Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14412 usuários registrados
O último usuário registrado atende pelo nome de LucasDrBr

Os nossos membros postaram um total de 35075 mensagens em 3551 assuntos
Quem está conectado
1 usuário online :: Nenhum usuário registrado, Nenhum Invisível e 1 Visitante :: 1 Motor de busca

Nenhum

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Julho 2017
SegTerQuaQuiSexSabDom
     12
3456789
10111213141516
17181920212223
24252627282930
31      

Calendário Calendário

Palavras chave


Suspeita de Vírus

Página 4 de 4 Anterior  1, 2, 3, 4

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

Re: Suspeita de Vírus

Mensagem por Power Max em Sab 02 Ago 2014, 14:25

Rodrig escreveu:O avast.
é um falso positivo (um engano por parte do Avast). Neste caso é só desativar temporariamente o Avast (clicando com o botão direito do mouse sobre o ícone dele ao lado do relógio do Windows e escolhendo esta opção de desabilitá-lo).

Depois disto execute o programa e poste o relatório dele.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

(RESOLVIDO) Suspeita de Vírus

Mensagem por Rodrig em Sab 02 Ago 2014, 14:31

SystemLook 30.07.11 by jpshortstuff
Log created at 13:29 on 02/08/2014 by casal
Administrator - Elevation successful

========== filefind ==========

Searching for "baidu"
No files found.

========== folderfind ==========

Searching for "baidu"
C:\AdwCleaner\Quarantine\C\Program Files\baidu d------ [17:59 30/07/2014]
C:\AdwCleaner\Quarantine\C\ProgramData\baidu d------ [17:59 30/07/2014]
C:\AdwCleaner\Quarantine\C\Users\casal\AppData\Local\Temp\baidu d------ [17:59 30/07/2014]
C:\AdwCleaner\Quarantine\C\Users\casal\AppData\Roaming\baidu d------ [17:59 30/07/2014]
C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu d------ [17:59 30/07/2014]
C:\_OTM\MovedFiles\08012014_153231\C_Users\Public\Documents\Baidu d------ [17:59 30/07/2014]

========== regfind ==========

Searching for "baidu"
[HKEY_CURRENT_USER\Software\Classes\.torrent]
@="baiduspark.Torrent"
[HKEY_CURRENT_USER\Software\Classes\magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" /url "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.hif]
@="Baidu.FacePack"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowserfile.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowserfile.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowserfile.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\${MAIN_PROGRAME}" /url "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{062BF5AF-F2C4-42D6-88EF-62AC369CDF76}\1.0\0\win32]
@="C:\Program Files\Baidu Security\PC App Store\4.6.1.6274\ShellMenu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{062BF5AF-F2C4-42D6-88EF-62AC369CDF76}\1.0\HELPDIR]
@="C:\Program Files\Baidu Security\PC App Store\4.6.1.6274"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet]
@="BaiduSpark.EXE"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\.torrent]
@="baiduspark.Torrent"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" /url "%1""
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\.torrent]
@="baiduspark.Torrent"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" /url "%1""

-= EOF =-
avatar
Rodrig
Membro
Membro

Mensagens : 204
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 36
Localização : Paraná

Voltar ao Topo Ir em baixo

Re: Suspeita de Vírus

Mensagem por Power Max em Sab 02 Ago 2014, 14:39

Baixe o Farbar Recovery Scan Tool e salve-o no Desktop (Área de Trabalho)

Obs: Ao acessar o link acima, clique no botão Download Now 32-Bit Version

Execute o Farbar seguindo as dicas deste tutorial:

Analise importantes áreas do Windows com Farbar Recovery Scan Tool (versão 32 bits)

*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt

Poste estes dois relatórios em sua próxima resposta. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

(RESOLVIDO) Suspeita de Vírus

Mensagem por Rodrig em Sab 02 Ago 2014, 15:14

Additional scan result of Farbar Recovery Scan Tool (x86) Version:2-08-2014
Ran by casal at 2014-08-02 14:12:17
Running from C:\Users\casal\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
32 Bit HP CIO Components Installer (Version: 8.1.4 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version:  - Microsoft)
aTube Catcher (HKLM\...\aTube Catcher) (Version: 3.8.5187 - DsNET Corp)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.2.7.1878 - CDBurnerXP)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Driver 1.2 (HKLM\...\{BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}) (Version: 1.2 - OEM)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
eXe -- eLearning XHTML editor (HKLM\...\exe) (Version:  - eXe Project)
FLV Player (remove only) (HKLM\...\FLVM Player) (Version:  - )
Galeria de Fotos (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Gerenciador de Inicialização Positivo (HKLM\...\{E365D4D7-BD51-4A7F-8ECA-0B6C0C42D3CF}_is1) (Version: 1.0.16.1 - Positivo Informática S.A.)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6289.0 - IDT)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
IPM 1.5 (HKLM\...\{AADF4228-0772-4D43-92EB-B245E3A17B00}) (Version: 1.5 - OEM)
IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM\...\IRPF2012) (Version: 1.0 - Receita Federal do Brasil)
IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM\...\IRPF2013) (Version: 1.0 - Receita Federal do Brasil)
IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM\...\IRPF2014) (Version: 1.0 - Receita Federal do Brasil)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JMicron Ethernet Adapter NDIS Driver (HKLM\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.17.1 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.45.0 - JMicron Technology Corp.)
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware versão 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office com Clique para Executar 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office com Clique para Executar 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0416-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 pt-BR) (HKLM\...\Mozilla Firefox 31.0 (x86 pt-BR)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
Mundo Positivo (HKLM\...\{AAB13E97-449B-4D5B-BDE2-AB47B938B722}_is1) (Version: 1.3.8.0 - Positivo Informática S.A.)
OSD 1.7 (HKLM\...\{5A9C96FE-1376-45E1-8556-C81255F0B5A7}) (Version: 1.7 - OEM)
Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Positivo Ajudante (HKLM\...\{4F44FDC9-6B66-4549-882A-7D5C4E3A79A2}_is1) (Version: 1.4.0.2 - Positivo Informática S.A)
Positivo Áudio (HKLM\...\{D00FA097-5115-400D-84AD-4ADEF3EBDB5E}_is1) (Version: 1.4.1.0 - Positivo Informática S.A.)
Positivo Backup (HKLM\...\{387B3DFA-BB12-45E6-B431-4A7BF2EBD985}_is1) (Version: 1.5.2.2 - Positivo Informática S.A.)
Positivo Bateria (HKLM\...\{FD6F6859-2863-4ABB-87D0-A263F3E9FF45}_is1) (Version: 1.4.4.0 - Positivo Informática S.A.)
Positivo Conversor 3D (HKLM\...\{D0582368-2DFF-48EA-AC8D-1FA8E31CA38C}_is1) (Version: 1.0.0.7 - Positivo Informática S.A.)
Positivo NIS 2011 License Activator (HKLM\...\{5400FA29-4A55-4EB9-AD27-AF20DBD334E1}_is1) (Version: 1.1.0.0 - Positivo Informática S.A.)
Positivo Sincronize (HKLM\...\{6DA3261A-DCEB-401A-ABE0-A367C252B86C}_is1) (Version: 1.5.3.0 - Positivo Informática S.A.)
Positivo WebCam (HKLM\...\{E11C7438-7550-4676-92CE-846CC5DA3548}_is1) (Version: 1.5.1.0 - Positivo Informática S.A.)
Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.4.0 - Ralink)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0174 - REALTEK Semiconductor Corp.)
Receitanet (HKLM\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.04 - Serpro - Serviço Federal de Processamento de Dados)
Software básico do dispositivo HP Deskjet 3050 J610 series (HKLM\...\{6FC163A1-3774-4918-8565-47F4FF0DF8B7}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
Software de Cadastro Positivo 6.0 (HKLM\...\{4A33ECF3-6AC6-4A9B-932C-4E81625423C7}_is1) (Version: 6.0.0.0 - Positivo Informática)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.3.0 - Synaptics Incorporated)
TP-LINK Wireless Client Utility (HKLM\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)
Tutorial 1.0 (HKLM\...\{1C86726E-4A85-4322-8A1C-56EDE170FAB5}_is1) (Version: 1.0.0.0 - Positivo Informática)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{52F3455A-9ADB-41A6-BCE7-8D99F3770590}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Webcam 1.5 (HKLM\...\{39B78651-6FD2-4752-BE68-C3BDB6F2D9EE}) (Version: 1.5 - OEM)
Windows Live Communications Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
ZHPDiag 2014 (HKLM\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\casal\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\casal\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\casal\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\casal\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\casal\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\casal\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\casal\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\casal\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\casal\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\casal\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\casal\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\casal\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\casal\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\casal\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\casal\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\casal\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\casal\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\casal\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\casal\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

