Remoção de Ads by View Password

por Murici Seg 24 Mar 2014, 11:41

Bom dia !

Vi que vcs resolveram vários casos de propagandas indesejadas e links em textos nos sites acessados.

Poi bem, meu note também esta com este problema e gostaria da ajuda de vocês para eliminar essa "praga" do Ads by View Password

Me orientem sobre o que deve ser feito.

por **Power Max** Seg 24 Mar 2014, 12:07

remoção - Remoção de Ads by View Password 648673379

Olá Murici. Seja bem vindo ao Fórum PC Brasil.

remoção - Remoção de Ads by View Password 772309

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

por Murici Ter 25 Mar 2014, 08:09

# AdwCleaner v3.022 - Relatório criado 24/03/2014 às 11:10:39
# Atualizado 13/03/2014 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)
# Usuário : fernando - DIRETORIA
# Executando de : C:\Users\fernando\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\boost_interprocess
Arquivo Deletada : C:\Windows\system32\roboot.exe

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Chave Deletedo : HKLM\Software\systweak

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.7601.17514

-\\ Google Chrome v33.0.1750.154

[ Arquivo : C:\Users\fernando\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1478 octets] - [24/03/2014 11:08:26]
AdwCleaner[S0].txt - [1378 octets] - [24/03/2014 11:10:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1438 octets] ##########

por **Power Max** Ter 25 Mar 2014, 11:21

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.

|- Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

por Murici Ter 25 Mar 2014, 14:28

~ Relatório do ZHPDiag v2014.3.25.31 - Nicolas Coolman (25/03/2014)
~ Iniciado por fernando (25/03/2014 14:26:49)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.7601.17514 (Defaut)
GCIE: Google Chrome v33.0.1750.154

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Microsoft Security Client v4.4.0304.0
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.11 =>.Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 11 ActiveX
Extended Asian Language font pack for Adobe Reader XI
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2358 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 106 GB (72%) free of 146 GB

---\\ Modo de conexão ao sistema
~ Computer Name: DIRETORIA
~ User Name: fernando
~ All Users Names: Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\fernando\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\fernando\AppData\Roaming\
~ %Desktop% : C:\Users\fernando\Desktop\
~ %Favorites% : C:\Users\fernando\Favorites\
~ %LocalAppData% : C:\Users\fernando\AppData\Local\
~ %StartMenu% : C:\Users\fernando\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 106 Go of 146 Go)
D: Hard drive, Flash drive, Thumb drive (Free 66 Go of 86 Go)
E: CD-ROM drive (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 43 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.5CAFD0020B091BF9D28C3B4EB6BD15C1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.03/02/2014 - 12:05:25.) -- C:\Windows\System32\wininet.dll [981504]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 09:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 0/0
~ Mes musiques (My Musics) : 0/0
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 0/21
~ Mon Bureau (My Desktop) : 8/20
~ Menu demarrer (Programs) : 0/19
~ Hidden Files: Scanned in 00mn 00s

---\\ Processos lançados
[MD5.B99C37364701D19F2B5C0A0E1ECCDB80] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe [519720] [PID.732]
[MD5.B0F49DA36F30922F5DDC3B623B778FCE] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208] [PID.888]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1660]
[MD5.B9963C336A2BF054520DC09CE7C81476] - (.Firebird Project - Firebird SQL Server.) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [81920] [PID.1780]
[MD5.E956C0614367D4106A4411F151D494A5] - (.No owner - DCSHOST.) -- C:\ProgramData\DatacardService\HWDeviceService.exe [264704] [PID.1812]
[MD5.20372BE109FEE1C37E2D5216680DB9EB] - (.pdfforge GmbH - PDF Architect Helper Service.) -- C:\Program Files\PDF Architect\HelperService.exe [1320496] [PID.1856]
[MD5.B90A279073A815A4AA2C45A09EE004FA] - (.pdfforge GmbH - PDF Architect Conversion Service.) -- C:\Program Files\PDF Architect\ConversionService.exe [799280] [PID.1876]
[MD5.318706813FB613072A688F2653B0689F] - (.Banco Bradesco S.A. - scpVista.) -- C:\Program Files\Scpad\scpVista.exe [360624] [PID.1912]
[MD5.DB8EE43C90536A07D4BA481079AE214C] - (.Firebird Project - Firebird SQL Server.) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [2736128] [PID.2556]
[MD5.0854491F73AEA9BE5728C5A0EBC3B0DC] - (.Microsoft Corporation - IPoint.exe.) -- C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1668224] [PID.3456]
[MD5.96B56EA42E3D6F39159E1495BDE1445E] - (.Microsoft Corporation - IType.exe.) -- C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1093744] [PID.3524]
[MD5.06602AAC468BFACD8E5344DB0AE3DDD3] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [230912] [PID.3784]
[MD5.157B5DF2CBCE17A0CEECB0FF4297700E] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [142616] [PID.3892]
[MD5.9A30BDDE96721FE6D6B2BA0593F69C81] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [177432] [PID.3900]
[MD5.FEC63BCD1A1DDE7A990223D0F12655D7] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [177944] [PID.3912]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.2304]
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [859976] [PID.4948]
[MD5.A73E6F3C9F1072FA809E941878C44221] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8178688] [PID.3748]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.4692]
~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\fernando\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome

~ Google Lines Browser: 15 Legitimates Filtered in 00mn 04s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Banco Bradesco S.A. - scpsssh2 Module.) -- C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehcef.dll
~ BHO: 20 Legitimates Filtered in 00mn 00s

---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: HP ePrintCenter - HP Officejet Pro 8600.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\HP\HP Officejet Pro 8600\ePrintCenterShortcut.url =>.Hewlett-Packard Co
O4 - GS\Desktop [Public]: HP Officejet Pro 8600.lnk . (.Hewlett-Packard Co. - HP Printer Software.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\HP Officejet Pro 8600.exe =>.Hewlett-Packard Co
O4 - GS\Desktop [Public]: Planejamento 2013.lnk . (...) -- F:\Planejamento de Serviços\Planejamento 2013\Planejamento 2013.xls (.not file.)
O4 - GS\Desktop [Public]: SGAC - WIN.lnk . (...) -- Q:\MECQ\SGAC.exe
O4 - GS\Desktop [Public]: VDownloader.lnk . (.Vitzo - VDownloader.) -- C:\Program Files\VDownloader\VDownloader.exe
O4 - GS\Program [Public]: Registro OCR I.R.I.S..lnk . (.I.R.I.S. Image Recognition Integarted Syste - Registration Wizard.) -- C:\Program Files\HP\IrisOCR_12.3.4.0\regipe.exe
O4 - GS\QuickLaunch [Administrador]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Program [Administrador]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Administrador]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 56 Legitimates Filtered in 00mn 01s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC779C8D-BCC7-43CC-A6B0-6CB74E52326F}: DhcpNameServer = 192.168.3.1 200.175.182.139 200.175.89.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{BC779C8D-BCC7-43CC-A6B0-6CB74E52326F}: DhcpNameServer = 192.168.3.1 200.175.182.139 200.175.89.139
O17 - HKLM\System\CS2\Services\Tcpip\..\{BC779C8D-BCC7-43CC-A6B0-6CB74E52326F}: DhcpNameServer = 192.168.3.1 200.175.182.139 200.175.89.139
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mecqmg.com.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1 200.175.182.139 200.175.89.139
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} . (.Banco Bradesco S.A. - scpIBLoad Module.) -- C:\Program Files\Scpad\scpLIB.dll
~ SSODL: 2 Legitimates Filtered in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) . (.Firebird Project - Firebird SQL Server.) - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
O23 - Service: HWDeviceService.exe (HWDeviceService.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: scpVista (scpVista) . (.Banco Bradesco S.A. - scpVista.) - C:\Program Files\Scpad\scpVista.exe
~ Services: 9 Legitimates Filtered in 00mn 03s

