Fórum PC Brasil
Gostaria de reagir a esta mensagem? Crie uma conta em poucos cliques ou inicie sessão para continuar.

Implementa recursos de segurança e limpeza ao computador!

Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking reddit      

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14810 usuários registrados
O último membro registrado é Josevinil

Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Últimos assuntos
» Problema no disco rígido do Windows 11
por joram Seg 01 Abr 2024, 06:35

Quem está conectado?
21 usuários online :: 0 registrados, 0 invisíveis e 21 visitantes :: 1 motor de busca

Nenhum

O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
 
 

Resultados por:
 

Rechercher Pesquisa avançada

Top dos mais postadores
Power Max
Suspeita de Vírus - Página 4 Vote_lcapSuspeita de Vírus - Página 4 Voting_barSuspeita de Vírus - Página 4 Vote_rcap 
joram
Suspeita de Vírus - Página 4 Vote_lcapSuspeita de Vírus - Página 4 Voting_barSuspeita de Vírus - Página 4 Vote_rcap 
Wings [In Memoriam]
Suspeita de Vírus - Página 4 Vote_lcapSuspeita de Vírus - Página 4 Voting_barSuspeita de Vírus - Página 4 Vote_rcap 
caedurodrigues
Suspeita de Vírus - Página 4 Vote_lcapSuspeita de Vírus - Página 4 Voting_barSuspeita de Vírus - Página 4 Vote_rcap 
Amigo Brasileiro
Suspeita de Vírus - Página 4 Vote_lcapSuspeita de Vírus - Página 4 Voting_barSuspeita de Vírus - Página 4 Vote_rcap 
luizvilarinho
Suspeita de Vírus - Página 4 Vote_lcapSuspeita de Vírus - Página 4 Voting_barSuspeita de Vírus - Página 4 Vote_rcap 
Danii
Suspeita de Vírus - Página 4 Vote_lcapSuspeita de Vírus - Página 4 Voting_barSuspeita de Vírus - Página 4 Vote_rcap 
Admin
Suspeita de Vírus - Página 4 Vote_lcapSuspeita de Vírus - Página 4 Voting_barSuspeita de Vírus - Página 4 Vote_rcap 
Danilo Marsaro
Suspeita de Vírus - Página 4 Vote_lcapSuspeita de Vírus - Página 4 Voting_barSuspeita de Vírus - Página 4 Vote_rcap 
Andreata
Suspeita de Vírus - Página 4 Vote_lcapSuspeita de Vírus - Página 4 Voting_barSuspeita de Vírus - Página 4 Vote_rcap 

abril 2024
SegTerQuaQuiSexSábDom
1234567
891011121314
15161718192021
22232425262728
2930     

Calendário Calendário

Palavras-chaves

virus  adobe  video  notebook  flash  pessoas  áudio  SISPNCD  deletar  game  impressora  vídeos  windows  excluir  2013  teclado  desinstalar  instalação  placa  popup  2015  PARA  player  SOFTWARE  2025  mcafee  


Suspeita de Vírus

2 participantes

Fórum PC Brasil :: Segurança da Informação :: Casos Resolvidos

Página 4 de 4 Anterior  1, 2, 3, 4

Ir para baixo

Suspeita de Vírus - Página 4 Empty Re: Suspeita de Vírus

Mensagem por Power Max Sáb 02 Ago 2014, 14:25

Rodrig escreveu:O avast.
é um falso positivo (um engano por parte do Avast). Neste caso é só desativar temporariamente o Avast (clicando com o botão direito do mouse sobre o ícone dele ao lado do relógio do Windows e escolhendo esta opção de desabilitá-lo).

Depois disto execute o programa e poste o relatório dele.
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Suspeita de Vírus - Página 4 Empty (RESOLVIDO) Suspeita de Vírus

Mensagem por Rodrig Sáb 02 Ago 2014, 14:31

SystemLook 30.07.11 by jpshortstuff
Log created at 13:29 on 02/08/2014 by casal
Administrator - Elevation successful

========== filefind ==========

Searching for "baidu"
No files found.

========== folderfind ==========

Searching for "baidu"
C:\AdwCleaner\Quarantine\C\Program Files\baidu d------ [17:59 30/07/2014]
C:\AdwCleaner\Quarantine\C\ProgramData\baidu d------ [17:59 30/07/2014]
C:\AdwCleaner\Quarantine\C\Users\casal\AppData\Local\Temp\baidu d------ [17:59 30/07/2014]
C:\AdwCleaner\Quarantine\C\Users\casal\AppData\Roaming\baidu d------ [17:59 30/07/2014]
C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu d------ [17:59 30/07/2014]
C:\_OTM\MovedFiles\08012014_153231\C_Users\Public\Documents\Baidu d------ [17:59 30/07/2014]

========== regfind ==========

Searching for "baidu"
[HKEY_CURRENT_USER\Software\Classes\.torrent]
@="baiduspark.Torrent"
[HKEY_CURRENT_USER\Software\Classes\magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" /url "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.hif]
@="Baidu.FacePack"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowserfile.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowserfile.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowserfile.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\${MAIN_PROGRAME}" /url "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{062BF5AF-F2C4-42D6-88EF-62AC369CDF76}\1.0\0\win32]
@="C:\Program Files\Baidu Security\PC App Store\4.6.1.6274\ShellMenu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{062BF5AF-F2C4-42D6-88EF-62AC369CDF76}\1.0\HELPDIR]
@="C:\Program Files\Baidu Security\PC App Store\4.6.1.6274"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet]
@="BaiduSpark.EXE"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\.torrent]
@="baiduspark.Torrent"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" /url "%1""
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\.torrent]
@="baiduspark.Torrent"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" /url "%1""

-= EOF =-
Rodrig
Rodrig
Membro
Membro

Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná

Ir para o topo Ir para baixo

Suspeita de Vírus - Página 4 Empty Re: Suspeita de Vírus

Mensagem por Power Max Sáb 02 Ago 2014, 14:39

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve-o no Desktop (Área de Trabalho)

Obs: Ao acessar o link acima, clique no botão Download Now 32-Bit Version

Execute o Farbar seguindo as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt

Poste estes dois relatórios em sua próxima resposta. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Suspeita de Vírus - Página 4 Empty (RESOLVIDO) Suspeita de Vírus