19-07-2014 17:54:34 Installed Java 7 Update 65
22-07-2014 19:26:42 Windows Update
24-07-2014 22:58:06 Windows Update
29-07-2014 21:01:32 Windows Update
31-07-2014 14:31:30 ZHPFix Restore System Point
01-08-2014 16:01:45 ZHPFix Restore System Point
02-08-2014 16:42:19 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-03-03 12:43 - 2010-12-23 14:08 - 00000780 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00C39C86-E733-41F9-8913-3DB7FE4EF13A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {0E24767B-4193-4C64-9441-B542AAFE81E3} - System32\Tasks\{0DD0F863-9D52-4870-A560-2380B9CC6A63} => Chrome.exe
Task: {1079D203-51E0-4299-A17B-03577D43FE3A} - System32\Tasks\{6A51DC2C-9DCA-48BB-9E99-F721479AF6E7} => Chrome.exe
Task: {11319DDE-0260-49F2-918D-68C913E2A7EB} - System32\Tasks\{9F466F0D-28B8-49A8-BA81-29492BEEF9BB} => Chrome.exe
Task: {1D7AF179-48AC-4287-8248-3181044F000F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2364669226-1398954891-4146519358-1000UA => C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-07] (Google Inc.)
Task: {2052721E-B17D-4340-B609-3F41854C6251} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-30] (Google Inc.)
Task: {22D477EC-DA79-4CC6-A19F-4FDB94351864} - System32\Tasks\{6C0FDFCA-0081-464D-8B36-CDE9C7AC4E93} => Chrome.exe
Task: {24697A66-AAE5-4A2C-9368-5CC71EB22989} - System32\Tasks\{410C36AD-4055-4872-81C0-E9EEF31A781A} => C:\Program Files\Norton Internet Security\Engine\19.9.0.9\uistub.exe
Task: {268534DA-449B-4E48-A24C-6048C2F06A72} - System32\Tasks\{1BA8F945-04BA-4AED-AB36-5A4A452EEB01} => Chrome.exe
Task: {2AF0DB67-B87F-4369-BC79-A90F93193544} - System32\Tasks\{54046C9D-0C94-4FBA-AAB9-F47D07EC2927} => Chrome.exe
Task: {2BBD0B62-9F67-4765-B8C7-F696BCEE9891} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-30] (Google Inc.)
Task: {34AE7C9B-6B76-4D8A-B813-57D0DAA364DC} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-07-11] (Oracle Corporation)
Task: {355B03C3-AF4E-4AE7-A6E6-29309EA50BD2} - System32\Tasks\{248790DF-D5AF-4840-ABD4-BA8566CF0511} => Chrome.exe
Task: {362D8092-E554-493D-8762-9F572F637490} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-16] (AVAST Software)
Task: {3BBD99A3-C749-4DC0-9B9C-1D3BB51928BB} - System32\Tasks\{A12685BF-9102-4465-8B2B-05FC2B80E3AF} => Chrome.exe
Task: {44AB0D1D-F5C4-45BF-8F70-CB8C9CEA866A} - System32\Tasks\{4D2C01EF-450D-4959-8491-3A2744483442} => Chrome.exe
Task: {47824B28-00D4-4049-8922-19553196C545} - System32\Tasks\{890FDB3C-DA4B-47DB-B70E-27E8FFC63ACE} => C:\Program Files\Norton Internet Security\Engine\19.9.0.9\uistub.exe
Task: {57F9DCAC-069A-4F0F-9E4B-5E2E863DDF28} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
Task: {5D3A4231-A4BF-4BA6-9A85-978A4F256C1D} - System32\Tasks\{A59BEC52-E4B8-49C9-89CE-EE1F377E4138} => Chrome.exe
Task: {648E27EA-AD4B-4362-8A79-6AB6EA154237} - System32\Tasks\{AA22BC3B-9A4F-4522-8D56-3E0ADF29F1AF} => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HP Deskjet 3050 J610 series.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {652C219C-D8E7-4E87-B963-80B06DC335B9} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {66154A41-99B0-45C1-951C-173A0C267217} - System32\Tasks\{8F99B308-F8FF-4076-ACD0-03F7CBF3E68E} => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HP Deskjet 3050 J610 series.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {6ABF6F92-6763-4963-9E20-D2C212BCEC5C} - System32\Tasks\{56021F95-488E-4FC3-9553-621D91512186} => Chrome.exe
Task: {712CE548-2233-43C1-8E6D-C5C0E47FEAA0} - System32\Tasks\SparkUpdater => C:\Program Files\baidu\Spark\SparkUpdate.exe
Task: {7CD0F49B-0F8C-41B6-BFC7-58DF619EFDA8} - System32\Tasks\{181D28A9-04FE-4E02-B0FD-4232ABE545BA} => Chrome.exe
Task: {7D3C7871-A917-4EF0-82E8-5F0A96423051} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {8A2F105C-5661-43BD-99EF-B9A38A5C38E6} - System32\Tasks\{C3722DD0-F602-4681-A9D1-4CDE6D60A9BB} => Firefox.exe
Task: {8A4799B9-E549-4555-9819-FC956DC45A7C} - System32\Tasks\{0FDF2D55-ED79-4D7D-8C6B-F578BEE678D7} => Chrome.exe
Task: {96D94BB0-2B22-4AD7-B719-D689F27F9000} - System32\Tasks\{67836FBF-4698-4D94-8745-8B76F1409E39} => Chrome.exe
Task: {984D34B0-8236-4508-A129-950A7144A179} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {9A71A48E-2187-4B64-A219-E102FB7041A6} - System32\Tasks\{CCC8D53D-E644-4AD0-A9A1-79C93D92227D} => Chrome.exe
Task: {9E8EC137-5C99-4746-A43B-01FC7FBEDE98} - System32\Tasks\{8747697A-E202-4D89-AA43-7EDC94BC45F6} => Firefox.exe
Task: {AE1AA37B-3ABA-4934-A4D7-44E27B990054} - System32\Tasks\{CB52A441-DC21-4E3B-966E-318F7A0A10C5} => Chrome.exe
Task: {B5A57D37-767C-4E15-A894-A3052EFDA6A2} - System32\Tasks\{FA958BE3-360D-4295-87E4-55675F8CCE7A} => Chrome.exe
Task: {B783435D-689F-431F-AE6C-0E3FC3BE9F68} - System32\Tasks\{42004203-8A39-495E-9B5F-07A654D0CFB5} => Firefox.exe
Task: {D1789D0F-BEF2-4731-A149-07ABF2E6B4B5} - System32\Tasks\{A36EB03E-89ED-4868-9E4E-BFD864034877} => Firefox.exe
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {E0EAE09D-87AA-4F66-A951-FC1447BB2756} - System32\Tasks\{1608256D-2B8C-4045-84BC-DD96A4E64097} => Firefox.exe
Task: {EFC0170A-7779-420C-ABB5-505945B9B2AD} - System32\Tasks\Programa de atualização online Adobe => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {F0934E4D-3DFA-4057-8947-D465E48B37B1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2364669226-1398954891-4146519358-1000Core => C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-07] (Google Inc.)
Task: {F45F07BA-B8E9-4750-9367-AE105D613750} - System32\Tasks\{77C82021-44ED-4861-AF8E-6959E0AD2409} => Chrome.exe
Task: {F587F037-A624-45BE-BE31-0F5A9711AA5E} - System32\Tasks\Programa de atualização online da HP => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09] (Hewlett-Packard)
Task: {F71A061D-BE28-4B9F-AC11-409763A77056} - System32\Tasks\{CECDA389-DCF5-497E-B512-04A5A8A154DE} => Chrome.exe
Task: {FD85FE9A-AD79-4F3F-ADF1-593F36366F71} - System32\Tasks\{D0B87182-5868-4D5E-9DD6-54796D2355EA} => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HP Deskjet 3050 J610 series.exe [2010-11-16] (Hewlett-Packard Co.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2364669226-1398954891-4146519358-1000Core.job => C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2364669226-1398954891-4146519358-1000UA.job => C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-16 18:01 - 2014-07-16 18:01 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-02 12:27 - 2014-08-02 12:27 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080201\algo.dll
2012-01-31 16:16 - 2009-11-12 11:48 - 00071096 _____ () C:\Program Files\CDBurnerXP\NMSAccessU.exe
2014-07-16 18:01 - 2014-07-16 18:01 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-23 12:09 - 2014-07-23 12:09 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-02-12 22:24 - 2014-02-12 22:24 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\bfd5296be62268bc7a31a424f0d1ad5f\IsdiInterop.ni.dll
2011-11-21 05:39 - 2010-03-03 18:08 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-07-08 23:02 - 2014-07-08 23:02 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Assistente para criação de disco de recuperação.lnk => C:\Windows\pss\Assistente para criação de disco de recuperação.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^IPM.lnk => C:\Windows\pss\IPM.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OSD.lnk => C:\Windows\pss\OSD.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk => C:\Windows\pss\Ralink Wireless Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^casal^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^casal^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de tela e Iniciador do OneNote 2007.lnk => C:\Windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\casal\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: StartUpManagerPositivo => C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de Túnel Teredo da Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/02/2014 00:39:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2014 00:37:33 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Falha ao criar ponto de restauração (Processo = C:\Windows\system32\wbem\wmiprvse.exe; Descrição = OTM Restore Point; Erro = 0x8007043c).

