computador com malware baidu e outros

por suportevam Seg 18 Ago 2014, 11:31

meu computador esta travando cheio de malwares e o baidu

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:36:58, on 18/08/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal

Running processes:
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\Administrador\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = delga.com.br
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = delga.com.br
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = delga.com.br
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll
O23 - Service: Emsisoft Anti-Malware 8.0 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Serviço do Kaspersky Endpoint Security (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kaspersky Lab Network Agent (klnagent) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mobile Broadband HL Service - Unknown owner - C:\ProgramData\MobileBrServ\mbbservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - C:\Program Files (x86)\OCS Inventory Agent\ocsservice.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files (x86)\Scpad\scpVista.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files (x86)\UltraVNC\WinVNC.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIVO INTERNET. OUC (VIVO INTERNET. RunOuc) - Unknown owner - C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11448 bytes

por suportevam Seg 18 Ago 2014, 13:14

Alguem pode me ajudar?

por **Power Max** Seg 18 Ago 2014, 14:33

Olá.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

por suportevam Qui 21 Ago 2014, 11:27

# AdwCleaner v3.304 - Relatório criado 18/08/2014 às 09:35:20
# Atualizado 08/08/2014 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (64 bits)
# Usuário : gar - DD
# Executando de : C:\Users\gar\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : globalUpdate
[#] Serviço Deletada : globalUpdatem

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\Program Files (x86)\globalUpdate
Pasta Deletada : C:\Program Files (x86)\Iminent
Pasta Deletada : C:\Program Files (x86)\Mobogenie
Pasta Deletada : C:\Program Files (x86)\HQube-2
Pasta Deletada : C:\Users\gar\AppData\Local\genienext
Pasta Deletada : C:\Users\gar\AppData\Local\globalUpdate
Pasta Deletada : C:\Users\gar\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\GABRIE~1.RIC\AppData\Local\Temp\Iminent
Pasta Deletada : C:\Users\gar\AppData\Roaming\baidu
Pasta Deletada : C:\Users\gar\AppData\Roaming\GroovorioUpdater
Pasta Deletada : C:\Users\gar\AppData\Roaming\iWin
Pasta Deletada : C:\Users\gar\AppData\Roaming\MetaCrawler
Pasta Deletada : C:\Users\gar\AppData\Roaming\newnext.me
Pasta Deletada : C:\Users\gar\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\gar\Desktop\Claro
Pasta Deletada : C:\Users\gar\AppData\Roaming\Mozilla\Firefox\Profiles\xizm8y25.default\Extensions\cda2aa03-4bc9-4ec7-9498-460a0930b748@ad411bc8-5385-474c-96ad-ae0bd30853a6.com
Arquivo Deletada : C:\Users\gar\AppData\Roaming\Mozilla\Firefox\Profiles\xizm8y25.default\Extensions\webbooster@iminent.com.xpi
Arquivo Deletada : C:\Users\gar\daemonprocess.txt
Arquivo Deletada : C:\Users\gar\AppData\Roaming\Mozilla\Firefox\Profiles\xizm8y25.default\user.js

***** [ Tarefas ] *****

Tarefa Deletedo : DigitalSite
Tarefa Deletedo : globalUpdateUpdateTaskMachineCore
Tarefa Deletedo : globalUpdateUpdateTaskMachineUA
Tarefa Deletedo : Groovorio Updater
Tarefa Deletedo : 98768986-4400-47a0-89a2-4245099de265-1
Tarefa Deletedo : 98768986-4400-47a0-89a2-4245099de265-10
Tarefa Deletedo : 98768986-4400-47a0-89a2-4245099de265-11
Tarefa Deletedo : 98768986-4400-47a0-89a2-4245099de265-2
Tarefa Deletedo : 98768986-4400-47a0-89a2-4245099de265-3
Tarefa Deletedo : 98768986-4400-47a0-89a2-4245099de265-4
Tarefa Deletedo : 98768986-4400-47a0-89a2-4245099de265-5
Tarefa Deletedo : 98768986-4400-47a0-89a2-4245099de265-5_user

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Chave Deletedo : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Chave Deletedo : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Chave Deletedo : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0053170.BHO
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0053170.BHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0053170.Sandbox
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0053170.Sandbox.1
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311170}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312270}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315570}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316670}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311170}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511311170}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311170}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312270}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315570}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316670}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311170}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Chave Deletedo : HKCU\Software\GlobalUpdate
Chave Deletedo : HKCU\Software\Iminent
Chave Deletedo : HKCU\Software\InstalledBrowserExtensions
Chave Deletedo : HKCU\Software\WEDLMNGR
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKCU\Software\AppDataLow\Software\HQube-2
Chave Deletedo : HKLM\Software\GlobalUpdate
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\Software\InstalledBrowserExtensions
Chave Deletedo : HKLM\Software\HQube-2
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HQube-2
Chave Deletedo : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Chave Deletedo : [x64] HKLM\SOFTWARE\Iminent
Chave Deletedo : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Mozilla Firefox v26.0 (pt-BR)

[ Arquivo : C:\Users\gar\AppData\Roaming\Mozilla\Firefox\Profiles\xizm8y25.default\prefs.js ]

Linha deletada : user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22ama[...]
Linha deletada : user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.c[...]
Linha deletada : user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Linha deletada : user_pref("extensions.crossrider.bic", "1475e87501f320e1ea55c8a7b4cd42cf");
Linha deletada : user_pref("extensions.enabledAddons", "webbooster%40iminent.com:8.28.4.1,cda2aa03-4bc9-4ec7-9498-460a0930b748%40ad411bc8-5385-474c-96ad-ae0bd30853a6.com:0.95.83,%7B972ce4c6-7e08-4474-a285-3208198ce6fd[...]
Linha deletada : user_pref("iminent.LayoutId", "1");
Linha deletada : user_pref("iminent.ShowThankyouPixel", "0");
Linha deletada : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0,\"s\":0,\"es\":3}");
Linha deletada : user_pref("iminent.adapters", "{\"groovorio.com\":{\"CountryCode\":\"BR\",\"NoAds\":false,\"Status\":2,\"AdapterKey\":\"default_adapter\",\"v\":true,\"p\":0,\"t\":1,\"th\":1.1,\"expireTime\":\"1406040[...]
Linha deletada : user_pref("iminent.registerToolbarEvent102", "1407769785162");
Linha deletada : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
Linha deletada : user_pref("iminent.version", "8.28.4.1");
Linha deletada : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.28.4.1\",\"InstallEventCTime\":1408127681203,\"InstallEvent\":\"True\"}");

*************************

AdwCleaner[R0].txt - [15939 octets] - [18/08/2014 09:32:18]
AdwCleaner[R1].txt - [16000 octets] - [18/08/2014 09:34:34]
AdwCleaner[S0].txt - [14956 octets] - [18/08/2014 09:35:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15017 octets] ##########

por **Power Max** Qui 21 Ago 2014, 11:33

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

por suportevam Qui 21 Ago 2014, 14:34

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Administrador on 21/08/2014 at 13:22:51,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440544314470}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440544314470}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440544314470}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440544314470}

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/08/2014 at 13:31:24,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

por **Power Max** Qui 21 Ago 2014, 14:46

Desative temporariamente seu antivírus para evitar conflitos.

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por suportevam Sex 22 Ago 2014, 08:53

Zoek.exe v5.0.0.0 Updated 21-08-2014
Tool run by Administrador on 22/08/2014 at 8:19:13,70.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Administrador\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

22/08/2014 08:21:38 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\DSP-worx deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Samsung deleted successfully
C:\PROGRA~3\FLEXnet deleted successfully
C:\PROGRA~3\PDFC deleted successfully
C:\PROGRA~3\Socusoft deleted successfully
C:\Users\suporteti\AppData\Roaming\hpqlog deleted successfully
C:\Users\gar\AppData\Local\CutePDF Writer deleted successfully
C:\Users\gar\AppData\Local\Samsung deleted successfully
C:\Users\suporteti\AppData\Local\PDFC deleted successfully
C:\Users\suporteti\AppData\Local\VirtualStore deleted successfully
C:\Users\suporteti\AppData\Local\{FC896C4C-BE5D-45B5-AC18-E42EB60C5AE6} deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\mgfhn8kg.default\prefs.js:

Added to C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\mgfhn8kg.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\GABRIE~1.RIC\AppData\Roaming\Mozilla\Firefox\Profiles\xizm8y25.default\prefs.js:
user_pref("browser.startup.homepage", "http://groovorio.com/?f=1&a=grv_sftdefirst_14_26&cd=2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtBtByD0B0C0A0FyE0AtCtN0D0Tzu0SzytAyEtN1L2XzutBtFtBtCtFtCyBtFtDtN1L1Czu1N1C2X1V1B1O2Z1Q1P1O1L1C1B2Z1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2SyD0F0B0C0FzzyEtAtGyCtC0AyBtGyE0EtB0DtG0D0BtDtBtGtBtDyEtAzz0AyDtC0A0EyCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCtAtB0F0CyDtAtG0EyDyBtAtG0A0DtC0FtG0B0ByBzztGyBzz0CtDyByDyCtC0AyC0BtD2Q&cr=619776378&ir=");
user_pref("browser.search.defaultenginename", "Groovorio");
user_pref("browser.search.selectedEngine", "Groovorio");

Added to C:\Users\GABRIE~1.RIC\AppData\Roaming\Mozilla\Firefox\Profiles\xizm8y25.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\mgfhn8kg.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_082014_0834_.backup

