRider O39 - APT: - (...) -- C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-6 [8526] =>PUP.Optional.CrossRider O39 - APT: - (...) -- C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-7 [8190] =>PUP.Optional.CrossRider O39 - APT: - (...) -- C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-1-6 [5776] =>PUP.Optional.CrossRider O39 - APT: - (...) -- C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-1-7 [6120] =>PUP.Optional.CrossRider O39 - APT: - (...) -- C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-10_user [5090] =>PUP.Optional.CrossRider O39 - APT: - (...) -- C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-4 [7820] =>PUP.Optional.CrossRider O39 - APT: - (...) -- C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-5 [5428] =>PUP.Optional.CrossRider O39 - APT: - (...) -- C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-5_user [5424] =>PUP.Optional.CrossRider O39 - APT: - (...) -- C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-6 [8164] =>PUP.Optional.CrossRider O39 - APT: - (...) -- C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-7 [8164] =>PUP.Optional.CrossRider O39 - APT: - (...) -- C:\Windows\System32\Tasks\Adobe Acrobat Update Task [3874] O39 - APT: - (...) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [3790] O39 - APT: - (...) -- C:\Windows\System32\Tasks\APSnotifierPP1 [2796] =>PUP.Optional.AnyProtect O39 - APT: - (...) -- C:\Windows\System32\Tasks\APSnotifierPP2 [2794] =>PUP.Optional.AnyProtect O39 - APT: - (...) -- C:\Windows\System32\Tasks\APSnotifierPP3 [2794] =>PUP.Optional.AnyProtect O39 - APT: - (...) -- C:\Windows\System32\Tasks\atO4Zw5rXevAcaBSBH [4032] O39 - APT: - (...) -- C:\Windows\System32\Tasks\AutoPico Daily Restart [3704] =>PUA.KMSpico O39 - APT: - (...) -- C:\Windows\System32\Tasks\Bidaily Synchronize Task[8da6] [3244] =>PUP.Optional.BidailySync O39 - APT: - (...) -- C:\Windows\System32\Tasks\CCleanerSkipUAC [2772] O39 - APT: - (...) -- C:\Windows\System32\Tasks\cSJgnGXh98hMRjaD4Qhu7 [4038] O39 - APT: - (...) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-468734458-1884841994-1836443768-1001Core [3444] O39 - APT: - (...) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-468734458-1884841994-1836443768-1001UA [3794] O39 - APT: - (...) -- C:\Windows\System32\Tasks\fiRuxnOSf5XOBqPvh [4032] O39 - APT: - (...) -- C:\Windows\System32\Tasks\fmybgmVJG9gvYuSEew [4034] O39 - APT: - (...) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [3722] =>PUP.Optional.GlobalUpdate O39 - APT: - (...) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA [3958] =>PUP.Optional.GlobalUpdate O39 - APT: - (...) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-468734458-1884841994-1836443768-1001Core [3662] O39 - APT: - (...) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-468734458-1884841994-1836443768-1001UA [4042] O39 - APT: - (...) -- C:\Windows\System32\Tasks\Hoeaslnoju [3456] O39 - APT: - (...) -- C:\Windows\System32\Tasks\klcp_update [3666] O39 - APT: - (...) -- C:\Windows\System32\Tasks\LaCmoICEKYr [4016] O39 - APT: - (...) -- C:\Windows\System32\Tasks\s7w3sScfL4tfUF4b1cTgjWIU6 [4046] O39 - APT: - (...) -- C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task [4034] =>PUP.Optional.SmartWebSearch O39 - APT: - (...) -- C:\Windows\System32\Tasks\SoccerGrind [3258] O39 - APT: - (...) -- C:\Windows\System32\Tasks\zwAwJbRiIW0KQoZBKcOLwVCYUx [4048] O39 - APT: - (...) -- C:\Windows\System32\Tasks\{1D2ED8B5-950D-4DD8-BE18-D38774C0A513} [3152] O39 - APT: - (...) -- C:\Windows\System32\Tasks\{42504C4D-F411-42EE-BE3B-B67FFBC564B6} [3152] O39 - APT: - (...) -- C:\Windows\System32\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200} [3128] ---\\ Software instalados (042) (37) - 13s O42 - Logiciel: Adobe Flash Player 18 NPAPI - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player NPAPI O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner O42 - Logiciel: Crossbrowse - (.The Crossbrowse Authors.) [HKLM] -- Crossbrowse =>PUP.Optional.CrossBrowse O42 - Logiciel: FormatFactory 2.60 - (.Free Time.) [HKLM] -- FormatFactory O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI O42 - Logiciel: HQ-VidPro-2.5cV19.07 - (.HQ-Video2.5dV19.07.) [HKLM] -- HQ-VidPro-2.5cV19.07 =>PUP.Optional.CrossRider O42 - Logiciel: K-Lite Mega Codec Pack 10.8.0 - (...) [HKLM] -- KLiteCodecPack_is1 O42 - Logiciel: KMSpico v9.0.6.20131120 - (...) [HKLM] -- KMSpico_is1 =>PUA.KMSpico O42 - Logiciel: Mozilla Firefox 36.0.1 (x86 pt-BR) - (.Mozilla.) [HKLM] -- Mozilla Firefox 36.0.1 (x86 pt-BR) O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] -- MozillaMaintenanceService O42 - Logiciel: Naviextras Toolbox - (.NNG Llc..) [HKLM] -- Naviextras Toolbox O42 - Logiciel: PhotoScape - (...) [HKLM] -- PhotoScape O42 - Logiciel: Picasa 3 - (.Google, Inc..) [HKLM] -- Picasa 3 O42 - Logiciel: Plugin Letras.mus.br 1.30 - (.Letras.mus.br.) [HKLM] -- Plugin Letras.mus.br O42 - Logiciel: Real Alternative 2.0.2 Lite - (...) [HKLM] -- RealAlt_is1 O42 - Logiciel: Unlocker 1.9.2 - (.Cedrick Collomb.) [HKLM] -- Unlocker O42 - Logiciel: Winkochan Djmixer-PRO 4.0 - (.Winkochan Sistemas de áudio Ltda..) [HKLM] -- Winkochan DJMIXER-PRO IV - FREEWARE_is1 O42 - Logiciel: Arquivo do WinRAR - (...) [HKLM] -- WinRAR archiver O42 - Logiciel: Facebook Video Calling 3.1.0.521 - (.Skype Limited.) [HKLM] -- {2091F234-EB58-4B80-8C96-8EB78C808CF7} O42 - Logiciel: Classic Shell - (.IvoSoft.) [HKLM] -- {4D39908B-D289-43E2-91EA-E2DD35058870} O42 - Logiciel: Naviextras Toolbox Prerequesities - (.NNG Llc..) [HKLM] -- {537575D6-3B96-474C-BD8F-DFF667363DBD} O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B} O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} O42 - Logiciel: Minhateca.com.br Box - (.Minhateca.com.br.) [HKLM] -- {6A22B145-83AD-4320-946C-73E04E4D3E90} O42 - Logiciel: The Sims™ 2 Grandes Negócios Coleção - (.Electronic Arts.) [HKLM] -- {6CB35178-9E25-48fb-9F86-E40ADC7043B6} O42 - Logiciel: The Sims 2 - (...) [HKLM] -- {6E7DD182-9FC6-4651-0095-2E666CC6AF35} O42 - Logiciel: The Sims™ 2 Mundo Universitário Coleção - (.Electronic Arts.) [HKLM] -- {76703039-C98C-4e62-A12C-4D7066BE9985} O42 - Logiciel: Nero 7 Ultra Edition - (.Nero AG.) [HKLM] -- {98EFD8F0-08DE-48DB-B922-A2EBAB711046} O42 - Logiciel: globalupdate Helper - (.globalupdate Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>PUP.Optional.GlobalUpdate O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-0804-1033-1959-001824147215} O42 - Logiciel: Adobe Reader XI (11.0.11) - Português - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1046-7B44-AB0000000001} O42 - Logiciel: aTube Catcher versão 3.8 - (.DsNET Corp.) [HKLM] -- {D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1 O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} O42 - Logiciel: Google+ Auto Backup - (.Google, Inc..) [HKCU] -- Google+ Auto Backup O42 - Logiciel: GUPlayer (remove only) - (...) [HKCU] -- GUPlayer =>PUP.Optional.GUPlayer O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU] -- uTorrent ---\\ HKCU & HKLM Software Keys (162) - 14s HKLM\SOFTWARE\38d0e584-8e29-4a19-ad12-0f7fe1d403c7 =>PUP.Optional.CrossRider HKLM\SOFTWARE\Adobe HKLM\SOFTWARE\AdwCleaner HKLM\SOFTWARE\Ahead HKLM\SOFTWARE\AppDataLow HKLM\SOFTWARE\ArenaHD =>PUP.Optional.CrossRider HKLM\SOFTWARE\ATI Technologies HKLM\SOFTWARE\Audible HKLM\SOFTWARE\Auslogics HKLM\SOFTWARE\AviSynth HKLM\SOFTWARE\Baidu Security HKLM\SOFTWARE\Baidu_Drp_pos HKLM\SOFTWARE\BubbleSound =>PUP.Optional.BubbleSound