Mensagem por Rodrig Sáb 02 Ago 2014, 15:14

Additional scan result of Farbar Recovery Scan Tool (x86) Version:2-08-2014
Ran by casal at 2014-08-02 14:12:17
Running from C:\Users\casal\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
32 Bit HP CIO Components Installer (Version: 8.1.4 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version:  - Microsoft)
aTube Catcher (HKLM\...\aTube Catcher) (Version: 3.8.5187 - DsNET Corp)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.2.7.1878 - CDBurnerXP)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Driver 1.2 (HKLM\...\{BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}) (Version: 1.2 - OEM)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
eXe -- eLearning XHTML editor (HKLM\...\exe) (Version:  - eXe Project)
FLV Player (remove only) (HKLM\...\FLVM Player) (Version:  - )
Galeria de Fotos (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Gerenciador de Inicialização Positivo (HKLM\...\{E365D4D7-BD51-4A7F-8ECA-0B6C0C42D3CF}_is1) (Version: 1.0.16.1 - Positivo Informática S.A.)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6289.0 - IDT)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
IPM 1.5 (HKLM\...\{AADF4228-0772-4D43-92EB-B245E3A17B00}) (Version: 1.5 - OEM)
IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM\...\IRPF2012) (Version: 1.0 - Receita Federal do Brasil)
IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM\...\IRPF2013) (Version: 1.0 - Receita Federal do Brasil)
IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM\...\IRPF2014) (Version: 1.0 - Receita Federal do Brasil)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JMicron Ethernet Adapter NDIS Driver (HKLM\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.17.1 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.45.0 - JMicron Technology Corp.)
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware versão 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office com Clique para Executar 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office com Clique para Executar 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0416-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 pt-BR) (HKLM\...\Mozilla Firefox 31.0 (x86 pt-BR)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
Mundo Positivo (HKLM\...\{AAB13E97-449B-4D5B-BDE2-AB47B938B722}_is1) (Version: 1.3.8.0 - Positivo Informática S.A.)
OSD 1.7 (HKLM\...\{5A9C96FE-1376-45E1-8556-C81255F0B5A7}) (Version: 1.7 - OEM)
Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Positivo Ajudante (HKLM\...\{4F44FDC9-6B66-4549-882A-7D5C4E3A79A2}_is1) (Version: 1.4.0.2 - Positivo Informática S.A)
Positivo Áudio (HKLM\...\{D00FA097-5115-400D-84AD-4ADEF3EBDB5E}_is1) (Version: 1.4.1.0 - Positivo Informática S.A.)
Positivo Backup (HKLM\...\{387B3DFA-BB12-45E6-B431-4A7BF2EBD985}_is1) (Version: 1.5.2.2 - Positivo Informática S.A.)
Positivo Bateria (HKLM\...\{FD6F6859-2863-4ABB-87D0-A263F3E9FF45}_is1) (Version: 1.4.4.0 - Positivo Informática S.A.)
Positivo Conversor 3D (HKLM\...\{D0582368-2DFF-48EA-AC8D-1FA8E31CA38C}_is1) (Version: 1.0.0.7 - Positivo Informática S.A.)
Positivo NIS 2011 License Activator (HKLM\...\{5400FA29-4A55-4EB9-AD27-AF20DBD334E1}_is1) (Version: 1.1.0.0 - Positivo Informática S.A.)
Positivo Sincronize (HKLM\...\{6DA3261A-DCEB-401A-ABE0-A367C252B86C}_is1) (Version: 1.5.3.0 - Positivo Informática S.A.)
Positivo WebCam (HKLM\...\{E11C7438-7550-4676-92CE-846CC5DA3548}_is1) (Version: 1.5.1.0 - Positivo Informática S.A.)
Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.4.0 - Ralink)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0174 - REALTEK Semiconductor Corp.)
Receitanet (HKLM\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.04 - Serpro - Serviço Federal de Processamento de Dados)
Software básico do dispositivo HP Deskjet 3050 J610 series (HKLM\...\{6FC163A1-3774-4918-8565-47F4FF0DF8B7}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
Software de Cadastro Positivo 6.0 (HKLM\...\{4A33ECF3-6AC6-4A9B-932C-4E81625423C7}_is1) (Version: 6.0.0.0 - Positivo Informática)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.3.0 - Synaptics Incorporated)
TP-LINK Wireless Client Utility (HKLM\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)
Tutorial 1.0 (HKLM\...\{1C86726E-4A85-4322-8A1C-56EDE170FAB5}_is1) (Version: 1.0.0.0 - Positivo Informática)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{52F3455A-9ADB-41A6-BCE7-8D99F3770590}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Webcam 1.5 (HKLM\...\{39B78651-6FD2-4752-BE68-C3BDB6F2D9EE}) (Version: 1.5 - OEM)
Windows Live Communications Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
ZHPDiag 2014 (HKLM\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\casal\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\casal\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\casal\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\casal\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\casal\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\casal\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\casal\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\casal\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\casal\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\casal\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\casal\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\casal\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\casal\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\casal\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\casal\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\casal\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\casal\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\casal\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\casal\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