ProfilePath: C:\Users\GABRIE~1.RIC\AppData\Roaming\Mozilla\Firefox\Profiles\xizm8y25.default

user.js not found
---- Lines iminent modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program
---- Lines acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170 removed from prefs.js ----
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.acda2aa034bc94ec79498460a0930b748ad411bc85385474
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.acda2aa034bc94ec79498460a0930b748ad411bc85385474
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.active", true);
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.addressbar", "NA");
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.addressbarenhanced", "");
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.asyncdb.was_copied", "true");
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.asyncdb_dbWasSet", true);
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.asyncinternaldb.was_copied", "true");
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.asyncinternaldb_dbWasSet", true);
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.backgroundver", 2);
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.certdomaininstaller", "");
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.changeprevious", false);
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.cookie.InstallationTime.value", "%221406035059%2
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.cookie.InstallerParams.expiration", "Fri Feb 01
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.cookie.InstallerParams.value", "%7B%22source_id%
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.cookie.load_balancer.expiration", "Thu Aug 14 20
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.cookie.load_balancer.value", "%22%7B%20%5C%22Sta
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.cookie.previous_page.expiration", "Fri Feb 01 20
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.cookie.previous_page.value", "%22http%3A//visual
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.cookie.user_id.expiration", "Fri Feb 01 2030 00:
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.cookie.user_id.value", "%221475e87501f320e1ea55c
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.description", "HQ Videos is an add-on for your I
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.domain", "");
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.enablesearch", false);
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.homepage", "");
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.iframe", false);
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.InstallationThankYouPage", true);
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.InstallationTime", 1406035059);
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__defualt_browser__.expiration", "Fri
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__defualt_browser__.value", "%22ff%22
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__blacklist_domain.exp
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__global_rules.expirat
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__global_rules.value",
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__global_rules_verion.
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__global_rules_verion.
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__last_daily_visit.exp
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__last_daily_visit.val
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__last_impression_time
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__last_impression_time
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__marketing_rules.expi
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__marketing_rules.valu
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__marketing_rules_veri
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__marketing_rules_veri
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__pages_visited_count.
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__pages_visited_count.
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__pagevies_count_12.7.
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__pagevies_count_12.7.
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__pagevies_count_13.7.
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__pagevies_count_13.7.
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__pagevies_count_15.7.
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__pagevies_count_15.7.
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__pagevies_count_6.7.2
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__pagevies_count_6.7.2
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__pagevies_count_7.7.2
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__pagevies_count_7.7.2
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__pagevies_count_8.7.2
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__pagevies_count_8.7.2
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__pagevies_count_9.7.2
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__pagevies_count_9.7.2
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__total_impressions_to
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__total_impressions_to
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__total_impressions_to
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__total_impressions_to
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__verions_data.expirat
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_DOWNLOADS__verions_data.value",
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__blacklist_domain.expirati
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__global_rules.expiration",
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__global_rules.value", "%5B
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__global_rules_verion.expir
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__global_rules_verion.value
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__last_daily_visit.expirati
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__last_daily_visit.value",
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__last_impression_time.expi
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__last_impression_time.valu
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__marketing_rules.expiratio
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__marketing_rules_verion.ex
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__marketing_rules_verion.va
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__pages_visited_count.expir
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__pages_visited_count.value
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__pagevies_count_12.7.2014.
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__pagevies_count_12.7.2014.
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__pagevies_count_13.7.2014.
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__pagevies_count_13.7.2014.
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__pagevies_count_15.7.2014.
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__pagevies_count_15.7.2014.
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__pagevies_count_6.7.2014.e
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__pagevies_count_6.7.2014.v
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__pagevies_count_7.7.2014.e
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__pagevies_count_7.7.2014.v
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__pagevies_count_8.7.2014.e
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__pagevies_count_8.7.2014.v
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__pagevies_count_9.7.2014.e
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__pagevies_count_9.7.2014.v
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__siteunder_protection.expi
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__siteunder_protection.valu
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__total_impressions_today.e
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__total_impressions_today.v
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__total_impressions_today_s
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__total_impressions_today_s
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__verions_data.expiration",
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.__ICM_LITE__verions_data.value", "%7B
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb._installer_additional_info.expiration
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb._installer_additional_info.value", "%
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.InstallerParams.expiration", "Fri Feb
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.InstallerParams.value", "%7B%22source
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.InstallerUserIdentifiersCache.expirat
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.InstallerUserIdentifiersCache.value",
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.monetization_plugin_bundledUrls.expir
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.monetization_plugin_bundledWithHash.e
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.monetization_plugin_bundledWithHash.v
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.monetization_plugin_notBundledArr_.ex
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.monetization_plugin_notBundledArr_.va
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.monetization_plugin_regBundledWithSof
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.monetization_plugin_regBundledWithSof
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.Resources_appVer.value", "100");
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.Resources_meta.expiration", "Fri Feb
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.Resources_nextCheck.expiration", "Thu
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.Resources_remote_resources.expiration
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.internaldb.Resources_remote_resources.value", "%
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.lastDailyReport", "1408035726111");
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.lastUpdate", "1408127683888");
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.manifesturl", "");
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.name", "HQ-Video-Pro-1.8");
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.newtab", "");
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.opensearch", "");
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.pluginsurl", "http://js.inputdatacloud.com/plugi
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.pluginsversion", 89);
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.publisher", "HQ-Video");
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.searchstatus", 0);
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.setnewtab", false);
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.thankyou", "");
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.updateinterval", 360);
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.53170.ver", 100);
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.apps", "53170");
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.bic", "1475e87501f320e1ea55c8a7b4cd42cf");
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.cid", 53170);
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.firstrun", false);
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.hadappinstalled", true);
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.installationdate", 1406040232);
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.installerAdditionalInfo", "{\"asw\":[67108864, 4, 0]}"
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.modetype", "production");
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.reportInstall", true);
user_pref("extensions.acda2aa034bc94ec79498460a0930b748ad411bc85385474c96adae0bd30853a6com53170.statsDailyCounter", 22);
---- FireFox user.js and prefs.js backups ----

prefs_082014_0834_.backup

==== Deleting Files \ Folders ======================

C:\Users\gar\AppData\Roaming\Mozilla\Firefox\Profiles\xizm8y25.default\extensions\webbooster@iminent.com.xpi not found
C:\PROGRA~3\DivX deleted
C:\Users\gar\.android deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\Users\gar\AppData\Local\cache deleted
C:\Users\Administrador\Searches deleted
C:\Users\GABRIE~1.RIC\AppData\Roaming\Mozilla\Firefox\Profiles\xizm8y25.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e} deleted

==== Folders Found ======================

2014-08-18 12:35:21 2014-08-18 12:35:21 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2013-12-01 22:54:52 2013-12-01 22:55:55 -------- d-----w- C:\ProgramData\Baidu Security
2013-12-01 22:54:52 2013-12-01 22:55:55 -------- d-----w- C:\Users\All Users\Baidu Security

==== Files Found ======================

--- C:\Users\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ZSXLY40\t2880-computador-com-malware-baidu-e-outros[1].htm ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 59936
Created time: 2014-08-21 16:20:14
Modified time: 2014-08-21 16:20:14
MD5: 2C77A316FA95990565708E1CFB1AD01B
SHA1: 5C9B1BAA6ADC14788D183134527B3DD57A4C9A47

==== Registry Search Results for "Baidu" ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-2172890782-2414803012-1800170225-500\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="Computador\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Baidu Security"

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== Firefox Extensions ======================

ProfilePath: C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\mgfhn8kg.default
- Firefox Old Version Update Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi

ProfilePath: C:\Users\GABRIE~1.RIC\AppData\Roaming\Mozilla\Firefox\Profiles\xizm8y25.default
- Undetermined - C:\Users\gar\AppData\Roaming\Mozilla\Firefox\Profiles\xizm8y25.default\extensions\cda2aa03-4bc9-4ec7-9498-460a0930b748@ad411bc8-5385-474c-96ad-ae0bd30853a6.com
- Firefox Old Version Update Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Administrador\AppData\Roaming\Mozilla\Firefox\Profiles\mgfhn8kg.default
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://g.msn.com/HPCOM/6"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://g.msn.com/HPCOM/6"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox"