Error: (08/02/2014 00:31:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2014 00:25:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2014 00:24:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2014 04:49:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2014 03:43:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2014 03:34:21 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Falha ao criar ponto de restauração (Processo = C:\Windows\system32\wbem\wmiprvse.exe; Descrição = OTM Restore Point; Erro = 0x8007043c).

Error: (08/01/2014 03:23:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2014 03:13:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/02/2014 00:38:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização:
SMR300

Error: (08/02/2014 00:38:17 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: AUTORIDADE NT)
Description: Falha na inicialização do Módulo de Extensibilidade de WLAN.

Caminho do Módulo: C:\Windows\system32\Rtlihvs.dll
Código de Erro: 126

Error: (08/02/2014 00:30:13 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/02/2014 00:30:13 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/02/2014 00:30:12 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: AUTORIDADE NT)
Description: Falha na inicialização do Módulo de Extensibilidade de WLAN.

Caminho do Módulo: C:\Windows\system32\Rtlihvs.dll
Código de Erro: 21

Error: (08/02/2014 00:30:10 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/02/2014 00:30:04 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/02/2014 00:29:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização:
aswRvrt
aswSnx
aswSP
aswVmm
discache
SMR300
spldr
Wanarpv6

Error: (08/02/2014 00:29:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Client Virtualization Handler depende do serviço Application Virtualization Client, mas não foi possível iniciá-lo devido ao seguinte erro:
%%1068

Error: (08/02/2014 00:25:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização:
SMR300


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 2038.3 MB
Available physical RAM: 1059.71 MB
Total Pagefile: 4086.3 MB
Available Pagefile: 3020.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.24 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:288.32 GB) (Free:252.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Cool (Size: 298 GB) (Disk ID: 96E1CA8E)
Partition 1: (Active) - (Size=10 GB) - (Type=27)
Partition 2: (Not Active) - (Size=288 GB) - (Type=07 NTFS)
avatar
Rodrig
Membro
Membro

Mensagens : 204
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 36
Localização : Paraná

Voltar ao Topo Ir em baixo

(RESOLVIDO) Suspeita de Vírus

Mensagem por Rodrig em Sab 02 Ago 2014, 15:15

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:2-08-2014
Ran by casal (administrator) on AMORE on 02-08-2014 14:10:00
Running from C:\Users\casal\Downloads
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: Português (Brasil)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: [Você precisa estar registrado e conectado para ver este link.]
Download link for 64-Bit Version: [Você precisa estar registrado e conectado para ver este link.]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Você precisa estar registrado e conectado para ver este link.]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Positivo Informática S.A) C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Positivo Informática S.A) C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryPower.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Positivo Informática S.A.) C:\Program Files\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\RunOnce: [OTM] => C:\Users\casal\Downloads\OTM.exe [522240 2014-08-01] (OldTimer Tools)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\casal\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\casal\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\casal\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\casal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * aswBoot.exe /M:ab3cd727 /dir:"C:\Program Files\AVAST Software\Avast"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Você precisa estar registrado e conectado para ver este link.]
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKCU - Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [Você precisa estar registrado e conectado para ver este link.]
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} [Você precisa estar registrado e conectado para ver este link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Você precisa estar registrado e conectado para ver este link.]
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Tcpip\Parameters: [DhcpNameServer] 187.123.31.55 187.123.31.56 187.123.31.54
Tcpip\..\Interfaces\{B7F4A48C-FC31-4615-AFDB-E88BFDB109FD}: [NameServer]200.175.182.139,200.175.5.139
Tcpip\..\Interfaces\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: [NameServer]200.175.182.139,200.175.5.139

FireFox:
========
FF ProfilePath: C:\Users\casal\AppData\Roaming\Mozilla\Firefox\Profiles\yfiiolph.default-1396892395728
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\casal\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\casal\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\casal\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\casal\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\casal\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\casal\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-br.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-12]
FF HKLM\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\netsight@nielsen.xpi