---\\ Tarefas planificadas automaticamente (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SlimDrivers Startup.job [392]
[MD5.00000000000000000000000000000000] [APT] [View Password Update] (...) -- C:\Program Files\View-Password-soft\View-.exe (.not file.) [0] =>PUP.ViewPassword
[MD5.00000000000000000000000000000000] [APT] [View Password_wd] (...) -- C:\Program Files\View-Password-soft\ViewPassword_wd.exe (.not file.) [0] =>PUP.ViewPassword
~ Scheduled Task: 13 Legitimates Filtered in 00mn 05s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 75 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\baidu] =>Adware.BDSearch
~ Key Software: 130 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 31/01/2014 - 18:34:23 - [0] ----D C:\Program Files\Baidu Security =>Adware.BDSearch
O43 - CFD: 05/12/2013 - 10:43:42 - [19,670] ----D C:\Program Files\Disco Local
O43 - CFD: 28/05/2013 - 18:03:24 - [1,517] ----D C:\Program Files\Scpad
O43 - CFD: 20/01/2014 - 17:16:00 - [0] ----D C:\Program Files\ShowMyPCService
O43 - CFD: 13/05/2013 - 19:53:36 - [175,078] ----D C:\Program Files\VIVO INTERNET
~ Program Folder: 115 Legitimates Filtered in 00mn 08s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.5A79409C3BF4B793AD72EBB177E71953] - 17/03/2014 - 16:01:16 ---A- . (...) -- C:\autoexec.bat [43]
O44 - LFC:[MD5.DBC3576A307E206F4CD25152FC7E16C1] - 17/03/2014 - 16:01:16 ---A- . (...) -- C:\config.sys [24]
O44 - LFC:[MD5.75A8EE6F0917AD9355367DBF25DB8415] - 18/03/2014 - 16:47:40 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [13464]
O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 24/03/2014 - 17:22:17 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\gbpndisrd.sys [31088]
O44 - LFC:[MD5.03D7A34300B6D00D1B231FC010878351] - 25/03/2014 - 08:00:21 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [156458]
O44 - LFC:[MD5.7D72DB116FEF3EE922857A4486303770] - 25/03/2014 - 08:00:21 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [739740]
~ Files: 15 Legitimates Filtered in 00mn 02s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.21B9BACDD4418B59B546C42B4C5A084A] - 08/10/2010 - 16:55:06 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [25856]
O58 - SDL:[MD5.DCF228C60E1036597FD5C4A647790527] - 01/07/2013 - 15:40:10 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47688]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 24/03/2014 - 17:22:17 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\gbpndisrd.sys [31088]
O58 - SDL:[MD5.A5C914C5CBCFF645434535234BFCEACA] - 08/03/2014 - 11:28:00 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.F5F91FA6FE7E4AF269873CAA5F5B370E] - 06/08/2010 - 07:42:34 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [861696]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.75A8EE6F0917AD9355367DBF25DB8415] - 18/03/2014 - 16:47:40 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [13464]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 05s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 01/07/2013 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 78 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.F1AAAD57373832346B367E3B91916984] [SPRF][22/11/2013] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [170344]
[MD5.DF06DC5837316EA78746E3F790A950ED] [SPRF][24/03/2014] (...) -- C:\Users\fernando\Desktop\AdwCleaner.exe [1950720]
[MD5.2ED2319F3DE13495AAA49B70A1467055] [SPRF][24/03/2014] (...) -- C:\Users\fernando\Desktop\zoek.exe [1285120]
~ Files: 4 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 18/01/2013 577536 | (Blackberry Device Manager) . (.Research In Motion Limited.) - C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
SS - | Auto 03/05/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 03/05/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 22/07/2009 81920 | (FirebirdGuardianDefaultInstance) . (.Firebird Project.) - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
SR - | Demand 22/07/2009 2736128 | (FirebirdServerDefaultInstance) . (.Firebird Project.) - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 16/11/2010 264704 | (HWDeviceService.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService.exe
SR - | Auto 23/10/2013 22208 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 08/04/2013 1320496 | (PDF Architect Helper Service) . (.pdfforge GmbH.) - C:\Program Files\PDF Architect\HelperService.exe
SR - | Auto 08/04/2013 799280 | (PDF Architect Service) . (.pdfforge GmbH.) - C:\Program Files\PDF Architect\ConversionService.exe
SR - | Auto 24/10/2012 360624 | (scpVista) . (.Banco Bradesco S.A..) - C:\Program Files\Scpad\scpVista.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 17s

---\\ Scâner Aditional (088)
Database Version : 13031 - (25/03/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 2

C:\Program Files\Baidu Security =>Adware.BDSearch^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\baidu] =>Adware.BDSearch^
~ Additionnel Scan: 220545 Items scanned in 00mn 15s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.ViewPassword
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ MSI: 2 link(s) detected in 00mn 00s

~ 858 Legitimates filtered by white list
End of the scan (431 lines in 01mn 38s)(0)

por **Power Max** Ter 25 Mar 2014, 14:36

No seu relatório consta o Baidu antivirus que muitos costumam desinstalar, você quer continuar com ele ou remover?

por Murici Qua 26 Mar 2014, 07:44

Vamos remover

por **Power Max** Qua 26 Mar 2014, 11:13

Murici escreveu:Vamos remover

Vá no Painel de Controle > Desinstalar um programa > Encontre o Baidu e o desinstale.
____________________________________________________________________________

remoção - Remoção de Ads by View Password 772309

Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

remoção - Remoção de Ads by View Password 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

por Murici Qua 26 Mar 2014, 12:00

Rapport de ZHPFix 2014.3.19.4 par Nicolas Coolman, Update du 19/03/2014
Fichier d'export Registre :
Run by fernando at 26/03/2014 12:00:43
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 02s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\baidu

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\users\public\desktop\planejamento 2013.lnk
ELIMINÉ Temporários windows (61) (1.937.664 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: View Password Update
ELIMINÉ: View Password Update
ELIMINÉ: View Password_wd
ELIMINÉ: View Password_wd

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
5 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
3 : Ficheiros
4 : Tarefa planificada
1 : Restauração Sistema

End of clean in 00mn 41s

========== Caminho do ficheiro do relatório ==========
C:\Users\fernando\AppData\Roaming\ZHP\ZHPFix[R1].txt - 26/03/2014 12:00:45 [1503]

por **Power Max** Qua 26 Mar 2014, 12:04

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

por Murici Qua 26 Mar 2014, 15:38

~ Relatório do ZHPDiag v2014.3.25.31 - Nicolas Coolman (25/03/2014)
~ Iniciado por fernando (26/03/2014 15:37:32)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.7601.17514 (Defaut)
GCIE: Google Chrome v33.0.1750.154

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Microsoft Security Client v4.4.0304.0
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.11 =>.Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 11 ActiveX
Extended Asian Language font pack for Adobe Reader XI
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2358 MB (58% free)
System Restore: Activé (Enable)
System drive C: has 107 GB (72%) free of 146 GB

---\\ Modo de conexão ao sistema
~ Computer Name: DIRETORIA
~ User Name: fernando
~ All Users Names: Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\fernando\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\fernando\AppData\Roaming\
~ %Desktop% : C:\Users\fernando\Desktop\
~ %Favorites% : C:\Users\fernando\Favorites\
~ %LocalAppData% : C:\Users\fernando\AppData\Local\
~ %StartMenu% : C:\Users\fernando\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 107 Go of 146 Go)
D: Hard drive, Flash drive, Thumb drive (Free 66 Go of 86 Go)
E: CD-ROM drive (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 43 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.5CAFD0020B091BF9D28C3B4EB6BD15C1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.03/02/2014 - 12:05:25.) -- C:\Windows\System32\wininet.dll [981504]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 09:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 0/0
~ Mes musiques (My Musics) : 0/0
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 0/21
~ Mon Bureau (My Desktop) : 8/20
~ Menu demarrer (Programs) : 0/19
~ Hidden Files: Scanned in 00mn 00s

---\\ Processos lançados
[MD5.B99C37364701D19F2B5C0A0E1ECCDB80] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe [519720] [PID.732]
[MD5.B0F49DA36F30922F5DDC3B623B778FCE] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208] [PID.888]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1660]
[MD5.B9963C336A2BF054520DC09CE7C81476] - (.Firebird Project - Firebird SQL Server.) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [81920] [PID.1780]
[MD5.E956C0614367D4106A4411F151D494A5] - (.No owner - DCSHOST.) -- C:\ProgramData\DatacardService\HWDeviceService.exe [264704] [PID.1812]
[MD5.20372BE109FEE1C37E2D5216680DB9EB] - (.pdfforge GmbH - PDF Architect Helper Service.) -- C:\Program Files\PDF Architect\HelperService.exe [1320496] [PID.1856]
[MD5.B90A279073A815A4AA2C45A09EE004FA] - (.pdfforge GmbH - PDF Architect Conversion Service.) -- C:\Program Files\PDF Architect\ConversionService.exe [799280] [PID.1876]
[MD5.318706813FB613072A688F2653B0689F] - (.Banco Bradesco S.A. - scpVista.) -- C:\Program Files\Scpad\scpVista.exe [360624] [PID.1912]
[MD5.DB8EE43C90536A07D4BA481079AE214C] - (.Firebird Project - Firebird SQL Server.) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [2736128] [PID.2556]
[MD5.0854491F73AEA9BE5728C5A0EBC3B0DC] - (.Microsoft Corporation - IPoint.exe.) -- C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1668224] [PID.3456]
[MD5.96B56EA42E3D6F39159E1495BDE1445E] - (.Microsoft Corporation - IType.exe.) -- C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1093744] [PID.3524]
[MD5.06602AAC468BFACD8E5344DB0AE3DDD3] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [230912] [PID.3784]
[MD5.157B5DF2CBCE17A0CEECB0FF4297700E] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [142616] [PID.3892]
[MD5.9A30BDDE96721FE6D6B2BA0593F69C81] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [177432] [PID.3900]
[MD5.FEC63BCD1A1DDE7A990223D0F12655D7] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [177944] [PID.3912]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.2304]
[MD5.42D33042371BFB1A7D40834590CAFD30] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Servi.) -- c:\Program Files\Microsoft Security Client\NisSrv.exe [280288] [PID.4616]
[MD5.8F302247960CC514D3400EAB4842E006] - (...) -- C:\Users\Public\Desktop\Acesso Remoto.exe [718640] [PID.660]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.4752]
[MD5.A73E6F3C9F1072FA809E941878C44221] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8178688] [PID.1548]
~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\fernando\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome

~ Google Lines Browser: 15 Legitimates Filtered in 00mn 03s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Banco Bradesco S.A. - scpsssh2 Module.) -- C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehcef.dll
~ BHO: 20 Legitimates Filtered in 00mn 00s

---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: HP ePrintCenter - HP Officejet Pro 8600.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\HP\HP Officejet Pro 8600\ePrintCenterShortcut.url =>.Hewlett-Packard Co
O4 - GS\Desktop [Public]: HP Officejet Pro 8600.lnk . (.Hewlett-Packard Co. - HP Printer Software.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\HP Officejet Pro 8600.exe =>.Hewlett-Packard Co
O4 - GS\Desktop [Public]: SGAC - WIN.lnk . (...) -- Q:\MECQ\SGAC.exe
O4 - GS\Desktop [Public]: VDownloader.lnk . (.Vitzo - VDownloader.) -- C:\Program Files\VDownloader\VDownloader.exe
O4 - GS\Program [Public]: Registro OCR I.R.I.S..lnk . (.I.R.I.S. Image Recognition Integarted Syste - Registration Wizard.) -- C:\Program Files\HP\IrisOCR_12.3.4.0\regipe.exe
O4 - GS\QuickLaunch [Administrador]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Program [Administrador]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Administrador]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 55 Legitimates Filtered in 00mn 06s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC779C8D-BCC7-43CC-A6B0-6CB74E52326F}: DhcpNameServer = 192.168.3.1 200.175.182.139 200.175.89.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{BC779C8D-BCC7-43CC-A6B0-6CB74E52326F}: DhcpNameServer = 192.168.3.1 200.175.182.139 200.175.89.139
O17 - HKLM\System\CS2\Services\Tcpip\..\{BC779C8D-BCC7-43CC-A6B0-6CB74E52326F}: DhcpNameServer = 192.168.3.1 200.175.182.139 200.175.89.139
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mecqmg.com.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1 200.175.182.139 200.175.89.139
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} . (.Banco Bradesco S.A. - scpIBLoad Module.) -- C:\Program Files\Scpad\scpLIB.dll
~ SSODL: 2 Legitimates Filtered in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) . (.Firebird Project - Firebird SQL Server.) - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
O23 - Service: HWDeviceService.exe (HWDeviceService.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: scpVista (scpVista) . (.Banco Bradesco S.A. - scpVista.) - C:\Program Files\Scpad\scpVista.exe
~ Services: 9 Legitimates Filtered in 00mn 02s