==== Reset Google Chrome ======================

Nothing found to reset

==== shortcuts on Users Desktops ======================

C:\Users\gar\Desktop\Celular VIVO -.lnk - R:\Deptos\TI\Administrativo\Controles\Controle - Celular VIVO
C:\Users\gar\Desktop\Controle Req. Ped.lnk - R:\Deptos\TI\Administrativo\Controles\Controle Req. Ped
C:\Users\gar\Desktop\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\gar\Desktop\Manager.lnk - C:\Windows\Installer\{87D14E59-B662-41AF-8D46-A70B44B00177}\Manager_1C2DE3F3BEEB45A593AF669D4C7C80A2.exe
C:\Users\gar\Desktop\Monitor.lnk - C:\Windows\Installer\{87D14E59-B662-41AF-8D46-A70B44B00177}\Monitor_99BAD8BD650549EAAA158F50FF885634.exe
C:\Users\gar\Desktop\Outlook 2013.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\outlook.exe
C:\Users\gar\Desktop\Smartclient - Atalho.lnk - G:\Protheus 11\Smartclient.exe
C:\Users\gar\Desktop\storage_diadema2 (gd500602).lnk - \\gd500602\storage_diadema2
C:\Users\gar\Desktop\System Status.lnk - C:\Windows\SysWOW64\javaw.exe -jar ssaviewer.jar
C:\Users\GABRIE~1.RIC\Desktop\Celular VIVO -.lnk - R:\Deptos\TI\Administrativo\Controles\Controle - Celular VIVO
C:\Users\GABRIE~1.RIC\Desktop\Controle Req. Ped.lnk - R:\Deptos\TI\Administrativo\Controles\Controle Req. Ped
C:\Users\GABRIE~1.RIC\Desktop\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\GABRIE~1.RIC\Desktop\Manager.lnk - C:\Windows\Installer\{87D14E59-B662-41AF-8D46-A70B44B00177}\Manager_1C2DE3F3BEEB45A593AF669D4C7C80A2.exe
C:\Users\GABRIE~1.RIC\Desktop\Monitor.lnk - C:\Windows\Installer\{87D14E59-B662-41AF-8D46-A70B44B00177}\Monitor_99BAD8BD650549EAAA158F50FF885634.exe
C:\Users\GABRIE~1.RIC\Desktop\Outlook 2013.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\outlook.exe
C:\Users\GABRIE~1.RIC\Desktop\Smartclient - Atalho.lnk - G:\Protheus 11\Smartclient.exe
C:\Users\GABRIE~1.RIC\Desktop\storage_diadema2 (gd500602).lnk - \\gd500602\storage_diadema2
C:\Users\GABRIE~1.RIC\Desktop\System Status.lnk - C:\Windows\SysWOW64\javaw.exe -jar ssaviewer.jar

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\SAP Logon.lnk - C:\Program Files (x86)\SAP\SapSetup\setup\SAL\SapLogon.s8l
C:\Users\Public\Desktop\Softphone.lnk - C:\Program Files (x86)\Avaya\Softphone\IPOfficeSoftphone.exe

==== shortcuts in Users Start Menu ======================

C:\Users\gar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Users\gar\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\GABRIE~1.RIC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Users\gar\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files\CCleaner\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Endpoint Security 10 para Windows\Ajuda do Kaspersky Endpoint Security 10 para Windows.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\Doc\pt-BR\KES\Context.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Endpoint Security 10 para Windows\Contrato de Licença do Usuário Final.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Endpoint Security 10 para Windows\Kaspersky Endpoint Security 10 para Windows.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Endpoint Security 10 para Windows\Modificar, Reparar ou Remover.lnk - C:\Windows\System32\msiexec.exe /i {04CF7FBD-E56C-446D-8FC9-DD444BDBEE8E}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Endpoint Security 10 para Windows\Visitar a Kaspersky Lab na Web.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\kl.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIVO INTERNET\Uninstall.lnk - C:\Program Files (x86)\VIVO INTERNET\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIVO INTERNET\VIVO INTERNET.lnk - C:\Program Files (x86)\VIVO INTERNET\VIVO INTERNET.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\gar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\gar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE /recycle
C:\Users\gar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\gar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\gar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\gar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -
C:\Users\gar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Excel 2013.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\EXCEL.EXE
C:\Users\gar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Manager.lnk - C:\Windows\Installer\{87D14E59-B662-41AF-8D46-A70B44B00177}\Manager_1C2DE3F3BEEB45A593AF669D4C7C80A2.exe
C:\Users\suporteti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\suporteti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\suporteti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\suporteti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP Recommended.LNK - C:\Program Files (x86)\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Users\suporteti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\suporteti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\suporteti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live.LNK - C:\Program Files (x86)\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Users\suporteti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\GABRIE~1.RIC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\GABRIE~1.RIC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE /recycle
C:\Users\GABRIE~1.RIC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\GABRIE~1.RIC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\GABRIE~1.RIC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\GABRIE~1.RIC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -
C:\Users\GABRIE~1.RIC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Excel 2013.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\EXCEL.EXE
C:\Users\GABRIE~1.RIC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Manager.lnk - C:\Windows\Installer\{87D14E59-B662-41AF-8D46-A70B44B00177}\Manager_1C2DE3F3BEEB45A593AF669D4C7C80A2.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\gar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\gar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\suporteti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\GABRIE~1.RIC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\GABRIE~1.RIC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Administrador\AppData\Local\Mozilla\Firefox\Profiles\mgfhn8kg.default\Cache emptied successfully
C:\Users\gar\AppData\Local\Mozilla\Firefox\Profiles\xizm8y25.default\Cache emptied successfully
C:\Users\GABRIE~1.RIC\AppData\Local\Mozilla\Firefox\Profiles\xizm8y25.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1022 folders=69 30154537 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrador\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\gar\AppData\Local\Temp will be emptied at reboot
C:\Users\suporteti\AppData\Local\Temp emptied successfully
C:\Users\GABRIE~1.RIC\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\ADMINI~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 22/08/2014 at 8:45:52,51 ======================

por suportevam Sex 22 Ago 2014, 09:08

Executei o scritp
baidu;a
baidu;z

deu esse resultado:

Zoek.exe v5.0.0.0 Updated 06-August-2014
Tool run by Administrador on 22/08/2014 at 8:58:55,89.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Administrador\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-08-22-114552.log 50792 bytes

==== Folders Found ======================

2014-08-18 12:35:21 2014-08-18 12:35:21 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2013-12-01 22:54:52 2013-12-01 22:55:55 -------- d-----w- C:\ProgramData\Baidu Security
2013-12-01 22:54:52 2013-12-01 22:55:55 -------- d-----w- C:\Users\All Users\Baidu Security

==== Files Found ======================

==== Registry Search Results for "Baidu" ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-2172890782-2414803012-1800170225-500\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="Computador\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Baidu Security"

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1022 folders=69 30154537 bytes)

==== EOF on 22/08/2014 at 9:02:02,97 ======================

por **Power Max** Sex 22 Ago 2014, 11:36

computador - computador com malware baidu e outros 772309

Faça o download do OTM (de Old Timer) no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Selecione e copie todo o texto destacado em vermelho que te passei.

Clique com o botão direito do mouse sobre o OTM.exe e escolha a opção Executar como administrador.

Cole o texto que você acabou de copiar acima no espaço em branco abaixo da frase Paste instructions for itens to be Moved

Depois disto clique no botão MoveIt!

Depois de fazer os procedimentos acima, feche o OTM. Nota: O OTM deverá pedir para reiniciar o PC para concluir o processo de eliminação dos problemas, neste caso é só confirmar clicando em Yes. Neste caso, após a reinicialização, navegue até a pasta C:\_OTMoveIt\MovedFiles e abra o mais novo arquivo com extensão .log presente, selecione e copie todo o conteúdo desse relatório e poste aqui em seu próximo post.

por suportevam Seg 25 Ago 2014, 07:43

========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== SERVICES/DRIVERS ==========
Service Bfilter stopped successfully!
Service Bfilter deleted successfully!
Service Bfmon stopped successfully!
Service Bfmon deleted successfully!
Error: Unable to stop service Bprotect!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully.
Service BprotectEx stopped successfully!
Service BprotectEx deleted successfully!
Service PCFApiUtil stopped successfully!
Service PCFApiUtil deleted successfully!
========== FILES ==========
C:\ProgramData\Baidu Security\RpData folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\4.0.0.0\sysopt folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\4.0.0.0\Run\Disable folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\4.0.0.0\Run folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.LeakRepair\Hotfix folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.LeakRepair folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\4.0.0.0\Plugins folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\4.0.0.0 folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\3.7.0.0\sysopt folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\3.7.0.0\Run\Disable folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\3.7.0.0\Run folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\3.7.0.0\Plugins folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\3.7.0.0 folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster folder moved successfully.
C:\ProgramData\Baidu Security folder moved successfully.
File/Folder C:\Users\All Users\Baidu Security not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000 not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000 not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\ scheduled to be deleted on reboot.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter\\DisplayName deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon\\DisplayName deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect\\DisplayName deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx\\DisplayName deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil\\ImagePath deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000 not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000 not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Baidu\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Baidu Security\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web not found.
Registry key HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web not found.
Registry key HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web not found.
Registry key HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport\ not found.
Registry value HKEY_USERS\S-1-5-21-2172890782-2414803012-1800170225-500\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\\LastKey deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Baidu\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Baidu Security\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web not found.
Registry key HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web not found.
Registry key HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web not found.
Registry key HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport\ not found.
========== COMMANDS ==========
Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.21.0 log created on 08252014_073104

Files moved on Reboot...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000 not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000 not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000 not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000 not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000 not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\ not found.

por **Power Max** Seg 25 Ago 2014, 08:10

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho abaixo e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por suportevam Seg 25 Ago 2014, 10:01

Zoek.exe v5.0.0.0 Updated 06-August-2014
Tool run by Administrador on 25/08/2014 at 9:54:12,00.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Administrador\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-08-22-114552.log 50792 bytes
C:\zoek-results2014-08-22-120202.log 7322 bytes

==== Folders Found ======================

2014-08-18 12:35:21 2014-08-18 12:35:21 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2013-12-01 22:54:52 2014-08-25 10:32:15 -------- d-----w- C:\_OTM\MovedFiles\08252014_073104\C_ProgramData\Baidu Security

==== Files Found ======================

==== Registry Search Results for "Baidu" ======================

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1022 folders=69 30154537 bytes)

==== EOF on 25/08/2014 at 9:57:50,82 ======================

por **Power Max** Seg 25 Ago 2014, 10:06

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por suportevam Ter 26 Ago 2014, 08:28