HKLM\SOFTWARE\Chromium HKLM\SOFTWARE\COMODO HKLM\SOFTWARE\ComodoGroup HKLM\SOFTWARE\Crossbrowse =>PUP.Optional.CrossBrowse HKLM\SOFTWARE\Disc Soft HKLM\SOFTWARE\DivXNetworks HKLM\SOFTWARE\EA GAMES HKLM\SOFTWARE\Electronic Arts HKLM\SOFTWARE\EVP HKLM\SOFTWARE\GlobalUpdate =>PUP.Optional.GlobalUpdate HKLM\SOFTWARE\GNU HKLM\SOFTWARE\Google HKLM\SOFTWARE\GOSafer HKLM\SOFTWARE\HaaliMkx HKLM\SOFTWARE\Hewlett-Packard HKLM\SOFTWARE\HighDefAction =>PUP.Optional.CrossRider HKLM\SOFTWARE\HQ-VidPro-2.5cV16.07 =>PUP.Optional.CrossRider HKLM\SOFTWARE\HQ-VidPro-2.5cV16.07-nv =>PUP.Optional.CrossRider HKLM\SOFTWARE\HQ-VidPro-2.5cV16.07-nv-ie =>PUP.Optional.CrossRider HKLM\SOFTWARE\HQ-VidPro-2.5cV19.07 =>PUP.Optional.CrossRider HKLM\SOFTWARE\HQ-VidPro-2.5cV19.07-nv =>PUP.Optional.CrossRider HKLM\SOFTWARE\HQ-VidPro-2.5cV19.07-nv-ie =>PUP.Optional.CrossRider HKLM\SOFTWARE\Icaros HKLM\SOFTWARE\Infonaut_1.10.0.14 =>PUP.Optional.Infonaut HKLM\SOFTWARE\InstalledBrowserExtensions =>PUP.Optional.BrowserExtensions HKLM\SOFTWARE\Intel HKLM\SOFTWARE\istartsurfSoftware =>PUP.Optional.IsStart HKLM\SOFTWARE\IvoSoft HKLM\SOFTWARE\KLCodecPack HKLM\SOFTWARE\LAV HKLM\SOFTWARE\LogMeInRescueCallingCard HKLM\SOFTWARE\Macromedia HKLM\SOFTWARE\Minhateca.com.br Box HKLM\SOFTWARE\Mooii HKLM\SOFTWARE\Mozilla HKLM\SOFTWARE\mozilla.org HKLM\SOFTWARE\MozillaPlugins HKLM\SOFTWARE\Naviextras HKLM\SOFTWARE\Nero HKLM\SOFTWARE\NetTcpHandler HKLM\SOFTWARE\NtIObits HKLM\SOFTWARE\NtSvcHandler HKLM\SOFTWARE\ODBC HKLM\SOFTWARE\Opera Software HKLM\SOFTWARE\Piriform HKLM\SOFTWARE\Product Deals =>ProductDeals HKLM\SOFTWARE\ProtectedHp HKLM\SOFTWARE\raptor HKLM\SOFTWARE\RealAlternative HKLM\SOFTWARE\RealNetworks HKLM\SOFTWARE\Realtek HKLM\SOFTWARE\Realtek Semiconductor Corp. HKLM\SOFTWARE\Reg HKLM\SOFTWARE\RegisteredApplications HKLM\SOFTWARE\seekmx HKLM\SOFTWARE\Skype HKLM\SOFTWARE\SuperClick_1.10.0.16 =>PUP.Optional.SuperClick HKLM\SOFTWARE\Tutorials =>PUP.Optional.AgenceExclusive HKLM\SOFTWARE\Volatile HKLM\SOFTWARE\WinRAR HKLM\SOFTWARE\WordSurfer_1.10.0.19 =>PUP.Optional.WordSurfer HKLM\SOFTWARE\YorkNewCin =>PUP.Optional.CrossRider HKCU\SOFTWARE\2gJNRTD1m6knhqr2d7XwZ5mNBN HKCU\SOFTWARE\4pf1TdbUx HKCU\SOFTWARE\Adobe HKCU\SOFTWARE\Ahead HKCU\SOFTWARE\AnyProtect =>PUP.Optional.AnyProtect HKCU\SOFTWARE\AOL HKCU\SOFTWARE\App Lid-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\AppDataLow HKCU\SOFTWARE\ArenaHD =>PUP.Optional.CrossRider HKCU\SOFTWARE\atO4Zw5rXevAcaBSBH HKCU\SOFTWARE\Baidu Security HKCU\SOFTWARE\Baixaki HKCU\SOFTWARE\BitTorrent HKCU\SOFTWARE\BrowserV17.07-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\BrowserV20.07-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\BrowserV25.06-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\Chromium HKCU\SOFTWARE\CinemaPlus-3.2cV10.07-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\CinemaPlus-3.2cV25.05-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\CinemaPlus-4.2vV10.07-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\Crossbrowse =>PUP.Optional.CrossBrowse HKCU\SOFTWARE\Disc Soft HKCU\SOFTWARE\Facebook HKCU\SOFTWARE\fiRuxnOSf5XOBqPvh HKCU\SOFTWARE\fmybgmVJG9gvYuSEew HKCU\SOFTWARE\FreeTime HKCU\SOFTWARE\Gabest HKCU\SOFTWARE\gamesdesktop =>PUP.Optional.GamesDesktop HKCU\SOFTWARE\Ge-Force-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\globalUpdate =>PUP.Optional.GlobalUpdate HKCU\SOFTWARE\GNU HKCU\SOFTWARE\GoHD-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\GoldenGate HKCU\SOFTWARE\Google HKCU\SOFTWARE\Haali HKCU\SOFTWARE\Hewlett-Packard HKCU\SOFTWARE\HighDefAction =>PUP.Optional.CrossRider HKCU\SOFTWARE\HQ-Video-Pro-2.1cV24.02-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\HQ-Video-Pro-2.1cV24.05-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\HQ-VidPro-2.5cV16.07-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\HQ-VidPro-2.5cV19.07-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\HQ-VidPro-2.5cV24.06-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\I - Cinema-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\I-Cinema =>PUP.Optional.CrossRider HKCU\SOFTWARE\Icaros HKCU\SOFTWARE\IM Providers HKCU\SOFTWARE\InstallPath HKCU\SOFTWARE\Intel HKCU\SOFTWARE\IvoSoft HKCU\SOFTWARE\LaCmoICEKYr HKCU\SOFTWARE\Licenses HKCU\SOFTWARE\Local AppWizard-Generated Applications HKCU\SOFTWARE\LogMeInRescueCallingCard HKCU\SOFTWARE\Macromedia HKCU\SOFTWARE\MakeMSI HKCU\SOFTWARE\Mooii HKCU\SOFTWARE\Mozilla HKCU\SOFTWARE\MozillaPlugins HKCU\SOFTWARE\MPC-HC HKCU\SOFTWARE\Naviextras HKCU\SOFTWARE\Netscape HKCU\SOFTWARE\OB HKCU\SOFTWARE\ODBC HKCU\SOFTWARE\Opera Software HKCU\SOFTWARE\Piriform HKCU\SOFTWARE\Product Deals =>ProductDeals HKCU\SOFTWARE\ProtectedHp HKCU\SOFTWARE\RealNetworks HKCU\SOFTWARE\Realtek HKCU\SOFTWARE\Reg HKCU\SOFTWARE\RegisteredApplications HKCU\SOFTWARE\s7w3sScfL4tfUF4b1cTgjWIU6 HKCU\SOFTWARE\SavePass 1.1-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\SecuROM HKCU\SOFTWARE\Sense-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\Skype HKCU\SOFTWARE\Trolltech HKCU\SOFTWARE\tstamptoken =>PUP.Optional.MaxComputerCleaner HKCU\SOFTWARE\VB and VBA Program Settings HKCU\SOFTWARE\WebApp HKCU\SOFTWARE\WinRAR HKCU\SOFTWARE\WinRAR SFX HKCU\SOFTWARE\YorkNewCin =>PUP.Optional.CrossRider HKCU\SOFTWARE\ZebHelpProcess Helper HKCU\SOFTWARE\AppDataLow\Software HKCU\SOFTWARE\AppDataLow\Software\Crossrider =>PUP.Optional.CrossRider HKCU\SOFTWARE\AppDataLow\Software\SmartWeb =>PUP.Optional.SmartWebSearch ---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43) (156) - 16s O43 - CFD: 2015/07/20 21:07:15 - [] D -- C:\Program Files\Adobe O43 - CFD: 2014/10/21 10:06:09 - [0] SHD -- C:\Program Files\Arquivos Comuns O43 - CFD: 2014/10/21 12:17:18 - [] D -- C:\Program Files\CCleaner O43 - CFD: 2014/10/21 10:24:52 - [] D -- C:\Program Files\Classic Shell O43 - CFD: 2015/07/17 19:30:13 - [] D -- C:\Program Files\Common Files O43 - CFD: 2015/07/20 21:34:04 - [] D -- C:\Program Files\Crossbrowse =>PUP.Optional.CrossBrowse O43 - CFD: 2015/03/01 18:50:43 - [] D -- C:\Program Files\DsNET Corp O43 - CFD: 2014/12/25 18:00:40 - [] D -- C:\Program Files\EA GAMES O43 - CFD: 2014/10/21 10:35:07 - [] D -- C:\Program Files\FreeTime O43 - CFD: 2015/04/30 11:32:48 - [] D -- C:\Program Files\Google O43 - CFD: 2014/10/21 10:32:52 - [] D -- C:\Program Files\GUM1303.tmp O43 - CFD: 2015/07/09 15:35:33 - [] D -- C:\Program Files\Helpless Club O43 - CFD: 2015/07/20 21:17:45 - [] D -- C:\Program Files\HQ-VidPro-2.5cV19.07 =>PUP.Optional.CrossRider O43 - CFD: 2014/12/23 15:02:31 - [] HD -- C:\Program Files\InstallShield Installation Information O43 - CFD: 2015/07/17 17:57:46 - [] D -- C:\Program Files\Internet Explorer O43 - CFD: 2014/10/21 12:23:39 - [] D -- C:\Program Files\K-Lite Codec Pack O43 - CFD: 2014/12/23 14:55:27 - [] D -- C:\Program Files\KMSpico =>PUA.KMSpico O43 - CFD: 2014/10/21 10:51:51 - [] D -- C:\Program Files\Microsoft Analysis Services O43 - CFD: 2014/10/21 10:53:04 - [] D -- C:\Program Files\Microsoft Office O43 - CFD: 2014/10/21 10:53:02 - [] D -- C:\Program Files\Microsoft Sync Framework O43 - CFD: 2014/10/21 10:52:20 - [] D -- C:\Program Files\Microsoft Visual Studio 8 O43 - CFD: 2014/10/21 10:53:02 - [] D -- C:\Program Files\Microsoft.NET O43 - CFD: 2015/04/01 17:55:30 - [] D -- C:\Program Files\Minhateca.com.br Box O43 - CFD: 2015/03/09 18:04:03 - [] D -- C:\Program Files\MiniGet O43 - CFD: 2015/07/17 22:11:08 - [] D -- C:\Program Files\Mozilla Firefox O43 - CFD: 2015/04/30 