---\\ Tarefas planificadas automaticamente (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SlimDrivers Startup.job [392]
~ Scheduled Task: 9 Legitimates Filtered in 00mn 01s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 69 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKLM\Software\AutoHelpDesk]
~ Key Software: 129 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 05/12/2013 - 10:43:42 - [19,670] ----D C:\Program Files\Disco Local
O43 - CFD: 28/05/2013 - 18:03:24 - [1,517] ----D C:\Program Files\Scpad
O43 - CFD: 20/01/2014 - 17:16:00 - [0] ----D C:\Program Files\ShowMyPCService
O43 - CFD: 13/05/2013 - 19:53:36 - [175,078] ----D C:\Program Files\VIVO INTERNET
~ Program Folder: 114 Legitimates Filtered in 00mn 00s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.5A79409C3BF4B793AD72EBB177E71953] - 17/03/2014 - 16:01:16 ---A- . (...) -- C:\autoexec.bat [43]
O44 - LFC:[MD5.DBC3576A307E206F4CD25152FC7E16C1] - 17/03/2014 - 16:01:16 ---A- . (...) -- C:\config.sys [24]
O44 - LFC:[MD5.75A8EE6F0917AD9355367DBF25DB8415] - 18/03/2014 - 16:47:40 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [13464]
O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 24/03/2014 - 17:22:17 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\gbpndisrd.sys [31088]
O44 - LFC:[MD5.03D7A34300B6D00D1B231FC010878351] - 26/03/2014 - 14:25:40 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [156458]
O44 - LFC:[MD5.7D72DB116FEF3EE922857A4486303770] - 26/03/2014 - 14:25:40 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [739740]
~ Files: 15 Legitimates Filtered in 00mn 01s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.21B9BACDD4418B59B546C42B4C5A084A] - 08/10/2010 - 16:55:06 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [25856]
O58 - SDL:[MD5.DCF228C60E1036597FD5C4A647790527] - 01/07/2013 - 15:40:10 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47688]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 24/03/2014 - 17:22:17 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\gbpndisrd.sys [31088]
O58 - SDL:[MD5.A5C914C5CBCFF645434535234BFCEACA] - 08/03/2014 - 11:28:00 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.F5F91FA6FE7E4AF269873CAA5F5B370E] - 06/08/2010 - 07:42:34 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [861696]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.75A8EE6F0917AD9355367DBF25DB8415] - 18/03/2014 - 16:47:40 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [13464]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 00s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 01/07/2013 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 78 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.F1AAAD57373832346B367E3B91916984] [SPRF][22/11/2013] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [170344]
[MD5.DF06DC5837316EA78746E3F790A950ED] [SPRF][24/03/2014] (...) -- C:\Users\fernando\Desktop\AdwCleaner.exe [1950720]
[MD5.2ED2319F3DE13495AAA49B70A1467055] [SPRF][24/03/2014] (...) -- C:\Users\fernando\Desktop\zoek.exe [1285120]
~ Files: 4 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 18/01/2013 577536 | (Blackberry Device Manager) . (.Research In Motion Limited.) - C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
SS - | Auto 03/05/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 03/05/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 22/07/2009 81920 | (FirebirdGuardianDefaultInstance) . (.Firebird Project.) - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
SR - | Demand 22/07/2009 2736128 | (FirebirdServerDefaultInstance) . (.Firebird Project.) - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 16/11/2010 264704 | (HWDeviceService.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService.exe
SR - | Auto 23/10/2013 22208 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 08/04/2013 1320496 | (PDF Architect Helper Service) . (.pdfforge GmbH.) - C:\Program Files\PDF Architect\HelperService.exe
SR - | Auto 08/04/2013 799280 | (PDF Architect Service) . (.pdfforge GmbH.) - C:\Program Files\PDF Architect\ConversionService.exe
SR - | Auto 24/10/2012 360624 | (scpVista) . (.Banco Bradesco S.A..) - C:\Program Files\Scpad\scpVista.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 06s

---\\ Scâner Aditional (088)
Database Version : 13031 - (25/03/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 219717 Items scanned in 00mn 21s

~ 846 Legitimates filtered by white list
End of the scan (416 lines in 00mn 59s)(0)

por **Power Max** Qua 26 Mar 2014, 16:02

Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

remoção - Remoção de Ads by View Password 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta e nos diga como está seu PC após este procedimento.

por Murici Qua 26 Mar 2014, 16:11

Segue abaixo o relatório. Os links em textos aleatórios ainda permanecem.

Rapport de ZHPFix 2014.3.19.4 par Nicolas Coolman, Update du 19/03/2014
Fichier d'export Registre :
Run by fernando at 26/03/2014 16:10:02
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 04s)

========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (16) (72.081 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
3 : Chaves do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema

End of clean in 00mn 16s

========== Caminho do ficheiro do relatório ==========
C:\Users\fernando\AppData\Roaming\ZHP\ZHPFix[R1].txt - 26/03/2014 12:00:45 [1586]
C:\Users\fernando\AppData\Roaming\ZHP\ZHPFix[R2].txt - 26/03/2014 16:10:06 [979]

por **Power Max** Qua 26 Mar 2014, 16:14

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve-o no Desktop (Área de Trabalho)

Obs: Ao acessar o link acima, clique no botão Download Now 32-Bit Version

*Execute o FRST e aceite o contrato

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Clique [Scan]

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Ao término clique [OK] > [OK]

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt

Poste estes dois relatórios em sua próxima resposta. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).

por Murici Qua 26 Mar 2014, 17:06

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by fernando at 2014-03-26 17:00:25
Running from C:\Users\fernando\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

.NET Framework Machine Code Access Security Policy (Version: 1.0.2411.0 - Microsoft Corporation) Hidden
Adobe Acrobat 6.0 Professional (HKLM\...\{AC76BA86-1033-0000-7760-000000000001}) (Version: 006.000.000 - Adobe Systems)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version: - Microsoft)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version: - Microsoft)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version: - Microsoft)
Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version: - Microsoft)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.4.1 - Broadcom Corporation)
Camtasia Studio 6 (HKLM\...\{886E284F-ED78-4149-9007-9C5CF69A52B9}) (Version: 6.0.1 - TechSmith Corporation)
Camtasia Studio 8 (HKLM\...\{BFA04EE0-8240-4667-8D53-45496A901C33}) (Version: 8.1.2.1327 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Central de Mouse e Teclado da Microsoft (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Central de Mouse e Teclado da Microsoft (Version: 2.1.177.0 - Microsoft Corporation) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Estudo de melhoria do produto HP Officejet Pro 8600 (HKLM\...\{E109E8BF-E8A5-4182-9D32-A28B1F131DF7}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
Extended Asian Language font pack for Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
Firebird 2.1.3.18185 (Win32) (HKLM\...\FBDBServer_2_1_is1) (Version: 2.1.3.18185 - Firebird Project)
FormatFactory 2.95 (HKLM\...\FormatFactory) (Version: 2.95 - Free Time)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
HP Officejet Pro 8600 Ajuda (HKLM\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSI to redistribute MS VS2005 CRT libraries (HKLM\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Extended PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
PDF Architect (HKLM\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Skype

6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SlimDrivers (HKLM\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Software básico do dispositivo HP Officejet Pro 8600 (HKLM\...\{2E9D1D6F-E857-406D-8137-0D85440B60F9}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{52F3455A-9ADB-41A6-BCE7-8D99F3770590}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9492511E-2CE0-4904-9400-203F44E1DC0D}) (Version: - Microsoft)
VDownloader 3.9.1693 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version: - Vitzo Limited)
Vegas Pro 10.0 (HKLM\...\{5AC11070-A1CB-11E0-A0DC-0013D3D69929}) (Version: 10.0.737 - Sony)
VIVO INTERNET (HKLM\...\VIVO INTERNET) (Version: 16.002.10.02.149 - Huawei Technologies Co.,Ltd)
Windows Live Communications Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
ZHPDiag 2014 (HKLM\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)

==================== Restore Points =========================

12-03-2014 10:27:56 Windows Update
16-03-2014 18:15:01 Windows Update
18-03-2014 18:21:03 Removed Facebook Video Calling 2.0.0.447
21-03-2014 10:21:59 Windows Update
24-03-2014 20:33:48 Windows Update
26-03-2014 15:00:12 ZHPFix Restore System Point
26-03-2014 19:09:51 ZHPFix Restore System Point

==================== Hosts content: ==========================

2009-07-13 23:04 - 2013-12-16 16:33 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {15C16B50-BB98-43BE-9DC8-B5EA5162C32D} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {40A49E9C-45C1-4DB1-9C83-AA1303D59890} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {5414229D-D859-4982-9801-1BE33E160465} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {57D3EB6E-16B7-4B13-935E-A739BDBDD5F9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-03] (Google Inc.)
Task: {829C3067-08BF-4F3C-8B28-C9E84F417A57} - System32\Tasks\{C4E88980-3E94-40B5-BB8F-D22C986B4E52} => Iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Task: {8B88164F-250B-4494-9202-D1D0C124DDC2} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {A18DBCDA-D56C-41B1-9E0C-5A6647887037} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {C95D5D07-3BCE-4DF7-805A-F2F430DA2E9A} - System32\Tasks\SlimDrivers Startup => C:\Program Files\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.)
Task: {D54BB624-2690-4BA7-963D-EE203958EB0A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {EA2FC0AB-3C23-41D1-B8DB-809D14AF386B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-03] (Google Inc.)
Task: {FA4D9C23-D107-4AF7-9A1E-A554B716909E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files\SlimDrivers\SlimDrivers.exe