Zoek.exe v5.0.0.0 Updated 06-August-2014
Tool run by Administrador on 26/08/2014 at 7:14:16,15.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Administrador\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-08-22-114552.log 50792 bytes
C:\zoek-results2014-08-22-120202.log 7322 bytes
C:\zoek-results2014-08-25-125750.log 1332 bytes

==== System Restore Info ======================

26/08/2014 07:15:11 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]

==== Folders Found ======================

2014-08-18 12:35:21 2014-08-18 12:35:21 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2013-12-01 22:54:52 2014-08-25 10:32:15 -------- d-----w- C:\_OTM\MovedFiles\08252014_073104\C_ProgramData\Baidu Security

==== Files Found ======================

==== Registry Search Results for "Baidu" ======================

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1022 folders=69 30154537 bytes)

==== EOF on 26/08/2014 at 7:16:15,57 ======================

por **Power Max** Ter 26 Ago 2014, 08:32

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

por suportevam Ter 26 Ago 2014, 09:33

~ Relatório do ZHPDiag v2014.8.25.124 - Nicolas Coolman (25/08/2014)
~ Iniciado por Administrador (26/08/2014 09:26:50)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16686 (Defaut)
MFIE: Mozilla Firefox 26.0

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Kaspersky Endpoint Security 10 para Windows v10.2.1.23
Malwarebytes Anti-Malware versão 1.75.0.1300
ESET Online Scanner v3
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.09

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 11 ActiveX 64-bit
Adobe Reader XI

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3989 MB (49% free)
System Restore: Activé (Enable)
System drive C: has 80 GB (65%) free of 122 GB

---\\ Modo de conexão ao sistema
~ Computer Name: DDNBK001
~ User Name: Administrador
~ All Users Names: suporteti, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Administrador\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Administrador\AppData\Roaming\
~ %Desktop% : C:\Users\Administrador\Desktop\
~ %Favorites% : C:\Users\Administrador\Favorites\
~ %LocalAppData% : C:\Users\Administrador\AppData\Local\
~ %StartMenu% : C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 80 Go of 122 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 14 Go)
E: CD-ROM drive (Not Inserted)
G: Hard drive, Flash drive, Thumb drive (Free 251 Go of 329 Go)
H: CD-ROM drive (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.22/05/2012 - 21:35:14.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.AAFA952E774DDDB0956D3BDFAE5B5B99] - (.Microsoft Corporation - Internet Extensions para Win32.) (.10/08/2013 - 02:22:18.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.22/05/2012 - 21:38:33.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.22/05/2012 - 21:32:13.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 01s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes Favoris (My Favorites) : 1/7
~ Mon Bureau (My Desktop) : 1/14
~ Menu demarrer (Programs) : 1/23
~ Hidden Files: Scanned in 00mn 00s

---\\ Processos lançados
[MD5.E62EC2D84322F2FDDF63A704BACC8430] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [238160] [PID.4028]
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.3268]
[MD5.766AE515B1749F2141E418CC6C08515B] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.180]
[MD5.8A3B69683E63808719D24E1C68C21CC7] - (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960] [PID.1964]
[MD5.8192B2E274607D1D530F5C191698C544] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944] [PID.4108]
[MD5.B8884ECCA59F09BF1C56087B66EA5F82] - (.Kaspersky Lab ZAO - Kaspersky Endpoint Security 10 for Windows.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe [741360] [PID.2504]
[MD5.37287D98A1BF5D56AA729CEB9B27C6B1] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [770648] [PID.4212]
[MD5.836017731EEE9F923DB83AEB2C316F90] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8097792] [PID.3820]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1768]
[MD5.2BEC76BDCD1BC080210325E7B5094834] - (.Hewlett-Packard Development Company, L.P. - HP Quick Launch WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [35200] [PID.1872]
[MD5.3628933AF5305EAB8173949BFF912F04] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560] [PID.1060]
[MD5.E8FCD6D30CBE9849CCDB9E2BA8A427DF] - (.Kaspersky Lab ZAO - Kaspersky Security Center Network Agent.) -- C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe [132600] [PID.1348]
[MD5.862F0F2F0B4867C3A85C3AC27BBC631C] - (...) -- C:\ProgramData\MobileBrServ\mbbservice.exe [239184] [PID.1532]
[MD5.0E976FAAB3FC45A897FA1902B2ED92CF] - (.http://www.ocsinventory-ng.org - Open Computers and Software Inventory Agent.) -- C:\Program Files (x86)\OCS Inventory Agent\ocsservice.exe [69632] [PID.1780]
[MD5.318706813FB613072A688F2653B0689F] - (.Banco Bradesco S.A. - scpVista.) -- C:\Program Files (x86)\Scpad\scpVista.exe [360624] [PID.1236]
[MD5.731D9B3DE4BC0A3E0830B9BF9DBCE2A5] - (.SafeNet, Inc. - No Comment.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [316992] [PID.1248]
[MD5.925E88D7C5A51E25769D9CEB4F7F2E85] - (.SafeNet, Inc - Sentinel Protection Server for SuperPro and.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400] [PID.1224]
[MD5.AC5E6B891A09D5A41EA7F72A5DF0A905] - (.UltraVNC - VNC server for win32.) -- C:\Program Files (x86)\UltraVNC\WinVNC.exe [2015968] [PID.2320]
[MD5.577E7A8C05B252431305CC4FB118A142] - (...) -- C:\ProgramData\VIVO INTERNET\OnlineUpdate\ouc.exe [650320] [PID.2436]
[MD5.913FF5A608DE6A2AB320EB919092049A] - (.UltraVNC - VNC server for Win32.) -- C:\Arquivos de programas\UltraVNC\WinVNC.exe [712704] [PID.2320]
[MD5.7D4B9A48430ED57ACA6373B71D5904CA] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.2572]
[MD5.BF22ACF4CF3734D61357E67F0521BC03] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277784] [PID.2420]
[MD5.B097EBA0E3FEB020BB65FE43AF5ECCFF] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [363800] [PID.2132]
[MD5.7F8AD33720F9CD839C5ACE946FA39AE0] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [994688] [PID.4884]
[MD5.7FF1EE51F34F43D29C8E0633E966192E] - (.Hewlett-Packard Company - SolutionsFrameworkService.) -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [72992] [PID.5180]
[MD5.59EA72A5A306904FB21AA410DE3F6886] - (.Hewlett-Packard Company - HP Device Detection.) -- C:\Program Files (x86)\Hp\Common\HpDeviceDetection3.exe [217888] [PID.1584]
~ Processes Running: Scanned in 00mn 01s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: CompSegIB [64Bits] - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Banco Bradesco S.A. - scpsssh2 Module.) -- C:\Program Files (x86)\Scpad\scpsssh2.dll
~ BHO: 7 Legitimates Filtered in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [SetDefault] . (.Hewlett-Packard Development Company, L.P. - SetDefault.) -- C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [WinVNC] . (.UltraVNC - VNC server for Win32.) -- C:\Arquivos de programas\UltraVNC\WinVNC.exe
O4 - HKLM\..\Wow6432Node\Run: [HPOSD] . (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Endpoint Security 10 for Windows.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E7E49A5-20CA-4FE4-B2C2-0016F632E2E9}: DhcpNameServer = 192.168.0.23 192.168.0.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBAA4707-9895-4037-997B-1428D10AFA4F}: DhcpNameServer = 192.168.0.23 192.168.0.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE0547D1-2A25-4295-BCCE-831B7B16378A}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E7E49A5-20CA-4FE4-B2C2-0016F632E2E9}: DhcpDomain = delga.com.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBAA4707-9895-4037-997B-1428D10AFA4F}: DhcpDomain = delga.com.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{3E7E49A5-20CA-4FE4-B2C2-0016F632E2E9}: DhcpNameServer = 192.168.0.23 192.168.0.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{DBAA4707-9895-4037-997B-1428D10AFA4F}: DhcpNameServer = 192.168.0.23 192.168.0.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{EE0547D1-2A25-4295-BCCE-831B7B16378A}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3E7E49A5-20CA-4FE4-B2C2-0016F632E2E9}: DhcpDomain = delga.com.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{DBAA4707-9895-4037-997B-1428D10AFA4F}: DhcpDomain = delga.com.br
O17 - HKLM\System\CS2\Services\Tcpip\..\{3E7E49A5-20CA-4FE4-B2C2-0016F632E2E9}: DhcpNameServer = 192.168.0.23 192.168.0.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{DBAA4707-9895-4037-997B-1428D10AFA4F}: DhcpNameServer = 192.168.0.23 192.168.0.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{EE0547D1-2A25-4295-BCCE-831B7B16378A}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3E7E49A5-20CA-4FE4-B2C2-0016F632E2E9}: DhcpDomain = delga.com.br
O17 - HKLM\System\CS2\Services\Tcpip\..\{DBAA4707-9895-4037-997B-1428D10AFA4F}: DhcpDomain = delga.com.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = delga.com.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.23 192.168.0.10
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: HWDeviceService64.exe (HWDeviceService64.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Mobile Broadband HL Service (Mobile Broadband HL Service) . (...) - C:\ProgramData\MobileBrServ\mbbservice.exe
O23 - Service: scpVista (scpVista) . (.Banco Bradesco S.A. - scpVista.) - C:\Program Files (x86)\Scpad\scpVista.exe
O23 - Service: VIVO INTERNET. OUC (VIVO INTERNET. RunOuc) . (...) - C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe
O23 - Service: VNC Server (winvnc) . (.UltraVNC - VNC server for Win32.) - C:\Arquivos de programas\UltraVNC\WinVNC.exe
~ Services: 21 Legitimates Filtered in 00mn 06s