19-07-2014 17:54:34 Installed Java 7 Update 65
22-07-2014 19:26:42 Windows Update
24-07-2014 22:58:06 Windows Update
29-07-2014 21:01:32 Windows Update
31-07-2014 14:31:30 ZHPFix Restore System Point
01-08-2014 16:01:45 ZHPFix Restore System Point
02-08-2014 16:42:19 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-03-03 12:43 - 2010-12-23 14:08 - 00000780 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00C39C86-E733-41F9-8913-3DB7FE4EF13A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {0E24767B-4193-4C64-9441-B542AAFE81E3} - System32\Tasks\{0DD0F863-9D52-4870-A560-2380B9CC6A63} => Chrome.exe
Task: {1079D203-51E0-4299-A17B-03577D43FE3A} - System32\Tasks\{6A51DC2C-9DCA-48BB-9E99-F721479AF6E7} => Chrome.exe
Task: {11319DDE-0260-49F2-918D-68C913E2A7EB} - System32\Tasks\{9F466F0D-28B8-49A8-BA81-29492BEEF9BB} => Chrome.exe
Task: {1D7AF179-48AC-4287-8248-3181044F000F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2364669226-1398954891-4146519358-1000UA => C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-07] (Google Inc.)
Task: {2052721E-B17D-4340-B609-3F41854C6251} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-30] (Google Inc.)
Task: {22D477EC-DA79-4CC6-A19F-4FDB94351864} - System32\Tasks\{6C0FDFCA-0081-464D-8B36-CDE9C7AC4E93} => Chrome.exe
Task: {24697A66-AAE5-4A2C-9368-5CC71EB22989} - System32\Tasks\{410C36AD-4055-4872-81C0-E9EEF31A781A} => C:\Program Files\Norton Internet Security\Engine\19.9.0.9\uistub.exe
Task: {268534DA-449B-4E48-A24C-6048C2F06A72} - System32\Tasks\{1BA8F945-04BA-4AED-AB36-5A4A452EEB01} => Chrome.exe
Task: {2AF0DB67-B87F-4369-BC79-A90F93193544} - System32\Tasks\{54046C9D-0C94-4FBA-AAB9-F47D07EC2927} => Chrome.exe
Task: {2BBD0B62-9F67-4765-B8C7-F696BCEE9891} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-30] (Google Inc.)
Task: {34AE7C9B-6B76-4D8A-B813-57D0DAA364DC} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-07-11] (Oracle Corporation)
Task: {355B03C3-AF4E-4AE7-A6E6-29309EA50BD2} - System32\Tasks\{248790DF-D5AF-4840-ABD4-BA8566CF0511} => Chrome.exe
Task: {362D8092-E554-493D-8762-9F572F637490} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-16] (AVAST Software)
Task: {3BBD99A3-C749-4DC0-9B9C-1D3BB51928BB} - System32\Tasks\{A12685BF-9102-4465-8B2B-05FC2B80E3AF} => Chrome.exe
Task: {44AB0D1D-F5C4-45BF-8F70-CB8C9CEA866A} - System32\Tasks\{4D2C01EF-450D-4959-8491-3A2744483442} => Chrome.exe
Task: {47824B28-00D4-4049-8922-19553196C545} - System32\Tasks\{890FDB3C-DA4B-47DB-B70E-27E8FFC63ACE} => C:\Program Files\Norton Internet Security\Engine\19.9.0.9\uistub.exe
Task: {57F9DCAC-069A-4F0F-9E4B-5E2E863DDF28} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
Task: {5D3A4231-A4BF-4BA6-9A85-978A4F256C1D} - System32\Tasks\{A59BEC52-E4B8-49C9-89CE-EE1F377E4138} => Chrome.exe
Task: {648E27EA-AD4B-4362-8A79-6AB6EA154237} - System32\Tasks\{AA22BC3B-9A4F-4522-8D56-3E0ADF29F1AF} => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HP Deskjet 3050 J610 series.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {652C219C-D8E7-4E87-B963-80B06DC335B9} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {66154A41-99B0-45C1-951C-173A0C267217} - System32\Tasks\{8F99B308-F8FF-4076-ACD0-03F7CBF3E68E} => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HP Deskjet 3050 J610 series.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {6ABF6F92-6763-4963-9E20-D2C212BCEC5C} - System32\Tasks\{56021F95-488E-4FC3-9553-621D91512186} => Chrome.exe
Task: {712CE548-2233-43C1-8E6D-C5C0E47FEAA0} - System32\Tasks\SparkUpdater => C:\Program Files\baidu\Spark\SparkUpdate.exe
Task: {7CD0F49B-0F8C-41B6-BFC7-58DF619EFDA8} - System32\Tasks\{181D28A9-04FE-4E02-B0FD-4232ABE545BA} => Chrome.exe
Task: {7D3C7871-A917-4EF0-82E8-5F0A96423051} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {8A2F105C-5661-43BD-99EF-B9A38A5C38E6} - System32\Tasks\{C3722DD0-F602-4681-A9D1-4CDE6D60A9BB} => Firefox.exe
Task: {8A4799B9-E549-4555-9819-FC956DC45A7C} - System32\Tasks\{0FDF2D55-ED79-4D7D-8C6B-F578BEE678D7} => Chrome.exe
Task: {96D94BB0-2B22-4AD7-B719-D689F27F9000} - System32\Tasks\{67836FBF-4698-4D94-8745-8B76F1409E39} => Chrome.exe
Task: {984D34B0-8236-4508-A129-950A7144A179} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {9A71A48E-2187-4B64-A219-E102FB7041A6} - System32\Tasks\{CCC8D53D-E644-4AD0-A9A1-79C93D92227D} => Chrome.exe
Task: {9E8EC137-5C99-4746-A43B-01FC7FBEDE98} - System32\Tasks\{8747697A-E202-4D89-AA43-7EDC94BC45F6} => Firefox.exe
Task: {AE1AA37B-3ABA-4934-A4D7-44E27B990054} - System32\Tasks\{CB52A441-DC21-4E3B-966E-318F7A0A10C5} => Chrome.exe
Task: {B5A57D37-767C-4E15-A894-A3052EFDA6A2} - System32\Tasks\{FA958BE3-360D-4295-87E4-55675F8CCE7A} => Chrome.exe
Task: {B783435D-689F-431F-AE6C-0E3FC3BE9F68} - System32\Tasks\{42004203-8A39-495E-9B5F-07A654D0CFB5} => Firefox.exe
Task: {D1789D0F-BEF2-4731-A149-07ABF2E6B4B5} - System32\Tasks\{A36EB03E-89ED-4868-9E4E-BFD864034877} => Firefox.exe
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {E0EAE09D-87AA-4F66-A951-FC1447BB2756} - System32\Tasks\{1608256D-2B8C-4045-84BC-DD96A4E64097} => Firefox.exe
Task: {EFC0170A-7779-420C-ABB5-505945B9B2AD} - System32\Tasks\Programa de atualização online Adobe => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {F0934E4D-3DFA-4057-8947-D465E48B37B1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2364669226-1398954891-4146519358-1000Core => C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-07] (Google Inc.)
Task: {F45F07BA-B8E9-4750-9367-AE105D613750} - System32\Tasks\{77C82021-44ED-4861-AF8E-6959E0AD2409} => Chrome.exe
Task: {F587F037-A624-45BE-BE31-0F5A9711AA5E} - System32\Tasks\Programa de atualização online da HP => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09] (Hewlett-Packard)
Task: {F71A061D-BE28-4B9F-AC11-409763A77056} - System32\Tasks\{CECDA389-DCF5-497E-B512-04A5A8A154DE} => Chrome.exe
Task: {FD85FE9A-AD79-4F3F-ADF1-593F36366F71} - System32\Tasks\{D0B87182-5868-4D5E-9DD6-54796D2355EA} => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HP Deskjet 3050 J610 series.exe [2010-11-16] (Hewlett-Packard Co.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2364669226-1398954891-4146519358-1000Core.job => C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2364669226-1398954891-4146519358-1000UA.job => C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-16 18:01 - 2014-07-16 18:01 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-02 12:27 - 2014-08-02 12:27 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080201\algo.dll
2012-01-31 16:16 - 2009-11-12 11:48 - 00071096 _____ () C:\Program Files\CDBurnerXP\NMSAccessU.exe
2014-07-16 18:01 - 2014-07-16 18:01 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-23 12:09 - 2014-07-23 12:09 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-02-12 22:24 - 2014-02-12 22:24 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\bfd5296be62268bc7a31a424f0d1ad5f\IsdiInterop.ni.dll
2011-11-21 05:39 - 2010-03-03 18:08 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-07-08 23:02 - 2014-07-08 23:02 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Assistente para criação de disco de recuperação.lnk => C:\Windows\pss\Assistente para criação de disco de recuperação.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^IPM.lnk => C:\Windows\pss\IPM.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OSD.lnk => C:\Windows\pss\OSD.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk => C:\Windows\pss\Ralink Wireless Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^casal^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^casal^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de tela e Iniciador do OneNote 2007.lnk => C:\Windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\casal\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: StartUpManagerPositivo => C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de Túnel Teredo da Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/02/2014 00:39:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2014 00:37:33 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Falha ao criar ponto de restauração (Processo = C:\Windows\system32\wbem\wmiprvse.exe; Descrição = OTM Restore Point; Erro = 0x8007043c).