==================== Loaded Modules (whitelisted) =============

2010-11-16 10:37 - 2010-11-16 10:37 - 00264704 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-03-17 08:53 - 2014-03-14 21:50 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-17 08:53 - 2014-03-14 21:50 - 00716616 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-17 08:53 - 2014-03-14 21:50 - 00100168 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-17 08:53 - 2014-03-14 21:50 - 04061000 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-17 08:53 - 2014-03-14 21:50 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-17 08:53 - 2014-03-14 21:50 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\System32:65727120_Bb.gbp
AlternateDataStreams: C:\Windows\System32:65727120_Cef.gbp
AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst
AlternateDataStreams: C:\Users\fernando\Downloads\Compra da BMW G650.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acrobat Assistant.lnk => C:\Windows\pss\Acrobat Assistant.lnk.CommonStartup
MSCONFIG\startupreg: HW_OPENEYE_OUC_VIVO INTERNET => "C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/26/2014 03:36:09 PM) (Source: Application Hang) (User: )
Description: O programa ZHPDiag.exe versão 2014.3.25.31 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID de Processo: 1594

Hora de Início: 01cf4922023146c7

Hora de Término: 16

Caminho do Aplicativo: C:\Program Files\ZHPDiag\ZHPDiag.exe

Id do Relatório: 78ac8851-b515-11e3-b657-00235a657fec

Error: (03/26/2014 10:14:27 AM) (Source: SideBySide) (User: )
Description: Falha na geração de contexto de ativação para "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Assembly dependente Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error: (03/26/2014 10:14:15 AM) (Source: SideBySide) (User: )
Description: Falha na geração de contexto de ativação para "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Assembly dependente Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

System errors:
=============
Error: (03/26/2014 04:54:36 PM) (Source: DCOM) (User: AUTORIDADE NT)
Description: Específico do aplicativoLocalIniciar{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)

Error: (03/26/2014 04:53:40 PM) (Source: Service Control Manager) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização:
Bhbase

Error: (03/26/2014 04:53:39 PM) (Source: Microsoft-Windows-GroupPolicy) (User: AUTORIDADE NT)
Description: O processamento da Diretiva de Grupo falhou devido à falta de conectividade de rede com um controlador de domínio. Talvez seja uma condição temporária. Uma mensagem êxito seria gerada assim que a máquina se conectasse ao controlador de domínio e a Diretiva de Grupo fosse processada com êxito. Se a mensagem de erro não for exibida por várias horas, contate o administrador.

Error: (03/26/2014 04:53:37 PM) (Source: NETLOGON) (User: )
Description: Este computador não pôde configurar uma sessão segura com um
controlador de domínio no domínio MECQMG devido ao seguinte:
%%1311

Isso pode causar problemas de autenticação. Certifique-se de
que o computador está conectado à rede. Se o problema persistir,
contate o administrador do domínio.

INFORMAÇÕES ADICIONAIS

Se este computador for um controlador de domínio para o
domínio especificado, ele configura a sessão segura para o
emulador de controlador de domínio primário no domínio
especificado. Caso contrário, este computador configura a
sessão segura para qualquer controlador de domínio no
domínio especificado.

Error: (03/26/2014 02:28:14 PM) (Source: Microsoft-Windows-GroupPolicy) (User: AUTORIDADE NT)
Description: O processamento da Diretiva de Grupo falhou. O Windows não pôde obter o nome de um controlador de domínio. Isso pode ter ser sido causado por uma falha na resolução de nomes. Verifique se o Sistema de Nome de Domínio (DNS) está configurado e funcionando corretamente.

Error: (03/26/2014 02:24:18 PM) (Source: Microsoft-Windows-GroupPolicy) (User: AUTORIDADE NT)
Description: O processamento da Diretiva de Grupo falhou devido à falta de conectividade de rede com um controlador de domínio. Talvez seja uma condição temporária. Uma mensagem êxito seria gerada assim que a máquina se conectasse ao controlador de domínio e a Diretiva de Grupo fosse processada com êxito. Se a mensagem de erro não for exibida por várias horas, contate o administrador.

Error: (03/26/2014 07:39:00 AM) (Source: NetBT) (User: )
Description: O nome "MECQMG :1d" não pôde ser registrado na interface com o endereço IP 192.168.3.21.
O computador de endereço IP 192.168.3.150 não permitiu que o nome fosse reivindicado por
este computador.

Error: (03/25/2014 11:30:24 PM) (Source: Microsoft-Windows-GroupPolicy) (User: MECQMG)
Description: O processamento da Diretiva de Grupo falhou devido à falta de conectividade de rede com um controlador de domínio. Talvez seja uma condição temporária. Uma mensagem êxito seria gerada assim que a máquina se conectasse ao controlador de domínio e a Diretiva de Grupo fosse processada com êxito. Se a mensagem de erro não for exibida por várias horas, contate o administrador.

Error: (03/25/2014 11:30:15 PM) (Source: Microsoft-Windows-GroupPolicy) (User: AUTORIDADE NT)
Description: O processamento da Diretiva de Grupo falhou devido à falta de conectividade de rede com um controlador de domínio. Talvez seja uma condição temporária. Uma mensagem êxito seria gerada assim que a máquina se conectasse ao controlador de domínio e a Diretiva de Grupo fosse processada com êxito. Se a mensagem de erro não for exibida por várias horas, contate o administrador.

Error: (03/25/2014 04:15:46 PM) (Source: Microsoft-Windows-GroupPolicy) (User: AUTORIDADE NT)
Description: A Diretiva de Grupo não foi processada. O Windows tentou recuperar novas configurações de Diretiva de Grupo para o usuário ou computador. Veja o código e a descrição do erro na guia de detalhes. O Windows automaticamente tentará executar essa operação novamente no próximo ciclo de atualização. Computadores que façam parte do domínio têm de ter resolução de nomes própria e conexão de rede com um controlador de domínio para detecção de novos objetos de Diretiva de Grupo e configurações. Será criado um log para o evento se a Diretiva de Grupo tiver êxito.

Microsoft Office Sessions:
=========================
Error: (03/21/2014 08:59:08 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/05/2013 05:42:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 29 seconds with 0 seconds of active time. This session ended with a crash.

==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 2358.76 MB
Available physical RAM: 1449.21 MB
Total Pagefile: 4715.81 MB
Available Pagefile: 3560.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.95 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.48 GB) (Free:106.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:86.39 GB) (Free:65.97 GB) NTFS
Drive f: (Dados) (Network) (Total:146.48 GB) (Free:111.07 GB) NTFS
Drive q: (Dados) (Network) (Total:146.48 GB) (Free:111.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Cool

(Size: 233 GB) (Disk ID: 7AAD5470)
Partition 1: (Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=86 GB) - (Type=OF Extended)

==================== End Of Log ============================

por Murici Qua 26 Mar 2014, 17:07

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by fernando (administrator) on DIRETORIA on 26-03-2014 16:59:31
Running from C:\Users\fernando\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Portuguese Brazilian
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link for 64-Bit Version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(Banco Bradesco S.A.) C:\Program Files\Scpad\scpVista.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [] - [X]
Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
Winlogon\Notify\ GbPluginCef: C:\Program Files\GbPlugin\gbiehCef.dll (Caixa Economica Federal)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-05-05] (Microsoft Corporation)
SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll (Banco Bradesco S.A.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE8DA9D08A043CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll (Banco Bradesco S.A.)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
BHO: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil)
BHO: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll [1582632 2014-02-21] (Banco do Brasil)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll [1479528 2013-10-16] (Caixa Economica Federal)
Tcpip\Parameters: [DhcpNameServer] 192.168.3.1 200.175.182.139 200.175.89.139

Chrome:
=======
CHR DefaultSearchKeyword: google.com.br
CHR Extension: (Google Docs) - C:\Users\fernando\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-19]
CHR Extension: (Google Drive) - C:\Users\fernando\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-19]
CHR Extension: (YouTube) - C:\Users\fernando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-19]
CHR Extension: (Pesquisa do Google) - C:\Users\fernando\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-19]
CHR Extension: (Google Wallet) - C:\Users\fernando\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-19]
CHR Extension: (Gmail) - C:\Users\fernando\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-19]
CHR HKLM\...\Chrome\Extension: [eoccbpoodnckjdnackiffhjfkogfhnhh] - C:\Program Files\VDownloader\Addons\Chrome.crx [2014-01-31]

========================== Services (Whitelisted) =================

S3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [81920 2009-07-22] (Firebird Project)
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [2736128 2009-07-22] (Firebird Project)
R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [519720 2014-02-21] (GAS Tecnologia)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 scpVista; C:\Program Files\Scpad\scpVista.exe [360624 2012-10-24] (Banco Bradesco S.A.)