Chrome:
=======
CHR HomePage: [Você precisa estar registrado e conectado para ver este link.]
CHR StartupUrls: "https://br.yahoo.com?fr=hp-avast&type=avastbcl"
CHR DefaultSearchKeyword: [Você precisa estar registrado e conectado para ver este link.]
CHR DefaultNewTabURL:
CHR Extension: (Google Wallet) - C:\Users\casal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-07]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AppManagerService; C:\Program Files\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe [64592 2012-10-03] (Positivo Informática S.A.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-16] (AVAST Software)
R2 BatteryManagerSrv; C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe [45056 2012-03-20] (Positivo Informática S.A) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2011-04-13] (Hewlett-Packard) [File not signed]
R2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2009-11-12] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [237650 2010-06-17] (IDT, Inc.)
S3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-16] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-16] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-16] ()
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-01-05] (Atheros Communications, Inc.)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [750592 2009-08-05] (Ralink Technology Corp.) [File not signed]
R3 PositivoAudioDriverWdm; C:\Windows\System32\DRIVERS\pad.sys [52496 2011-10-03] ()
S3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [999016 2010-11-02] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1334856 2013-05-02] (Realtek Semiconductor Corporation                           )
R2 SoilIO; C:\Windows\system32\Drivers\SoilIO.sys [16248 2009-12-04] ()
R3 soilkbc; C:\Windows\system32\Drivers\soilkbc.sys [10744 2009-12-04] (Systems Internals)
R3 SoilMC; C:\Windows\system32\Drivers\SoilMC.sys [10616 2009-12-04] (Systems Internals)
S3 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed]
S0 SMR300; System32\drivers\SMR300.SYS [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-02 14:10 - 2014-08-02 14:11 - 00014842 _____ () C:\Users\casal\Downloads\FRST.txt
2014-08-02 14:09 - 2014-08-02 14:10 - 00000000 ____D () C:\FRST
2014-08-02 14:07 - 2014-08-02 14:09 - 00001329 _____ () C:\Users\casal\Desktop\FRST.lnk
2014-08-02 14:07 - 2014-08-02 14:07 - 01084928 _____ (Farbar) C:\Users\casal\Downloads\FRST.exe
2014-08-02 13:29 - 2014-08-02 13:29 - 00139264 _____ () C:\Users\casal\Downloads\SystemLook.exe
2014-08-02 12:43 - 2014-05-14 12:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 12:43 - 2014-05-14 12:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 12:43 - 2014-05-14 12:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 12:43 - 2014-05-14 12:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 12:42 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 12:42 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 12:34 - 2014-08-02 12:34 - 00000659 _____ () C:\Users\casal\Desktop\_OTM.lnk
2014-08-01 15:32 - 2014-08-01 15:32 - 00000000 ____D () C:\_OTM
2014-08-01 15:23 - 2014-08-01 15:23 - 00522240 _____ (OldTimer Tools) C:\Users\casal\Downloads\OTM.exe
2014-08-01 13:38 - 2014-08-02 13:32 - 00009186 _____ () C:\Users\casal\Downloads\SystemLook.txt
2014-08-01 12:15 - 2014-08-01 12:16 - 00000000 ____D () C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2014-08-01 12:11 - 2014-03-10 23:14 - 00047456 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bhbase.sys
2014-08-01 12:09 - 2014-08-01 12:09 - 00001979 _____ () C:\Users\casal\Desktop\ZHPFixReport.txt
2014-08-01 12:06 - 2014-08-01 12:06 - 00000000 ____D () C:\Users\casal\AppData\Roaming\Baidu Security
2014-07-31 12:13 - 2014-07-31 12:13 - 00037990 _____ () C:\Users\casal\Desktop\ZHPDiag.txt
2014-07-31 10:40 - 2014-07-30 12:26 - 00111424 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\BprotectEx.sys
2014-07-30 17:51 - 2014-07-30 17:51 - 00000743 _____ () C:\Users\casal\Desktop\Log-Malware.lnk
2014-07-30 14:42 - 2014-07-30 14:43 - 04102729 _____ () C:\Users\casal\Downloads\zoek(1).zip
2014-07-30 14:41 - 2014-07-30 14:41 - 01287168 _____ () C:\Users\casal\Downloads\zoek(2).exe
2014-07-30 14:17 - 2014-07-30 14:17 - 00001349 _____ () C:\Users\casal\Desktop\JRT.lnk
2014-07-30 14:16 - 2014-07-30 14:16 - 01016261 _____ (Thisisu) C:\Users\casal\Downloads\JRT(1).exe
2014-07-30 13:53 - 2014-07-30 13:53 - 00000717 _____ () C:\Users\casal\Desktop\AdwCleaner.lnk
2014-07-30 13:48 - 2014-08-01 12:11 - 00016218 _____ () C:\Windows\PFRO.log
2014-07-30 13:46 - 2014-07-30 13:46 - 01365551 _____ () C:\Users\casal\Downloads\AdwCleaner(4).exe
2014-07-30 13:44 - 2014-08-02 12:38 - 00000840 _____ () C:\Windows\setupact.log
2014-07-30 13:44 - 2014-07-30 13:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-30 13:42 - 2014-07-30 13:42 - 01365551 _____ () C:\Users\casal\Downloads\AdwCleaner(3).exe
2014-07-30 13:39 - 2014-07-30 13:39 - 01365551 _____ () C:\Users\casal\Downloads\AdwCleaner(2).exe
2014-07-30 13:27 - 2014-07-30 13:27 - 01365551 _____ () C:\Users\casal\Downloads\AdwCleaner(1).exe
2014-07-30 12:24 - 2014-08-01 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2014-07-30 12:22 - 2014-07-30 12:56 - 00000000 ____D () C:\Users\Public\Documents\Baidu Security
2014-07-30 12:22 - 2014-07-30 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Spark Browser
2014-07-30 12:21 - 2014-07-30 12:21 - 04748896 _____ (Piriform Ltd) C:\Users\casal\Desktop\ccsetup414.exe
2014-07-30 12:20 - 2014-08-01 12:31 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu Security
2014-07-30 12:20 - 2014-08-01 12:31 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-07-30 12:20 - 2014-07-31 10:40 - 00000000 ____D () C:\Program Files\Baidu Security
2014-07-30 12:19 - 2014-07-30 12:19 - 00571072 _____ (Bechiro. Installer · sl) C:\Users\casal\Downloads\Ccleaner.exe