Error: (08/02/2014 00:31:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2014 00:25:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2014 00:24:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2014 04:49:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2014 03:43:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2014 03:34:21 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Falha ao criar ponto de restauração (Processo = C:\Windows\system32\wbem\wmiprvse.exe; Descrição = OTM Restore Point; Erro = 0x8007043c).

Error: (08/01/2014 03:23:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2014 03:13:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/02/2014 00:38:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização:
SMR300

Error: (08/02/2014 00:38:17 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: AUTORIDADE NT)
Description: Falha na inicialização do Módulo de Extensibilidade de WLAN.

Caminho do Módulo: C:\Windows\system32\Rtlihvs.dll
Código de Erro: 126

Error: (08/02/2014 00:30:13 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/02/2014 00:30:13 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/02/2014 00:30:12 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: AUTORIDADE NT)
Description: Falha na inicialização do Módulo de Extensibilidade de WLAN.

Caminho do Módulo: C:\Windows\system32\Rtlihvs.dll
Código de Erro: 21

Error: (08/02/2014 00:30:10 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/02/2014 00:30:04 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/02/2014 00:29:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização:
aswRvrt
aswSnx
aswSP
aswVmm
discache
SMR300
spldr
Wanarpv6

Error: (08/02/2014 00:29:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Client Virtualization Handler depende do serviço Application Virtualization Client, mas não foi possível iniciá-lo devido ao seguinte erro:
%%1068

Error: (08/02/2014 00:25:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização:
SMR300


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 2038.3 MB
Available physical RAM: 1059.71 MB
Total Pagefile: 4086.3 MB
Available Pagefile: 3020.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.24 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:288.32 GB) (Free:252.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Cool (Size: 298 GB) (Disk ID: 96E1CA8E)
Partition 1: (Active) - (Size=10 GB) - (Type=27)
Partition 2: (Not Active) - (Size=288 GB) - (Type=07 NTFS)
Rodrig
Rodrig
Membro
Membro

Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná

Ir para o topo Ir para baixo

Suspeita de Vírus - Página 4 Empty (RESOLVIDO) Suspeita de Vírus

Mensagem por Rodrig Sáb 02 Ago 2014, 15:15

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:2-08-2014
Ran by casal (administrator) on AMORE on 02-08-2014 14:10:00
Running from C:\Users\casal\Downloads
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: Português (Brasil)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link for 64-Bit Version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Positivo Informática S.A) C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Positivo Informática S.A) C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryPower.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Positivo Informática S.A.) C:\Program Files\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\RunOnce: [OTM] => C:\Users\casal\Downloads\OTM.exe [522240 2014-08-01] (OldTimer Tools)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\casal\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\casal\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\casal\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * aswBoot.exe /M:ab3cd727 /dir:"C:\Program Files\AVAST Software\Avast"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKCU - Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Tcpip\Parameters: [DhcpNameServer] 187.123.31.55 187.123.31.56 187.123.31.54
Tcpip\..\Interfaces\{B7F4A48C-FC31-4615-AFDB-E88BFDB109FD}: [NameServer]200.175.182.139,200.175.5.139
Tcpip\..\Interfaces\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: [NameServer]200.175.182.139,200.175.5.139

FireFox:
========
FF ProfilePath: C:\Users\casal\AppData\Roaming\Mozilla\Firefox\Profiles\yfiiolph.default-1396892395728
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\casal\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\casal\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\casal\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\casal\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\casal\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\casal\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-br.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-12]
FF HKLM\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\netsight@nielsen.xpi