==================== Drivers (Whitelisted) ====================

R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [47688 2013-07-01] (GAS Tecnologia)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [90112 2011-01-30] (Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 Ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-03-08] (GAS Tecnologia)
S3 NdisrdMP; C:\Windows\System32\DRIVERS\gbpndisrd.sys [31088 2014-03-26] (GbPlugin NDIS Device Driver)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [25712 2013-01-29] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-03-18] ()
S3 ZSMC303; C:\Windows\System32\Drivers\usbVM303.sys [391300 2006-02-23] (Vimicro Corporation)
S3 BdApiUtil; \??\C:\Program Files\Baidu Security\Baidu Antivirus\BdApiUtil.sys [X]
S3 BdCameraProtect; \??\C:\Program Files\Baidu Security\Baidu Antivirus\BdCameraProtect.sys [X]
S0 Bhbase; System32\drivers\Bhbase.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-26 16:59 - 2014-03-26 16:59 - 00009175 _____ () C:\Users\fernando\Downloads\FRST.txt
2014-03-26 16:59 - 2014-03-26 16:59 - 00000000 ____D () C:\FRST
2014-03-26 16:58 - 2014-03-26 16:58 - 01145856 _____ (Farbar) C:\Users\fernando\Downloads\FRST.exe
2014-03-26 16:53 - 2013-05-03 11:23 - 00001158 _____ () C:\Users\Public\Desktop\Planejamento 2013.lnk
2014-03-26 16:10 - 2014-03-26 16:10 - 00001061 _____ () C:\Users\fernando\Desktop\ZHPFixReport.txt
2014-03-26 15:46 - 2014-03-26 15:46 - 00000000 ____D () C:\Users\fernando\AppData\Local\HP
2014-03-26 15:44 - 2014-03-26 15:44 - 00000000 ____D () C:\Users\fernando\AppData\Roaming\HpUpdate
2014-03-26 15:38 - 2014-03-26 15:38 - 00029533 _____ () C:\Users\fernando\Desktop\ZHPDiag.txt
2014-03-26 12:48 - 2014-03-26 14:28 - 00001890 _____ () C:\Users\Public\Desktop\Acesso Remoto.log
2014-03-25 15:57 - 2014-03-26 16:33 - 01225952 _____ () C:\Users\fernando\Desktop\ArjGeral.zip
2014-03-25 14:24 - 2014-03-26 16:10 - 00000000 ____D () C:\Users\fernando\AppData\Roaming\ZHP
2014-03-25 14:24 - 2014-03-26 15:37 - 00000000 ____D () C:\Program Files\ZHPDiag
2014-03-25 14:24 - 2014-03-25 14:24 - 00001937 _____ () C:\Users\fernando\Desktop\ZHPFix.lnk
2014-03-25 14:24 - 2014-03-25 14:24 - 00001810 _____ () C:\Users\fernando\Desktop\ZHPDiag.lnk
2014-03-25 14:21 - 2014-03-25 14:22 - 06858514 _____ (Nicolas Coolman ) C:\Users\fernando\Downloads\ZHPDiag2.exe
2014-03-25 09:27 - 2014-03-26 11:07 - 00000000 ____D () C:\Users\fernando\Desktop\imprimir
2014-03-25 07:55 - 2014-03-25 07:55 - 00341633 _____ () C:\Users\fernando\Downloads\Compra da BMW G650.eml
2014-03-24 17:21 - 2014-03-24 17:21 - 00000338 _____ () C:\Windows\PFRO.log
2014-03-24 11:16 - 2014-03-24 11:16 - 00000000 ____D () C:\zoek_backup
2014-03-24 11:14 - 2014-03-24 11:14 - 01285120 _____ () C:\Users\fernando\Desktop\zoek.exe
2014-03-24 11:08 - 2014-03-24 11:10 - 00000000 ____D () C:\AdwCleaner
2014-03-24 11:06 - 2014-03-24 11:06 - 01950720 _____ () C:\Users\fernando\Desktop\AdwCleaner.exe
2014-03-24 10:53 - 2014-03-24 12:03 - 00000000 ____D () C:\Users\fernando\AppData\Roaming\Skype
2014-03-24 10:53 - 2014-03-24 10:53 - 00000000 ____D () C:\Users\fernando\AppData\Local\Skype
2014-03-24 10:31 - 2014-03-26 16:53 - 00000224 _____ () C:\Windows\setupact.log
2014-03-24 10:31 - 2014-03-24 10:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-24 10:10 - 2014-03-24 10:20 - 00000000 ____D () C:\Users\fernando\AppData\Local\Sony
2014-03-24 10:10 - 2014-03-24 10:10 - 00000000 ____D () C:\Users\fernando\AppData\Roaming\Sony
2014-03-24 07:36 - 2003-12-11 14:52 - 00002829 _____ () C:\Users\Public\Desktop\MEC-Q 7.07.pif
2014-03-21 16:12 - 2008-08-04 14:03 - 00030208 ____H () C:\Users\fernando\Desktop\~WRL1630.tmp
2014-03-21 08:50 - 2014-03-21 09:46 - 00231424 ____H () C:\Users\fernando\Desktop\~WRL0003.tmp
2014-03-21 08:50 - 2011-03-18 09:22 - 00251392 ____H () C:\Users\fernando\Desktop\~WRL1659.tmp
2014-03-21 08:46 - 2014-03-21 08:46 - 00001434 _____ () C:\Users\fernando\Desktop\Planejamento 2014 - Atalho.lnk
2014-03-21 08:17 - 2014-03-21 08:21 - 00002006 ____H () C:\Users\fernando\Documents\Default.rdp
2014-03-20 16:16 - 2014-03-20 16:25 - 00103936 _____ () C:\Users\fernando\Downloads\rptInstrumentos.xls
2014-03-20 15:25 - 2014-03-20 15:25 - 00000000 ____D () C:\Users\fernando\AppData\Roaming\PDF Architect
2014-03-20 15:12 - 2014-03-20 15:12 - 00000000 ____D () C:\Users\fernando\AppData\Local\Adobe
2014-03-20 15:10 - 2014-03-20 15:10 - 00000129 _____ () C:\Users\fernando\Desktop\SGAC Web.url
2014-03-20 15:08 - 2014-03-20 15:08 - 00000000 ____D () C:\Users\fernando\AppData\Roaming\Macromedia
2014-03-20 15:06 - 2014-03-20 15:07 - 00000000 ____D () C:\Users\fernando\Downloads\Verifica Spyware
2014-03-19 15:21 - 2014-03-20 15:12 - 00000000 ____D () C:\Users\fernando\AppData\Roaming\Adobe
2014-03-19 14:14 - 2014-03-19 14:14 - 00085752 _____ () C:\Users\fernando\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-19 14:14 - 2014-03-19 14:14 - 00001393 _____ () C:\Users\fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-19 14:14 - 2014-03-19 14:14 - 00000000 ____D () C:\Users\fernando\AppData\Local\Google
2014-03-19 14:13 - 2014-03-19 14:14 - 00000000 ____D () C:\Users\fernando
2014-03-19 14:13 - 2014-03-19 14:13 - 00000020 ___SH () C:\Users\fernando\ntuser.ini
2014-03-19 14:13 - 2014-03-19 14:13 - 00000000 _SHDL () C:\Users\fernando\Modelos
2014-03-19 14:13 - 2014-03-19 14:13 - 00000000 _SHDL () C:\Users\fernando\Meus documentos
2014-03-19 14:13 - 2014-03-19 14:13 - 00000000 _SHDL () C:\Users\fernando\Menu Iniciar
2014-03-19 14:13 - 2014-03-19 14:13 - 00000000 _SHDL () C:\Users\fernando\Documents\Minhas músicas
2014-03-19 14:13 - 2014-03-19 14:13 - 00000000 _SHDL () C:\Users\fernando\Documents\Minhas imagens
2014-03-19 14:13 - 2014-03-19 14:13 - 00000000 _SHDL () C:\Users\fernando\Documents\Meus vídeos
2014-03-19 14:13 - 2014-03-19 14:13 - 00000000 _SHDL () C:\Users\fernando\Dados de aplicativos
2014-03-19 14:13 - 2014-03-19 14:13 - 00000000 _SHDL () C:\Users\fernando\Configurações locais
2014-03-19 14:13 - 2014-03-19 14:13 - 00000000 _SHDL () C:\Users\fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2014-03-19 14:13 - 2014-03-19 14:13 - 00000000 _SHDL () C:\Users\fernando\AppData\Local\Histórico
2014-03-19 14:13 - 2014-03-19 14:13 - 00000000 _SHDL () C:\Users\fernando\AppData\Local\Dados de aplicativos
2014-03-19 14:13 - 2014-03-19 14:13 - 00000000 _SHDL () C:\Users\fernando\Ambiente de rede
2014-03-19 14:13 - 2014-03-19 14:13 - 00000000 _SHDL () C:\Users\fernando\Ambiente de impressão
2014-03-19 14:13 - 2013-05-03 16:28 - 00000000 ____D () C:\Users\fernando\AppData\Local\Microsoft Help
2014-03-19 14:13 - 2009-07-14 01:42 - 00000000 ___RD () C:\Users\fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-19 14:13 - 2009-07-14 01:37 - 00000000 ___RD () C:\Users\fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-19 14:03 - 2014-03-19 14:03 - 00085752 _____ () C:\Users\Administrador\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-19 14:03 - 2014-03-19 14:03 - 00001385 _____ () C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-19 13:59 - 2014-03-19 14:03 - 00000000 ____D () C:\Users\Administrador
2014-03-19 13:59 - 2014-03-19 13:59 - 00000020 ___SH () C:\Users\Administrador\ntuser.ini
2014-03-19 13:59 - 2014-03-19 13:59 - 00000000 _SHDL () C:\Users\Administrador\Modelos
2014-03-19 13:59 - 2014-03-19 13:59 - 00000000 _SHDL () C:\Users\Administrador\Meus documentos
2014-03-19 13:59 - 2014-03-19 13:59 - 00000000 _SHDL () C:\Users\Administrador\Menu Iniciar
2014-03-19 13:59 - 2014-03-19 13:59 - 00000000 _SHDL () C:\Users\Administrador\Documents\Minhas músicas
2014-03-19 13:59 - 2014-03-19 13:59 - 00000000 _SHDL () C:\Users\Administrador\Documents\Minhas imagens
2014-03-19 13:59 - 2014-03-19 13:59 - 00000000 _SHDL () C:\Users\Administrador\Documents\Meus vídeos
2014-03-19 13:59 - 2014-03-19 13:59 - 00000000 _SHDL () C:\Users\Administrador\Dados de aplicativos
2014-03-19 13:59 - 2014-03-19 13:59 - 00000000 _SHDL () C:\Users\Administrador\Configurações locais
2014-03-19 13:59 - 2014-03-19 13:59 - 00000000 _SHDL () C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2014-03-19 13:59 - 2014-03-19 13:59 - 00000000 _SHDL () C:\Users\Administrador\AppData\Local\Histórico
2014-03-19 13:59 - 2014-03-19 13:59 - 00000000 _SHDL () C:\Users\Administrador\AppData\Local\Dados de aplicativos
2014-03-19 13:59 - 2014-03-19 13:59 - 00000000 _SHDL () C:\Users\Administrador\Ambiente de rede
2014-03-19 13:59 - 2014-03-19 13:59 - 00000000 _SHDL () C:\Users\Administrador\Ambiente de impressão
2014-03-19 13:59 - 2013-05-03 16:28 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Microsoft Help
2014-03-19 13:59 - 2009-07-14 01:42 - 00000000 ___RD () C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-19 13:59 - 2009-07-14 01:37 - 00000000 ___RD () C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-19 11:01 - 2014-03-19 13:30 - 00011544 _____ () C:\Users\fernando19032014\Desktop\Manutenções.xlsx
2014-03-18 16:57 - 2014-03-18 16:57 - 00000000 ____D () C:\Windows\pss
2014-03-18 16:55 - 2014-03-18 16:56 - 00011940 _____ () C:\Users\fernando19032014\Downloads\cc_20140318_165550.reg
2014-03-18 16:39 - 2014-03-18 16:39 - 00902264 _____ () C:\Users\fernando19032014\Downloads\yet_another_cleaner_reh.exe
2014-03-18 15:38 - 2014-03-18 15:38 - 00588144 _____ ( ) C:\Users\fernando19032014\Downloads\Setup (1).exe
2014-03-18 15:35 - 2014-03-18 15:36 - 04765152 _____ (Piriform Ltd) C:\Users\fernando19032014\Downloads\ccsetup411.exe
2014-03-18 15:33 - 2014-03-18 15:37 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-18 15:33 - 2014-03-18 15:37 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-18 15:31 - 2011-07-05 09:53 - 03216552 _____ (Piriform Ltd) C:\ccsetup308.exe
2014-03-17 17:29 - 2014-03-18 10:26 - 00013832 _____ () C:\Users\fernando19032014\Desktop\Pasta1.xlsx
2014-03-17 14:44 - 2014-03-17 14:44 - 00588144 _____ ( ) C:\Users\fernando19032014\Downloads\Setup.exe
2014-03-17 12:13 - 2014-03-17 13:59 - 00000000 ____D () C:\Users\fernando19032014\AppData\Roaming\systweak
2014-03-17 12:13 - 2014-03-17 12:13 - 00000000 ____D () C:\Users\fernando19032014\AppData\Roaming\Advanced System Protector
2014-03-17 12:11 - 2014-03-17 12:11 - 00300248 _____ (Appsinstaller) C:\Users\fernando19032014\Downloads\Adobe After Effects (1).exe
2014-03-17 12:10 - 2014-03-17 12:11 - 00300248 _____ (Appsinstaller) C:\Users\fernando19032014\Downloads\Adobe After Effects.exe
2014-03-14 08:47 - 2014-03-14 08:47 - 00015933 _____ () C:\Users\fernando19032014\Documents\Avaliação de desempenho Betim.xlsx
2014-03-12 12:50 - 2014-03-12 12:50 - 30258588 _____ () C:\Users\fernando19032014\Downloads\clique_decore.zip
2014-03-12 09:45 - 2014-03-12 10:08 - 00145408 _____ () C:\Users\fernando19032014\Downloads\rptInstrumentos (1).xls
2014-03-12 08:20 - 2014-03-12 10:57 - 00111616 _____ () C:\Users\fernando19032014\Downloads\rptInstrumentos.xls
2014-03-09 12:54 - 2014-03-26 16:53 - 00031088 _____ (GbPlugin NDIS Device Driver) C:\Windows\system32\Drivers\gbpndisrd.sys
2014-03-08 11:28 - 2014-03-08 11:28 - 00029400 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpndisrdn.sys
2014-03-06 08:02 - 2014-03-24 11:15 - 00002687 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-06 08:02 - 2014-03-06 08:02 - 00000000 ___RD () C:\Program Files\Skype
2014-03-06 08:02 - 2014-03-06 08:02 - 00000000 ____D () C:\Users\fernando19032014\AppData\Local\Skype
2014-03-06 08:02 - 2014-03-06 08:02 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-05 15:24 - 2014-03-12 14:01 - 00016169 _____ () C:\Users\fernando19032014\Desktop\Migração (2).xlsx
2014-02-25 12:30 - 2014-02-25 12:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-25 12:29 - 2014-03-02 14:03 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-25 12:21 - 2014-02-03 12:05 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-25 12:21 - 2014-02-03 12:05 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-25 12:21 - 2014-02-03 12:05 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-25 12:21 - 2014-02-03 12:04 - 11020800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-25 12:21 - 2014-02-03 12:04 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-25 12:21 - 2014-02-03 12:04 - 02078208 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-25 12:21 - 2014-02-03 12:04 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-25 12:21 - 2014-02-03 12:04 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-25 12:21 - 2014-02-03 12:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-25 12:21 - 2014-02-03 12:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-25 12:21 - 2014-02-03 10:14 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-25 12:21 - 2013-12-24 20:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-25 12:21 - 2013-12-09 23:02 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-25 12:21 - 2013-12-05 23:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-25 12:21 - 2013-12-05 23:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-25 12:21 - 2013-11-26 07:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-25 12:21 - 2013-11-26 05:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-25 12:21 - 2013-11-11 23:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-02-25 12:21 - 2013-10-18 22:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-02-25 12:21 - 2013-10-11 23:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-02-25 12:21 - 2013-10-11 23:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-02-25 12:21 - 2013-10-11 22:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-02-25 12:21 - 2013-10-11 22:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-02-25 12:21 - 2013-10-03 22:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-02-25 12:21 - 2013-10-03 22:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-02-25 12:21 - 2012-06-01 01:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2014-02-25 12:21 - 2012-06-01 01:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2014-02-25 12:21 - 2012-06-01 01:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2014-02-25 12:21 - 2012-06-01 01:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2014-02-25 12:21 - 2012-06-01 01:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2014-02-25 12:21 - 2012-06-01 01:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2014-02-25 12:21 - 2011-02-18 02:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-25 12:18 - 2013-11-26 22:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-02-25 12:18 - 2013-11-26 22:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-02-25 12:18 - 2013-11-26 22:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-02-25 12:18 - 2013-11-26 22:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-02-25 12:18 - 2013-11-26 22:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-02-25 12:18 - 2013-11-26 22:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-02-25 12:18 - 2013-11-26 22:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