---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{62F3B6EE-C483-4671-AF4E-045FA98ED4A3}] (...) -- C:\Users\Administrador\AppData\Local\Temp\Rar$DIa0.417\NFe-617823.cpl (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C0BFA5F4-A538-4FB9-8A77-046F71CDAE7D}] (...) -- C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\UninstCaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C8DEE6F4-08EB-4513-8D50-228F5988B818}] (...) -- C:\Program Files (x86)\Wifi Protector BI\Uninstall.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForgabriela.richter [376]
~ Scheduled Task: 10 Legitimates Filtered in 01mn 09s

---\\ Software instalados (042)
O42 - Logiciel: Softphone - (.Avaya.) [HKLM][64Bits] -- {355F7877-5D18-40D8-AD5E-966516A82A63}
~ Logic: 22 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKLM\Software\Wow6432Node\Avaya]
~ Key Software: 234 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 03/09/2013 - 10:23:19 - [] ----D C:\Program Files (x86)\Avaya
O43 - CFD: 10/09/2013 - 20:01:37 - [] ----D C:\Program Files (x86)\Scpad
O43 - CFD: 08/08/2014 - 14:15:50 - [] ----D C:\Program Files (x86)\VIVO INTERNET
O43 - CFD: 07/08/2014 - 14:52:36 - [] ----D C:\ProgramData\VIVO INTERNET
~ Program Folder: 132 Legitimates Filtered in 00mn 01s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.D7A8376405C3ED5810DE1F8DAE054A4C] - 18/08/2014 - 09:52:29 ---A- . (...) -- C:\TDSSKiller.3.0.0.40_18.08.2014_09.47.48_log.txt [83226]
O44 - LFC:[MD5.1DFE69CD24456F1ACC337AFCC3F01909] - 18/08/2014 - 12:17:06 ---A- . (...) -- C:\Windows\ntbtlog.txt [208296]
O44 - LFC:[MD5.DD0D4FE9579D4CC8FEC43E17EE563C2F] - 20/08/2014 - 13:28:49 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [128632]
O44 - LFC:[MD5.94C46B91FDED7C8B44BA5F7E33013445] - 20/08/2014 - 13:28:49 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [664342]
O44 - LFC:[MD5.A2F521936C2581D2D38D1B2E6DD6F8D3] - 22/08/2014 - 08:45:52 ---A- . (...) -- C:\zoek-results2014-08-22-114552.log [50792]
O44 - LFC:[MD5.45BE8FE0DC1B80619B58D3C39CADFA70] - 22/08/2014 - 09:02:02 ---A- . (...) -- C:\zoek-results2014-08-22-120202.log [7322]
O44 - LFC:[MD5.B5FE7DF63A42D86BAEDC173EC9B38089] - 26/08/2014 - 07:16:15 ---A- . (...) -- C:\zoek-results.log [2113]
~ Files: 18 Legitimates Filtered in 00mn 11s

---\\ Controlo do Modo de Segurança (CSB) (49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
~ CSB: 15 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:17/12/2013 - 06:59:26 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:17/12/2013 - 06:59:30 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624]
O58 - SDL:18/12/2013 - 06:11:04 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128448]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:08/10/2010 - 05:59:40 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [32768]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:05/08/2010 - 20:43:20 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [1001472]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:09/04/2014 - 22:21:02 ---A- . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [38216]
O58 - SDL:12/01/2002 - 12:30:34 ---A- . (.Beyond Logic [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - PortTalk - Beyond Logic I/O Port Driver.) -- C:\Windows\SysWOW64\drivers\PortTalk.sys [3567]
~ Drivers: 87 Legitimates Filtered in 00mn 03s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: OTM - (.OldTimer.)
~ ADS: Scanned in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- firefox.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.0D558E8C87F9E19B54A4838D117F99FC] [SPRF][20/08/2014] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.9D46D72131D0E36A79D4819F08EA0E0B] [SPRF][12/08/2014] (...) -- C:\Users\Administrador\Desktop\AdwCleaner.exe [1366203]
[MD5.C1D2EBEBC40491FD3C7E757A5AF27EAD] [SPRF][22/08/2014] (...) -- C:\Users\Administrador\Desktop\zoek.exe [1288704]
~ Files: 8 Legitimates Filtered in 00mn 00s

---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
~ BTK: 95 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 22/05/2012 253600 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 21/12/2012 277616 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 07/03/2014 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 05/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 13/08/2013 650320 | (VIVO INTERNET. RunOuc) . (...) - C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 17/11/2009 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SR - | Auto 27/11/2013 741360 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe
SR - | Demand 01/02/2012 994688 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 07/07/2014 72992 | (HPSupportSolutionsFrameworkService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
SR - | Auto 05/03/2012 35200 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SR - | Auto 06/02/2013 351824 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SR - | Auto 30/11/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 08/12/2011 607456 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 10/01/2012 161560 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 19/11/2013 132600 | (klnagent) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe
SR - | Auto 10/01/2012 277784 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 27/01/2013 239184 | (Mobile Broadband HL Service) . (...) - C:\ProgramData\MobileBrServ\mbbservice.exe
SR - | Auto 16/04/2009 69632 | (OCS INVENTORY) . (.http://www.ocsinventory-ng.org.) - C:\Program Files (x86)\OCS Inventory Agent\ocsservice.exe
SR - | Auto 06/06/2013 245832 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SR - | Auto 24/10/2012 360624 | (scpVista) . (.Banco Bradesco S.A..) - C:\Program Files (x86)\Scpad\scpVista.exe
SR - | Auto 27/04/2007 316992 | (SentinelKeysServer) . (.SafeNet, Inc..) - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
SR - | Auto 27/04/2007 206400 | (SentinelProtectionServer) . (.SafeNet, Inc.) - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
SR - | Auto 10/01/2012 363800 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 14/02/2012 2015968 | (uvnc_service) . (.UltraVNC.) - C:\Program Files (x86)\UltraVNC\WinVNC.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/06/2006 712704 | (winvnc) . (.UltraVNC.) - C:\Arquivos de programas\UltraVNC\WinVNC.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s

---\\ Scâner Aditional (088)
Database Version : 13026 - (25/08/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
~ Additionnel Scan: 213679 Items scanned in 00mn 29s

---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 3 Legitimates Filtered in 00mn 00s

---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s

~ 711 Legitimates filtered by white list
End of the scan (423 lines in 02mn 46s)(0)

por **Power Max** Ter 26 Ago 2014, 09:44

Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

computador - computador com malware baidu e outros 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

por suportevam Ter 26 Ago 2014, 10:38

Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by Administrador at 26/08/2014 10:26:45
High Elevated Privileges : OK
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 10s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
ELIMINÉ O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)

========== Valores do Registo ==========
ELIMINÉ RunValue: SynTPEnh

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (6) (27.549 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {62F3B6EE-C483-4671-AF4E-045FA98ED4A3}
ELIMINÉ: {C0BFA5F4-A538-4FB9-8A77-046F71CDAE7D}
ELIMINÉ: {C8DEE6F4-08EB-4513-8D50-228F5988B818}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
2 : Chaves do Registo
1 : Valores do Registo
1 : Pastas
5 : Ficheiros
3 : Tarefa planificada
1 : Restauração Sistema

End of clean in 00mn 47s

========== Caminho do ficheiro do relatório ==========
C:\Users\Administrador\AppData\Roaming\ZHP\ZHPFix[R1].txt - 26/08/2014 10:26:55 [1610]

por **Power Max** Ter 26 Ago 2014, 10:42

Como está o PC?

por suportevam Ter 26 Ago 2014, 10:50

ainda tem baidu no registro.

legacy_bprotect pale

por **Power Max** Ter 26 Ago 2014, 10:51

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao NCDiag para baixá-lo, tal como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório NCDiag.txt e poste em sua próxima resposta.

por suportevam Ter 26 Ago 2014, 10:58

~ ZDiag report NCDiag v2014.8.23.106 - Copyright ©2014 - Nicolas Coolman, All rights reserved
~ Location Report : C:\Users\Administrador\AppData\Roaming\ZHP\NCDiag.txt
~ Run by Administrador (26/08/2014 - 10:55:09)
~ Web site adress : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Version State : OK
~ White List : Deactivate by Program
~ User Account Control (UAC): Activate by user
~ Privilèges Elévation : OK

---\\ Internet Browsers
MSIE: Internet Explorer v10.0.9200.16686 (Default)
MFIE: Mozilla Firefox 26.0 (x86 pt-BR)

---\\ Windows Product Informations
~ Langage: Portugais
Microsoft Windows 7 Professional Edition Service Pack 1 (build 7601), 64-bit
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Informations
~ Operating System: 64 Bits
~ Boot Mode: Normal (Normal boot)
System Restore: Activé (Enable)
Total RAM: 3989 MB (57% free)

---\\ Connection to the system mode
~ Computer Name: : DDNBK001
~ User Name: : Administrador
~ All Users Names: : Administrador,Public,suporteti,Todos os Usuários,Usuário Padrão,
~ Logged in as Administrator

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (System) ( Free 80 Go of 122 Go)
D: Hard drive, Flash drive, Thumb drive ( Free 1 Go of 14 Go)
G: Hard drive, Flash drive, Thumb drive ( Free 251 Go of 328 Go)