Chrome:
=======
CHR HomePage: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR StartupUrls: "https://br.yahoo.com?fr=hp-avast&type=avastbcl"
CHR DefaultSearchKeyword: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR DefaultNewTabURL:
CHR Extension: (Google Wallet) - C:\Users\casal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-07]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AppManagerService; C:\Program Files\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe [64592 2012-10-03] (Positivo Informática S.A.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-16] (AVAST Software)
R2 BatteryManagerSrv; C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe [45056 2012-03-20] (Positivo Informática S.A) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2011-04-13] (Hewlett-Packard) [File not signed]
R2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2009-11-12] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [237650 2010-06-17] (IDT, Inc.)
S3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-16] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-16] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-16] ()
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-01-05] (Atheros Communications, Inc.)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [750592 2009-08-05] (Ralink Technology Corp.) [File not signed]
R3 PositivoAudioDriverWdm; C:\Windows\System32\DRIVERS\pad.sys [52496 2011-10-03] ()
S3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [999016 2010-11-02] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1334856 2013-05-02] (Realtek Semiconductor Corporation                           )
R2 SoilIO; C:\Windows\system32\Drivers\SoilIO.sys [16248 2009-12-04] ()
R3 soilkbc; C:\Windows\system32\Drivers\soilkbc.sys [10744 2009-12-04] (Systems Internals)
R3 SoilMC; C:\Windows\system32\Drivers\SoilMC.sys [10616 2009-12-04] (Systems Internals)
S3 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed]
S0 SMR300; System32\drivers\SMR300.SYS [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-02 14:10 - 2014-08-02 14:11 - 00014842 _____ () C:\Users\casal\Downloads\FRST.txt
2014-08-02 14:09 - 2014-08-02 14:10 - 00000000 ____D () C:\FRST
2014-08-02 14:07 - 2014-08-02 14:09 - 00001329 _____ () C:\Users\casal\Desktop\FRST.lnk
2014-08-02 14:07 - 2014-08-02 14:07 - 01084928 _____ (Farbar) C:\Users\casal\Downloads\FRST.exe
2014-08-02 13:29 - 2014-08-02 13:29 - 00139264 _____ () C:\Users\casal\Downloads\SystemLook.exe
2014-08-02 12:43 - 2014-05-14 12:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 12:43 - 2014-05-14 12:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 12:43 - 2014-05-14 12:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 12:43 - 2014-05-14 12:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 12:42 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 12:42 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 12:34 - 2014-08-02 12:34 - 00000659 _____ () C:\Users\casal\Desktop\_OTM.lnk
2014-08-01 15:32 - 2014-08-01 15:32 - 00000000 ____D () C:\_OTM
2014-08-01 15:23 - 2014-08-01 15:23 - 00522240 _____ (OldTimer Tools) C:\Users\casal\Downloads\OTM.exe
2014-08-01 13:38 - 2014-08-02 13:32 - 00009186 _____ () C:\Users\casal\Downloads\SystemLook.txt
2014-08-01 12:15 - 2014-08-01 12:16 - 00000000 ____D () C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2014-08-01 12:11 - 2014-03-10 23:14 - 00047456 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bhbase.sys
2014-08-01 12:09 - 2014-08-01 12:09 - 00001979 _____ () C:\Users\casal\Desktop\ZHPFixReport.txt
2014-08-01 12:06 - 2014-08-01 12:06 - 00000000 ____D () C:\Users\casal\AppData\Roaming\Baidu Security
2014-07-31 12:13 - 2014-07-31 12:13 - 00037990 _____ () C:\Users\casal\Desktop\ZHPDiag.txt
2014-07-31 10:40 - 2014-07-30 12:26 - 00111424 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\BprotectEx.sys
2014-07-30 17:51 - 2014-07-30 17:51 - 00000743 _____ () C:\Users\casal\Desktop\Log-Malware.lnk
2014-07-30 14:42 - 2014-07-30 14:43 - 04102729 _____ () C:\Users\casal\Downloads\zoek(1).zip
2014-07-30 14:41 - 2014-07-30 14:41 - 01287168 _____ () C:\Users\casal\Downloads\zoek(2).exe
2014-07-30 14:17 - 2014-07-30 14:17 - 00001349 _____ () C:\Users\casal\Desktop\JRT.lnk
2014-07-30 14:16 - 2014-07-30 14:16 - 01016261 _____ (Thisisu) C:\Users\casal\Downloads\JRT(1).exe
2014-07-30 13:53 - 2014-07-30 13:53 - 00000717 _____ () C:\Users\casal\Desktop\AdwCleaner.lnk
2014-07-30 13:48 - 2014-08-01 12:11 - 00016218 _____ () C:\Windows\PFRO.log
2014-07-30 13:46 - 2014-07-30 13:46 - 01365551 _____ () C:\Users\casal\Downloads\AdwCleaner(4).exe
2014-07-30 13:44 - 2014-08-02 12:38 - 00000840 _____ () C:\Windows\setupact.log
2014-07-30 13:44 - 2014-07-30 13:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-30 13:42 - 2014-07-30 13:42 - 01365551 _____ () C:\Users\casal\Downloads\AdwCleaner(3).exe
2014-07-30 13:39 - 2014-07-30 13:39 - 01365551 _____ () C:\Users\casal\Downloads\AdwCleaner(2).exe
2014-07-30 13:27 - 2014-07-30 13:27 - 01365551 _____ () C:\Users\casal\Downloads\AdwCleaner(1).exe
2014-07-30 12:24 - 2014-08-01 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2014-07-30 12:22 - 2014-07-30 12:56 - 00000000 ____D () C:\Users\Public\Documents\Baidu Security
2014-07-30 12:22 - 2014-07-30 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Spark Browser
2014-07-30 12:21 - 2014-07-30 12:21 - 04748896 _____ (Piriform Ltd) C:\Users\casal\Desktop\ccsetup414.exe
2014-07-30 12:20 - 2014-08-01 12:31 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu Security
2014-07-30 12:20 - 2014-08-01 12:31 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-07-30 12:20 - 2014-07-31 10:40 - 00000000 ____D () C:\Program Files\Baidu Security
2014-07-30 12:19 - 2014-07-30 12:19 - 00571072 _____ (Bechiro. Installer · sl) C:\Users\casal\Downloads\Ccleaner.exe
2014-07-29 21:43 - 2014-07-29 21:43 - 02974720 _____ () C:\Users\casal\Downloads\Shortcut_Module(4).exe
2014-07-29 21:32 - 2014-07-29 21:33 - 02974720 _____ () C:\Users\casal\Downloads\Shortcut_Module(3).exe
2014-07-29 21:07 - 2014-07-29 21:09 - 02974720 _____ () C:\Users\casal\Downloads\Shortcut_Module(2).exe
2014-07-29 21:00 - 2014-07-29 21:00 - 02974720 _____ () C:\Users\casal\Downloads\Shortcut_Module(1).exe
2014-07-29 18:42 - 2014-07-29 20:38 - 00018033 _____ () C:\AdsFix.txt
2014-07-29 18:41 - 2014-07-29 21:44 - 00000000 ____D () C:\AdsFix
2014-07-29 18:40 - 2014-07-29 18:40 - 02974720 _____ () C:\Users\casal\Downloads\Shortcut_Module.exe
2014-07-28 23:51 - 2014-07-28 23:51 - 00000000 ____D () C:\Users\casal\Documents\Relatório
2014-07-27 23:13 - 2014-07-30 20:43 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-27 23:13 - 2014-07-27 23:13 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-27 23:13 - 2014-07-27 23:13 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2014-07-27 23:13 - 2014-07-27 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-27 23:13 - 2014-07-27 23:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-27 23:13 - 2014-07-27 23:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-27 23:13 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-27 23:13 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-27 23:13 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-27 23:12 - 2014-07-27 23:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\casal\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-27 23:00 - 2014-07-27 23:00 - 01016261 _____ (Thisisu) C:\Users\casal\Downloads\JRT.exe
2014-07-27 22:59 - 2014-07-27 22:59 - 01287168 _____ () C:\Users\casal\Downloads\zoek(1).exe
2014-07-27 21:30 - 2014-07-27 21:31 - 00000000 ____D () C:\Users\casal\Downloads\zoek(1)
2014-07-27 21:29 - 2014-07-27 21:29 - 04102729 _____ () C:\Users\casal\Downloads\zoek.zip