2014-07-29 21:43 - 2014-07-29 21:43 - 02974720 _____ () C:\Users\casal\Downloads\Shortcut_Module(4).exe
2014-07-29 21:32 - 2014-07-29 21:33 - 02974720 _____ () C:\Users\casal\Downloads\Shortcut_Module(3).exe
2014-07-29 21:07 - 2014-07-29 21:09 - 02974720 _____ () C:\Users\casal\Downloads\Shortcut_Module(2).exe
2014-07-29 21:00 - 2014-07-29 21:00 - 02974720 _____ () C:\Users\casal\Downloads\Shortcut_Module(1).exe
2014-07-29 18:42 - 2014-07-29 20:38 - 00018033 _____ () C:\AdsFix.txt
2014-07-29 18:41 - 2014-07-29 21:44 - 00000000 ____D () C:\AdsFix
2014-07-29 18:40 - 2014-07-29 18:40 - 02974720 _____ () C:\Users\casal\Downloads\Shortcut_Module.exe
2014-07-28 23:51 - 2014-07-28 23:51 - 00000000 ____D () C:\Users\casal\Documents\Relatório
2014-07-27 23:13 - 2014-07-30 20:43 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-27 23:13 - 2014-07-27 23:13 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-27 23:13 - 2014-07-27 23:13 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2014-07-27 23:13 - 2014-07-27 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-27 23:13 - 2014-07-27 23:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-27 23:13 - 2014-07-27 23:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-27 23:13 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-27 23:13 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-27 23:13 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-27 23:12 - 2014-07-27 23:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\casal\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-27 23:00 - 2014-07-27 23:00 - 01016261 _____ (Thisisu) C:\Users\casal\Downloads\JRT.exe
2014-07-27 22:59 - 2014-07-27 22:59 - 01287168 _____ () C:\Users\casal\Downloads\zoek(1).exe
2014-07-27 21:30 - 2014-07-27 21:31 - 00000000 ____D () C:\Users\casal\Downloads\zoek(1)
2014-07-27 21:29 - 2014-07-27 21:29 - 04102729 _____ () C:\Users\casal\Downloads\zoek.zip
2014-07-27 21:27 - 2014-07-27 21:27 - 01287168 _____ () C:\Users\casal\Downloads\zoek.exe
2014-07-27 21:27 - 2014-07-27 21:27 - 00000000 ____D () C:\zoek_backup
2014-07-27 00:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-27 00:18 - 2014-07-30 13:59 - 00000000 ____D () C:\AdwCleaner
2014-07-27 00:18 - 2014-07-27 00:18 - 01354223 _____ () C:\Users\casal\Downloads\AdwCleaner.exe
2014-07-25 16:51 - 2014-08-01 12:09 - 00000000 ____D () C:\Users\casal\AppData\Roaming\ZHP
2014-07-25 16:51 - 2014-07-25 16:51 - 00001897 _____ () C:\Users\casal\Desktop\ZHPFix.lnk
2014-07-25 16:51 - 2014-07-25 16:51 - 00001770 _____ () C:\Users\casal\Desktop\ZHPDiag.lnk
2014-07-25 16:51 - 2014-07-25 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-07-25 16:51 - 2014-07-25 16:51 - 00000000 ____D () C:\Program Files\ZHPDiag
2014-07-25 16:50 - 2014-07-25 16:50 - 06857356 _____ (Nicolas Coolman ) C:\Users\casal\Downloads\ZHPDiag2.exe
2014-07-23 12:09 - 2014-07-30 12:22 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-19 13:59 - 2014-07-19 13:59 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-19 13:58 - 2014-07-19 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-19 13:58 - 2014-07-11 03:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-19 13:58 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-19 13:58 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-19 13:58 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-16 18:01 - 2014-07-16 18:01 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-09 20:55 - 2014-07-09 20:55 - 00484472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-08 21:50 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 21:50 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 21:50 - 2014-06-18 19:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-08 21:50 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 21:50 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-08 21:50 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 21:50 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 21:50 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 21:50 - 2014-06-18 19:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-08 21:50 - 2014-06-18 19:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-08 21:50 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 21:50 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 21:50 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 21:50 - 2014-06-18 18:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 21:50 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 21:50 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 21:50 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 21:50 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 21:50 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-08 21:49 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 21:49 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 21:49 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-08 21:49 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 21:49 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 21:49 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-08 21:49 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 21:49 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 21:49 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 21:49 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-08 21:49 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 21:47 - 2014-06-29 21:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-08 21:47 - 2014-06-29 21:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-08 21:47 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 21:47 - 2014-06-17 20:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 21:47 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 21:47 - 2014-06-05 10:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 21:47 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 21:47 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 21:47 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 21:47 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 21:47 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 21:47 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 21:47 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-08 21:47 - 2014-05-30 02:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-02 14:11 - 2014-08-02 14:10 - 00014842 _____ () C:\Users\casal\Downloads\FRST.txt