---\\ System protection software
Windows Defender W7 (Activate)
Kaspersky Endpoint Security 10 para Windows v10.2.1.23
Malwarebytes Anti-Malware versão 1.75.0.1300
ESET Online Scanner v3

---\\ Environment variables
~ %SYSTEMDRIVE% = C:
~ %USERPROFILE% = C:\Users\Administrador
~ %APPDATA% = C:\Users\Administrador\AppData\Roaming
~ %DESKTOP% = C:\Users\Administrador\Desktop
~ %FAVORITES% = C:\Users\Administrador\Favorites
~ %LOCALAPPDATA% = C:\Users\Administrador\AppData\Local
~ %STARTMENU% = C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu
~ %WINDIR% = C:\Windows
~ %SYSTEM% = C:\Windows\System32
~ %PROGRAMFILES% = C:\Program Files (x86)

---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktop: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK
[HKLM\SOFTWARE\Microsoft\Security Center\svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\Explorer.exe [2871808]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (.Microsoft Corporation - Processo de host do Windows (Rundll32).) -- C:\Windows\System32\rundll32.exe [44544]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.535F6263035F2530A62D5D64EF6E73D3] - (.Microsoft Corporation - Internet Extensions para Win32.) -- C:\Windows\System32\wininet.dll [1767936]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) -- C:\Windows\System32\sppcomapi.dll [193536]

---\\ Process running
[MD5.C50911A387912D1397E777E24EFD36EB] - (.Hewlett-Packard Development Company, L.P. - SetDefault.) -- C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880]
[MD5.00000000000000000000000000000000] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe [0]
[MD5.00000000000000000000000000000000] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe [0]
[MD5.00000000000000000000000000000000] - (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe [0]
[MD5.766AE515B1749F2141E418CC6C08515B] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440]
[MD5.048EA4B978851788E9F5E8E4F081DF7A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904]
[MD5.913FF5A608DE6A2AB320EB919092049A] - (.UltraVNC - VNC server for Win32.) -- C:\Arquivos de programas\UltraVNC\WinVNC.exe [712704]
[MD5.8A3B69683E63808719D24E1C68C21CC7] - (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960]
[MD5.8192B2E274607D1D530F5C191698C544] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944]
[MD5.B8884ECCA59F09BF1C56087B66EA5F82] - (.Kaspersky Lab ZAO - Kaspersky Endpoint Security 10 for Windows.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe [741360]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432]
[MD5.D1E343BC00136CE03C4D403194D06A80] - (.Andrea Electronics Corporation - Andrea filters APO access service (64-bit).) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [98208]
[MD5.B8884ECCA59F09BF1C56087B66EA5F82] - (.Kaspersky Lab ZAO - Kaspersky Endpoint Security 10 for Windows.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe [741360]
[MD5.BAF12796292BDE195348C94BC53EDA09] - (.Microsoft Corporation - Microsoft Office Click-to-Run.) -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356912]
[MD5.C5A75EB48E2344ABDC162BDA79E16841] - (.Microsoft Corporation - .NET Runtime Optimization Service.) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384]
[MD5.C6F9AF94DCD58122A4D7E89DB6BED29D] - (.Microsoft Corporation - .NET Runtime Optimization Service.) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576]
[MD5.7FF1EE51F34F43D29C8E0633E966192E] - (.Hewlett-Packard Company - SolutionsFrameworkService.) -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [72992]
[MD5.2BEC76BDCD1BC080210325E7B5094834] - (.Hewlett-Packard Development Company, L.P. - HP Quick Launch WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [35200]
[MD5.749CED4E31ECB81F80C300390C167BBB] - (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe [351824]
[MD5.7D4B9A48430ED57ACA6373B71D5904CA] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] =>.Intel Corporation
[MD5.2D66067C7A8A0112156BCD1C0BAA7042] - (.Intel(R) Corporation - Intel(R) Capability Licensing Service Inter.) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe [607456] =>.Intel Corporation
[MD5.3628933AF5305EAB8173949BFF912F04] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560] =>.Intel Corporation
[MD5.E8FCD6D30CBE9849CCDB9E2BA8A427DF] - (.Kaspersky Lab ZAO - Kaspersky Security Center Network Agent.) -- C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe [132600]
[MD5.BF22ACF4CF3734D61357E67F0521BC03] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277784] =>.Intel Corporation
[MD5.862F0F2F0B4867C3A85C3AC27BBC631C] - (...) - C:\ProgramData\MobileBrServ\mbbservice.exe [239184]
[MD5.0E976FAAB3FC45A897FA1902B2ED92CF] - (.http://www.ocsinventory-ng.org - Open Computers and Software Inventory Agent.) -- C:\Program Files (x86)\OCS Inventory Agent\ocsservice.exe [69632]
[MD5.7CC532832D925390BC27AF6B97CAE63C] - (.Realtek Semiconductor - Realtek Audio Service.) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832]
[MD5.318706813FB613072A688F2653B0689F] - (.Banco Bradesco S.A. - scpVista.) -- C:\Program Files (x86)\Scpad\scpVista.exe [360624]
[MD5.731D9B3DE4BC0A3E0830B9BF9DBCE2A5] - (...) - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [316992]
[MD5.B097EBA0E3FEB020BB65FE43AF5ECCFF] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [363800] =>.Intel Corporation
[MD5.AC5E6B891A09D5A41EA7F72A5DF0A905] - (.UltraVNC - VNC server for win32.) -- C:\Program Files (x86)\UltraVNC\WinVNC.exe [2015968]
[MD5.577E7A8C05B252431305CC4FB118A142] - (...) - C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe [650320]
[MD5.913FF5A608DE6A2AB320EB919092049A] - (.UltraVNC - VNC server for Win32.) -- C:\Arquivos de programas\UltraVNC\WinVNC.exe [712704]

por suportevam Ter 26 Ago 2014, 10:59

---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\systempropertiesperformance.exe
~ 3 Internet Explorer Management found in 0 second(s)

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
M0 - MFSP: prefs.js [Administrador - mgfhn8kg.default] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
M3 - MFPP: Plugins - [Administrador] -- C:\Users\Administrador\AppData\Roaming\Mozilla\Firefox\Profiles\mgfhn8kg.default\hotfix-update
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape .) -- C:\Program Files (x86)\Mozilla FireFox\Plugins\nppdf32.dll
P2 - FPN: [HKLM] [@microsoft.com/GENUINE] - () -- C:\Windows\system32\Wat\npWatWeb.dll
~ 4 Mozilla Firefox Preference found in 0 second(s)

---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.© Microsoft Corp.
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.© Microsoft Corp.
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.© Microsoft Corp.
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.© Microsoft Corp.
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.© Microsoft Corp.
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.© Microsoft Corp.
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.© Microsoft Corp.
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.© Microsoft Corp.
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.© Microsoft Corp.
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) - C:\Windows\System32\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 0
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 0
~ 21 Internet Explorer Management found in 0 second(s)

---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
~ 4 Proxy Management found in 0 second(s)

---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File Scanned in 0 seconds
~ Nombre de lignes malwares (Malware Number Lines) : 0/21

---\\ Browser Helper Objects (O2)
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
O2 - BHO: CompSegIB [64Bits] - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (...) --
O2 - BHO: URLRedirectionBHO [64Bits] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
~ 4 Browser Helper Objects found in 0 second(s)

---\\ Other User Links (O4)
O4 - GS\TaskBar [Administrador]: HP Recommended.LNK . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
O4 - GS\Desktop [Administrador]: rede_geral (192.168.0.20).lnk . (...) -- \\192.168.0.20\rede_geral
O4 - GS\TaskBar [Public]: HP Recommended.LNK . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
O4 - GS\Desktop [Public]: rede_geral (192.168.0.20).lnk . (...) -- \\192.168.0.20\rede_geral
O4 - GS\TaskBar [suporteti]: HP Recommended.LNK . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
O4 - GS\Desktop [suporteti]: rede_geral (192.168.0.20).lnk . (...) -- \\192.168.0.20\rede_geral
O4 - GS\TaskBar [Todos os Usuários]: HP Recommended.LNK . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
O4 - GS\Desktop [Todos os Usuários]: rede_geral (192.168.0.20).lnk . (...) -- \\192.168.0.20\rede_geral
O4 - GS\TaskBar [Usuário Padrão]: HP Recommended.LNK . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
O4 - GS\Desktop [Usuário Padrão]: rede_geral (192.168.0.20).lnk . (...) -- \\192.168.0.20\rede_geral
O4 - GS\Desktop [Public]: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe
O4 - GS\Desktop [Public]: SAP Logon.lnk . (...) -- C:\Program Files (x86)\SAP\SapSetup\setup\SAL\SapLogon.s8l
O4 - GS\Desktop [Public]: Softphone.lnk . (.Avaya - Softphone.) -- C:\Program Files (x86)\Avaya\Softphone\IPOfficeSoftphone.exe
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) -- C:\Windows\system32\mspaint.exe
~ 14 Browser Shortcut Redirection found in 0 second(s)