10:51:03 - [] D -- C:\Program Files\Mozilla Maintenance Service O43 - CFD: 2015/07/17 19:32:44 - [] D -- C:\Program Files\MSBuild O43 - CFD: 2015/03/16 13:52:42 - [] D -- C:\Program Files\Naviextras O43 - CFD: 2014/10/21 11:09:02 - [] D -- C:\Program Files\Nero O43 - CFD: 2015/02/24 16:42:21 - [] D -- C:\Program Files\Opera O43 - CFD: 2015/02/24 15:58:01 - [] D -- C:\Program Files\OperaHelper O43 - CFD: 2014/10/21 10:37:44 - [] D -- C:\Program Files\PhotoScape O43 - CFD: 2014/10/21 12:10:38 - [] D -- C:\Program Files\PluginLetras O43 - CFD: 2014/10/21 10:37:16 - [] D -- C:\Program Files\Real Alternative O43 - CFD: 2014/10/21 13:18:00 - [] D -- C:\Program Files\Realtek O43 - CFD: 2015/05/16 22:22:00 - [0] D -- C:\Program Files\Recuva O43 - CFD: 2015/05/25 10:24:17 - [] D -- C:\Program Files\Reference Assemblies O43 - CFD: 2015/03/16 13:48:17 - [] D -- C:\Program Files\SaveSys O43 - CFD: 2015/07/08 21:36:06 - [] D -- C:\Program Files\Spotless Valuable O43 - CFD: 2012/07/26 03:04:59 - [0] HD -- C:\Program Files\Uninstall Information O43 - CFD: 2015/07/14 18:50:02 - [] D -- C:\Program Files\Unlocker O43 - CFD: 2015/04/01 10:54:33 - [] D -- C:\Program Files\Windows Defender O43 - CFD: 2015/05/16 22:19:45 - [] D -- C:\Program Files\Windows Journal O43 - CFD: 2012/07/26 05:53:52 - [] D -- C:\Program Files\Windows Mail O43 - CFD: 2014/10/29 17:47:08 - [] D -- C:\Program Files\Windows Media Player O43 - CFD: 2012/07/26 03:53:56 - [] D -- C:\Program Files\Windows Multimedia Platform O43 - CFD: 2014/10/21 10:06:09 - [] D -- C:\Program Files\Windows NT O43 - CFD: 2014/10/26 19:15:25 - [] D -- C:\Program Files\Windows Photo Viewer O43 - CFD: 2012/07/26 03:53:56 - [] D -- C:\Program Files\Windows Portable Devices O43 - CFD: 2012/07/26 03:53:43 - [] SHD -- C:\Program Files\Windows Sidebar O43 - CFD: 2015/07/17 00:34:13 - [] HD -- C:\Program Files\WindowsApps O43 - CFD: 2014/10/21 12:10:14 - [] D -- C:\Program Files\WinRAR O43 - CFD: 2012/07/26 03:53:44 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility O43 - CFD: 2014/10/26 19:15:31 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 2014/11/01 22:32:38 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 2015/04/07 10:32:03 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher O43 - CFD: 2014/10/21 10:18:59 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner O43 - CFD: 2014/10/21 10:24:52 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell O43 - CFD: 2014/12/25 18:04:53 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES O43 - CFD: 2014/10/24 18:34:20 - [0] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games O43 - CFD: 2015/07/11 18:57:06 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome O43 - CFD: 2014/10/21 12:23:45 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack O43 - CFD: 2012/07/26 03:53:44 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 2015/07/17 19:29:49 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office O43 - CFD: 2015/04/01 17:55:31 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minhateca.com.br O43 - CFD: 2014/10/21 11:11:09 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition O43 - CFD: 2014/10/21 10:37:44 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape O43 - CFD: 2015/04/01 10:54:11 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 O43 - CFD: 2014/10/21 10:37:16 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Alternative O43 - CFD: 2015/07/17 19:29:48 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint O43 - CFD: 2014/12/25 18:00:30 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp O43 - CFD: 2014/11/01 22:32:27 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools O43 - CFD: 2012/07/26 05:57:57 - [0] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC O43 - CFD: 2014/10/21 10:29:05 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR O43 - CFD: 2015/07/16 15:39:35 - [] D -- C:\ProgramData\8502260805179791820 O43 - CFD: 2015/03/16 13:49:35 - [] D -- C:\ProgramData\Adobe O43 - CFD: 2014/10/21 11:10:36 - [] D -- C:\ProgramData\Ahead O43 - CFD: 2012/07/26 03:04:44 - [0] SHD -- C:\ProgramData\Application Data O43 - CFD: 2015/07/20 19:29:02 - [] D -- C:\ProgramData\AppMgr1.66.6715824 O43 - CFD: 2014/10/21 12:16:58 - [] D -- C:\ProgramData\Auslogics O43 - CFD: 2015/01/05 09:50:29 - [] D -- C:\ProgramData\Baidu Security O43 - CFD: 2014/10/21 10:06:09 - [0] SHD -- C:\ProgramData\Dados de Aplicativos O43 - CFD: 2014/10/21 11:01:39 - [0] D -- C:\ProgramData\DAEMON Tools Lite O43 - CFD: 2012/07/26 03:04:44 - [0] SHD -- C:\ProgramData\Desktop O43 - CFD: 2014/10/21 10:06:08 - [0] SHD -- C:\ProgramData\Documentos O43 - CFD: 2012/07/26 03:04:44 - [0] SHD -- C:\ProgramData\Documents O43 - CFD: 2014/10/21 15:38:21 - [] D -- C:\ProgramData\Hewlett-Packard O43 - CFD: 2015/07/20 20:22:33 - [] D -- C:\ProgramData\Hoeaslnoju O43 - CFD: 2014/10/21 10:06:09 - [0] SHD -- C:\ProgramData\Menu Iniciar O43 - CFD: 2015/06/03 16:40:46 - [] SD -- C:\ProgramData\Microsoft O43 - CFD: 2015/07/20 12:13:32 - [] D -- C:\ProgramData\Microsoft Help O43 - CFD: 2014/10/21 10:06:09 - [0] SHD -- C:\ProgramData\Modelos O43 - CFD: 2014/10/21 10:33:58 - [] D -- C:\ProgramData\Mozilla O43 - CFD: 2014/10/21 11:09:02 - [] D -- C:\ProgramData\Nero O43 - CFD: 2014/10/21 11:16:19 - [] D -- C:\ProgramData\PRICache O43 - CFD: 2012/07/26 05:57:57 - [] D -- C:\ProgramData\regid.1991-06.com.microsoft O43 - CFD: 2015/05/28 10:02:16 - [] D -- C:\ProgramData\Rlutoacaiinoo O43 - CFD: 2014/12/07 21:34:58 - [] D -- C:\ProgramData\Skype O43 - CFD: 2012/07/26 03:04:44 - [0] SHD -- C:\ProgramData\Start Menu O43 - CFD: 2012/07/26 03:04:44 - [0] SHD -- C:\ProgramData\Templates O43 - CFD: 2015/07/20 21:00:19 - [] D -- C:\ProgramData\ToolsUpdatePlatform O43 - CFD: 2015/07/16 15:34:35 - [] D -- C:\ProgramData\{2eba7930-dd82-a6ce-2eba-a7930dd8e4c3} O43 - CFD: 2015/07/02 15:34:19 - [] D -- C:\ProgramData\{e8b0b77e-0f29-17b4-e8b0-0b77e0f2ddf8} O43 - CFD: 2015/02/24 22:04:54 - [] D -- C:\Program Files\Common Files\Adobe O43 - CFD: 2014/10/21 11:10:19 - [] D -- C:\Program Files\Common Files\Ahead O43 - CFD: 2015/07/17 19:30:13 - [] D -- C:\Program Files\Common Files\DESIGNER O43 - CFD: 2014/10/21 13:17:54 - [] D -- C:\Program Files\Common Files\InstallShield O43 - CFD: 2015/07/17 19:34:46 - [] D -- C:\Program Files\Common Files\microsoft shared O43 - CFD: 2012/07/26 03:53:56 - [] D -- C:\Program Files\Common Files\Services O43 - CFD: 2014/10/21 10:06:09 - [0] SHD -- C:\Program Files\Common Files\Sistema O43 - CFD: 2015/07/17 19:04:07 - [] D -- C:\Program Files\Common Files\System O43 - CFD: 2015/05/20 09:30:56 - [] D -- C:\Users\Odair\AppData\Roaming\Adobe O43 - CFD: 2014/10/21 11:10:49 - [] D -- C:\Users\Odair\AppData\Roaming\Ahead O43 - CFD: 2015/07/20 11:04:33 - [] SHD -- C:\Users\Odair\AppData\Roaming\AnyProtectEx =>PUP.Optional.AnyProtect O43 - CFD: 2015/02/24 15:28:54 - [] D -- C:\Users\Odair\AppData\Roaming\FFFFFFFF-1424791665-FFFF-FFFF-FFFFFFFFFFFF O43 - CFD: 2015/02/24 15:41:14 - [] HD -- C:\Users\Odair\AppData\Roaming\GoldenGate O43 - CFD: 2014/12/23 14:59:11 - [] D -- C:\Users\Odair\AppData\Roaming\IGC O43 - CFD: 2014/12/23 16:34:33 - [0] D -- C:\Users\Odair\AppData\Roaming\IrfanView O43 - CFD: 2014/10/21 12:12:28 - [] D -- C:\Users\Odair\AppData\Roaming\Macromedia O43 - CFD: 2015/07/20 21:04:05 - [] SD -- C:\Users\Odair\AppData\Roaming\Microsoft O43 - CFD: 2015/03/09 17:52:09 - [] D -- C:\Users\Odair\AppData\Roaming\MiniGet O43 - CFD: 