2014-08-02 14:10 - 2014-08-02 14:09 - 00000000 ____D () C:\FRST
2014-08-02 14:09 - 2014-08-02 14:07 - 00001329 _____ () C:\Users\casal\Desktop\FRST.lnk
2014-08-02 14:07 - 2014-08-02 14:07 - 01084928 _____ (Farbar) C:\Users\casal\Downloads\FRST.exe
2014-08-02 14:05 - 2013-09-23 22:17 - 00001078 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2364669226-1398954891-4146519358-1000UA.job
2014-08-02 14:02 - 2012-04-17 09:04 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-02 13:44 - 2012-10-30 22:21 - 00001054 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-02 13:32 - 2014-08-01 13:38 - 00009186 _____ () C:\Users\casal\Downloads\SystemLook.txt
2014-08-02 13:29 - 2014-08-02 13:29 - 00139264 _____ () C:\Users\casal\Downloads\SystemLook.exe
2014-08-02 12:50 - 2009-07-14 00:34 - 00016160 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-02 12:50 - 2009-07-14 00:34 - 00016160 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-02 12:44 - 2014-04-12 00:12 - 01604310 _____ () C:\Windows\WindowsUpdate.log
2014-08-02 12:43 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-08-02 12:38 - 2014-07-30 13:44 - 00000840 _____ () C:\Windows\setupact.log
2014-08-02 12:38 - 2012-10-30 22:21 - 00001050 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-02 12:38 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-02 12:34 - 2014-08-02 12:34 - 00000659 _____ () C:\Users\casal\Desktop\_OTM.lnk
2014-08-01 15:32 - 2014-08-01 15:32 - 00000000 ____D () C:\_OTM
2014-08-01 15:23 - 2014-08-01 15:23 - 00522240 _____ (OldTimer Tools) C:\Users\casal\Downloads\OTM.exe
2014-08-01 12:58 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-08-01 12:31 - 2014-07-30 12:20 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu Security
2014-08-01 12:31 - 2014-07-30 12:20 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-08-01 12:16 - 2014-08-01 12:15 - 00000000 ____D () C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2014-08-01 12:15 - 2014-07-30 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2014-08-01 12:11 - 2014-07-30 13:48 - 00016218 _____ () C:\Windows\PFRO.log
2014-08-01 12:09 - 2014-08-01 12:09 - 00001979 _____ () C:\Users\casal\Desktop\ZHPFixReport.txt
2014-08-01 12:09 - 2014-07-25 16:51 - 00000000 ____D () C:\Users\casal\AppData\Roaming\ZHP
2014-08-01 12:06 - 2014-08-01 12:06 - 00000000 ____D () C:\Users\casal\AppData\Roaming\Baidu Security
2014-07-31 23:05 - 2013-09-23 22:17 - 00001026 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2364669226-1398954891-4146519358-1000Core.job
2014-07-31 16:57 - 2013-11-03 21:47 - 00000000 ___RD () C:\Users\casal\Dropbox
2014-07-31 16:44 - 2013-04-10 07:54 - 00000000 ____D () C:\Windows\pss
2014-07-31 12:13 - 2014-07-31 12:13 - 00037990 _____ () C:\Users\casal\Desktop\ZHPDiag.txt
2014-07-31 10:41 - 2013-11-03 21:37 - 00000000 ____D () C:\Users\casal\AppData\Roaming\Dropbox
2014-07-31 10:40 - 2014-07-30 12:20 - 00000000 ____D () C:\Program Files\Baidu Security
2014-07-31 10:31 - 2012-01-31 19:03 - 00000000 ____D () C:\Users\casal\AppData\Local\CrashDumps
2014-07-30 20:43 - 2014-07-27 23:13 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-30 17:51 - 2014-07-30 17:51 - 00000743 _____ () C:\Users\casal\Desktop\Log-Malware.lnk
2014-07-30 17:31 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\schemas
2014-07-30 14:43 - 2014-07-30 14:42 - 04102729 _____ () C:\Users\casal\Downloads\zoek(1).zip
2014-07-30 14:41 - 2014-07-30 14:41 - 01287168 _____ () C:\Users\casal\Downloads\zoek(2).exe
2014-07-30 14:17 - 2014-07-30 14:17 - 00001349 _____ () C:\Users\casal\Desktop\JRT.lnk
2014-07-30 14:16 - 2014-07-30 14:16 - 01016261 _____ (Thisisu) C:\Users\casal\Downloads\JRT(1).exe
2014-07-30 14:08 - 2011-04-12 00:47 - 00709402 _____ () C:\Windows\system32\prfh0416.dat
2014-07-30 14:08 - 2011-04-12 00:47 - 00148924 _____ () C:\Windows\system32\prfc0416.dat
2014-07-30 14:08 - 2010-11-20 17:01 - 01645366 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-30 13:59 - 2014-07-27 00:18 - 00000000 ____D () C:\AdwCleaner
2014-07-30 13:53 - 2014-07-30 13:53 - 00000717 _____ () C:\Users\casal\Desktop\AdwCleaner.lnk
2014-07-30 13:46 - 2014-07-30 13:46 - 01365551 _____ () C:\Users\casal\Downloads\AdwCleaner(4).exe
2014-07-30 13:44 - 2014-07-30 13:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-30 13:42 - 2014-07-30 13:42 - 01365551 _____ () C:\Users\casal\Downloads\AdwCleaner(3).exe
2014-07-30 13:39 - 2014-07-30 13:39 - 01365551 _____ () C:\Users\casal\Downloads\AdwCleaner(2).exe
2014-07-30 13:27 - 2014-07-30 13:27 - 01365551 _____ () C:\Users\casal\Downloads\AdwCleaner(1).exe
2014-07-30 12:56 - 2014-07-30 12:22 - 00000000 ____D () C:\Users\Public\Documents\Baidu Security
2014-07-30 12:35 - 2009-07-13 22:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-30 12:26 - 2014-07-31 10:40 - 00111424 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\BprotectEx.sys
2014-07-30 12:22 - 2014-07-30 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Spark Browser
2014-07-30 12:22 - 2014-07-23 12:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-30 12:21 - 2014-07-30 12:21 - 04748896 _____ (Piriform Ltd) C:\Users\casal\Desktop\ccsetup414.exe