==================== One Month Modified Files and Folders =======

2014-03-26 16:59 - 2014-03-26 16:59 - 00009175 _____ () C:\Users\fernando\Downloads\FRST.txt
2014-03-26 16:59 - 2014-03-26 16:59 - 00000000 ____D () C:\FRST
2014-03-26 16:58 - 2014-03-26 16:58 - 01145856 _____ (Farbar) C:\Users\fernando\Downloads\FRST.exe
2014-03-26 16:57 - 2013-05-03 09:04 - 01089305 _____ () C:\Windows\WindowsUpdate.log
2014-03-26 16:53 - 2014-03-24 10:31 - 00000224 _____ () C:\Windows\setupact.log
2014-03-26 16:53 - 2014-03-09 12:54 - 00031088 _____ (GbPlugin NDIS Device Driver) C:\Windows\system32\Drivers\gbpndisrd.sys
2014-03-26 16:53 - 2013-05-03 20:41 - 00000000 ____D () C:\Users\Todos os Usuários\GbPlugin
2014-03-26 16:53 - 2013-05-03 20:41 - 00000000 ____D () C:\ProgramData\GbPlugin
2014-03-26 16:53 - 2013-05-03 10:50 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-26 16:53 - 2013-05-03 09:17 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl
2014-03-26 16:53 - 2009-07-14 01:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-26 16:51 - 2013-05-03 10:51 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-26 16:33 - 2014-03-25 15:57 - 01225952 _____ () C:\Users\fernando\Desktop\ArjGeral.zip
2014-03-26 16:10 - 2014-03-26 16:10 - 00001061 _____ () C:\Users\fernando\Desktop\ZHPFixReport.txt
2014-03-26 16:10 - 2014-03-25 14:24 - 00000000 ____D () C:\Users\fernando\AppData\Roaming\ZHP
2014-03-26 15:46 - 2014-03-26 15:46 - 00000000 ____D () C:\Users\fernando\AppData\Local\HP
2014-03-26 15:44 - 2014-03-26 15:44 - 00000000 ____D () C:\Users\fernando\AppData\Roaming\HpUpdate
2014-03-26 15:42 - 2009-07-14 01:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-26 15:42 - 2009-07-14 01:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-26 15:38 - 2014-03-26 15:38 - 00029533 _____ () C:\Users\fernando\Desktop\ZHPDiag.txt
2014-03-26 15:37 - 2014-03-25 14:24 - 00000000 ____D () C:\Program Files\ZHPDiag
2014-03-26 14:28 - 2014-03-26 12:48 - 00001890 _____ () C:\Users\Public\Desktop\Acesso Remoto.log
2014-03-26 14:25 - 2013-05-03 09:24 - 01715700 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-26 14:25 - 2009-07-14 05:31 - 00739740 _____ () C:\Windows\system32\prfh0416.dat
2014-03-26 14:25 - 2009-07-14 05:31 - 00156458 _____ () C:\Windows\system32\prfc0416.dat
2014-03-26 11:07 - 2014-03-25 09:27 - 00000000 ____D () C:\Users\fernando\Desktop\imprimir
2014-03-25 14:24 - 2014-03-25 14:24 - 00001937 _____ () C:\Users\fernando\Desktop\ZHPFix.lnk
2014-03-25 14:24 - 2014-03-25 14:24 - 00001810 _____ () C:\Users\fernando\Desktop\ZHPDiag.lnk
2014-03-25 14:22 - 2014-03-25 14:21 - 06858514 _____ (Nicolas Coolman ) C:\Users\fernando\Downloads\ZHPDiag2.exe
2014-03-25 07:55 - 2014-03-25 07:55 - 00341633 _____ () C:\Users\fernando\Downloads\Compra da BMW G650.eml
2014-03-24 17:21 - 2014-03-24 17:21 - 00000338 _____ () C:\Windows\PFRO.log
2014-03-24 12:03 - 2014-03-24 10:53 - 00000000 ____D () C:\Users\fernando\AppData\Roaming\Skype
2014-03-24 11:16 - 2014-03-24 11:16 - 00000000 ____D () C:\zoek_backup
2014-03-24 11:15 - 2014-03-06 08:02 - 00002687 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-24 11:15 - 2013-05-06 17:39 - 00000000 ____D () C:\Users\Todos os Usuários\Skype
2014-03-24 11:15 - 2013-05-06 17:39 - 00000000 ____D () C:\ProgramData\Skype
2014-03-24 11:14 - 2014-03-24 11:14 - 01285120 _____ () C:\Users\fernando\Desktop\zoek.exe
2014-03-24 11:10 - 2014-03-24 11:08 - 00000000 ____D () C:\AdwCleaner
2014-03-24 11:06 - 2014-03-24 11:06 - 01950720 _____ () C:\Users\fernando\Desktop\AdwCleaner.exe
2014-03-24 10:53 - 2014-03-24 10:53 - 00000000 ____D () C:\Users\fernando\AppData\Local\Skype
2014-03-24 10:31 - 2014-03-24 10:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-24 10:20 - 2014-03-24 10:10 - 00000000 ____D () C:\Users\fernando\AppData\Local\Sony
2014-03-24 10:10 - 2014-03-24 10:10 - 00000000 ____D () C:\Users\fernando\AppData\Roaming\Sony
2014-03-23 14:31 - 2013-08-02 16:31 - 00013878 _____ () C:\Users\fernando19032014\Desktop\Vencimentos MEC-Q.xlsx
2014-03-21 09:46 - 2014-03-21 08:50 - 00231424 ____H () C:\Users\fernando\Desktop\~WRL0003.tmp
2014-03-21 08:46 - 2014-03-21 08:46 - 00001434 _____ () C:\Users\fernando\Desktop\Planejamento 2014 - Atalho.lnk
2014-03-21 08:21 - 2014-03-21 08:17 - 00002006 ____H () C:\Users\fernando\Documents\Default.rdp
2014-03-21 08:19 - 2009-07-14 01:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-20 16:25 - 2014-03-20 16:16 - 00103936 _____ () C:\Users\fernando\Downloads\rptInstrumentos.xls
2014-03-20 15:25 - 2014-03-20 15:25 - 00000000 ____D () C:\Users\fernando\AppData\Roaming\PDF Architect
2014-03-20 15:21 - 2013-05-16 11:02 - 00000000 ____D () C:\Users\fernando19032014\Desktop\Certificados pdf
2014-03-20 15:12 - 2014-03-20 15:12 - 00000000 ____D () C:\Users\fernando\AppData\Local\Adobe
2014-03-20 15:12 - 2014-03-19 15:21 - 00000000 ____D () C:\Users\fernando\AppData\Roaming\Adobe
2014-03-20 15:10 - 2014-03-20 15:10 - 00000129 _____ () C:\Users\fernando\Desktop\SGAC Web.url
2014-03-20 15:08 - 2014-03-20 15:08 - 00000000 ____D () C:\Users\fernando\AppData\Roaming\Macromedia
2014-03-20 15:07 - 2014-03-20 15:06 - 00000000 ____D () C:\Users\fernando\Downloads\Verifica Spyware
2014-03-19 15:43 - 2013-05-03 10:46 - 00002829 _____ () C:\Users\Public\Desktop\MEC-Q 7.07 IMP.pif
2014-03-19 14:14 - 2014-03-19 14:14 - 00085752 _____ () C:\Users\fernando\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-19 14:14 - 2014-03-19 14:14 - 00001393 _____ () C:\Users\fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-19 14:14 - 2014-03-19 14:14 - 00000000 ____D () C:\Users\fernando\AppData\Local\Google
2014-03-19 14:14 - 2014-03-19 14:13 - 00000000 ____D () C:\Users\fernando
2014-03-19 14:13 - 2014-03-19 14:13 - 00000020 ___SH () C:\Users\fernando\ntuser.ini
2014-03-19 14:13 - 2014-03-19 14:13 - 00000000 _SHDL () C:\Users\fernando\Modelos
2014-03-19 14:13 - 2014-03-19 14:13 - 00000000 _SHDL () C:\Users\fernando\Meus documentos
2014-03-19 14:13 - 2014-03-19 14:13 - 00000000 _SHDL () C:\Users\fernando\Menu Iniciar
2014-03-19 14:13 - 2014-03-19 14:13 - 00000000 _SHDL () C:\Users\fernando\Documents\Minhas músicas
2014-03-19 14:13 - 2014-03-19 14:13 - 00000000 _SHDL () C:\Users\fernando\Documents\Minhas imagens
2014-03-19 14:13 - 2014-03-19 14:13 - 00000000 _SHDL () C:\Users\fernando\Documents\Meus vídeos
2014-03-19 14:13 - 2014-03-19 14:13 - 00000000 _SHDL () C:\Users\fernando\Dados de aplicativos
2014-03-19 14:13 - 2014-03-19 14:13 - 00000000 _SHDL () C:\Users\fernando\Configurações locais
2014-03-19 14:13 - 2014-03-19 14:13 - 00000000 _SHDL () C:\Users\fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2014-03-19 14:13 - 2014-03-19 14:13 - 00000000 _SHDL () C:\Users\fernando\AppData\Local\Histórico
2014-03-19 14:13 - 2014-03-19 14:13 - 00000000 _SHDL () C:\Users\fernando\AppData\Local\Dados de aplicativos
2014-03-19 14:13 - 2014-03-19 14:13 - 00000000 _SHDL () C:\Users\fernando\Ambiente de rede
2014-03-19 14:13 - 2014-03-19 14:13 - 00000000 _SHDL () C:\Users\fernando\Ambiente de impressão
2014-03-19 14:03 - 2014-03-19 14:03 - 00085752 _____ () C:\Users\Administrador\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-19 14:03 - 2014-03-19 14:03 - 00001385 _____ () C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-19 14:03 - 2014-03-19 13:59 - 00000000 ____D () C:\Users\Administrador
2014-03-19 13:59 - 2014-03-19 13:59 - 00000020 ___SH () C:\Users\Administrador\ntuser.ini