2014/10/21 11:54:19 - [] D -- C:\Users\Odair\AppData\Roaming\Mozilla O43 - CFD: 2014/10/21 12:24:26 - [] D -- C:\Users\Odair\AppData\Roaming\MPC-HC O43 - CFD: 2015/03/16 13:55:54 - [] D -- C:\Users\Odair\AppData\Roaming\naviextras O43 - CFD: 2015/07/11 18:39:48 - [] D -- C:\Users\Odair\AppData\Roaming\NetService O43 - CFD: 2015/02/24 15:57:37 - [] D -- C:\Users\Odair\AppData\Roaming\Opera Software O43 - CFD: 2015/07/14 18:47:02 - [] D -- C:\Users\Odair\AppData\Roaming\RunDir O43 - CFD: 2015/06/03 15:34:10 - [0] D -- C:\Users\Odair\AppData\Roaming\searchult O43 - CFD: 2014/10/21 10:43:52 - [] D -- C:\Users\Odair\AppData\Roaming\Skype O43 - CFD: 2015/07/18 23:21:06 - [] D -- C:\Users\Odair\AppData\Roaming\UG O43 - CFD: 2015/06/03 16:34:22 - [] D -- C:\Users\Odair\AppData\Roaming\uTorrent O43 - CFD: 2014/10/21 12:08:28 - [0] D -- C:\Users\Odair\AppData\Roaming\WinRAR O43 - CFD: 2015/07/20 21:43:49 - [] D -- C:\Users\Odair\AppData\Roaming\ZHP O43 - CFD: 2015/07/20 21:03:32 - [] D -- C:\Users\Odair\AppData\Local\Adobe O43 - CFD: 2015/07/20 21:11:19 - [] D -- C:\Users\Odair\AppData\Local\Ahead O43 - CFD: 2015/07/18 15:16:10 - [] D -- C:\Users\Odair\AppData\Local\Crossbrowse =>PUP.Optional.CrossBrowse O43 - CFD: 2015/07/20 20:30:48 - [] D -- C:\Users\Odair\AppData\Local\globalUpdate =>PUP.Optional.GlobalUpdate O43 - CFD: 2015/07/20 20:26:41 - [] D -- C:\Users\Odair\AppData\Local\Google O43 - CFD: 2015/07/20 21:08:40 - [] D -- C:\Users\Odair\AppData\Local\Microsoft O43 - CFD: 2015/07/20 20:27:14 - [] D -- C:\Users\Odair\AppData\Local\Packages O43 - CFD: 2015/07/20 21:08:06 - [] D -- C:\Users\Odair\AppData\Local\Programs O43 - CFD: 2015/07/20 20:27:15 - [] D -- C:\Users\Odair\AppData\Local\SmartWeb =>PUP.Optional.SmartWebSearch O43 - CFD: 2015/07/20 21:44:06 - [] D -- C:\Users\Odair\AppData\Local\Temp O43 - CFD: 2015/07/20 21:03:16 - [0] D -- C:\Users\Odair\AppData\Local\VirtualStore O43 - CFD: 2012/07/26 03:53:44 - [] RD -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility O43 - CFD: 2012/07/26 03:53:43 - [] RD -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 2015/03/23 14:53:24 - [] RD -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 2014/10/21 10:35:30 - [] D -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory O43 - CFD: 2014/10/21 20:44:25 - [] D -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup O43 - CFD: 2015/07/20 21:13:34 - [] D -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer =>PUP.Optional.GUPlayer O43 - CFD: 2012/07/26 03:53:44 - [] D -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 2015/03/16 13:52:58 - [] D -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Naviextras O43 - CFD: 2015/07/20 21:43:44 - [] RD -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup O43 - CFD: 2012/07/26 03:53:43 - [] RD -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools O43 - CFD: 2015/06/03 14:58:45 - [] D -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker O43 - CFD: 2014/10/21 10:29:05 - [] D -- C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR ---\\ Últimos arquivos criados no Windows Prefetcher (045) (30) - 120s O45 - LFCP:[MD5.D7672E4C99C0DAFC82A2C1A4F68C33BF] 2015/07/20 20:17:58 A -- C:\Windows\Prefetch\3DBUBBLESOUND.EXE-1ABDC950.pf =>PUP.Optional.BubbleSound O45 - LFCP:[MD5.9E7369E270B7D36AEFA6DF6E60080C9C] 2015/07/20 20:44:02 A -- C:\Windows\Prefetch\ANYPROTECT.EXE-A6F01169.pf =>PUP.Optional.AnyProtect O45 - LFCP:[MD5.B0AA55BED8EF7F0F75832089D538DCB6] 2015/07/20 21:04:16 A -- C:\Windows\Prefetch\CROSSBROWSE.EXE-F6F882CE.pf =>PUP.Optional.CrossBrowse O45 - LFCP:[MD5.42DA6B5D27C52E8E477B54CB27F6CE94] 2015/07/20 20:16:04 A -- C:\Windows\Prefetch\DESKTOPSEARCH_SOFT_PARTNER.EX-4FC46A60.pf =>PUP.Optional.DesktopSearch O45 - LFCP:[MD5.CC0D39AD87CCB7887185D7B1CDCB8A98] 2015/07/17 18:08:42 A -- C:\Windows\Prefetch\GAMESDESKTOP.TMP-97BB6E03.pf =>PUP.Optional.GamesDesktop O45 - LFCP:[MD5.6756AA81F930D80B1B0A19B8A311C093] 2015/07/20 21:16:41 A -- C:\Windows\Prefetch\GLOBALUPDATE.EXE-0DB303A0.pf =>PUP.Optional.GlobalUpdate O45 - LFCP:[MD5.E1F1F50666BFDBEBB1BEAFD927855C47] 2015/07/17 19:52:46 A -- C:\Windows\Prefetch\GLOBALUPDATE.EXE-4D9FC7B8.pf =>PUP.Optional.GlobalUpdate O45 - LFCP:[MD5.F09FCE3121A932FA7F7FB5E5014E1DB3] 2015/07/20 20:30:57 A -- C:\Windows\Prefetch\GLOBALUPDATE.EXE-71FDB23E.pf =>PUP.Optional.GlobalUpdate O45 - LFCP:[MD5.965F863B3C99932DCE14359E7E090162] 2015/07/20 21:16:33 A -- C:\Windows\Prefetch\GLOBALUPDATE.EXE-B66D5BF9.pf =>PUP.Optional.GlobalUpdate O45 - LFCP:[MD5.A865120B7A683C0E9DF0FA582563F88E] 2015/07/20 20:21:43 A -- C:\Windows\Prefetch\GLOBALUPDATE.EXE-CD2F91D1.pf =>PUP.Optional.GlobalUpdate O45 - LFCP:[MD5.D98CEF8653A0541AF9DEED8BBF298B54] 2015/07/20 21:06:20 A -- C:\Windows\Prefetch\GLOBALUPDATECRASHHANDLER.EXE-C9210A99.pf =>PUP.Optional.GlobalUpdate O45 - LFCP:[MD5.FDBD68C716C4C4CE121CA2CF2F152DB9] 2015/07/20 20:13:49 A -- C:\Windows\Prefetch\PACKAGE_BUBBLESOUND_INSTALLER-2E7842F8.pf =>PUP.Optional.BubbleSound O45 - LFCP:[MD5.E51D4066227ED9E438C29677B683A38D] 2015/07/20 20:13:52 A -- C:\Windows\Prefetch\PACKAGE_BUBBLESOUND_INSTALLER-4FA350A7.pf =>PUP.Optional.BubbleSound O45 - LFCP:[MD5.BB45AC9432CF0570D1DF34D91D837575] 2015/07/20 20:12:49 A -- C:\Windows\Prefetch\PACKAGE_PCROSSBROWSER_INSTALL-339B90D5.pf =>PUP.Optional.CrossBrowser O45 - LFCP:[MD5.48E3C39FAEC77E958B2483FD2BEF35F5] 2015/07/20 20:12:50 A -- C:\Windows\Prefetch\PACKAGE_PCROSSBROWSER_INSTALL-7A7A8F3E.pf =>PUP.Optional.CrossBrowser O45 - LFCP:[MD5.5278FCDF857BD0F46E2087C757B6E9A1] 2015/07/11 18:47:14 A -- C:\Windows\Prefetch\PACKAGE_PCROSSBROWSER_INSTALL-CA7897B4.pf =>PUP.Optional.CrossBrowser O45 - LFCP:[MD5.949BE26C5389214B393F4FF5C9047855] 2015/07/17 17:24:31 A -- C:\Windows\Prefetch\PACKAGE_PCROSSBROWSER_INSTALL-D7E7BC33.pf =>PUP.Optional.CrossBrowser O45 - LFCP:[MD5.A13372362E6561B16209FACE6749927B] 2015/07/17 17:47:21 A -- C:\Windows\Prefetch\PACKAGE_SPACESOUNDPRO_INSTALL-E1D2F33A.pf =>PUP.Optional.SpaceSondPro O45 - LFCP:[MD5.7ADC3C0323E614E14A5E1E1BC7CF2E80] 2015/07/20 20:16:21 A -- C:\Windows\Prefetch\PCROSSBROWSER_SOFT_PARTNER.EX-46399A3D.pf =>PUP.Optional.CrossBrowser O45 - LFCP:[MD5.FE4743F3C8A012534C71ECE294ADCB7E] 2015/07/20 11:16:15 A -- C:\Windows\Prefetch\PREDM.EXE-8A61870C.pf =>PUP.Optional.Downware O45 - LFCP:[MD5.8481072861FE39203EE72DB0929454A8] 2015/07/20 21:08:22 A -- C:\Windows\Prefetch\PREDM.EXE-AEC52FA2.pf =>PUP.Optional.Downware O45 - LFCP:[MD5.E1EB25477CF5EDBC0AE574ACEA1BFBB1] 2015/07/11 10:46:57 A -- C:\Windows\Prefetch\PREDM.TMP-540339AA.pf =>PUP.Optional.Downware O45 - LFCP:[MD5.09984D15FBC947EAFB7B74752A6372A7] 2015/07/17 19:43:36 A -- C:\Windows\Prefetch\PREDM.TMP-55860D93.pf =>PUP.Optional.Downware O45 - LFCP:[MD5.54AEB8AEE118FA23B7AF996E0463F6B4] 2015/07/20 21:08:22 A -- C:\Windows\Prefetch\PREDM.TMP-9A98624C.pf =>PUP.Optional.Downware O45 - LFCP:[MD5.7A12A2D34024A6F2C393824ED5600083] 2015/07/11 18:57:32 A -- C:\Windows\Prefetch\PREDM.TMP-BE0B9E15.pf =>PUP.Optional.Downware O45 - LFCP:[MD5.DA42F754709C4B84407641611BAC9DB2] 2015/07/17 17:45:20 A -- C:\Windows\Prefetch\PREDM.TMP-C18828B4.pf =>PUP.Optional.Downware O45 - LFCP:[MD5.59D009D29BBE933769E2489B91B1D694] 2015/07/20 11:16:18 A -- C:\Windows\Prefetch\PREDM.TMP-DEFDB9E3.pf =>PUP.Optional.Downware O45 - LFCP:[MD5.D468A410C96392BAC028F9FB3028E8B5] 2015/07/20 21:38:06 A -- C:\Windows\Prefetch\SMARTWEBAPP.EXE-789679B5.pf =>PUP.Optional.SmartWebSearch O45 - LFCP:[MD5.580E13E0B50D9EF48D8F71102D33E06D] 2015/07/20 21:04:05 A -- C:\Windows\Prefetch\SMARTWEBHELPER.EXE-EBECEAF8.pf =>PUP.Optional.SmartWebSearch O45 - LFCP:[MD5.FF68900AD76CCF60DF76B2D754E2AB0D] 2015/07/20 20:57:57 A -- C:\Windows\Prefetch\WORDSURFERAUTOUPDATECLIENT.EX-7802AD0F.pf =>PUP.Optional.WordSurfer ---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53) (1) - 1s O53 - SMSR:HKLM\...