2014-07-27 21:27 - 2014-07-27 21:27 - 01287168 _____ () C:\Users\casal\Downloads\zoek.exe
2014-07-27 21:27 - 2014-07-27 21:27 - 00000000 ____D () C:\zoek_backup
2014-07-27 00:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-27 00:18 - 2014-07-30 13:59 - 00000000 ____D () C:\AdwCleaner
2014-07-27 00:18 - 2014-07-27 00:18 - 01354223 _____ () C:\Users\casal\Downloads\AdwCleaner.exe
2014-07-25 16:51 - 2014-08-01 12:09 - 00000000 ____D () C:\Users\casal\AppData\Roaming\ZHP
2014-07-25 16:51 - 2014-07-25 16:51 - 00001897 _____ () C:\Users\casal\Desktop\ZHPFix.lnk
2014-07-25 16:51 - 2014-07-25 16:51 - 00001770 _____ () C:\Users\casal\Desktop\ZHPDiag.lnk
2014-07-25 16:51 - 2014-07-25 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-07-25 16:51 - 2014-07-25 16:51 - 00000000 ____D () C:\Program Files\ZHPDiag
2014-07-25 16:50 - 2014-07-25 16:50 - 06857356 _____ (Nicolas Coolman ) C:\Users\casal\Downloads\ZHPDiag2.exe
2014-07-23 12:09 - 2014-07-30 12:22 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-19 13:59 - 2014-07-19 13:59 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-19 13:58 - 2014-07-19 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-19 13:58 - 2014-07-11 03:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-19 13:58 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-19 13:58 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-19 13:58 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-16 18:01 - 2014-07-16 18:01 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-09 20:55 - 2014-07-09 20:55 - 00484472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-08 21:50 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 21:50 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 21:50 - 2014-06-18 19:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-08 21:50 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 21:50 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-08 21:50 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 21:50 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 21:50 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 21:50 - 2014-06-18 19:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-08 21:50 - 2014-06-18 19:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-08 21:50 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 21:50 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 21:50 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 21:50 - 2014-06-18 18:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 21:50 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 21:50 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 21:50 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 21:50 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 21:50 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-08 21:49 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 21:49 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 21:49 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-08 21:49 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 21:49 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 21:49 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-08 21:49 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 21:49 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 21:49 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 21:49 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-08 21:49 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 21:47 - 2014-06-29 21:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-08 21:47 - 2014-06-29 21:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-08 21:47 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 21:47 - 2014-06-17 20:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 21:47 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 21:47 - 2014-06-05 10:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 21:47 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 21:47 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 21:47 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 21:47 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 21:47 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 21:47 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 21:47 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-08 21:47 - 2014-05-30 02:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-02 14:11 - 2014-08-02 14:10 - 00014842 _____ () C:\Users\casal\Downloads\FRST.txt
2014-08-02 14:10 - 2014-08-02 14:09 - 00000000 ____D () C:\FRST
2014-08-02 14:09 - 2014-08-02 14:07 - 00001329 _____ () C:\Users\casal\Desktop\FRST.lnk
2014-08-02 14:07 - 2014-08-02 14:07 - 01084928 _____ (Farbar) C:\Users\casal\Downloads\FRST.exe
2014-08-02 14:05 - 2013-09-23 22:17 - 00001078 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2364669226-1398954891-4146519358-1000UA.job
2014-08-02 14:02 - 2012-04-17 09:04 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-02 13:44 - 2012-10-30 22:21 - 00001054 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-02 13:32 - 2014-08-01 13:38 - 00009186 _____ () C:\Users\casal\Downloads\SystemLook.txt
2014-08-02 13:29 - 2014-08-02 13:29 - 00139264 _____ () C:\Users\casal\Downloads\SystemLook.exe
2014-08-02 12:50 - 2009-07-14 00:34 - 00016160 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-02 12:50 - 2009-07-14 00:34 - 00016160 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-02 12:44 - 2014-04-12 00:12 - 01604310 _____ () C:\Windows\WindowsUpdate.log
2014-08-02 12:43 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-08-02 12:38 - 2014-07-30 13:44 - 00000840 _____ () C:\Windows\setupact.log
2014-08-02 12:38 - 2012-10-30 22:21 - 00001050 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-02 12:38 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-02 12:34 - 2014-08-02 12:34 - 00000659 _____ () C:\Users\casal\Desktop\_OTM.lnk
2014-08-01 15:32 - 2014-08-01 15:32 - 00000000 ____D () C:\_OTM
2014-08-01 15:23 - 2014-08-01 15:23 - 00522240 _____ (OldTimer Tools) C:\Users\casal\Downloads\OTM.exe
2014-08-01 12:58 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-08-01 12:31 - 2014-07-30 12:20 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu Security
2014-08-01 12:31 - 2014-07-30 12:20 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-08-01 12:16 - 2014-08-01 12:15 - 00000000 ____D () C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2014-08-01 12:15 - 2014-07-30 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2014-08-01 12:11 - 2014-07-30 13:48 - 00016218 _____ () C:\Windows\PFRO.log
2014-08-01 12:09 - 2014-08-01 12:09 - 00001979 _____ () C:\Users\casal\Desktop\ZHPFixReport.txt
2014-08-01 12:09 - 2014-07-25 16:51 - 00000000 ____D () C:\Users\casal\AppData\Roaming\ZHP
2014-08-01 12:06 - 2014-08-01 12:06 - 00000000 ____D () C:\Users\casal\AppData\Roaming\Baidu Security
2014-07-31 23:05 - 2013-09-23 22:17 - 00001026 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2364669226-1398954891-4146519358-1000Core.job
2014-07-31 16:57 - 2013-11-03 21:47 - 00000000 ___RD () C:\Users\casal\Dropbox
2014-07-31 16:44 - 2013-04-10 07:54 - 00000000 ____D () C:\Windows\pss
2014-07-31 12:13 - 2014-07-31 12:13 - 00037990 _____ () C:\Users\casal\Desktop\ZHPDiag.txt
2014-07-31 10:41 - 2013-11-03 21:37 - 00000000 ____D () C:\Users\casal\AppData\Roaming\Dropbox
2014-07-31 10:40 - 2014-07-30 12:20 - 00000000 ____D () C:\Program Files\Baidu Security
2014-07-31 10:31 - 2012-01-31 19:03 - 00000000 ____D () C:\Users\casal\AppData\Local\CrashDumps
2014-07-30 20:43 - 2014-07-27 23:13 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-30 17:51 - 2014-07-30 17:51 - 00000743 _____ () C:\Users\casal\Desktop\Log-Malware.lnk