---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [SetDefault] . (.Hewlett-Packard Development Company, L.P. - SetDefault.) -- C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
O4 - HKLM\..\Run: [IgfxTray] . (...) -- C:\Windows\system32\igfxtray.exe (.not file.)
O4 - HKLM\..\Run: [HotKeysCmds] . (...) -- C:\Windows\system32\hkcmd.exe (.not file.)
O4 - HKLM\..\Run: [Persistence] . (...) -- C:\Windows\system32\igfxpers.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [WinVNC] . (.UltraVNC - VNC server for Win32.) -- C:\Arquivos de programas\UltraVNC\WinVNC.exe
O4 - HKLM\..\Wow6432Node\Run: [HPOSD] . (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Endpoint Security 10 for Windows.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [mctadmin] . (...) -- C:\Windows\System32\mctadmin.exe (.not file.)
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [mctadmin] . (...) -- C:\Windows\System32\mctadmin.exe (.not file.)
~ 14 Running Process found in 0 second(s)

---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Provedor de Correção de Nomeação de Emails.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Provedor de serviços do Microsoft Windows S.) -- C:\Windows\System32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\System32\winrnr.dll
~ 6 Winsock hijacker scanned in 0 second(s)

---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{3E7E49A5-20CA-4FE4-B2C2-0016F632E2E9}: DhcpNameServer = 192.168.0.23 192.168.0.10
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{DBAA4707-9895-4037-997B-1428D10AFA4F}: DhcpNameServer = 192.168.0.23 192.168.0.10
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{EE0547D1-2A25-4295-BCCE-831B7B16378A}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{3E7E49A5-20CA-4FE4-B2C2-0016F632E2E9}: DhcpDomain = delga.com.br
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{DBAA4707-9895-4037-997B-1428D10AFA4F}: DhcpDomain = delga.com.br
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\..\{3E7E49A5-20CA-4FE4-B2C2-0016F632E2E9}: DhcpNameServer = 192.168.0.23 192.168.0.10
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\..\{DBAA4707-9895-4037-997B-1428D10AFA4F}: DhcpNameServer = 192.168.0.23 192.168.0.10
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\..\{EE0547D1-2A25-4295-BCCE-831B7B16378A}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\..\{3E7E49A5-20CA-4FE4-B2C2-0016F632E2E9}: DhcpDomain = delga.com.br
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\..\{DBAA4707-9895-4037-997B-1428D10AFA4F}: DhcpDomain = delga.com.br
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\..\{3E7E49A5-20CA-4FE4-B2C2-0016F632E2E9}: DhcpNameServer = 192.168.0.23 192.168.0.10
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\..\{DBAA4707-9895-4037-997B-1428D10AFA4F}: DhcpNameServer = 192.168.0.23 192.168.0.10
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\..\{EE0547D1-2A25-4295-BCCE-831B7B16378A}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\..\{3E7E49A5-20CA-4FE4-B2C2-0016F632E2E9}: DhcpDomain = delga.com.br
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\..\{DBAA4707-9895-4037-997B-1428D10AFA4F}: DhcpDomain = delga.com.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = delga.com.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.23 192.168.0.10
~ 17 DNS scanned in 0 second(s)

---\\ Extra protocols (O18)
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.© Microsoft Corporation
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\system32\urlmon.dll =>.© Microsoft Corporation
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Controle ActiveX para streaming de vídeo.) -- C:\Windows\System32\msvidctl.dll =>.© Microsoft Corporation
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\system32\urlmon.dll =>.© Microsoft Corporation
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\system32\urlmon.dll =>.© Microsoft Corporation
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\system32\urlmon.dll =>.© Microsoft Corporation
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\system32\urlmon.dll =>.© Microsoft Corporation
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.© Microsoft Corporation
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.© Microsoft Corporation
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\system32\urlmon.dll =>.© Microsoft Corporation
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.© Microsoft Corporation
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\system32\inetcomm.dll =>.© Microsoft Corporation
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\system32\urlmon.dll =>.© Microsoft Corporation
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.© Microsoft Corporation
O18 - Handler: osf [64Bits] - {D924BDC6-C83A-4BD5-90D0-095128A113D1} . (.Microsoft Corporation - Microsoft Office 2013 component.) -- C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL =>.© Microsoft Corporation
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.© Microsoft Corporation
O18 - Handler: saphtmlp [64Bits] - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} . (.SAP, Walldorf - SAP HTML Pluggable Protocol.) -- c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll
O18 - Handler: sapr3 [64Bits] - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} . (.SAP, Walldorf - SAP HTML Pluggable Protocol.) -- c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Controle ActiveX para streaming de vídeo.) -- C:\Windows\System32\msvidctl.dll =>.© Microsoft Corporation
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.© Microsoft Corporation
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.© Microsoft Corporation
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.© Microsoft Corporation
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.© Microsoft Corporation
~ 23 Protocols scanned in 0 second(s)

por suportevam Ter 26 Ago 2014, 10:59

---\\ ShellServiceObjectDelayLoad (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.... -- Clé orphelineWebCheck Contrôleur de site Web =>.WebCheck Contrôleur de site Web
O21 - SSO: Bluetooth Authentication Agent SSO - {F08C5AC2-E722-4116-ADB7-CE41B527994B} . (.Microsoft Corporation - Miniaplicativo do Painel de Controle do Blu.) -- C:\Windows\System32\bthprops.cpl =>.Bluetooth Authentication
O21 - SSO: HomeGroup SSO - {ff363bfe-4941-4179-a81c-f3f1ca72d820} . (.Microsoft Corporation - Painel de Controle do Grupo Doméstico.) -- C:\Windows\System32\hgcpl.dll =>.HomeGroup ShellServiceObject
~ 3 SSODL/SSO scanned in 0 second(s)

---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) . (.Andrea Electronics Corporation - Andrea filters APO access service (64-bit).) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: Serviço do Kaspersky Endpoint Security (AVP) . (.Kaspersky Lab ZAO - Kaspersky Endpoint Security 10 for Windows.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) . (.Hewlett-Packard Company - SolutionsFrameworkService.) -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: HPWMISVC (HPWMISVC) . (.Hewlett-Packard Development Company, L.P. - HP Quick Launch WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: HWDeviceService64.exe (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) . (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation - Intel(R) Capability Licensing Service Inter.) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) . (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: Kaspersky Lab Network Agent (klnagent) . (.Kaspersky Lab ZAO - Kaspersky Security Center Network Agent.) -- C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) . (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mobile Broadband HL Service (Mobile Broadband HL Service) . (...) - C:\ProgramData\MobileBrServ\mbbservice.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) . (...) - C:\Windows\system32\lsass.exe (.not file.)
O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) . (.http://www.ocsinventory-ng.org - Open Computers and Software Inventory Agent.) -- C:\Program Files (x86)\OCS Inventory Agent\ocsservice.exe
O23 - Service: Realtek Audio Service (RtkAudioService) . (.Realtek Semiconductor - Realtek Audio Service.) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: scpVista (scpVista) . (.Banco Bradesco S.A. - scpVista.) -- C:\Program Files (x86)\Scpad\scpVista.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) . (...) - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) . (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: uvnc_service (uvnc_service) . (.UltraVNC - VNC server for win32.) -- C:\Program Files (x86)\UltraVNC\WinVNC.exe
O23 - Service: VIVO INTERNET. OUC (VIVO INTERNET. RunOuc) . (...) - C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe
O23 - Service: VNC Server (winvnc) . (.UltraVNC - VNC server for Win32.) -- C:\Arquivos de programas\UltraVNC\WinVNC.exe
~ 21 Services found in 1 second(s)