\startupreg\UnlockerAssistant [Key] . (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe ---\\ Lista dos drivers do sistema (SDL) (O58) (51) - 92s O58 - SDL:2012/07/26 00:42:31 A . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\drivers\3ware.sys [85232] O58 - SDL:2012/07/26 00:42:31 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\drivers\adp94xx.sys [424176] O58 - SDL:2012/07/26 00:42:31 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\drivers\adpahci.sys [298736] O58 - SDL:2012/07/26 00:42:31 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\System32\drivers\adpu320.sys [147696] O58 - SDL:2012/07/26 00:42:31 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys [67312] O58 - SDL:2012/07/26 00:42:31 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys [213744] O58 - SDL:2012/07/26 00:42:31 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys [22256] O58 - SDL:2012/07/26 00:42:30 A . (.PMC-Sierra, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\drivers\arc.sys [91888] O58 - SDL:2012/07/26 00:42:30 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys [94448] O58 - SDL:2012/10/19 03:52:30 A . (.Windows (R) Win 7 DDK provider - IEEE-1284.4-1999 Driver.) -- C:\Windows\System32\drivers\Dot4.sys [137632] O58 - SDL:2012/10/19 03:52:32 A . (.Windows (R) Win 7 DDK provider - IEEE-1284.4 Print Class Driver.) -- C:\Windows\System32\drivers\Dot4Prt.sys [22432] O58 - SDL:2015/01/19 10:00:08 A . (.Windows (R) Win 7 DDK provider - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\drivers\gosaferdrv.sys [45360] O58 - SDL:2012/07/26 00:42:33 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys [56048] O58 - SDL:2012/07/26 00:42:33 A . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\drivers\iaStorV.sys [333552] O58 - SDL:2009/09/23 11:18:14 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\drivers\igdkmd32.sys [4808192] O58 - SDL:2012/07/26 00:42:33 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\drivers\iirsp.sys [42224] O58 - SDL:2012/07/26 00:42:33 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys [93424] O58 - SDL:2012/07/26 00:42:33 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys [78576] O58 - SDL:2012/07/26 00:42:33 A . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_scsi.sys [100592] O58 - SDL:2012/07/26 00:42:33 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sss.sys [68848] O58 - SDL:2012/07/26 00:42:33 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys [45296] O58 - SDL:2012/07/26 00:42:15 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\MegaSR.sys [283888] O58 - SDL:2012/07/26 00:42:15 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) -- C:\Windows\System32\drivers\mvumis.sys [59120] O58 - SDL:2012/07/26 00:42:15 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\drivers\nfrd960.sys [45808] O58 - SDL:2012/07/26 00:42:15 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [120048] O58 - SDL:2012/07/26 00:42:15 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [141552] O58 - SDL:2012/07/25 19:49:40 A . (.Realtek - Driver Realtek 8101E/8168/8169 NDIS 6.30 de.) -- C:\Windows\System32\drivers\Rt630x86.sys [495104] O58 - SDL:2007/04/10 18:04:40 RA . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\Windows\System32\drivers\RtkHDAud.sys [4397568] O58 - SDL:2012/07/26 03:52:42 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys [20480] O58 - SDL:2012/07/26 00:42:15 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys [41200] O58 - SDL:2012/07/26 00:42:16 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys [79088] O58 - SDL:2012/07/26 00:42:15 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) -- C:\Windows\System32\drivers\stexstor.sys [26352] O58 - SDL:2012/07/26 00:42:18 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys [18160] O58 - SDL:2012/07/26 00:42:19 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\drivers\vsmraid.sys [155376] O58 - SDL:2012/07/26 00:42:19 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) -- C:\Windows\System32\drivers\VSTXRAID.SYS [285424] O58 - SDL:2014/12/23 05:23:14 A . (.StdLib - StdLib.) -- C:\Windows\System32\drivers\{8aefbcaf-640f-4dca-9a92-ed05ee387238}Gw.sys [43144] =>PUP.Optional.LinkiDoo O58 - SDL:2012/07/25 19:52:51 A . (...) -- C:\Windows\System32\ANSI.SYS [9029] O58 - SDL:2012/07/25 19:52:51 A . (...) -- C:\Windows\System32\country.sys [27097] O58 - SDL:2012/07/25 19:52:51 A . (...) -- C:\Windows\System32\HIMEM.SYS [4768] O58 - SDL:2012/07/25 19:52:52 A . (...) -- C:\Windows\System32\KEY01.SYS [42809] O58 - SDL:2012/07/25 19:52:52 A . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537] O58 - SDL:2012/07/25 19:52:54 A . (...) -- C:\Windows\System32\NTDOS.SYS [27866] O58 - SDL:2012/07/25 19:52:54 A . (...) -- C:\Windows\System32\NTDOS404.SYS [29146] O58 - SDL:2012/07/25 19:52:54 A . (...) -- C:\Windows\System32\NTDOS411.SYS [29370] O58 - SDL:2012/07/25 19:52:54 A . (...) -- C:\Windows\System32\NTDOS412.SYS [29274] O58 - SDL:2012/07/25 19:52:54 A . (...) -- C:\Windows\System32\NTDOS804.SYS [29146] O58 - SDL:2012/07/25 19:52:51 A . (...) -- C:\Windows\System32\NTIO.SYS [33968] O58 - SDL:2012/07/25 19:52:51 A . (...) -- C:\Windows\System32\NTIO404.SYS [34688] O58 - SDL:2012/07/25 19:52:51 A . (...) -- C:\Windows\System32\NTIO411.SYS [35776] O58 - SDL:2012/07/25 19:52:51 A . (...) -- C:\Windows\System32\NTIO412.SYS [35552] O58 - SDL:2012/07/25 19:52:51 A . (...) -- C:\Windows\System32\NTIO804.SYS [34688] ---\\ Últimos ficheiros alterados ou criados (Utilizador) (061) (4) - 105s O61 - LFC: 2015/07/20 11:50:17 A . (..) -- C:\Users\Odair\AppData\Roaming\appdataFr25.bin [24] O61 - LFC: 2015/07/13 23:42:42 A . (..) -- C:\Users\Odair\AppData\Roaming\RunDir\bn1.exe [578008] O61 - LFC: 2015/07/13 23:42:42 A . (..) -- C:\Users\Odair\AppData\Roaming\RunDir\temp\bn1.exe [578008] O61 - LFC: 2015/07/20 21:03:08 A . (..) -- C:\Users\Odair\AppData\Local\Microsoft\Windows\1046\StructuredQuerySchema.bin [339857] ---\\ Associações Shell Spawning (O67) (1) - 1s O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos.) -- C:\Windows\System32\eventvwr.exe ---\\ Menu de inicialização Internet (068) (12) - 1s O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Mozilla Firefox\firefox.ex http://www.istartsurf.com/ =>PUP.Optional.IsStart O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe http://www.seekmx.com/ O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- iexplore.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - Utilitário de Inicialização por Usuário do.) -- C:\Windows\System32\ie4uinit.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - Utilitário de Inicialização por Usuário do.) -- C:\Windows\System32\ie4uinit.