2014-07-30 17:31 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\schemas
2014-07-30 14:43 - 2014-07-30 14:42 - 04102729 _____ () C:\Users\casal\Downloads\zoek(1).zip
2014-07-30 14:41 - 2014-07-30 14:41 - 01287168 _____ () C:\Users\casal\Downloads\zoek(2).exe
2014-07-30 14:17 - 2014-07-30 14:17 - 00001349 _____ () C:\Users\casal\Desktop\JRT.lnk
2014-07-30 14:16 - 2014-07-30 14:16 - 01016261 _____ (Thisisu) C:\Users\casal\Downloads\JRT(1).exe
2014-07-30 14:08 - 2011-04-12 00:47 - 00709402 _____ () C:\Windows\system32\prfh0416.dat
2014-07-30 14:08 - 2011-04-12 00:47 - 00148924 _____ () C:\Windows\system32\prfc0416.dat
2014-07-30 14:08 - 2010-11-20 17:01 - 01645366 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-30 13:59 - 2014-07-27 00:18 - 00000000 ____D () C:\AdwCleaner
2014-07-30 13:53 - 2014-07-30 13:53 - 00000717 _____ () C:\Users\casal\Desktop\AdwCleaner.lnk
2014-07-30 13:46 - 2014-07-30 13:46 - 01365551 _____ () C:\Users\casal\Downloads\AdwCleaner(4).exe
2014-07-30 13:44 - 2014-07-30 13:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-30 13:42 - 2014-07-30 13:42 - 01365551 _____ () C:\Users\casal\Downloads\AdwCleaner(3).exe
2014-07-30 13:39 - 2014-07-30 13:39 - 01365551 _____ () C:\Users\casal\Downloads\AdwCleaner(2).exe
2014-07-30 13:27 - 2014-07-30 13:27 - 01365551 _____ () C:\Users\casal\Downloads\AdwCleaner(1).exe
2014-07-30 12:56 - 2014-07-30 12:22 - 00000000 ____D () C:\Users\Public\Documents\Baidu Security
2014-07-30 12:35 - 2009-07-13 22:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-30 12:26 - 2014-07-31 10:40 - 00111424 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\BprotectEx.sys
2014-07-30 12:22 - 2014-07-30 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Spark Browser
2014-07-30 12:22 - 2014-07-23 12:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-30 12:21 - 2014-07-30 12:21 - 04748896 _____ (Piriform Ltd) C:\Users\casal\Desktop\ccsetup414.exe
2014-07-30 12:19 - 2014-07-30 12:19 - 00571072 _____ (Bechiro. Installer · sl) C:\Users\casal\Downloads\Ccleaner.exe
2014-07-29 22:13 - 2012-05-31 01:36 - 00000000 ____D () C:\Users\casal\Documents\Escolas
2014-07-29 21:44 - 2014-07-29 18:41 - 00000000 ____D () C:\AdsFix
2014-07-29 21:43 - 2014-07-29 21:43 - 02974720 _____ () C:\Users\casal\Downloads\Shortcut_Module(4).exe
2014-07-29 21:33 - 2014-07-29 21:32 - 02974720 _____ () C:\Users\casal\Downloads\Shortcut_Module(3).exe
2014-07-29 21:09 - 2014-07-29 21:07 - 02974720 _____ () C:\Users\casal\Downloads\Shortcut_Module(2).exe
2014-07-29 21:00 - 2014-07-29 21:00 - 02974720 _____ () C:\Users\casal\Downloads\Shortcut_Module(1).exe
2014-07-29 20:38 - 2014-07-29 18:42 - 00018033 _____ () C:\AdsFix.txt
2014-07-29 19:57 - 2013-04-10 08:06 - 00000000 ____D () C:\Users\casal\AppData\Roaming\Thinstall
2014-07-29 18:40 - 2014-07-29 18:40 - 02974720 _____ () C:\Users\casal\Downloads\Shortcut_Module.exe
2014-07-28 23:51 - 2014-07-28 23:51 - 00000000 ____D () C:\Users\casal\Documents\Relatório
2014-07-27 23:13 - 2014-07-27 23:13 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-27 23:13 - 2014-07-27 23:13 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2014-07-27 23:13 - 2014-07-27 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-27 23:13 - 2014-07-27 23:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-27 23:13 - 2014-07-27 23:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-27 23:12 - 2014-07-27 23:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\casal\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-27 23:00 - 2014-07-27 23:00 - 01016261 _____ (Thisisu) C:\Users\casal\Downloads\JRT.exe
2014-07-27 22:59 - 2014-07-27 22:59 - 01287168 _____ () C:\Users\casal\Downloads\zoek(1).exe
2014-07-27 21:31 - 2014-07-27 21:30 - 00000000 ____D () C:\Users\casal\Downloads\zoek(1)
2014-07-27 21:29 - 2014-07-27 21:29 - 04102729 _____ () C:\Users\casal\Downloads\zoek.zip
2014-07-27 21:27 - 2014-07-27 21:27 - 01287168 _____ () C:\Users\casal\Downloads\zoek.exe
2014-07-27 21:27 - 2014-07-27 21:27 - 00000000 ____D () C:\zoek_backup
2014-07-27 00:18 - 2014-07-27 00:18 - 01354223 _____ () C:\Users\casal\Downloads\AdwCleaner.exe
2014-07-25 16:51 - 2014-07-25 16:51 - 00001897 _____ () C:\Users\casal\Desktop\ZHPFix.lnk
2014-07-25 16:51 - 2014-07-25 16:51 - 00001770 _____ () C:\Users\casal\Desktop\ZHPDiag.lnk
2014-07-25 16:51 - 2014-07-25 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-07-25 16:51 - 2014-07-25 16:51 - 00000000 ____D () C:\Program Files\ZHPDiag
2014-07-25 16:50 - 2014-07-25 16:50 - 06857356 _____ (Nicolas Coolman ) C:\Users\casal\Downloads\ZHPDiag2.exe
2014-07-24 22:39 - 2011-11-21 06:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 19:00 - 2011-11-21 06:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 15:44 - 2013-11-03 21:47 - 00000979 _____ () C:\Users\casal\Desktop\Dropbox.lnk
2014-07-23 15:44 - 2013-11-03 21:38 - 00000000 ____D () C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-23 15:32 - 2012-05-15 21:28 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-19 17:06 - 2013-10-17 14:33 - 00000000 ____D () C:\Users\Todos os Usuários\Oracle
2014-07-19 17:06 - 2013-10-17 14:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-19 13:59 - 2014-07-19 13:59 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-19 13:58 - 2014-07-19 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-19 13:58 - 2012-03-29 15:22 - 00000000 ____D () C:\Program Files\Java
2014-07-19 00:42 - 2014-04-14 23:31 - 00000000 ____D () C:\Users\casal\Documents\PROJETOS
2014-07-16 23:58 - 2013-04-10 08:14 - 00002087 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-16 18:02 - 2014-06-13 16:50 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-16 18:02 - 2014-04-12 00:15 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-16 18:01 - 2014-07-16 18:01 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-16 18:01 - 2014-04-28 13:38 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-16 18:01 - 2014-04-12 00:15 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-16 18:01 - 2014-04-12 00:15 - 00276432 ____N (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-16 18:01 - 2014-04-12 00:15 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-16 18:01 - 2014-04-12 00:15 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-16 18:01 - 2014-04-12 00:15 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-16 18:01 - 2014-04-12 00:15 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-16 18:01 - 2014-04-12 00:15 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-15 15:08 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-11 03:02 - 2014-07-19 13:58 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-11 02:56 - 2014-07-19 13:58 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-11 02:56 - 2014-07-19 13:58 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-11 02:55 - 2014-07-19 13:58 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-09 20:55 - 2014-07-09 20:55 - 00484472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 10:45 - 2014-04-11 08:50 - 00005654 ____N () C:\PureRa.txt
2014-07-09 07:36 - 2014-04-30 10:45 - 00000000 ____D () C:\Windows\system32\CompatTel
2014-07-09 07:19 - 2013-09-07 16:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 07:15 - 2012-02-01 16:13 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 07:15 - 2012-01-31 16:37 - 00000000 ____D () C:\Users\Todos os Usuários\Microsoft Help
2014-07-09 07:15 - 2012-01-31 16:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-08 23:02 - 2012-04-17 09:04 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-08 23:02 - 2012-03-06 10:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\ProgramData\FileSplitUpLoad.dll
C:\Users\Todos os Usuários\FileSplitUpLoad.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-01 12:47