2014-03-19 13:59 - 2014-03-19 13:59 - 00000000 _SHDL () C:\Users\Administrador\Modelos
2014-03-19 13:59 - 2014-03-19 13:59 - 00000000 _SHDL () C:\Users\Administrador\Meus documentos
2014-03-19 13:59 - 2014-03-19 13:59 - 00000000 _SHDL () C:\Users\Administrador\Menu Iniciar
2014-03-19 13:59 - 2014-03-19 13:59 - 00000000 _SHDL () C:\Users\Administrador\Documents\Minhas músicas
2014-03-19 13:59 - 2014-03-19 13:59 - 00000000 _SHDL () C:\Users\Administrador\Documents\Minhas imagens
2014-03-19 13:59 - 2014-03-19 13:59 - 00000000 _SHDL () C:\Users\Administrador\Documents\Meus vídeos
2014-03-19 13:59 - 2014-03-19 13:59 - 00000000 _SHDL () C:\Users\Administrador\Dados de aplicativos
2014-03-19 13:59 - 2014-03-19 13:59 - 00000000 _SHDL () C:\Users\Administrador\Configurações locais
2014-03-19 13:59 - 2014-03-19 13:59 - 00000000 _SHDL () C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2014-03-19 13:59 - 2014-03-19 13:59 - 00000000 _SHDL () C:\Users\Administrador\AppData\Local\Histórico
2014-03-19 13:59 - 2014-03-19 13:59 - 00000000 _SHDL () C:\Users\Administrador\AppData\Local\Dados de aplicativos
2014-03-19 13:59 - 2014-03-19 13:59 - 00000000 _SHDL () C:\Users\Administrador\Ambiente de rede
2014-03-19 13:59 - 2014-03-19 13:59 - 00000000 _SHDL () C:\Users\Administrador\Ambiente de impressão
2014-03-19 13:30 - 2014-03-19 11:01 - 00011544 _____ () C:\Users\fernando19032014\Desktop\Manutenções.xlsx
2014-03-19 10:45 - 2013-05-20 08:11 - 00000000 ____D () C:\Users\fernando19032014\Desktop\Back-up´s
2014-03-19 08:34 - 2013-05-07 09:14 - 00002012 ____H () C:\Users\fernando19032014\Documents\Default.rdp
2014-03-18 17:01 - 2013-05-03 10:19 - 00000392 _____ () C:\Windows\Tasks\SlimDrivers Startup.job
2014-03-18 16:57 - 2014-03-18 16:57 - 00000000 ____D () C:\Windows\pss
2014-03-18 16:56 - 2014-03-18 16:55 - 00011940 _____ () C:\Users\fernando19032014\Downloads\cc_20140318_165550.reg
2014-03-18 16:47 - 2013-05-06 17:40 - 00000000 ____D () C:\Users\fernando19032014\AppData\Roaming\Skype
2014-03-18 16:47 - 2013-05-03 10:19 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-03-18 16:39 - 2014-03-18 16:39 - 00902264 _____ () C:\Users\fernando19032014\Downloads\yet_another_cleaner_reh.exe
2014-03-18 15:45 - 2013-11-21 08:05 - 00000000 ____D () C:\Program Files\PDFCreator
2014-03-18 15:45 - 2013-11-08 16:41 - 00000000 ____D () C:\Users\fernando19032014\AppData\Local\CrashDumps
2014-03-18 15:45 - 2013-07-22 13:35 - 00000000 ____D () C:\Windows\Minidump
2014-03-18 15:45 - 2013-05-07 20:45 - 00000000 ____D () C:\Users\fernando19032014\Tracing
2014-03-18 15:45 - 2013-05-03 09:00 - 00000000 ____D () C:\Windows\Panther
2014-03-18 15:41 - 2014-02-05 08:36 - 00000000 ____D () C:\Users\fernando19032014\AppData\Local\Facebook
2014-03-18 15:38 - 2014-03-18 15:38 - 00588144 _____ ( ) C:\Users\fernando19032014\Downloads\Setup (1).exe
2014-03-18 15:37 - 2014-03-18 15:33 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-18 15:37 - 2014-03-18 15:33 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-18 15:36 - 2014-03-18 15:35 - 04765152 _____ (Piriform Ltd) C:\Users\fernando19032014\Downloads\ccsetup411.exe
2014-03-18 15:21 - 2013-05-07 14:33 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-18 12:51 - 2013-05-05 08:39 - 00000000 ____D () C:\Program Files\Adobe
2014-03-18 12:51 - 2013-05-05 08:28 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-18 12:50 - 2013-05-03 20:32 - 00000000 ____D () C:\Users\fernando19032014\AppData\Roaming\Adobe
2014-03-18 10:26 - 2014-03-17 17:29 - 00013832 _____ () C:\Users\fernando19032014\Desktop\Pasta1.xlsx
2014-03-18 08:43 - 2013-05-05 08:29 - 00000000 ____D () C:\Users\fernando19032014\AppData\Local\Adobe
2014-03-17 17:56 - 2014-01-15 15:46 - 00000693 _____ () C:\Users\fernando19032014\AppData\Roaming\Rim.Transcoder.Exception.log
2014-03-17 17:56 - 2013-10-08 11:42 - 00000924 _____ () C:\Users\fernando19032014\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-03-17 17:56 - 2013-10-08 11:42 - 00000924 _____ () C:\Users\fernando19032014\AppData\Roaming\Rim.Desktop.Exception.log
2014-03-17 16:02 - 2013-05-08 15:25 - 00000000 ____D () C:\MECQ
2014-03-17 16:01 - 2009-07-13 23:04 - 00000043 _____ () C:\autoexec.bat
2014-03-17 16:01 - 2009-07-13 23:04 - 00000024 _____ () C:\config.sys
2014-03-17 14:44 - 2014-03-17 14:44 - 00588144 _____ ( ) C:\Users\fernando19032014\Downloads\Setup.exe
2014-03-17 14:27 - 2013-09-19 07:58 - 00000000 ____D () C:\Users\fernando19032014\Desktop\Auditoria Sto.André (set_2013)
2014-03-17 13:59 - 2014-03-17 12:13 - 00000000 ____D () C:\Users\fernando19032014\AppData\Roaming\systweak
2014-03-17 12:24 - 2013-05-05 08:35 - 00000000 ____D () C:\Users\Todos os Usuários\Adobe
2014-03-17 12:24 - 2013-05-05 08:35 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-17 12:13 - 2014-03-17 12:13 - 00000000 ____D () C:\Users\fernando19032014\AppData\Roaming\Advanced System Protector
2014-03-17 12:11 - 2014-03-17 12:11 - 00300248 _____ (Appsinstaller) C:\Users\fernando19032014\Downloads\Adobe After Effects (1).exe
2014-03-17 12:11 - 2014-03-17 12:10 - 00300248 _____ (Appsinstaller) C:\Users\fernando19032014\Downloads\Adobe After Effects.exe
2014-03-17 08:53 - 2013-05-03 10:52 - 00002127 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-16 15:16 - 2013-10-21 21:19 - 00000000 ____D () C:\Users\fernando19032014\Desktop\PUC
2014-03-14 08:47 - 2014-03-14 08:47 - 00015933 _____ () C:\Users\fernando19032014\Documents\Avaliação de desempenho Betim.xlsx
2014-03-12 14:01 - 2014-03-05 15:24 - 00016169 _____ () C:\Users\fernando19032014\Desktop\Migração (2).xlsx
2014-03-12 12:50 - 2014-03-12 12:50 - 30258588 _____ () C:\Users\fernando19032014\Downloads\clique_decore.zip
2014-03-12 10:57 - 2014-03-12 08:20 - 00111616 _____ () C:\Users\fernando19032014\Downloads\rptInstrumentos.xls
2014-03-12 10:08 - 2014-03-12 09:45 - 00145408 _____ () C:\Users\fernando19032014\Downloads\rptInstrumentos (1).xls
2014-03-10 14:40 - 2013-05-20 16:29 - 00062976 _____ () C:\Users\fernando19032014\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-08 11:28 - 2014-03-08 11:28 - 00029400 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpndisrdn.sys
2014-03-08 11:27 - 2013-05-03 20:41 - 00000000 ____D () C:\Program Files\GbPlugin
2014-03-07 08:53 - 2013-12-05 15:03 - 00000000 ____D () C:\Users\fernando19032014\Desktop\Verifica_Pendencias_v.2
2014-03-06 08:02 - 2014-03-06 08:02 - 00000000 ___RD () C:\Program Files\Skype
2014-03-06 08:02 - 2014-03-06 08:02 - 00000000 ____D () C:\Users\fernando19032014\AppData\Local\Skype
2014-03-06 08:02 - 2014-03-06 08:02 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-05 16:13 - 2014-01-31 18:34 - 00000000 ____D () C:\Users\fernando19032014\AppData\Roaming\VDownloader
2014-03-05 16:13 - 2014-01-31 18:33 - 00000000 ____D () C:\Program Files\VDownloader
2014-03-02 14:03 - 2014-02-25 12:29 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-01 17:27 - 2009-07-14 01:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-26 14:11 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\rescache
2014-02-26 12:37 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-25 14:14 - 2009-07-14 01:33 - 00348888 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-25 14:12 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-02-25 14:12 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-02-25 12:32 - 2014-02-25 12:30 - 00000000 ____D () C:\Windows\system32\MRT