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - Utilitário de Inicialização por Usuário do.) -- C:\Windows\System32\ie4uinit.exe ---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069) (24) - 31s O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("browser.search.searchengine.alias", "istartsurf"); =>PUP.Optional.IsStart O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine"); =>PUP.Optional.SearchEngine O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("browser.search.searchengine.iconURL", "http://www.istartsurf.com/favicon.ico"); =>PUP.Optional.IsStart O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("browser.search.searchengine.name", "istartsurf"); =>PUP.Optional.IsStart O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("browser.search.searchengine.ptid", "face"); =>PUP.Optional.SearchEngine O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("browser.search.searchengine.uid", "SAMSUNGXHD161GJ_S1ZWJ50Z128305"); =>PUP.Optional.SearchEngine O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("browser.search.searchengine.url", "http://www.istartsurf.com/web/?type=ds&ts=1437270335&z=4772a9c738417152e95d4f8gbz4ce[...] =>PUP.Optional.IsStart O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb [...] =>PUP.Optional.Monetization O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri [...] =>PUP.Optional.Monetization O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_bundledWithHash.value", "null"); =>PUP.Optional.Monetization O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri F[...] =>PUP.Optional.Monetization O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D"); =>PUP.Optional.Monetization O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_regBundledWithSoftware.expiration"[...] =>PUP.Optional.Monetization O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7[...] =>PUP.Optional.Monetization O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.ae2b0dff561784e3db84ed9e2815a71a2f5d474691ed6bbee47c02com69129.69129.description", "Ge-Force"); =>PUP.Optional.CrossRider O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.ae2b0dff561784e3db84ed9e2815a71a2f5d474691ed6bbee47c02com69129.69129.internaldb.monetization_plugin_bundledU[...] =>PUP.Optional.Monetization O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.ae2b0dff561784e3db84ed9e2815a71a2f5d474691ed6bbee47c02com69129.69129.internaldb.monetization_plugin_bundledW[...] =>PUP.Optional.Monetization O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.ae2b0dff561784e3db84ed9e2815a71a2f5d474691ed6bbee47c02com69129.69129.internaldb.monetization_plugin_notBundl[...] =>PUP.Optional.Monetization O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.ae2b0dff561784e3db84ed9e2815a71a2f5d474691ed6bbee47c02com69129.69129.internaldb.monetization_plugin_regBundl[...] =>PUP.Optional.Monetization O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.ae2b0dff561784e3db84ed9e2815a71a2f5d474691ed6bbee47c02com69129.69129.name", "Ge-Forces 1.1"); =>PUP.Optional.CrossRider O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.ae2b0dff561784e3db84ed9e2815a71a2f5d474691ed6bbee47c02com69129.69129.publisher", "iWebar"); =>PUP.Optional.CrossRider O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("extensions.enabledAddons", "deskCutv2%40gmail.com:0.0.10,defsearchp%40gmail.com:1.0.0.1039,sweetsearch%40gmail.com:1.0.[...] =>PUP.Optional.DeskCut O69 - SBI: prefs.js [Odair - 7o9palbe.default] user_pref("browser.startup.homepage", "http://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&fr=EUsc4l0yRP999idrAAps6xFMHedVIAm3Mg%3[...] =>PUP.Optional.Browser O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ ---\\ Listagem dos serviços iniciados pelo Svchost (SSS) (O83) (35) - 9s O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Serviço de Experiência com Aplicativo.) -- C:\Windows\System32\aelupsvc.dll [168960] O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Car.) -- C:\Windows\System32\certprop.dll [115200] O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Car.) -- C:\Windows\System32\certprop.dll [115200] O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll [236544] O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Cliente da Política de Grupo.) -- C:\Windows\System32\gpsvc.dll [1285632] O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\System32\IKEEXT.DLL [683520] O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gerenciador de Discagem Automática de Acess.) -- C:\Windows\System32\rasauto.dll [87552] O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\System32\rasmans.dll [302080] O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gerenciador de Interface Dinâmica.) -- C:\Windows\System32\mprdim.dll [81920] O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistem.) -- C:\Windows\System32\Sens.dll [49152] O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\System32\ipnathlp.dll [392192] O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft(R) Windo.) -- C:\Windows\System32\tapisrv.dll [245760] O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [2601472] O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de tel.) -- C:\Windows\System32\qmgr.dll [630272] O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\System32\shsvcs.dll [506368] O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 em u.) -- C:\Windows\System32\iphlpsvc.dll [741376] O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\Windows\System32\seclogon.dll [20992] O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações de Aplicativos.) -- C:\Windows\System32\appinfo.dll [52224] O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Descoberta iSCSI.) -- C:\Windows\System32\iscsiexe.dll [115200] O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Serviço Microsoft EAPHost.) -- C:\Windows\System32\eapsvc.dll [89088] O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll [944640] O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [166400] O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Serviço Agendador de Classes de Multimídia.) -- C:\Windows\System32\mmcss.dll [60928] O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\System32\browser.dll [105472] O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [170496] O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração da Área de Trabalho.) -- C:\Windows\System32\SessEnv.dll [249344] O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\System32\wercplsupport.dll [59392] O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\Windows\System32\KMSVC.DLL [73216] O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\System32\themeservice.dll [33280] O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Serviço Conta da Microsoft®.) -- C:\Windows\System32\wlidsvc.dll [1532928] O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Serviço BDE.) -- C:\Windows\System32\bdesvc.dll [154112] O83 - Search Svchost Services: SystemEventsBroker (SystemEventsBroker) . (.Microsoft Corporation - Agente de Eventos do Sistema.) -- C:\Windows\System32\SystemEventsBrokerServer.dll [117760] O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Gerenciador de Instalação de Dispositivo.) -- C:\Windows\System32\DeviceSetupManager.dll [161792] O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Serviço Assistente de Conectividade de Rede.) -- C:\Windows\System32\NcaSvc.dll [138752] O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Serviço de instalação do software.) -- C:\Windows\System32\appmgmts.dll [152064] ---\\ Lista das exceções do FireWall (FirewallRules) (O87) (10) - 8s O87 - FAEL: "{F2CAE05A-579A-419D-B1D8-260667188D63}" [In-None-P6-TRUE] .(. - AutoPico.) -- C:\Program Files\KMSpico\AutoPico.exe =>PUA.KMSpico O87 - FAEL: "{DFA214DC-2D67-4C58-951F-A33CB1DFABE9}" [In-None-P17-TRUE] .(. - AutoPico.) -- C:\Program Files\KMSpico\AutoPico.exe =>PUA.KMSpico O87 - FAEL: "{D6F56D50-B685-4938-9C1E-96078F319280}" [In-None-P6-TRUE] .