2014-07-30 12:19 - 2014-07-30 12:19 - 00571072 _____ (Bechiro. Installer · sl) C:\Users\casal\Downloads\Ccleaner.exe
2014-07-29 22:13 - 2012-05-31 01:36 - 00000000 ____D () C:\Users\casal\Documents\Escolas
2014-07-29 21:44 - 2014-07-29 18:41 - 00000000 ____D () C:\AdsFix
2014-07-29 21:43 - 2014-07-29 21:43 - 02974720 _____ () C:\Users\casal\Downloads\Shortcut_Module(4).exe
2014-07-29 21:33 - 2014-07-29 21:32 - 02974720 _____ () C:\Users\casal\Downloads\Shortcut_Module(3).exe
2014-07-29 21:09 - 2014-07-29 21:07 - 02974720 _____ () C:\Users\casal\Downloads\Shortcut_Module(2).exe
2014-07-29 21:00 - 2014-07-29 21:00 - 02974720 _____ () C:\Users\casal\Downloads\Shortcut_Module(1).exe
2014-07-29 20:38 - 2014-07-29 18:42 - 00018033 _____ () C:\AdsFix.txt
2014-07-29 19:57 - 2013-04-10 08:06 - 00000000 ____D () C:\Users\casal\AppData\Roaming\Thinstall
2014-07-29 18:40 - 2014-07-29 18:40 - 02974720 _____ () C:\Users\casal\Downloads\Shortcut_Module.exe
2014-07-28 23:51 - 2014-07-28 23:51 - 00000000 ____D () C:\Users\casal\Documents\Relatório
2014-07-27 23:13 - 2014-07-27 23:13 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-27 23:13 - 2014-07-27 23:13 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2014-07-27 23:13 - 2014-07-27 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-27 23:13 - 2014-07-27 23:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-27 23:13 - 2014-07-27 23:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-27 23:12 - 2014-07-27 23:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\casal\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-27 23:00 - 2014-07-27 23:00 - 01016261 _____ (Thisisu) C:\Users\casal\Downloads\JRT.exe
2014-07-27 22:59 - 2014-07-27 22:59 - 01287168 _____ () C:\Users\casal\Downloads\zoek(1).exe
2014-07-27 21:31 - 2014-07-27 21:30 - 00000000 ____D () C:\Users\casal\Downloads\zoek(1)
2014-07-27 21:29 - 2014-07-27 21:29 - 04102729 _____ () C:\Users\casal\Downloads\zoek.zip
2014-07-27 21:27 - 2014-07-27 21:27 - 01287168 _____ () C:\Users\casal\Downloads\zoek.exe
2014-07-27 21:27 - 2014-07-27 21:27 - 00000000 ____D () C:\zoek_backup
2014-07-27 00:18 - 2014-07-27 00:18 - 01354223 _____ () C:\Users\casal\Downloads\AdwCleaner.exe
2014-07-25 16:51 - 2014-07-25 16:51 - 00001897 _____ () C:\Users\casal\Desktop\ZHPFix.lnk
2014-07-25 16:51 - 2014-07-25 16:51 - 00001770 _____ () C:\Users\casal\Desktop\ZHPDiag.lnk
2014-07-25 16:51 - 2014-07-25 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-07-25 16:51 - 2014-07-25 16:51 - 00000000 ____D () C:\Program Files\ZHPDiag
2014-07-25 16:50 - 2014-07-25 16:50 - 06857356 _____ (Nicolas Coolman ) C:\Users\casal\Downloads\ZHPDiag2.exe
2014-07-24 22:39 - 2011-11-21 06:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 19:00 - 2011-11-21 06:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 15:44 - 2013-11-03 21:47 - 00000979 _____ () C:\Users\casal\Desktop\Dropbox.lnk
2014-07-23 15:44 - 2013-11-03 21:38 - 00000000 ____D () C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-23 15:32 - 2012-05-15 21:28 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-19 17:06 - 2013-10-17 14:33 - 00000000 ____D () C:\Users\Todos os Usuários\Oracle
2014-07-19 17:06 - 2013-10-17 14:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-19 13:59 - 2014-07-19 13:59 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-19 13:58 - 2014-07-19 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-19 13:58 - 2012-03-29 15:22 - 00000000 ____D () C:\Program Files\Java
2014-07-19 00:42 - 2014-04-14 23:31 - 00000000 ____D () C:\Users\casal\Documents\PROJETOS
2014-07-16 23:58 - 2013-04-10 08:14 - 00002087 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-16 18:02 - 2014-06-13 16:50 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-16 18:02 - 2014-04-12 00:15 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-16 18:01 - 2014-07-16 18:01 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-16 18:01 - 2014-04-28 13:38 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-16 18:01 - 2014-04-12 00:15 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-16 18:01 - 2014-04-12 00:15 - 00276432 ____N (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-16 18:01 - 2014-04-12 00:15 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-16 18:01 - 2014-04-12 00:15 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-16 18:01 - 2014-04-12 00:15 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-16 18:01 - 2014-04-12 00:15 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-16 18:01 - 2014-04-12 00:15 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-15 15:08 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-11 03:02 - 2014-07-19 13:58 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-11 02:56 - 2014-07-19 13:58 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-11 02:56 - 2014-07-19 13:58 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-11 02:55 - 2014-07-19 13:58 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-09 20:55 - 2014-07-09 20:55 - 00484472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 10:45 - 2014-04-11 08:50 - 00005654 ____N () C:\PureRa.txt
2014-07-09 07:36 - 2014-04-30 10:45 - 00000000 ____D () C:\Windows\system32\CompatTel
2014-07-09 07:19 - 2013-09-07 16:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 07:15 - 2012-02-01 16:13 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 07:15 - 2012-01-31 16:37 - 00000000 ____D () C:\Users\Todos os Usuários\Microsoft Help
2014-07-09 07:15 - 2012-01-31 16:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-08 23:02 - 2012-04-17 09:04 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-08 23:02 - 2012-03-06 10:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\ProgramData\FileSplitUpLoad.dll
C:\Users\Todos os Usuários\FileSplitUpLoad.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-01 12:47