==================== End Of Log ============================
Rodrig
Rodrig
Membro
Membro

Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná

Ir para o topo Ir para baixo

Suspeita de Vírus - Página 4 Empty Re: Suspeita de Vírus

Mensagem por Power Max Sáb 02 Ago 2014, 17:03

Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o na mesma pasta onde você deixou o Farbar, que é nesta pasta abaixo:
C:\Users\casal\Downloads

Clique com o botão direito do mouse sobre o FRST, depois clique em [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem].

Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo.

Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta.
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Suspeita de Vírus - Página 4 Empty (RESOLVIDO) Suspeita de Vírus

Mensagem por Rodrig Dom 03 Ago 2014, 10:04

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:2-08-2014
Ran by casal at 2014-08-03 09:03:07 Run:1
Running from C:\Users\casal\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
Task: {57F9DCAC-069A-4F0F-9E4B-5E2E863DDF28} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
Task: {712CE548-2233-43C1-8E6D-C5C0E47FEAA0} - System32\Tasks\SparkUpdater => C:\Program Files\baidu\Spark\SparkUpdate.exe
SearchScopes: HKLM - DefaultScope value is missing.
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-08-01 12:15 - 2014-08-01 12:16 - 00000000 ____D () C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2014-08-01 12:11 - 2014-03-10 23:14 - 00047456 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bhbase.sys
2014-08-01 12:06 - 2014-08-01 12:06 - 00000000 ____D () C:\Users\casal\AppData\Roaming\Baidu Security
2014-07-31 10:40 - 2014-07-30 12:26 - 00111424 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\BprotectEx.sys
2014-07-30 12:24 - 2014-08-01 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2014-07-30 12:22 - 2014-07-30 12:56 - 00000000 ____D () C:\Users\Public\Documents\Baidu Security
2014-07-30 12:22 - 2014-07-30 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Spark Browser
2014-07-30 12:20 - 2014-08-01 12:31 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu Security
2014-07-30 12:20 - 2014-08-01 12:31 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-07-30 12:20 - 2014-07-31 10:40 - 00000000 ____D () C:\Program Files\Baidu Security
2014-08-01 12:31 - 2014-07-30 12:20 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu Security
2014-08-01 12:31 - 2014-07-30 12:20 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-08-01 12:16 - 2014-08-01 12:15 - 00000000 ____D () C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2014-08-01 12:15 - 2014-07-30 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2014-08-01 12:06 - 2014-08-01 12:06 - 00000000 ____D () C:\Users\casal\AppData\Roaming\Baidu Security
2014-07-31 10:40 - 2014-07-30 12:20 - 00000000 ____D () C:\Program Files\Baidu Security
C:\ProgramData\FileSplitUpLoad.dll
C:\Users\Todos os Usuários\FileSplitUpLoad.dll
end
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{57F9DCAC-069A-4F0F-9E4B-5E2E863DDF28}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57F9DCAC-069A-4F0F-9E4B-5E2E863DDF28}" => Key deleted successfully.
C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{712CE548-2233-43C1-8E6D-C5C0E47FEAA0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{712CE548-2233-43C1-8E6D-C5C0E47FEAA0}" => Key deleted successfully.
C:\Windows\System32\Tasks\SparkUpdater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkUpdater" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster => Moved successfully.
C:\Windows\system32\Drivers\Bhbase.sys => Moved successfully.
C:\Users\casal\AppData\Roaming\Baidu Security => Moved successfully.
C:\Windows\system32\Drivers\BprotectEx.sys => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster => Moved successfully.
C:\Users\Public\Documents\Baidu Security => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Spark Browser => Moved successfully.
C:\Users\Todos os Usuários\Baidu Security => Moved successfully.
"C:\ProgramData\Baidu Security" => File/Directory not found.
C:\Program Files\Baidu Security => Moved successfully.
"C:\Users\Todos os Usuários\Baidu Security" => File/Directory not found.
"C:\ProgramData\Baidu Security" => File/Directory not found.
"C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster" => File/Directory not found.
"C:\Users\casal\AppData\Roaming\Baidu Security" => File/Directory not found.
"C:\Program Files\Baidu Security" => File/Directory not found.
C:\ProgramData\FileSplitUpLoad.dll => Moved successfully.
"C:\Users\Todos os Usuários\FileSplitUpLoad.dll" => File/Directory not found.

==== End of Fixlog ====
Rodrig
Rodrig
Membro
Membro

Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná

Ir para o topo Ir para baixo

Suspeita de Vírus - Página 4 Empty Re: Suspeita de Vírus

Mensagem por Power Max Dom 03 Ago 2014, 10:27

Como está o PC?
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Suspeita de Vírus - Página 4 Empty (RESOLVIDO) Suspeita de Vírus

Mensagem por Rodrig Dom 03 Ago 2014, 23:35

Caso resolvido,pessoal. Mais uma vez agradecidos pela colaboração. Deus abençoe a todos.  cheers
Rodrig
Rodrig
Membro
Membro

Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná

Ir para o topo Ir para baixo

Suspeita de Vírus - Página 4 Empty Re: Suspeita de Vírus

Mensagem por Power Max Dom 03 Ago 2014, 23:44

isso aí! Fico feliz que o problema tenha sido resolvido.

Suspeita de Vírus - Página 4 772309 Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________

Suspeita de Vírus - Página 4 648673379 Foi um prazer ajudar. Conte sempre conosco!
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Suspeita de Vírus - Página 4 Empty (RESOLVIDO) Suspeita de Vírus

Mensagem por Rodrig Seg 04 Ago 2014, 00:06

Já realizado.
Rodrig
Rodrig
Membro
Membro

Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná

Ir para o topo Ir para baixo

Suspeita de Vírus - Página 4 Empty Re: Suspeita de Vírus

Mensagem por Power Max Ter 05 Ago 2014, 13:26

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Suspeita de Vírus - Página 4 Empty Re: Suspeita de Vírus

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Ir para o topo Ir para baixo

Página 4 de 4 Anterior  1, 2, 3, 4

Ir para o topo

Fórum PC Brasil :: Segurança da Informação :: Casos Resolvidos

 
Permissões neste sub-fórum
Não podes responder a tópicos