(. - Service_KMS.) -- C:\Program Files\KMSpico\Service_KMS.exe =>PUA.KMSpico O87 - FAEL: "{59F68C6E-EDED-4EF9-A33D-E2D65E2E7AD3}" [In-None-P17-TRUE] .(. - Service_KMS.) -- C:\Program Files\KMSpico\Service_KMS.exe =>PUA.KMSpico O87 - FAEL: "{12F4CBF9-5B21-4B70-93DA-6C49BF51B497}" [In-None-P6-TRUE] .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Odair\AppData\Roaming\uTorrent\uTorrent.exe O87 - FAEL: "{78893C2E-C6F1-48FC-A29D-5B4D9A58881D}" [In-None-P17-TRUE] .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Odair\AppData\Roaming\uTorrent\uTorrent.exe O87 - FAEL: "{89570795-B45A-4112-88A7-35FEE8EF9E52}" [In-None-P6-TRUE] .(. - Service_KMS.) -- C:\Program Files\KMSpico\Service_KMS.exe =>PUA.KMSpico O87 - FAEL: "{CBF2B70A-0A9E-42EF-88A0-9525E6DCBB71}" [In-None-P17-TRUE] .(. - Service_KMS.) -- C:\Program Files\KMSpico\Service_KMS.exe =>PUA.KMSpico O87 - FAEL: "{A8600965-2B0D-459D-B00B-794B4716DE6D}" [In-None-P6-TRUE] .(. - AutoPico.) -- C:\Program Files\KMSpico\AutoPico.exe =>PUA.KMSpico O87 - FAEL: "{E0E20DBC-65A2-472A-9ABF-9098BABB8D18}" [In-None-P17-TRUE] .(. - AutoPico.) -- C:\Program Files\KMSpico\AutoPico.exe =>PUA.KMSpico ---\\ Listagem dos códigos dos software (PUC) (090) (1) - 2s O90 - PUC: "93BAD29AC2E44034A96BCB446EB8552E" . (.globalupdate Helper.) =>PUP.Optional.GlobalUpdate ---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS) (1) - 2s [MD5.] [WIS][2015/07/17 17:48:02] (.globalupdate - Windows Installer XML Toolset (3.9.1208.0).) -- C:\Windows\Installer\58dfcc6.msi [32768] =>PUP.Optional.GlobalUpdate ---\\ Search Tracing Registry Key (O100) (2) - 1s HKLM\SOFTWARE\Microsoft\Tracing\WordSurferAutoUpdateClient_RASAPI32 =>PUP.Optional.WordSurfer HKLM\SOFTWARE\Microsoft\Tracing\WordSurferAutoUpdateClient_RASMANCS =>PUP.Optional.WordSurfer ---\\ Scâner Aditional (088) (148) - 0s C:\Users\Odair\AppData\Roaming\FFFFFFFF-1424791665-FFFF-FFFF-FFFFFFFFFFFF\nsj7FC2.tmpfs =>PUP.Optional.CrossRider C:\Users\Odair\AppData\Roaming\FFFFFFFF-1424791665-FFFF-FFFF-FFFFFFFFFFFF\jnszB836.tmp =>PUP.Optional.CrossRider C:\Users\Odair\AppData\Local\SmartWeb\SmartWebHelper.exe =>PUP.Optional.SmartWebSearch C:\Users\Odair\AppData\Local\SmartWeb\SmartWebApp.exe =>PUP.Optional.SmartWebSearch C:\Program Files\HQ-VidPro-2.5cV19.07\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-6.exe =>PUP.Optional.CrossRider HKLM\SYSTEM\CurrentControlSet\Services\biwejizu =>PUP.Optional.CrossRider HKLM\SYSTEM\CurrentControlSet\Services\globalUpdate =>PUP.Optional.GlobalUpdate HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI =>PUA.KMSpico C:\Program Files\KMSpico\Service_KMS.exe =>PUA.KMSpico HKLM\SYSTEM\CurrentControlSet\Services\wonykuri =>PUP.Optional.CrossRider C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-6.job =>PUP.Optional.CrossRider C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-7.job =>PUP.Optional.CrossRider C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-10_user.job =>PUP.Optional.CrossRider C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-3.job =>PUP.Optional.CrossRider C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-4.job =>PUP.Optional.CrossRider C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-5.job =>PUP.Optional.CrossRider C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-5_user.job =>PUP.Optional.CrossRider C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-6.job =>PUP.Optional.CrossRider C:\Windows\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-7.job =>PUP.Optional.CrossRider C:\Windows\Tasks\APSnotifierPP1.job =>PUP.Optional.AnyProtect C:\Windows\Tasks\APSnotifierPP2.job =>PUP.Optional.AnyProtect C:\Windows\Tasks\APSnotifierPP3.job =>PUP.Optional.AnyProtect C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job =>PUP.Optional.BidailySync C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job =>PUP.Optional.GlobalUpdate C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job =>PUP.Optional.GlobalUpdate C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-6 =>PUP.Optional.CrossRider C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-1-7 =>PUP.Optional.CrossRider C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-10_user =>PUP.Optional.CrossRider C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-3 =>PUP.Optional.CrossRider C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-4 =>PUP.Optional.CrossRider C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-5 =>PUP.Optional.CrossRider C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-5_user =>PUP.Optional.CrossRider C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-6 =>PUP.Optional.CrossRider C:\Windows\System32\Tasks\8cfbfeb9-049c-4f1a-abb8-f57df5258db3-7 =>PUP.Optional.CrossRider C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-1-6 =>PUP.Optional.CrossRider C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-1-7 =>PUP.Optional.CrossRider C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-10_user =>PUP.Optional.CrossRider C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-4 =>PUP.Optional.CrossRider C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-5 =>PUP.Optional.CrossRider C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-5_user =>PUP.Optional.CrossRider C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-6 =>PUP.Optional.CrossRider C:\Windows\System32\Tasks\983646f9-80a8-4638-9240-5d259f8cef84-7 =>PUP.Optional.CrossRider C:\Windows\System32\Tasks\APSnotifierPP1 =>PUP.Optional.AnyProtect C:\Windows\System32\Tasks\APSnotifierPP2 =>PUP.Optional.AnyProtect C:\Windows\System32\Tasks\APSnotifierPP3 =>PUP.Optional.AnyProtect C:\Windows\System32\Tasks\AutoPico Daily Restart =>PUA.KMSpico C:\Windows\System32\Tasks\Bidaily Synchronize Task[8da6] =>PUP.Optional.BidailySync C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore =>PUP.Optional.GlobalUpdate C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA =>PUP.Optional.GlobalUpdate C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task =>PUP.Optional.SmartWebSearch HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Crossbrowse =>PUP.Optional.CrossBrowse HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HQ-VidPro-2.5cV19.07 =>PUP.Optional.CrossRider HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1 =>PUA.KMSpico HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>PUP.Optional.GlobalUpdate HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GUPlayer =>PUP.Optional.GUPlayer HKLM\SOFTWARE\ArenaHD =>PUP.Optional.CrossRider HKLM\SOFTWARE\BubbleSound =>PUP.Optional.BubbleSound HKLM\SOFTWARE\Crossbrowse =>PUP.Optional.CrossBrowse HKLM\SOFTWARE\GlobalUpdate =>PUP.Optional.GlobalUpdate HKLM\SOFTWARE\HighDefAction =>PUP.Optional.CrossRider HKLM\SOFTWARE\HQ-VidPro-2.5cV16.07 =>PUP.Optional.CrossRider HKLM\SOFTWARE\HQ-VidPro-2.5cV16.07-nv =>PUP.Optional.CrossRider HKLM\SOFTWARE\HQ-VidPro-2.5cV16.07-nv-ie =>PUP.Optional.CrossRider HKLM\SOFTWARE\HQ-VidPro-2.5cV19.07 =>PUP.Optional.CrossRider HKLM\SOFTWARE\HQ-VidPro-2.5cV19.07-nv =>PUP.Optional.CrossRider HKLM\SOFTWARE\HQ-VidPro-2.5cV19.07-nv-ie =>PUP.Optional.CrossRider HKLM\SOFTWARE\Infonaut_1.10.0.14 =>PUP.Optional.Infonaut HKLM\SOFTWARE\InstalledBrowserExtensions =>PUP.Optional.BrowserExtensions HKLM\SOFTWARE\istartsurfSoftware =>PUP.Optional.IsStart HKLM\SOFTWARE\Product Deals =>ProductDeals HKLM\SOFTWARE\SuperClick_1.10.0.16 =>PUP.Optional.SuperClick HKLM\SOFTWARE\Tutorials =>PUP.Optional.AgenceExclusive