Files to move or delete:
====================
C:\ProgramData\FileSplitUpLoad.dll
C:\Users\Todos os Usuários\FileSplitUpLoad.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-25 10:18

==================== End Of Log ============================

por **Power Max** Sáb 29 Mar 2014, 21:16

Desculpe-me pela demora na resposta. É que estou com problemas na internet e estou acessando só pela conexão do celular, a qual é muito lenta.

remoção - Remoção de Ads by View Password 772309

Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o no mesmo local onde você deixou o Farbar, que é este abaixo:
C:\Users\fernando\Downloads

Execute o FRST. Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo.

Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta e nos diga como está seu PC após este procedimento.

por Murici Seg 31 Mar 2014, 11:42

AS PROPAGANDAS INDESEJAVEIS E LINKS NAO APARECEM MAIS, PARECE QUE ESTA RESOLVIDO ...

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by fernando at 2014-03-31 11:36:08 Run:1
Running from C:\Users\fernando\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [] - [X]
SearchScopes: HKLM - DefaultScope value is missing.
S3 BdApiUtil; \??\C:\Program Files\Baidu Security\Baidu Antivirus\BdApiUtil.sys [X]
S3 BdCameraProtect; \??\C:\Program Files\Baidu Security\Baidu Antivirus\BdCameraProtect.sys [X]
S0 Bhbase; System32\drivers\Bhbase.sys [X]
2014-03-17 12:13 - 2014-03-17 12:13 - 00000000 ____D () C:\Users\fernando19032014\AppData\Roaming\Advanced System Protector
C:\ProgramData\FileSplitUpLoad.dll
C:\Users\Todos os Usuários\FileSplitUpLoad.dll
end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
BdApiUtil => Service deleted successfully.
BdCameraProtect => Service deleted successfully.
Bhbase => Service deleted successfully.

"C:\Users\fernando19032014\AppData\Roaming\Advanced System Protector" directory move:

C:\Users\fernando19032014\AppData\Roaming\Advanced System Protector\aspsetup.exe => Moved successfully.
Could not move "C:\Users\fernando19032014\AppData\Roaming\Advanced System Protector" directory. => Scheduled to move on reboot.

C:\ProgramData\FileSplitUpLoad.dll => Moved successfully.
"C:\Users\Todos os Usuários\FileSplitUpLoad.dll" => File/Directory not found.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-03-31 11:39:38)<=

"C:\Users\fernando19032014\AppData\Roaming\Advanced System Protector" => Directory could not move.

==== End of Fixlog ====

por **Power Max** Seg 31 Mar 2014, 11:51

Fico feliz que o problema tenha sido resolvido.

remoção - Remoção de Ads by View Password 772309

Só para finalizar siga estes tutoriais abaixo, por gentileza:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

remoção - Remoção de Ads by View Password 772309

Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________

remoção - Remoção de Ads by View Password 648673379

Foi um prazer ajudar. Conte sempre conosco!

por **Power Max** Sáb 05 Abr 2014, 20:25

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.

por Conteúdo patrocinado

Remoção de Ads by View Password

Remoção de Ads by View Password

Re: Remoção de Ads by View Password

Re: Remoção de Ads by View Password

Re: Remoção de Ads by View Password

Re: Remoção de Ads by View Password

Re: Remoção de Ads by View Password

Re: Remoção de Ads by View Password

Re: Remoção de Ads by View Password

Re: Remoção de Ads by View Password

Re: Remoção de Ads by View Password

Re: Remoção de Ads by View Password

Re: Remoção de Ads by View Password

Re: Remoção de Ads by View Password

Re: Remoção de Ads by View Password

Re: Remoção de Ads by View Password

Re: Remoção de Ads by View Password

Re: Remoção de Ads by View Password

Re: Remoção de Ads by View Password

Re: Remoção de Ads by View Password

Re: Remoção de Ads by View Password

Re: Remoção de Ads by View Password

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31