---\\ Session Manager Key (AppCertDlls,KnownDLLs) (O36)
O36 - KnownDLLs: (clbcatq) . (.Microsoft Corporation - COM+ Configuration Catalog.) -- C:\Windows\System32\clbcatq.dll =>.© Microsoft Corporation
O36 - KnownDLLs: (ole32) . (.Microsoft Corporation - Microsoft OLE para Windows e Windows NT.) -- C:\Windows\System32\ole32.dll =>.© Microsoft Corporation
O36 - KnownDLLs: (advapi32) . (.Microsoft Corporation - API de base do Windows 32 avançada.) -- C:\Windows\System32\advapi32.dll =>.© Microsoft Corporation
O36 - KnownDLLs: (COMDLG32) . (.Microsoft Corporation - DLL de diálogos comuns.) -- C:\Windows\System32\COMDLG32.dll =>.© Microsoft Corporation
O36 - KnownDLLs: (gdi32) . (.Microsoft Corporation - GDI Client DLL.) -- C:\Windows\System32\gdi32.dll =>.© Microsoft Corporation
O36 - KnownDLLs: (IERTUTIL) . (.Microsoft Corporation - Run time utility for Internet Explorer.) -- C:\Windows\System32\IERTUTIL.dll =>.© Microsoft Corporation
O36 - KnownDLLs: (IMAGEHLP) . (.Microsoft Corporation - Windows NT Image Helper.) -- C:\Windows\System32\IMAGEHLP.dll =>.© Microsoft Corporation
O36 - KnownDLLs: (IMM32) . (.Microsoft Corporation - Multi-User Windows IMM32 API Client DLL.) -- C:\Windows\System32\IMM32.dll =>.© Microsoft Corporation
O36 - KnownDLLs: (kernel32) . (.Microsoft Corporation - DLL cliente da API BASE do Windows NT.) -- C:\Windows\System32\kernel32.dll =>.© Microsoft Corporation
O36 - KnownDLLs: (LPK) . (.Microsoft Corporation - Language Pack.) -- C:\Windows\System32\LPK.dll =>.© Microsoft Corporation
O36 - KnownDLLs: (MSCTF) . (.Microsoft Corporation - DLL de servidor MSCTF.) -- C:\Windows\System32\MSCTF.dll =>.© Microsoft Corporation
O36 - KnownDLLs: (MSVCRT) . (.Microsoft Corporation - Windows NT CRT DLL.) -- C:\Windows\System32\MSVCRT.dll =>.© Microsoft Corporation
O36 - KnownDLLs: (NORMALIZ) . (.Microsoft Corporation - Unicode Normalization DLL.) -- C:\Windows\System32\NORMALIZ.dll =>.© Microsoft Corporation
O36 - KnownDLLs: (NSI) . (.Microsoft Corporation - NSI User-mode interface DLL.) -- C:\Windows\System32\NSI.dll =>.© Microsoft Corporation
O36 - KnownDLLs: (OLEAUT32) . (...) -- C:\Windows\System32\OLEAUT32.dll =>.© Microsoft Corporation
O36 - KnownDLLs: (rpcrt4) . (.Microsoft Corporation - Tempo de Execução da Chamada de Procediment.) -- C:\Windows\System32\rpcrt4.dll =>.© Microsoft Corporation
O36 - KnownDLLs: (sechost) . (.Microsoft Corporation - Host for SCM/SDDL/LSA Lookup APIs.) -- C:\Windows\System32\sechost.dll =>.© Microsoft Corporation
O36 - KnownDLLs: (Setupapi) . (.Microsoft Corporation - API de instalação do Windows.) -- C:\Windows\System32\Setupapi.dll =>.© Microsoft Corporation
O36 - KnownDLLs: (SHELL32) . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\Windows\System32\SHELL32.dll =>.© Microsoft Corporation
O36 - KnownDLLs: (SHLWAPI) . (.Microsoft Corporation - Biblioteca de utilitário abreviado para She.) -- C:\Windows\System32\SHLWAPI.dll =>.© Microsoft Corporation
O36 - KnownDLLs: (URLMON) . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\URLMON.dll =>.© Microsoft Corporation
O36 - KnownDLLs: (user32) . (.Microsoft Corporation - DLL de cliente API de usuário Windows para .) -- C:\Windows\System32\user32.dll =>.© Microsoft Corporation
O36 - KnownDLLs: (USP10) . (.Microsoft Corporation - Uniscribe Unicode script processor.) -- C:\Windows\System32\USP10.dll =>.© Microsoft Corporation
O36 - KnownDLLs: (WININET) . (.Microsoft Corporation - Internet Extensions para Win32.) -- C:\Windows\System32\WININET.dll =>.© Microsoft Corporation
O36 - KnownDLLs: (WLDAP32) . (.Microsoft Corporation - DLL da API LDAP Win32.) -- C:\Windows\System32\WLDAP32.dll =>.© Microsoft Corporation
O36 - KnownDLLs: (WS2_32) . (.Microsoft Corporation - DLL de 32 bits do Windows Socket 2.0.) -- C:\Windows\System32\WS2_32.dll =>.© Microsoft Corporation
O36 - KnownDLLs: (DifxApi) . (.Microsoft Corporation - Driver Install Frameworks for API library m.) -- C:\Windows\System32\difxapi.dll =>.© Microsoft Corporation
~ 27 Session Manager Keys scanned in 0 second(s)

---\\ Task Planned Automatically (039)
O39 - APT: (Orphean) - (...) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [902]
O39 - APT: (Orphean) - (...) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: (Orphean) - (...) -- C:\Windows\Tasks\HPCeeScheduleForgabriela.richter.job [376]
O39 - APT: (Orphean) - (...) -- C:\Windows\System32\Tasks\HPCeeScheduleForgabriela.richter [376]
~ 4 Scheduled Tasks found in 1 second(s)

---\\ ActiveSetup Installed Components (O40)
O40 - ASIC: Microsoft Windows Media Player [64Bit] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\system32\wmploc.dll =>.© Microsoft Corporation
O40 - ASIC: Themes Setup [64Bit] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\Windows\system32\themeui.dll =>.© Microsoft Corporation
O40 - ASIC: Microsoft Windows Media Player [64Bit] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\system32\wmploc.dll =>.© Microsoft Corporation
O40 - ASIC: Windows Desktop Update [64Bit] - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\Windows\system32\shell32.dll =>.© Microsoft Corporation
O40 - ASIC: Web Platform Customizations [64Bit] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do .) -- C:\Windows\System32\ie4uinit.exe =>.© Microsoft Corporation
~ 5 ActiveSetup scanned in 0 second(s)

---\\ Drivers launched at startup (O41)
O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys =>.© Microsoft
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\drivers\blbdrive.sys =>.© Microsoft
O41 - Driver: Driver de CD-ROM (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\DRIVERS\cdrom.sys =>.© Microsoft
O41 - Driver: C:\Windows\system32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\system32\drivers\csc.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys =>.© Microsoft
O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\system32\drivers\discache.sys =>.© Microsoft
O41 - Driver: DAEMON Tools Virtual Bus Driver (dtsoftbus01) . (.Disc Soft Ltd - DAEMON Tools Virtual Bus Driver.) - C:\Windows\system32\DRIVERS\dtsoftbus01.sys
O41 - Driver: Kaspersky Lab KLFltDev (KLFLTDEV) . (.Kaspersky Lab ZAO - Klfltdev Pnp device filter [fre_wlh_amd64].) - C:\Windows\system32\DRIVERS\klfltdev.sys
O41 - Driver: Kaspersky Lab Driver (KLIF) . (.Kaspersky Lab ZAO - Klif Mini-Filter [fre_wlh_x64].) - C:\Windows\system32\DRIVERS\klif.sys
O41 - Driver: Kaspersky Anti-Virus NDIS 6 Filter (KLIM6) . (.Kaspersky Lab ZAO - Kaspersky Lab Intermediate Network Driver.) - C:\Windows\system32\DRIVERS\klim6.sys
O41 - Driver: kltdi (kltdi) . (.Kaspersky Lab ZAO - Network filtering component.) - C:\Windows\system32\DRIVERS\kltdi.sys
O41 - Driver: kneps (kneps) . (.Kaspersky Lab ZAO - KNEPS Power.) - C:\Windows\system32\DRIVERS\kneps.sys
O41 - Driver: Link-Layer Topology Discovery Mapper I/O Driver (lltdio) . (.Microsoft Corporation - Link-Layer Topology Mapper I/O Driver.) - C:\Windows\system32\DRIVERS\lltdio.sys =>.© Microsoft
O41 - Driver: C:\Windows\system32\drivers\luafv.sys (luafv) . (.Microsoft Corporation - Driver do Filtro de Virtualização do Arquiv.) - C:\Windows\system32\drivers\luafv.sys =>.© Microsoft
O41 - Driver: Driver de BIOS de Gerenciamento de Sistema Microsoft (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys =>.© Microsoft
O41 - Driver: NetBIOS Interface (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys =>.© Microsoft
O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys =>.© Microsoft
O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys =>.© Microsoft
O41 - Driver: PEAUTH (PEAUTH) . (.Microsoft Corporation - Protected Environment Authentication and Au.) - C:\Windows\system32\drivers\peauth.sys =>.© Microsoft
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Agendador de pacotes de serviço.) - C:\Windows\system32\DRIVERS\pacer.sys =>.© Microsoft
O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Driver do Subsistema de Buffer da Unidade R.) - C:\Windows\system32\DRIVERS\rdbss.sys =>.© Microsoft
O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys =>.© Microsoft
O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys =>.© Microsoft
O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\system32\drivers\rdprefmp.sys =>.© Microsoft
O41 - Driver: Link-Layer Topology Discovery Responder (rspndr) . (.Microsoft Corporation - Link-Layer Topology Responder Driver for ND.) - C:\Windows\system32\DRIVERS\rspndr.sys =>.© Microsoft
O41 - Driver: Sentinel64 (Sentinel64) . (.SafeNet, Inc. - Sentinel System Driver (NT Parallel x64 dri.) - C:\Windows\System32\Drivers\Sentinel64.sys
O41 - Driver: TCP/IP Registry Compatibility (tcpipreg) . (.Microsoft Corporation - TCP/IP Registry Compatibility Driver.) - C:\Windows\system32\drivers\tcpipreg.sys =>.© Microsoft
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys =>.© Microsoft
O41 - Driver: Driver de dispositivo de terminal (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys =>.© Microsoft
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\System32\drivers\vga.sys =>.© Microsoft
O41 - Driver: Virtual PC Network Filter Driver (vpcnfltr) . (.Microsoft Corporation - Virtual PC Network Filter Driver.) - C:\Windows\system32\DRIVERS\vpcnfltr.sys =>.© Microsoft
O41 - Driver: C:\Windows\system32\drivers\vpcvmm.sys (vpcvmm) . (.Microsoft Corporation - Monitor da Máquina Virtual do Virtual PC.) - C:\Windows\system32\drivers\vpcvmm.sys =>.© Microsoft
O41 - Driver: Virtual WiFi Filter Driver (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\system32\DRIVERS\vwififlt.sys
O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys =>.© Microsoft
O41 - Driver: WFP Lightweight Filter (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\system32\DRIVERS\wfplwf.sys =>.© Microsoft
~ 35 Running Drivers scanned in 0 second(s)

por Conteúdo patrocinado

computador com malware baidu e outros

computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

(RESOLVIDO) computador com malware baidu e outros

(RESOLVIDO) computador com malware baidu e outros

(RESOLVIDO) computador com malware baidu e outros

Re: computador com malware baidu e outros

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30