HKLM\SOFTWARE\WordSurfer_1.10.0.19 =>PUP.Optional.WordSurfer HKLM\SOFTWARE\YorkNewCin =>PUP.Optional.CrossRider HKCU\SOFTWARE\AnyProtect =>PUP.Optional.AnyProtect HKCU\SOFTWARE\App Lid-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\ArenaHD =>PUP.Optional.CrossRider HKCU\SOFTWARE\BrowserV17.07-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\BrowserV20.07-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\BrowserV25.06-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\CinemaPlus-3.2cV10.07-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\CinemaPlus-3.2cV25.05-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\CinemaPlus-4.2vV10.07-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\Crossbrowse =>PUP.Optional.CrossBrowse HKCU\SOFTWARE\gamesdesktop =>PUP.Optional.GamesDesktop HKCU\SOFTWARE\Ge-Force-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\globalUpdate =>PUP.Optional.GlobalUpdate HKCU\SOFTWARE\GoHD-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\HighDefAction =>PUP.Optional.CrossRider HKCU\SOFTWARE\HQ-Video-Pro-2.1cV24.02-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\HQ-Video-Pro-2.1cV24.05-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\HQ-VidPro-2.5cV16.07-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\HQ-VidPro-2.5cV19.07-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\HQ-VidPro-2.5cV24.06-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\I - Cinema-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\I-Cinema =>PUP.Optional.CrossRider HKCU\SOFTWARE\Product Deals =>ProductDeals HKCU\SOFTWARE\SavePass 1.1-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\Sense-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\tstamptoken =>PUP.Optional.MaxComputerCleaner HKCU\SOFTWARE\YorkNewCin =>PUP.Optional.CrossRider HKCU\SOFTWARE\AppDataLow\Software\Crossrider =>PUP.Optional.CrossRider =>PUP.Optional.CrossRider HKCU\SOFTWARE\AppDataLow\Software\SmartWeb =>PUP.Optional.SmartWebSearch =>PUP.Optional.SmartWebSearch C:\Program Files\Crossbrowse =>PUP.Optional.CrossBrowse C:\Program Files\HQ-VidPro-2.5cV19.07 =>PUP.Optional.CrossRider C:\Program Files\KMSpico =>PUA.KMSpico C:\Users\Odair\AppData\Roaming\AnyProtectEx =>PUP.Optional.AnyProtect C:\Users\Odair\AppData\Local\Crossbrowse =>PUP.Optional.CrossBrowse C:\Users\Odair\AppData\Local\globalUpdate =>PUP.Optional.GlobalUpdate C:\Users\Odair\AppData\Local\SmartWeb =>PUP.Optional.SmartWebSearch C:\Users\Odair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer =>PUP.Optional.GUPlayer C:\Windows\Prefetch\3DBUBBLESOUND.EXE-1ABDC950.pf =>PUP.Optional.BubbleSound C:\Windows\Prefetch\ANYPROTECT.EXE-A6F01169.pf =>PUP.Optional.AnyProtect C:\Windows\Prefetch\CROSSBROWSE.EXE-F6F882CE.pf =>PUP.Optional.CrossBrowse C:\Windows\Prefetch\DESKTOPSEARCH_SOFT_PARTNER.EX-4FC46A60.pf =>PUP.Optional.DesktopSearch C:\Windows\Prefetch\GAMESDESKTOP.TMP-97BB6E03.pf =>PUP.Optional.GamesDesktop C:\Windows\Prefetch\GLOBALUPDATE.EXE-0DB303A0.pf =>PUP.Optional.GlobalUpdate C:\Windows\Prefetch\GLOBALUPDATE.EXE-4D9FC7B8.pf =>PUP.Optional.GlobalUpdate C:\Windows\Prefetch\GLOBALUPDATE.EXE-71FDB23E.pf =>PUP.Optional.GlobalUpdate C:\Windows\Prefetch\GLOBALUPDATE.EXE-B66D5BF9.pf =>PUP.Optional.GlobalUpdate C:\Windows\Prefetch\GLOBALUPDATE.EXE-CD2F91D1.pf =>PUP.Optional.GlobalUpdate C:\Windows\Prefetch\GLOBALUPDATECRASHHANDLER.EXE-C9210A99.pf =>PUP.Optional.GlobalUpdate C:\Windows\Prefetch\PACKAGE_BUBBLESOUND_INSTALLER-2E7842F8.pf =>PUP.Optional.BubbleSound C:\Windows\Prefetch\PACKAGE_BUBBLESOUND_INSTALLER-4FA350A7.pf =>PUP.Optional.BubbleSound C:\Windows\Prefetch\PACKAGE_PCROSSBROWSER_INSTALL-339B90D5.pf =>PUP.Optional.CrossBrowser C:\Windows\Prefetch\PACKAGE_PCROSSBROWSER_INSTALL-7A7A8F3E.pf =>PUP.Optional.CrossBrowser C:\Windows\Prefetch\PACKAGE_PCROSSBROWSER_INSTALL-CA7897B4.pf =>PUP.Optional.CrossBrowser C:\Windows\Prefetch\PACKAGE_PCROSSBROWSER_INSTALL-D7E7BC33.pf =>PUP.Optional.CrossBrowser C:\Windows\Prefetch\PACKAGE_SPACESOUNDPRO_INSTALL-E1D2F33A.pf =>PUP.Optional.SpaceSondPro C:\Windows\Prefetch\PCROSSBROWSER_SOFT_PARTNER.EX-46399A3D.pf =>PUP.Optional.CrossBrowser C:\Windows\Prefetch\PREDM.EXE-8A61870C.pf =>PUP.Optional.Downware C:\Windows\Prefetch\PREDM.EXE-AEC52FA2.pf =>PUP.Optional.Downware C:\Windows\Prefetch\PREDM.TMP-540339AA.pf =>PUP.Optional.Downware C:\Windows\Prefetch\PREDM.TMP-55860D93.pf =>PUP.Optional.Downware C:\Windows\Prefetch\PREDM.TMP-9A98624C.pf =>PUP.Optional.Downware C:\Windows\Prefetch\PREDM.TMP-BE0B9E15.pf =>PUP.Optional.Downware C:\Windows\Prefetch\PREDM.TMP-C18828B4.pf =>PUP.Optional.Downware C:\Windows\Prefetch\PREDM.TMP-DEFDB9E3.pf =>PUP.Optional.Downware C:\Windows\Prefetch\SMARTWEBAPP.EXE-789679B5.pf =>PUP.Optional.SmartWebSearch C:\Windows\Prefetch\SMARTWEBHELPER.EXE-EBECEAF8.pf =>PUP.Optional.SmartWebSearch C:\Windows\Prefetch\WORDSURFERAUTOUPDATECLIENT.EX-7802AD0F.pf =>PUP.Optional.WordSurfer C:\Windows\System32\drivers\{8aefbcaf-640f-4dca-9a92-ed05ee387238}Gw.sys =>PUP.Optional.LinkiDoo C:\Program Files\KMSpico\AutoPico.exe =>PUA.KMSpico HKLM\Software\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E =>PUP.Optional.GlobalUpdate HKLM\Software\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E =>PUP.Optional.GlobalUpdate C:\Windows\Installer\58dfcc6.msi =>PUP.Optional.GlobalUpdate HKLM\SOFTWARE\Microsoft\Tracing\WordSurferAutoUpdateClient_RASAPI32 =>PUP.Optional.WordSurfer HKLM\SOFTWARE\Microsoft\Tracing\WordSurferAutoUpdateClient_RASMANCS =>PUP.Optional.WordSurfer ---\\ Resumo dos elementos encontrados na sua estação de trabalho (28) - 0s http://www.nicolascoolman.fr/pup-crossrider/ =>PUP.Optional.CrossRider http://www.nicolascoolman.fr/pup-smartwebsearch/ =>PUP.Optional.SmartWebSearch http://www.nicolascoolman.fr/pup-globalupdate/ =>PUP.Optional.GlobalUpdate http://www.nicolascoolman.fr/hijacker-browsers/ =>PUP.Optional.Browser http://www.nicolascoolman.fr/pup-isstart/ =>PUP.Optional.IsStart http://www.nicolascoolman.fr/pup-product-deals/ =>PUP.Optional.ProductDeals http://www.nicolascoolman.fr/blog =>PUP.Optional.SpaceSondPro http://www.nicolascoolman.fr/blog =>PUP.Optional.BubbleSound http://www.nicolascoolman.fr/blog =>PUP.Optional.DesktopSearch http://www.nicolascoolman.fr/blog =>PUP.Optional.GUPlayer http://www.nicolascoolman.fr/blog =>PUP.Optional.CrossBrowse http://www.nicolascoolman.fr/pup-kmspico/ =>PUA.KMSpico http://www.nicolascoolman.fr/pup-anyprotect/ =>PUP.Optional.AnyProtect http://www.nicolascoolman.fr/blog =>PUP.Optional.BidailySync http://www.nicolascoolman.fr/blog =>PUP.Optional.Infonaut http://www.nicolascoolman.fr/blog =>PUP.Optional.BrowserExtensions http://www.nicolascoolman.fr/blog =>ProductDeals http://www.nicolascoolman.fr/pup-superClick/ =>PUP.Optional.SuperClick http://www.nicolascoolman.fr/spyware-agenceexclusive/ =>PUP.Optional.AgenceExclusive http://www.nicolascoolman.fr/blog =>PUP.Optional.WordSurfer http://www.nicolascoolman.fr/blog =>PUP.Optional.GamesDesktop http://www.nicolascoolman.fr/blog =>PUP.Optional.MaxComputerCleaner http://www.nicolascoolman.fr/blog =>PUP.Optional.CrossBrowser http://www.nicolascoolman.fr/adware-downware/ =>PUP.Optional.Downware http://www.nicolascoolman.fr/pup-linkidoo/ =>PUP.Optional.LinkiDoo http://www.nicolascoolman.fr/blog =>PUP.Optional.SearchEngine http://www.nicolascoolman.fr/blog =>PUP.Optional.Monetization http://www.nicolascoolman.fr/blog =>PUP.Optional.DeskCut ~ End of the scan, 22158 items in 637 seconds (1020)(0)()