==================== End Of Log ============================
avatar
Rodrig
Membro
Membro

Mensagens : 204
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 36
Localização : Paraná

Voltar ao Topo Ir em baixo

Re: Suspeita de Vírus

Mensagem por Power Max em Sab 02 Ago 2014, 17:03

Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o na mesma pasta onde você deixou o Farbar, que é nesta pasta abaixo:
C:\Users\casal\Downloads

Clique com o botão direito do mouse sobre o FRST, depois clique em [Você precisa estar registrado e conectado para ver esta imagem.].

Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo.

Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

(RESOLVIDO) Suspeita de Vírus

Mensagem por Rodrig em Dom 03 Ago 2014, 10:04

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:2-08-2014
Ran by casal at 2014-08-03 09:03:07 Run:1
Running from C:\Users\casal\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
Task: {57F9DCAC-069A-4F0F-9E4B-5E2E863DDF28} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
Task: {712CE548-2233-43C1-8E6D-C5C0E47FEAA0} - System32\Tasks\SparkUpdater => C:\Program Files\baidu\Spark\SparkUpdate.exe
SearchScopes: HKLM - DefaultScope value is missing.
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-08-01 12:15 - 2014-08-01 12:16 - 00000000 ____D () C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2014-08-01 12:11 - 2014-03-10 23:14 - 00047456 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bhbase.sys
2014-08-01 12:06 - 2014-08-01 12:06 - 00000000 ____D () C:\Users\casal\AppData\Roaming\Baidu Security
2014-07-31 10:40 - 2014-07-30 12:26 - 00111424 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\BprotectEx.sys
2014-07-30 12:24 - 2014-08-01 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2014-07-30 12:22 - 2014-07-30 12:56 - 00000000 ____D () C:\Users\Public\Documents\Baidu Security
2014-07-30 12:22 - 2014-07-30 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Spark Browser
2014-07-30 12:20 - 2014-08-01 12:31 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu Security
2014-07-30 12:20 - 2014-08-01 12:31 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-07-30 12:20 - 2014-07-31 10:40 - 00000000 ____D () C:\Program Files\Baidu Security
2014-08-01 12:31 - 2014-07-30 12:20 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu Security
2014-08-01 12:31 - 2014-07-30 12:20 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-08-01 12:16 - 2014-08-01 12:15 - 00000000 ____D () C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2014-08-01 12:15 - 2014-07-30 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2014-08-01 12:06 - 2014-08-01 12:06 - 00000000 ____D () C:\Users\casal\AppData\Roaming\Baidu Security
2014-07-31 10:40 - 2014-07-30 12:20 - 00000000 ____D () C:\Program Files\Baidu Security
C:\ProgramData\FileSplitUpLoad.dll
C:\Users\Todos os Usuários\FileSplitUpLoad.dll
end
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{57F9DCAC-069A-4F0F-9E4B-5E2E863DDF28}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57F9DCAC-069A-4F0F-9E4B-5E2E863DDF28}" => Key deleted successfully.
C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{712CE548-2233-43C1-8E6D-C5C0E47FEAA0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{712CE548-2233-43C1-8E6D-C5C0E47FEAA0}" => Key deleted successfully.
C:\Windows\System32\Tasks\SparkUpdater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkUpdater" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster => Moved successfully.
C:\Windows\system32\Drivers\Bhbase.sys => Moved successfully.
C:\Users\casal\AppData\Roaming\Baidu Security => Moved successfully.
C:\Windows\system32\Drivers\BprotectEx.sys => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster => Moved successfully.
C:\Users\Public\Documents\Baidu Security => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Spark Browser => Moved successfully.
C:\Users\Todos os Usuários\Baidu Security => Moved successfully.
"C:\ProgramData\Baidu Security" => File/Directory not found.
C:\Program Files\Baidu Security => Moved successfully.
"C:\Users\Todos os Usuários\Baidu Security" => File/Directory not found.
"C:\ProgramData\Baidu Security" => File/Directory not found.
"C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster" => File/Directory not found.
"C:\Users\casal\AppData\Roaming\Baidu Security" => File/Directory not found.
"C:\Program Files\Baidu Security" => File/Directory not found.
C:\ProgramData\FileSplitUpLoad.dll => Moved successfully.
"C:\Users\Todos os Usuários\FileSplitUpLoad.dll" => File/Directory not found.

==== End of Fixlog ====
avatar
Rodrig
Membro
Membro

Mensagens : 204
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 36
Localização : Paraná

Voltar ao Topo Ir em baixo

Re: Suspeita de Vírus

Mensagem por Power Max em Dom 03 Ago 2014, 10:27

Como está o PC?

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

(RESOLVIDO) Suspeita de Vírus

Mensagem por Rodrig em Dom 03 Ago 2014, 23:35

Caso resolvido,pessoal. Mais uma vez agradecidos pela colaboração. Deus abençoe a todos.  cheers
avatar
Rodrig
Membro
Membro

Mensagens : 204
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 36
Localização : Paraná

Voltar ao Topo Ir em baixo

Re: Suspeita de Vírus

Mensagem por Power Max em Dom 03 Ago 2014, 23:44

isso aí! Fico feliz que o problema tenha sido resolvido.

Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas deste tutorial.
_______________________________________________________________________________________________________________________

Foi um prazer ajudar. Conte sempre conosco!

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

(RESOLVIDO) Suspeita de Vírus

Mensagem por Rodrig em Seg 04 Ago 2014, 00:06

Já realizado.
avatar
Rodrig
Membro
Membro

Mensagens : 204
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 36
Localização : Paraná

Voltar ao Topo Ir em baixo

Re: Suspeita de Vírus

Mensagem por Power Max em Ter 05 Ago 2014, 13:26

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da Equipe da Moderação solicitando o desbloqueio.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Suspeita de Vírus

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Página 4 de 4 Anterior  1, 2, 3, 4

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum