(RESOLVIDO) computador com malware baidu e outros

por suportevam Ter 26 Ago 2014, 11:00

---\\ Software installed (O42)
O42 - Logiciel: 7-Zip 9.20 - (...) [HKLM] [64Bits] -- 7-Zip
O42 - Logiciel: DAEMON Tools Lite - (.Disc Soft Ltd.) [HKLM] [64Bits] -- DAEMON Tools Lite
O42 - Logiciel: Instalação do DivX - (.DivX, LLC.) [HKLM] [64Bits] -- DivX Setup
O42 - Logiciel: ESET Online Scanner v3 - (...) [HKLM] [64Bits] -- ESET Online Scanner
O42 - Logiciel: CyberLink YouCam - (.CyberLink Corp..) [HKLM] [64Bits] -- InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D} =>.© CyberLink Corp.
O42 - Logiciel: Kaspersky Security Center Network Agent - (.Kaspersky Lab.) [HKLM] [64Bits] -- InstallWIX_{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5}
O42 - Logiciel: Malwarebytes Anti-Malware versão 1.75.0.1300 - (.Malwarebytes Corporation.) [HKLM] [64Bits] -- Malwarebytes' Anti-Malware_is1 =>.© Malwarebytes Corporation
O42 - Logiciel: Mozilla Firefox 26.0 (x86 pt-BR) - (.Mozilla.) [HKLM] [64Bits] -- Mozilla Firefox 26.0 (x86 pt-BR) =>.© Mozilla
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] [64Bits] -- MozillaMaintenanceService =>.© Mozilla
O42 - Logiciel: OCS Inventory Agent 4.0.5.4 - (.OCS Inventory NG Team.) [HKLM] [64Bits] -- OCS Inventory Agent
O42 - Logiciel: SAP GUI for Windows 7.20 - (.SAP.) [HKLM] [64Bits] -- SAPGUI710
O42 - Logiciel: UltraVnc - (.uvnc bvba.) [HKLM] [64Bits] -- Ultravnc2_is1
O42 - Logiciel: VIVO INTERNET - (.Huawei Technologies Co.,Ltd.) [HKLM] [64Bits] -- VIVO INTERNET
O42 - Logiciel: WinRAR 4.20 (32-bit) - (.win.rar GmbH.) [HKLM] [64Bits] -- WinRAR archiver =>.© win.rar GmbH
O42 - Logiciel: WorldUnlock Codes Calculator - (...) [HKLM] [64Bits] -- WorldUnlock Codes Calculator
O42 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] [64Bits] -- ZHPDiag_is1 =>.© Nicolas Coolman
O42 - Logiciel: CyberLink YouCam - (.CyberLink Corp..) [HKLM] [64Bits] -- {01FB4998-33C4-4431-85ED-079E3EEFE75D} =>.© CyberLink Corp.
O42 - Logiciel: HP Customer Experience Enhancements - (.Hewlett-Packard.) [HKLM] [64Bits] -- {07FA4960-B038-49EB-891B-9F95930AA544} =>.© Hewlett-Packard
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] [64Bits] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989} =>.© Microsoft Corporation
O42 - Logiciel: Java 7 Update 25 - (.Oracle.) [HKLM] [64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83217025FF} =>.© Oracle
O42 - Logiciel: Softphone - (.Avaya.) [HKLM] [64Bits] -- {355F7877-5D18-40D8-AD5E-966516A82A63}
O42 - Logiciel: opensource - (.Your Company Name.) [HKLM] [64Bits] -- {3677D4D8-E5E0-49FC-B86E-06541CF00BBE}
O42 - Logiciel: Controle ActiveX do Windows Live Mesh para Conexões Remotas - (.Microsoft Corporation.) [HKLM] [64Bits] -- {39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9} =>.© Microsoft Corporation
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM] [64Bits] -- {3E29EE6C-963A-4aae-86C1-DC237C4A49FC} =>.© Intel Corporation
O42 - Logiciel: HP Setup - (.Hewlett-Packard Company.) [HKLM] [64Bits] -- {438363A8-F486-4C37-834C-4955773CB3D3} =>.© Hewlett-Packard Company
O42 - Logiciel: MSXML4.0 redistributable - (.SAP.) [HKLM] [64Bits] -- {44D66AD9-AE19-4AFD-BE7E-A1B44C856697}
O42 - Logiciel: Java Auto Updater - (.Sun Microsystems, Inc..) [HKLM] [64Bits] -- {4A03706F-666A-4037-7777-5F2748764D10} =>.© Sun Microsystems, Inc.
O42 - Logiciel: HP Documentation - (.Hewlett-Packard.) [HKLM] [64Bits] -- {4FAC8FE6-7EB2-47FF-A1FE-572E00EDB340} =>.© Hewlett-Packard
O42 - Logiciel: HP Quick Launch - (.Hewlett-Packard Company.) [HKLM] [64Bits] -- {53B17A98-5BF0-40BC-AAFF-850A357975AC} =>.© Hewlett-Packard Company
O42 - Logiciel: swMSM - (.Adobe Systems, Inc.) [HKLM] [64Bits] -- {612C34C7-5E90-47D8-9B5C-0F717DD82726} =>.© Adobe Systems, Inc
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM] [64Bits] -- {65153EA5-8B6E-43B6-857B-C6E4FC25798A} =>.© Intel Corporation
O42 - Logiciel: ESU for Microsoft Windows 7 SP1 - (.Hewlett-Packard.) [HKLM] [64Bits] -- {7DA9DD7F-F4D9-40FB-BD27-69B7731DEDD9} =>.© Hewlett-Packard
O42 - Logiciel: HP Power Manager - (.Hewlett-Packard Company.) [HKLM] [64Bits] -- {7E799992-5DA0-4A1A-9443-B1836B063FEC} =>.© Hewlett-Packard Company
O42 - Logiciel: IP Office Admin Suite - (.Avaya.) [HKLM] [64Bits] -- {87D14E59-B662-41AF-8D46-A70B44B00177}
O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM] [64Bits] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476} =>.© Realtek
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] [64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} =>.© Microsoft Corporation
O42 - Logiciel: Evernote v. 4.5.2 - (.Evernote Corp..) [HKLM] [64Bits] -- {8CE152BA-1D16-11E1-867D-984BE15F174E}
O42 - Logiciel: Office 15 Click-to-Run Extensibility Component - (.Microsoft Corporation.) [HKLM] [64Bits] -- {90150000-008C-0000-0000-0000000FF1CE} =>.© Microsoft Corporation
O42 - Logiciel: Office 15 Click-to-Run Localization Component - (.Microsoft Corporation.) [HKLM] [64Bits] -- {90150000-008C-0416-0000-0000000FF1CE} =>.© Microsoft Corporation
O42 - Logiciel: VC80CRTRedist - 8.0.50727.6195 - (.DivX, Inc.) [HKLM] [64Bits] -- {933B4015-4618-4716-A828-5289FC03165F}
O42 - Logiciel: Microsoft redistributable runtime DLLs VS2008 SP1(x86) - (.SAP AG.) [HKLM] [64Bits] -- {A47A9101-6EB5-4314-BDA1-297880FBB908}
O42 - Logiciel: UltraVNC v1.0.2 - (.UltraVNC.) [HKLM] [64Bits] -- {A8AD990E-355A-4413-8647-A9B168978423}_is1
O42 - Logiciel: Adobe Reader XI (11.0.08) - Português - (.Adobe Systems Incorporated.) [HKLM] [64Bits] -- {AC76BA86-7AD7-1046-7B44-AB0000000001} =>.© Adobe Systems Incorporated
O42 - Logiciel: Kaspersky Security Center Network Agent - (.Kaspersky Lab.) [HKLM] [64Bits] -- {BCF4CF24-88AB-45E1-A6E6-40C8278A70C5}
O42 - Logiciel: Realtek PCIE Card Reader - (.Realtek Semiconductor Corp..) [HKLM] [64Bits] -- {C1594429-8296-4652-BF54-9DBE4932A44C} =>.© Realtek Semiconductor Corp.
O42 - Logiciel: HP Support Solutions Framework - (.Hewlett-Packard Company.) [HKLM] [64Bits] -- {C43602FE-988C-47BA-9F9F-B95FDDAFB624} =>.© Hewlett-Packard Company
O42 - Logiciel: vcredist_x86 - (.SAP.) [HKLM] [64Bits] -- {CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}
O42 - Logiciel: HP Recovery Manager - (.Hewlett-Packard.) [HKLM] [64Bits] -- {DBCD5E64-7379-4648-9444-8A6558DCB614} =>.© Hewlett-Packard
O42 - Logiciel: HP On Screen Display - (.Hewlett-Packard Company.) [HKLM] [64Bits] -- {ED1BD69A-07E3-418C-91F1-D856582581BF} =>.© Hewlett-Packard Company
O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM] [64Bits] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} =>.© Intel Corporation
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] [64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} =>.© Realtek Semiconductor Corp.
O42 - Logiciel: Freedom Scientific Synthesizer Eloquence - (.Freedom Scientific.) [HKLM] [64Bits] -- {F4DA19E5-A560-4313-8623-3493DCE3C681}
O42 - Logiciel: Intel(R) Control Center - (.Intel Corporation.) [HKLM] [64Bits] -- {F8A9085D-4C7A-41a9-8A77-C8998A96C421} =>.© Intel Corporation
O42 - Logiciel: Intel(R) OpenCL CPU Runtime - (.Intel Corporation.) [HKLM] [64Bits] -- {FCB3772C-B7D0-4933-B1A9-3707EBACC573} =>.© Intel Corporation
O42 - Logiciel: HP Software Framework - (.Hewlett-Packard Company.) [HKLM] [64Bits] -- {FEDCBEE7-EB9D-42F6-939C-20781814ECFB} =>.© Hewlett-Packard Company
O42 - Logiciel: Adobe Flash Player 11 ActiveX 64-bit - (.Adobe Systems Incorporated.) [HKLM]-- Adobe Flash Player ActiveX =>.© Adobe Systems Incorporated
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM]-- CCleaner =>.© Piriform
O42 - Logiciel: CutePDF Writer 2.8 - (...) [HKLM]-- CutePDF Writer Installation
O42 - Logiciel: Microsoft Office Home and Business 2013 - pt-br - (.Microsoft Corporation.) [HKLM]-- HomeBusinessRetail - pt-br =>.© Microsoft Corporation
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM]-- Microsoft .NET Framework 4 Client Profile =>.© Microsoft Corporation
O42 - Logiciel: Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) - (.Microsoft Corporation.) [HKLM]-- Microsoft .NET Framework 4 Client Profile PTB Language Pack =>.© Microsoft Corporation
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM]-- SynTPDeinstKey =>.© Synaptics Incorporated
O42 - Logiciel: Kaspersky Endpoint Security 10 para Windows - (.Kaspersky Lab.) [HKLM]-- {04CF7FBD-E56C-446D-8FC9-DD444BDBEE8E}
O42 - Logiciel: Freedom Scientific XQilla 2.0 - (.Freedom Scientific.) [HKLM]-- {283F4698-9A83-4D53-976C-0A6D29ACC6E7}
O42 - Logiciel: Freedom Scientific Braille - (.Freedom Scientific.) [HKLM]-- {2AD45E41-2EA5-485E-81C7-9CE47A1D5BC3}
O42 - Logiciel: HP Security Assistant - (.Hewlett-Packard Company.) [HKLM]-- {42719DC3-4982-47DD-B025-B21C4BDD504D} =>.© Hewlett-Packard Company
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM]-- {4B6C7001-C7D6-3710-913E-5BC23FCE91E6} =>.© Microsoft Corporation
O42 - Logiciel: Freedom Scientific WOW64 Proxy - (.Freedom Scientific.) [HKLM]-- {5691110B-7FF5-4622-95FC-63AF49E4C4EB}
O42 - Logiciel: HP Launch Box - (.Hewlett-Packard Company.) [HKLM]-- {5A847522-375C-4D05-BD3D-88C450CC047F} =>.© Hewlett-Packard Company
O42 - Logiciel: Intel® Trusted Connect Service Client - (.Intel Corporation.) [HKLM]-- {6199B534-A1B6-46ED-873B-97B0ECF8F81E} =>.© Intel Corporation
O42 - Logiciel: Freedom Scientific UIAHooks 1.0 - (.Freedom Scientific.) [HKLM]-- {6C654742-DA97-4B78-B1CA-A0859A9B1243}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 - (.Microsoft Corporation.) [HKLM]-- {8220EEFE-38CD-377E-8595-13398D740ACE} =>.© Microsoft Corporation
O42 - Logiciel: Freedom Scientific Document Server - (.Freedom Scientific.) [HKLM]-- {8E508198-1782-4ABD-AB02-246357C7AF41}
O42 - Logiciel: Office 15 Click-to-Run Licensing Component - (.Microsoft Corporation.) [HKLM]-- {90150000-008F-0000-1000-0000000FF1CE} =>.© Microsoft Corporation
O42 - Logiciel: Freedom Scientific FSRibbonSrv 1.0 - (.Freedom Scientific.) [HKLM]-- {9FDFA3D9-C04C-4123-811D-DBD3F574F431}
O42 - Logiciel: Freedom Scientific Utilities - (.Freedom Scientific.) [HKLM]-- {A334FFCA-53ED-4C84-9A60-48CA885382AB}
O42 - Logiciel: Freedom Scientific Synth - (.Freedom Scientific.) [HKLM]-- {A82CCA82-3219-42A5-9AF4-E29F56D02E36}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable (x64) - (.Microsoft Corporation.) [HKLM]-- {ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} =>.© Microsoft Corporation
O42 - Logiciel: Freedom Scientific Elevation - (.Freedom Scientific.) [HKLM]-- {AF6A5953-FE5F-451C-BD86-D0EB3F76A6E0}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile PTB Language Pack - (.Microsoft Corporation.) [HKLM]-- {B7693CDE-074B-301C-9584-FC4343696C8B} =>.© Microsoft Corporation
O42 - Logiciel: HP Auto - (.Hewlett-Packard Company.) [HKLM]-- {CC4D56B7-6F18-470B-8734-ABCD75BCF4F1} =>.© Hewlett-Packard Company
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM]-- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} =>.© Microsoft Corporation
~ 82 Softwares scanned in 0 second(s)

---\\ HKCU & HKLM Software Registry Keys
HKLM\SOFTWARE\Acro Software Inc
HKLM\SOFTWARE\Atheros =>.© Atheros
HKLM\SOFTWARE\ATI Technologies =>.© ATI Technologies
HKLM\SOFTWARE\CBSTEST
HKLM\SOFTWARE\CXT
HKLM\SOFTWARE\Cyberlink =>.© Cyberlink
HKLM\SOFTWARE\DivX
HKLM\SOFTWARE\Freedom Scientific
HKLM\SOFTWARE\HaaliMkx
HKLM\SOFTWARE\Hewlett-Packard =>.© Hewlett-Packard
HKLM\SOFTWARE\HPQ
HKLM\SOFTWARE\Huawei technologies
HKLM\SOFTWARE\InstalledOptions
HKLM\SOFTWARE\Intel =>.© Intel
HKLM\SOFTWARE\Khronos
HKLM\SOFTWARE\LEXMARK
HKLM\SOFTWARE\Macromedia =>.© Macromedia
HKLM\SOFTWARE\Microsoft =>.© Microsoft
HKLM\SOFTWARE\Mozilla =>.© Mozilla
HKLM\SOFTWARE\MozillaPlugins =>.© MozillaPlugins
HKLM\SOFTWARE\ODBC
HKLM\SOFTWARE\Piriform =>.© Piriform
HKLM\SOFTWARE\Realtek =>.© Realtek
HKLM\SOFTWARE\Realtek Semiconductor Corp. =>.© Realtek Semiconductor Corp.
HKLM\SOFTWARE\RTLSetup
HKLM\SOFTWARE\SAMSUNG =>.© SAMSUNG
HKLM\SOFTWARE\Sonic
HKLM\SOFTWARE\SRS Labs =>.© SRS Labs
HKLM\SOFTWARE\Synaptics =>.© Synaptics
HKLM\SOFTWARE\Wow6432Node\7-Zip
HKLM\SOFTWARE\Wow6432Node\Acro Software Inc
HKLM\SOFTWARE\Wow6432Node\Adobe =>.© Adobe
HKLM\SOFTWARE\Wow6432Node\AdwCleaner
HKLM\SOFTWARE\Wow6432Node\Avaya
HKLM\SOFTWARE\Wow6432Node\Caphyon
HKLM\SOFTWARE\Wow6432Node\CyberLink =>.© CyberLink
HKLM\SOFTWARE\Wow6432Node\Disc Soft
HKLM\SOFTWARE\Wow6432Node\DivX
HKLM\SOFTWARE\Wow6432Node\DivXNetworks
HKLM\SOFTWARE\Wow6432Node\Eset
HKLM\SOFTWARE\Wow6432Node\Evernote
HKLM\SOFTWARE\Wow6432Node\Freedom Scientific
HKLM\SOFTWARE\Wow6432Node\Google =>.© Google
HKLM\SOFTWARE\Wow6432Node\GPL Ghostscript
HKLM\SOFTWARE\Wow6432Node\Hewlett-Packard =>.© Hewlett-Packard
HKLM\SOFTWARE\Wow6432Node\Huawei technologies
HKLM\SOFTWARE\Wow6432Node\Insyde
HKLM\SOFTWARE\Wow6432Node\Intel =>.© Intel
HKLM\SOFTWARE\Wow6432Node\JavaSoft =>.© JavaSoft
HKLM\SOFTWARE\Wow6432Node\JreMetrics
HKLM\SOFTWARE\Wow6432Node\KasperskyLab
HKLM\SOFTWARE\Wow6432Node\Khronos
HKLM\SOFTWARE\Wow6432Node\Macromedia =>.© Macromedia
HKLM\SOFTWARE\Wow6432Node\Macrovision =>.© Macrovision
HKLM\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware =>.© Malwarebytes' Anti-Malware
HKLM\SOFTWARE\Wow6432Node\Microsoft =>.© Microsoft
HKLM\SOFTWARE\Wow6432Node\Mozilla =>.© Mozilla
HKLM\SOFTWARE\Wow6432Node\mozilla.org =>.© mozilla.org
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins =>.© MozillaPlugins
HKLM\SOFTWARE\Wow6432Node\NokiaFREE Unlock Codes Calculator
HKLM\SOFTWARE\Wow6432Node\Nuance
HKLM\SOFTWARE\Wow6432Node\ODBC
HKLM\SOFTWARE\Wow6432Node\OldTimer Tools
HKLM\SOFTWARE\Wow6432Node\ORL
HKLM\SOFTWARE\Wow6432Node\PDFComplete
HKLM\SOFTWARE\Wow6432Node\PGWARE
HKLM\SOFTWARE\Wow6432Node\Piriform =>.© Piriform
HKLM\SOFTWARE\Wow6432Node\Rainbow Technologies
HKLM\SOFTWARE\Wow6432Node\Realtek =>.© Realtek
HKLM\SOFTWARE\Wow6432Node\Realtek Semiconductor Corp. =>.© Realtek Semiconductor Corp.
HKLM\SOFTWARE\Wow6432Node\Safenet Sentinel
HKLM\SOFTWARE\Wow6432Node\SAP
HKLM\SOFTWARE\Wow6432Node\Symantec =>.© Symantec
HKLM\SOFTWARE\Wow6432Node\TeamViewer
HKLM\SOFTWARE\Wow6432Node\TrendMicro =>.© TrendMicro
HKLM\SOFTWARE\Wow6432Node\UltraVnc
HKLM\SOFTWARE\Wow6432Node\WildTangent =>.© WildTangent
HKLM\SOFTWARE\Wow6432Node\WinRAR
HKLM\SOFTWARE\Wow6432Node\WorldUnlock Codes Calculator
HKCU\Software\Adobe =>.© Adobe
HKCU\Software\ESET
HKCU\Software\Hewlett-Packard =>.© Hewlett-Packard
HKCU\Software\Intel =>.© Intel
HKCU\Software\KasperskyLab
HKCU\Software\Macromedia =>.© Macromedia
HKCU\Software\Malwarebytes' Anti-Malware =>.© Malwarebytes' Anti-Malware
HKCU\Software\Microsoft =>.© Microsoft
HKCU\Software\Piriform =>.© Piriform
HKCU\Software\Synaptics =>.© Synaptics
HKCU\Software\WinRAR
HKCU\Software\ZebHelpProcess Helper
HKCU\Software\AppDataLow\Software\Microsoft =>.© Microsoft
~ 92 Software Keys scanned in 0 second(s)

---\\ Contents of the Common Files folders (O43)
O43 - CFD: 30/08/2013 - 09:51:28 - [] ----D- C:\Program Files (x86)\7-Zip =>.©
O43 - CFD: 29/08/2013 - 14:47:27 - [] ----D- C:\Program Files (x86)\Acro Software
O43 - CFD: 29/08/2013 - 14:43:49 - [] ----D- C:\Program Files (x86)\Adobe =>.©
O43 - CFD: 30/08/2013 - 12:01:05 - [] ----D- C:\Program Files (x86)\Avaya
O43 - CFD: 14/07/2009 - 00:20:08 - [] ----D- C:\Program Files (x86)\Common Files
O43 - CFD: 28/05/2013 - 20:08:13 - [] ----D- C:\Program Files (x86)\CyberLink =>.©
O43 - CFD: 07/03/2014 - 17:09:20 - [] ----D- C:\Program Files (x86)\DAEMON Tools Lite =>.©
O43 - CFD: 29/08/2013 - 14:53:05 - [] ----D- C:\Program Files (x86)\EASEUS
O43 - CFD: 23/01/2014 - 13:57:48 - [] ----D- C:\Program Files (x86)\Emsisoft Anti-Malware
O43 - CFD: 18/08/2014 - 13:36:03 - [] ----D- C:\Program Files (x86)\ESET
O43 - CFD: 22/05/2012 - 17:20:47 - [] ----D- C:\Program Files (x86)\Evernote
O43 - CFD: 16/05/2014 - 13:01:50 - [] ----D- C:\Program Files (x86)\Freedom Scientific
O43 - CFD: 29/08/2013 - 14:44:56 - [] ----D- C:\Program Files (x86)\GPLGS
O43 - CFD: 22/05/2012 - 17:16:02 - [] ----D- C:\Program Files (x86)\Hewlett-Packard =>.©
O43 - CFD: 26/08/2014 - 08:36:53 - [] ----D- C:\Program Files (x86)\Hp
O43 - CFD: 22/05/2012 - 17:21:52 - [] ----D- C:\Program Files (x86)\HP Games =>.©
O43 - CFD: 05/09/2013 - 09:06:44 - [] ----D- C:\Program Files (x86)\InstallAffixationInfo
O43 - CFD: 22/05/2012 - 17:32:44 - [] --H-D- C:\Program Files (x86)\InstallShield Installation Information =>.©
O43 - CFD: 28/05/2013 - 19:56:54 - [] ----D- C:\Program Files (x86)\Intel
O43 - CFD: 14/07/2009 - 00:20:08 - [] ----D- C:\Program Files (x86)\Internet Explorer =>.©
O43 - CFD: 30/08/2013 - 11:19:43 - [] ----D- C:\Program Files (x86)\Java
O43 - CFD: 21/08/2014 - 07:22:02 - [] ----D- C:\Program Files (x86)\Kaspersky Lab =>.©
O43 - CFD: 06/06/2014 - 10:18:19 - [] ----D- C:\Program Files (x86)\Malwarebytes' Anti-Malware =>.©
O43 - CFD: 28/05/2013 - 20:11:51 - [] ----D- C:\Program Files (x86)\Microsoft =>.© Microsoft
O43 - CFD: 30/08/2013 - 08:28:01 - [] ----D- C:\Program Files (x86)\Microsoft Office =>.© Microsoft
O43 - CFD: 22/05/2012 - 17:26:57 - [] ----D- C:\Program Files (x86)\Microsoft Silverlight =>.© Microsoft
O43 - CFD: 30/08/2013 - 08:30:43 - [] ----D- C:\Program Files (x86)\Microsoft SkyDrive =>.© Microsoft
O43 - CFD: 07/11/2013 - 14:11:13 - [] ----D- C:\Program Files (x86)\Mozilla Firefox =>.©
O43 - CFD: 03/07/2014 - 16:05:48 - [] ----D- C:\Program Files (x86)\Mozilla Maintenance Service =>.©
O43 - CFD: 14/07/2009 - 02:32:38 - [] ----D- C:\Program Files (x86)\MSBuild =>.©
O43 - CFD: 30/08/2013 - 09:59:05 - [] ----D- C:\Program Files (x86)\OCS Inventory Agent
O43 - CFD: 22/05/2012 - 17:20:15 - [] R---D- C:\Program Files (x86)\Online Services
O43 - CFD: 28/05/2013 - 19:59:06 - [] ----D- C:\Program Files (x86)\Realtek =>.©
O43 - CFD: 14/07/2009 - 02:32:38 - [] ----D- C:\Program Files (x86)\Reference Assemblies =>.©
O43 - CFD: 07/03/2014 - 16:54:00 - [] ----D- C:\Program Files (x86)\Rosetta Stone =>.©
O43 - CFD: 29/08/2013 - 14:54:04 - [] ----D- C:\Program Files (x86)\SAP
O43 - CFD: 10/09/2013 - 20:01:35 - [] ----D- C:\Program Files (x86)\Scpad
O43 - CFD: 28/05/2013 - 20:12:14 - [] ----D- C:\Program Files (x86)\SymSilent =>.©
O43 - CFD: 28/05/2013 - 19:59:06 - [0] --H-D- C:\Program Files (x86)\Temp
O43 - CFD: 29/08/2013 - 15:18:42 - [] ----D- C:\Program Files (x86)\UltraVNC
O43 - CFD: 14/07/2009 - 01:57:06 - [0] --H-D- C:\Program Files (x86)\Uninstall Information
O43 - CFD: 08/08/2014 - 14:12:01 - [] ----D- C:\Program Files (x86)\VIVO INTERNET
O43 - CFD: 14/07/2009 - 02:32:38 - [] ----D- C:\Program Files (x86)\Windows Defender =>.©
O43 - CFD: 22/05/2012 - 17:27:40 - [] ----D- C:\Program Files (x86)\Windows Live =>.©
O43 - CFD: 14/07/2009 - 00:20:08 - [] ----D- C:\Program Files (x86)\Windows Mail =>.©
O43 - CFD: 14/07/2009 - 02:32:38 - [] ----D- C:\Program Files (x86)\Windows Media Player =>.©
O43 - CFD: 14/07/2009 - 00:20:08 - [] ----D- C:\Program Files (x86)\Windows NT
O43 - CFD: 14/07/2009 - 02:32:38 - [] ----D- C:\Program Files (x86)\Windows Photo Viewer =>.©
O43 - CFD: 14/07/2009 - 02:32:38 - [] ----D- C:\Program Files (x86)\Windows Portable Devices =>.©
O43 - CFD: 14/07/2009 - 02:32:38 - [] ----D- C:\Program Files (x86)\Windows Sidebar =>.©
O43 - CFD: 28/05/2013 - 20:03:23 - [] ----D- C:\Program Files (x86)\Windows Virtual PC =>.©
O43 - CFD: 30/08/2013 - 09:33:40 - [] ----D- C:\Program Files (x86)\WinRAR =>.©
O43 - CFD: 22/07/2014 - 13:30:57 - [] ----D- C:\Program Files (x86)\WorldUnlock Codes Calculator =>.©
O43 - CFD: 26/08/2014 - 09:26:12 - [] ----D- C:\Program Files (x86)\ZHPDiag =>.©
O43 - CFD: 29/08/2013 - 14:43:49 - [] ----D- C:\Program Files (x86)\Common Files\Adobe =>.©
O43 - CFD: 21/08/2014 - 07:22:21 - [] ----D- C:\Program Files (x86)\Common Files\Cisco Systems =>.©
O43 - CFD: 30/08/2013 - 08:30:24 - [] ----D- C:\Program Files (x86)\Common Files\DESIGNER =>.©
O43 - CFD: 01/12/2013 - 19:57:37 - [] ----D- C:\Program Files (x86)\Common Files\DivX Shared
O43 - CFD: 28/05/2013 - 19:59:04 - [] ----D- C:\Program Files (x86)\Common Files\InstallShield =>.©
O43 - CFD: 28/05/2013 - 20:07:22 - [] ----D- C:\Program Files (x86)\Common Files\Intel Corporation =>.©
O43 - CFD: 30/08/2013 - 11:19:56 - [] ----D- C:\Program Files (x86)\Common Files\Java
O43 - CFD: 07/03/2014 - 16:54:16 - [] ----D- C:\Program Files (x86)\Common Files\Macrovision Shared =>.©
O43 - CFD: 14/07/2009 - 00:20:08 - [] ----D- C:\Program Files (x86)\Common Files\microsoft shared =>.©
O43 - CFD: 28/05/2013 - 20:00:27 - [] ----D- C:\Program Files (x86)\Common Files\postureAgent =>.©
O43 - CFD: 30/08/2013 - 12:01:05 - [] ----D- C:\Program Files (x86)\Common Files\SafeNet Sentinel
O43 - CFD: 29/08/2013 - 14:55:00 - [] ----D- C:\Program Files (x86)\Common Files\SAP Shared
O43 - CFD: 14/07/2009 - 00:20:08 - [] ----D- C:\Program Files (x86)\Common Files\Services
O43 - CFD: 14/07/2009 - 00:20:08 - [] ----D- C:\Program Files (x86)\Common Files\SpeechEngines =>.©
O43 - CFD: 14/07/2009 - 00:20:08 - [] ----D- C:\Program Files (x86)\Common Files\System
O43 - CFD: 22/05/2012 - 17:26:43 - [] ----D- C:\Program Files (x86)\Common Files\Windows Live =>.©
O43 - CFD: 30/08/2013 - 09:51:29 - [] ----D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip =>.©
O43 - CFD: 14/07/2009 - 00:20:08 - [] R---D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 14/07/2009 - 02:32:38 - [] R---D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.©
O43 - CFD: 18/08/2014 - 11:51:39 - [] ----D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
O43 - CFD: 22/05/2012 - 17:26:28 - [] R---D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
O43 - CFD: 29/08/2013 - 14:47:28 - [] ----D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
O43 - CFD: 22/05/2012 - 17:25:58 - [] R---D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders and Document Viewers
O43 - CFD: 08/08/2014 - 13:40:41 - [0] ----D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
O43 - CFD: 01/12/2013 - 19:55:21 - [] ----D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
O43 - CFD: 28/05/2013 - 20:10:46 - [] R---D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
O43 - CFD: 28/05/2013 - 19:58:18 - [] R---D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
O43 - CFD: 30/08/2013 - 12:05:01 - [] ----D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IP Office
O43 - CFD: 21/08/2014 - 14:34:35 - [] ----D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Endpoint Security 10 para Windows
O43 - CFD: 14/07/2009 - 00:20:08 - [] R---D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 06/06/2014 - 10:18:21 - [] ----D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware =>.©
O43 - CFD: 14/07/2014 - 11:11:43 - [] ----D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 =>.© Microsoft
O43 - CFD: 22/05/2012 - 17:27:13 - [] ----D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight =>.© Microsoft
O43 - CFD: 29/08/2013 - 13:44:55 - [] R---D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
O43 - CFD: 22/07/2014 - 10:17:59 - [] ----D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NokiaFREE Calculator =>.©
O43 - CFD: 22/05/2012 - 17:20:51 - [] R---D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
O43 - CFD: 29/08/2013 - 14:54:49 - [] ----D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAP Front End
O43 - CFD: 22/05/2012 - 17:24:21 - [] R---D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
O43 - CFD: 14/07/2009 - 00:20:08 - [] R---D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 08/08/2014 - 14:15:17 - [] ----D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIVO INTERNET
O43 - CFD: 28/05/2013 - 20:03:23 - [] R---D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC =>.©
O43 - CFD: 30/08/2013 - 09:33:42 - [] ----D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR =>.©
O43 - CFD: 22/07/2014 - 13:30:57 - [] ----D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WorldUnlock Calculator =>.©
O43 - CFD: 26/08/2014 - 09:26:14 - [] ----D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP =>.©
O43 - CFD: 29/08/2013 - 14:42:41 - [] ----D- C:\ProgramData\Adobe =>.©
O43 - CFD: 14/07/2009 - 02:08:56 - [?] -SH-D- C:\ProgramData\Application Data =>.©
O43 - CFD: 27/03/2014 - 09:30:02 - [] ----D- C:\ProgramData\Applications
O43 - CFD: 28/05/2013 - 19:58:21 - [] ----D- C:\ProgramData\Atheros =>.©
O43 - CFD: 02/09/2013 - 14:27:07 - [] ----D- C:\ProgramData\CyberLink =>.©
O43 - CFD: 29/08/2013 - 13:43:52 - [?] -SH-D- C:\ProgramData\Dados de aplicativos
O43 - CFD: 07/03/2014 - 16:51:33 - [] ----D- C:\ProgramData\DAEMON Tools Lite =>.©
O43 - CFD: 02/10/2013 - 15:24:52 - [] ----D- C:\ProgramData\DatacardService
O43 - CFD: 14/07/2009 - 02:08:56 - [?] -SH-D- C:\ProgramData\Desktop =>.©
O43 - CFD: 29/08/2013 - 13:43:52 - [?] -SH-D- C:\ProgramData\Documentos
O43 - CFD: 14/07/2009 - 02:08:56 - [?] -SH-D- C:\ProgramData\Documents =>.©
O43 - CFD: 14/07/2009 - 02:08:56 - [?] -SH-D- C:\ProgramData\Favorites =>.©
O43 - CFD: 29/08/2013 - 13:43:52 - [?] -SH-D- C:\ProgramData\Favoritos
O43 - CFD: 22/05/2012 - 17:26:28 - [] ----D- C:\ProgramData\Hewlett-Packard =>.©
O43 - CFD: 28/05/2013 - 20:01:19 - [] ----D- C:\ProgramData\Intel
O43 - CFD: 21/08/2014 - 07:24:37 - [] ----D- C:\ProgramData\Kaspersky Lab =>.©
O43 - CFD: 20/08/2014 - 13:57:40 - [] ----D- C:\ProgramData\KasperskyLab =>.©
O43 - CFD: 23/12/2013 - 01:24:39 - [] ----D- C:\ProgramData\Log
O43 - CFD: 25/11/2013 - 13:33:46 - [] ----D- C:\ProgramData\Malwarebytes =>.©
O43 - CFD: 29/08/2013 - 13:43:52 - [?] -SH-D- C:\ProgramData\Menu Iniciar
O43 - CFD: 14/07/2009 - 00:20:08 - [] -S--D- C:\ProgramData\Microsoft =>.© Microsoft
O43 - CFD: 30/08/2013 - 08:30:33 - [] ----D- C:\ProgramData\Microsoft OneDrive =>.© Microsoft
O43 - CFD: 06/03/2014 - 11:40:49 - [] ----D- C:\ProgramData\MobileBrServ
O43 - CFD: 29/08/2013 - 13:43:52 - [?] -SH-D- C:\ProgramData\Modelos
O43 - CFD: 04/10/2013 - 14:24:47 - [] ----D- C:\ProgramData\Mozilla =>.©
O43 - CFD: 28/05/2013 - 20:10:03 - [] ----D- C:\ProgramData\Norton =>.©
O43 - CFD: 28/05/2013 - 20:09:38 - [] ----D- C:\ProgramData\NortonInstaller =>.©
O43 - CFD: 07/03/2014 - 16:54:00 - [] ----D- C:\ProgramData\Rosetta Stone =>.©
O43 - CFD: 18/10/2013 - 11:19:22 - [] ----D- C:\ProgramData\Samsung =>.©
O43 - CFD: 22/05/2012 - 17:26:24 - [] ----D- C:\ProgramData\Skype =>.©
O43 - CFD: 14/07/2009 - 02:08:56 - [?] -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 30/08/2013 - 11:19:56 - [] ----D- C:\ProgramData\Sun
O43 - CFD: 28/05/2013 - 20:18:49 - [] ----D- C:\ProgramData\Synaptics =>.©
O43 - CFD: 28/05/2013 - 20:07:17 - [] ----D- C:\ProgramData\Temp
O43 - CFD: 14/07/2009 - 02:08:56 - [?] -SH-D- C:\ProgramData\Templates =>.©
O43 - CFD: 07/08/2014 - 14:52:30 - [] ----D- C:\ProgramData\VIVO INTERNET
O43 - CFD: 22/05/2012 - 17:21:41 - [] ----D- C:\ProgramData\WildTangent =>.©
O43 - CFD: 14/09/2013 - 20:46:31 - [] ----D- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
O43 - CFD: 29/08/2013 - 13:43:52 - [?] -SH-D- C:\ProgramData\Microsoft\Windows\Start Menu\Programas
O43 - CFD: 14/07/2009 - 00:20:08 - [] R---D- C:\ProgramData\Microsoft\Windows\Start Menu\Programs =>.©
O43 - CFD: 18/08/2014 - 09:41:08 - [?] -SH-D- C:\Users\Administrador\AppData\Local\Dados de aplicativos
O43 - CFD: 18/08/2014 - 09:41:08 - [?] -SH-D- C:\Users\Administrador\AppData\Local\Histórico
O43 - CFD: 18/08/2014 - 09:41:07 - [] ----D- C:\Users\Administrador\AppData\Local\Microsoft =>.© Microsoft
O43 - CFD: 18/08/2014 - 11:37:18 - [] ----D- C:\Users\Administrador\AppData\Local\Mozilla =>.©
O43 - CFD: 18/08/2014 - 11:53:30 - [] ----D- C:\Users\Administrador\AppData\Local\Programs =>.©
O43 - CFD: 22/08/2014 - 08:41:59 - [] ----D- C:\Users\Administrador\AppData\Local\Temp
O43 - CFD: 18/08/2014 - 09:41:08 - [?] -SH-D- C:\Users\Administrador\AppData\Local\Temporary Internet Files =>.©
O43 - CFD: 18/08/2014 - 09:42:01 - [] ----D- C:\Users\Administrador\AppData\Roaming\Adobe =>.©
O43 - CFD: 18/08/2014 - 09:41:46 - [] ----D- C:\Users\Administrador\AppData\Roaming\Identities
O43 - CFD: 18/08/2014 - 09:42:46 - [] ----D- C:\Users\Administrador\AppData\Roaming\Intel Corporation =>.©
O43 - CFD: 21/08/2014 - 11:21:29 - [] ----D- C:\Users\Administrador\AppData\Roaming\Macromedia =>.©
O43 - CFD: 18/08/2014 - 13:17:33 - [] ----D- C:\Users\Administrador\AppData\Roaming\Malwarebytes =>.©
O43 - CFD: 18/08/2014 - 09:41:07 - [0] ----D- C:\Users\Administrador\AppData\Roaming\Media Center Programs =>.©
O43 - CFD: 18/08/2014 - 09:41:07 - [] -S--D- C:\Users\Administrador\AppData\Roaming\Microsoft =>.© Microsoft
O43 - CFD: 18/08/2014 - 11:37:18 - [] ----D- C:\Users\Administrador\AppData\Roaming\Mozilla =>.©
O43 - CFD: 18/08/2014 - 09:42:37 - [] ----D- C:\Users\Administrador\AppData\Roaming\Synaptics =>.©
O43 - CFD: 18/08/2014 - 09:42:40 - [] ----D- C:\Users\Administrador\AppData\Roaming\WinRAR =>.©
O43 - CFD: 26/08/2014 - 09:26:12 - [] ----D- C:\Users\Administrador\AppData\Roaming\ZHP =>.©
~ 156 Folders found in 0 second(s)

por suportevam Ter 26 Ago 2014, 11:01

---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.00000000000000000000000000000000] - ----D- . (...) -- C:\Windows\ELAMBKUP [0]
O44 - LFC:[MD5.00000000000000000000000000000000] - ----D- . (...) -- C:\Windows\ERUNT [0]
O44 - LFC:[MD5.1DFE69CD24456F1ACC337AFCC3F01909] - ---A-- . (...) -- C:\Windows\ntbtlog.txt [208296]
O44 - LFC:[MD5.4AF91A1C14243253FBECC1DDAC6264D3] - ---A-- . (...) -- C:\Windows\PFRO.log [8152]
O44 - LFC:[MD5.2C13AF5EFEAF221ED4F862C1EBBBEA40] - ---A-- . (...) -- C:\Windows\setupact.log [2018]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - ---A-- . (...) -- C:\Windows\setuperr.log [0]
O44 - LFC:[MD5.00000000000000000000000000000000] - ----D- . (...) -- C:\Windows\Temp [0]
~ 7 Last Acceded System File scanned in 1 second(s)

---\\ Local Security Authority-LSA Deny (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll =>.© Microsoft
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuraçã.) -- C:\Windows\System32\scecli.dll =>.© Microsoft
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pacote de Segurança Kerberos.) -- C:\Windows\System32\kerberos.dll =>.© Microsoft
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll =>.© Microsoft
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll =>.© Microsoft
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll =>.© Microsoft
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll =>.© Microsoft
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll =>.© Microsoft
~ 8 Local Security Authority found in 0 second(s)

---\\ Safe Boot Control (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\drivers\sermouse.sys =>.© Microsoft
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\drivers\vga.sys =>.© Microsoft
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\drivers\vgasave.sys (.not file.) =>.©
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\drivers\volmgr.sys =>.© Microsoft
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volume.) -- C:\Windows\System32\drivers\volmgrx.sys =>.© Microsoft
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\drivers\ipnat.sys =>.© Microsoft
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\drivers\nsiproxy.sys =>.© Microsoft
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\drivers\rdpencdd.sys =>.© Microsoft
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\drivers\sermouse.sys =>.© Microsoft
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\drivers\vga.sys =>.© Microsoft
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\drivers\vgasave.sys (.not file.) =>.©
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\drivers\volmgr.sys =>.© Microsoft
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volume.) -- C:\Windows\System32\drivers\volmgrx.sys =>.© Microsoft
~ 13 Safe Boot Control scanned in 0 second(s)

---\\
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll =>.© Microsoft
~ 1 Control Security Providers scanned in 0 second(s)

---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.79059559E89D06E8B80CE2944BE20228] - 18/11/2013-11:00:23 . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\Windows\system32\drivers\afd.sys [497152] =>.© Microsoft
O58 - SDL:[MD5.61583EE3C3A17003C4ACD0475646B4D3] - 13/07/2009-20:35:59 . (.Microsoft Corporation - BLB Drive Driver.) -- C:\Windows\system32\drivers\blbdrive.sys [45056] =>.© Microsoft
O58 - SDL:[MD5.F036CE71586E93D94DAB220D7BDF4416] - 21/11/2010-00:23:47 . (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\Windows\system32\DRIVERS\cdrom.sys [147456] =>.© Microsoft
O58 - SDL:[MD5.54DA3DFD29ED9F1619B6F53F3CE55E49] - 21/11/2010-00:24:41 . (.Microsoft Corporation - Windows Client Side Caching Driver.) -- C:\Windows\system32\drivers\csc.sys [514560] =>.© Microsoft
O58 - SDL:[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - 21/11/2010-00:24:32 . (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\Windows\system32\Drivers\dfsc.sys [102400] =>.© Microsoft
O58 - SDL:[MD5.13096B05847EC78F0977F2C0F79E9AB3] - 13/07/2009-20:37:18 . (.Microsoft Corporation - System Indexer/Cache Driver.) -- C:\Windows\system32\drivers\discache.sys [40448] =>.© Microsoft
O58 - SDL:[MD5.6A0E850DDCB136AA3D2FB7234382DF12] - 07/03/2014-17:09:25 . (.Disc Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\system32\DRIVERS\dtsoftbus01.sys [283064]
O58 - SDL:[MD5.8D95B55F012EDF844009C689F2240442] - 21/08/2014-07:25:31 . (.Kaspersky Lab ZAO - Klfltdev Pnp device filter [fre_wlh_amd64].) -- C:\Windows\system32\DRIVERS\klfltdev.sys [30816]
O58 - SDL:[MD5.447E039420F56F4B11DA001FC9DDA1F4] - 21/08/2014-07:24:28 . (.Kaspersky Lab ZAO - Klif Mini-Filter [fre_wlh_x64].) -- C:\Windows\system32\DRIVERS\klif.sys [661600]
O58 - SDL:[MD5.31B69BFF28348503E4BD10C2A4F66D05] - 21/08/2014-07:25:31 . (.Kaspersky Lab ZAO - Kaspersky Lab Intermediate Network Driver.) -- C:\Windows\system32\DRIVERS\klim6.sys [29792]
O58 - SDL:[MD5.50965746A05FE99565A0FBE0B5BFB666] - 21/08/2014-07:25:31 . (.Kaspersky Lab ZAO - Network filtering component.) -- C:\Windows\system32\DRIVERS\kltdi.sys [54104]
O58 - SDL:[MD5.59B9817EEC41F6A4F7AEB1829F92A851] - 21/08/2014-07:25:31 . (.Kaspersky Lab ZAO - KNEPS Power.) -- C:\Windows\system32\DRIVERS\kneps.sys [177760]
O58 - SDL:[MD5.1538831CF8AD2979A04C423779465827] - 13/07/2009-21:08:51 . (.Microsoft Corporation - Link-Layer Topology Mapper I/O Driver.) -- C:\Windows\system32\DRIVERS\lltdio.sys [60928] =>.© Microsoft
O58 - SDL:[MD5.43D0F98E1D56CCDDB0D5254CFF7B356E] - 13/07/2009-20:26:13 . (.Microsoft Corporation - Driver do Filtro de Virtualização do Arquiv.) -- C:\Windows\system32\drivers\luafv.sys [113152] =>.© Microsoft
O58 - SDL:[MD5.0EED230E37515A0EAEE3C2E1BC97B288] - 13/07/2009-20:31:10 . (.Microsoft Corporation - System Management BIOS Driver.) -- C:\Windows\system32\drivers\mssmbios.sys [32320] =>.© Microsoft
O58 - SDL:[MD5.86743D9F5D2B1048062B14B1D84501C4] - 13/07/2009-21:09:26 . (.Microsoft Corporation - NetBIOS interface driver.) -- C:\Windows\system32\DRIVERS\netbios.sys [44544] =>.© Microsoft
O58 - SDL:[MD5.09594D1089C523423B32A4229263F068] - 21/11/2010-00:23:51 . (.Microsoft Corporation - MBT Transport driver.) -- C:\Windows\system32\DRIVERS\netbt.sys [261632] =>.© Microsoft
O58 - SDL:[MD5.E7F5AE18AF4168178A642A9247C63001] - 13/07/2009-20:21:03 . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\system32\drivers\nsiproxy.sys [24576] =>.© Microsoft
O58 - SDL:[MD5.68769C3356B3BE5D1C732C97B9A80D6E] - 13/07/2009-20:51:01 . (.Microsoft Corporation - Protected Environment Authentication and Au.) -- C:\Windows\system32\drivers\peauth.sys [651264] =>.© Microsoft
O58 - SDL:[MD5.0557CF5A2556BD58E26384169D72438D] - 21/11/2010-00:24:08 . (.Microsoft Corporation - Agendador de pacotes de serviço.) -- C:\Windows\system32\DRIVERS\pacer.sys [131584] =>.© Microsoft
O58 - SDL:[MD5.77F665941019A1594D887A74F301FA2F] - 21/11/2010-00:24:08 . (.Microsoft Corporation - Driver do Subsistema de Buffer da Unidade R.) -- C:\Windows\system32\DRIVERS\rdbss.sys [309248] =>.© Microsoft
O58 - SDL:[MD5.CEA6CC257FC9B7715F1C2B4849286D24] - 13/07/2009-21:16:34 . (.Microsoft Corporation - RDP Miniport.) -- C:\Windows\system32\DRIVERS\RDPCDD.sys [7680] =>.© Microsoft
O58 - SDL:[MD5.BB5971A4F00659529A5C44831AF22365] - 13/07/2009-21:16:34 . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\system32\drivers\rdpencdd.sys [7680] =>.© Microsoft
O58 - SDL:[MD5.216F3FA57533D98E1F74DED70113177A] - 13/07/2009-21:16:35 . (.Microsoft Corporation - RDP Reflector Driver Miniport.) -- C:\Windows\system32\drivers\rdprefmp.sys [8192] =>.© Microsoft
O58 - SDL:[MD5.DDC86E4F8E7456261E637E3552E804FF] - 13/07/2009-21:08:51 . (.Microsoft Corporation - Link-Layer Topology Responder Driver for ND.) -- C:\Windows\system32\DRIVERS\rspndr.sys [76800] =>.© Microsoft
O58 - SDL:[MD5.255476B54C82A89416EFDF09FD62F107] - 16/05/2014-13:03:18 . (.SafeNet, Inc. - Sentinel System Driver (NT Parallel x64 dri.) -- C:\Windows\System32\Drivers\Sentinel64.sys [145448]
O58 - SDL:[MD5.1B16D0BD9841794A6E0CDE0CEF744ABC] - 30/08/2013-11:00:22 . (.Microsoft Corporation - TCP/IP Registry Compatibility Driver.) -- C:\Windows\system32\drivers\tcpipreg.sys [45568] =>.© Microsoft
O58 - SDL:[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - 21/11/2010-00:24:32 . (.Microsoft Corporation - TDI Translation Driver.) -- C:\Windows\system32\DRIVERS\tdx.sys [119296] =>.© Microsoft
O58 - SDL:[MD5.561E7E1F06895D78DE991E01DD0FB6E5] - 21/11/2010-00:23:47 . (.Microsoft Corporation - Remote Desktop Server Driver.) -- C:\Windows\system32\drivers\termdd.sys [63360] =>.© Microsoft
O58 - SDL:[MD5.53E92A310193CB3C03BEA963DE7D9CFC] - 13/07/2009-20:38:48 . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\drivers\vga.sys [29184] =>.© Microsoft
O58 - SDL:[MD5.E675FB2B48C54F09895482E2253B289C] - 28/05/2013-20:02:23 . (.Microsoft Corporation - Virtual PC Network Filter Driver.) -- C:\Windows\system32\DRIVERS\vpcnfltr.sys [59392] =>.© Microsoft
O58 - SDL:[MD5.207B6539799CC1C112661A9B620DD233] - 28/05/2013-20:02:22 . (.Microsoft Corporation - Monitor da Máquina Virtual do Virtual PC.) -- C:\Windows\system32\drivers\vpcvmm.sys [360832] =>.© Microsoft
O58 - SDL:[MD5.6A3D66263414FF0D6FA754C646612F3F] - 13/07/2009-21:07:22 . (.Microsoft Corporation - Virtual WiFi Filter Driver.) -- C:\Windows\system32\DRIVERS\vwififlt.sys [59904] =>.© Microsoft
O58 - SDL:[MD5.356AFD78A6ED4457169241AC3965230C] - 21/11/2010-00:24:11 . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) -- C:\Windows\system32\DRIVERS\wanarp.sys [88576] =>.© Microsoft
O58 - SDL:[MD5.611B23304BF067451A9FDEE01FBDD725] - 13/07/2009-21:09:26 . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) -- C:\Windows\system32\DRIVERS\wfplwf.sys [12800] =>.© Microsoft
~ 35 System Drivers scanned in 0 second(s)

---\\ Last modified or created user files (O61)
O61 - LFC: 18/08/2014 - 09:41:58 -SHA-- . (...) -- C:\Users\Administrador\Downloads\desktop.ini [282]
O61 - LFC: 18/08/2014 - 13:33:12 ---A-- . (.ESET - ESET Smart Installer.) -- C:\Users\Administrador\Downloads\esetsmartinstaller_ptg.exe [2347384]
~ 2 Last File Acceded scanned in 0 second(s)

---\\ List all legacy services(LALS) (O64)
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - Beep (Beep) .(.Microsoft Corporation - Beep Driver.) -- LEGACY_BEEP =>.© Microsoft Corporation
O64 - Services: CurCS - Beep (Beep) .(.Microsoft Corporation - Beep Driver.) -- LEGACY_BEEP =>.© Microsoft Corporation
O64 - Services: CurCS - C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys (cleanhlp) .(...) - LEGACY_CLEANHLP
O64 - Services: CurCS - C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys (cleanhlp) .(...) - LEGACY_CLEANHLP
O64 - Services: CurCS - FAT12/16/32 File System Driver (fastfat) .(...) - LEGACY_FASTFAT
O64 - Services: CurCS - FAT12/16/32 File System Driver (fastfat) .(...) - LEGACY_FASTFAT
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\kl1.sys (KL1) .(.Kaspersky Lab ZAO - Kaspersky Unified Driver.) -- LEGACY_KL1
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\kl1.sys (KL1) .(.Kaspersky Lab ZAO - Kaspersky Unified Driver.) -- LEGACY_KL1
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\klif.sys (KLIF) .(.Kaspersky Lab ZAO - Klif Mini-Filter [fre_wlh_x64].) -- LEGACY_KLIF
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\klif.sys (KLIF) .(.Kaspersky Lab ZAO - Klif Mini-Filter [fre_wlh_x64].) -- LEGACY_KLIF
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\klim6.sys (KLIM6) .(.Kaspersky Lab ZAO - Kaspersky Lab Intermediate Network Driver.) -- LEGACY_KLIM6
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\klim6.sys (KLIM6) .(.Kaspersky Lab ZAO - Kaspersky Lab Intermediate Network Driver.) -- LEGACY_KLIM6
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\kltdi.sys (kltdi) .(.Kaspersky Lab ZAO - Network filtering component.) -- LEGACY_KLTDI
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\kltdi.sys (kltdi) .(.Kaspersky Lab ZAO - Network filtering component.) -- LEGACY_KLTDI
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\kneps.sys (kneps) .(.Kaspersky Lab ZAO - KNEPS Power.) -- LEGACY_KNEPS
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\kneps.sys (kneps) .(.Kaspersky Lab ZAO - KNEPS Power.) -- LEGACY_KNEPS
O64 - Services: CurCS - RDP Winstation Driver (RDPWD) .(...) - LEGACY_RDPWD
O64 - Services: CurCS - RDP Winstation Driver (RDPWD) .(...) - LEGACY_RDPWD
O64 - Services: CurCS - Security Driver (secdrv) .(...) - LEGACY_SECDRV
O64 - Services: CurCS - Security Driver (secdrv) .(...) - LEGACY_SECDRV
O64 - Services: CurCS - C:\Windows\System32\Drivers\Sentinel64.sys (Sentinel64) .(.SafeNet, Inc. - Sentinel System Driver (NT Parallel x64 dri.) -- LEGACY_SENTINEL64
O64 - Services: CurCS - C:\Windows\System32\Drivers\Sentinel64.sys (Sentinel64) .(.SafeNet, Inc. - Sentinel System Driver (NT Parallel x64 dri.) -- LEGACY_SENTINEL64
O64 - Services: CurCS - Security Processor Loader Driver (spldr) .(...) - LEGACY_SPLDR
~ 12 Legacy Keys found in 23 second(s)

O64 - Services: CurCS - Security Processor Loader Driver (spldr) .(...) - LEGACY_SPLDR
~ 12 Legacy Keys found in 5 second(s)

---\\ File Associations Shell Spawning (O67)
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos.) -- C:\Windows\system32\eventvwr.exe
O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos.) -- C:\Windows\system32\eventvwr.exe
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\System32\regedit.exe
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\System32\regedit.exe
O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S
~ 10 File Association Shell Spawning scanned in 0 second(s)
O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S

~ 10 File Association Shell Spawning scanned in 0 second(s)

---\\ Start Menu Internet (SMI) (O68)
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] . (...) -- firefox.exe =>.© Mozilla
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] . (...) -- firefox.exe =>.© Mozilla
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] . (...) -- iexplore.exe =>.© Microsoft
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] . (...) -- iexplore.exe =>.© Microsoft
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] . (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] . (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do .) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do .) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] . (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
oration
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do .) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do .) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do .) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
~ 8 Start Menu Internet found in 0 second(s)
~ 8 Start Menu Internet found in 0 second(s)

---\\ Search Browser Infection (SBI) (O69)
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ 2 Search Browser Infection scanned in 0 second(s)

O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ 2 Search Browser Infection scanned in 0 second(s)

---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 29/01/2014-09:08:04 65432 || Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 22/05/2012-17:20:25 253600 || Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 28/05/2013-19:59:06 98208 || Andrea RT Filters Service (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SR - | Auto 21/08/2014-07:25:02 741360 || Serviço do Kaspersky Endpoint Security (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe
SS - | Demand 21/12/2012-10:52:28 277616 || Intel(R) Content Protection HECI Service (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SR - | Auto 29/01/2014-09:08:04 65432 || Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 56/56/64340-52168:119:63620 0 || @%SystemRoot%\system32\efssvc.dll,-100 (EFS) . (...) - C:\Windows\System32\lsass.exe (.not file.)
SS - | Demand 22/05/2012-17:20:25 253600 || Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 56/56/64340-51160:119:63620 0 || @%systemroot%\system32\fxsresm.dll,-118 (Fax) . (...) - C:\Windows\system32\fxssvc.exe (.not file.)
SR - | Auto 28/05/2013-19:59:06 98208 || Andrea RT Filters Service (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SR - | Auto 21/08/2014-07:25:02 741360 || Serviço do Kaspersky Endpoint Security (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe
SS - | Demand 07/03/2014-16:54:16 655624 || FLEXnet Licensing Service (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 21/12/2012-10:52:28 277616 || Intel(R) Content Protection HECI Service (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SR - | Demand 14/09/2013-20:47:40 994688 || HP Software Framework Service (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SS - | Demand 36/36/62924-28336:73:62204 0 || @%SystemRoot%\system32\efssvc.dll,-100 (EFS) . (...) - C:\Windows\System32\lsass.exe (.not file.)
SR - | Auto 26/08/2014-08:36:55 72992 || HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
SS - | Demand 36/36/62924-27328:73:62204 0 || @%systemroot%\system32\fxsresm.dll,-118 (Fax) . (...) - C:\Windows\system32\fxssvc.exe (.not file.)
SR - | Auto 22/05/2012-17:20:09 35200 || HPWMISVC (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SS - | Demand 07/03/2014-16:54:16 655624 || FLEXnet Licensing Service (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SR - | Auto 08/08/2014-14:15:06 351824 || HWDeviceService64.exe (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SR - | Demand 14/09/2013-20:47:40 994688 || HP Software Framework Service (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 28/05/2013-19:58:07 13592 || Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 26/08/2014-08:36:55 72992 || HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
SR - | Auto 28/05/2013-20:01:19 607456 || Intel(R) Capability Licensing Service Interface (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 22/05/2012-17:20:09 35200 || HPWMISVC (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SR - | Auto 28/05/2013-20:01:30 161560 || Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 08/08/2014-14:15:06 351824 || HWDeviceService64.exe (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SR - | Auto 21/08/2014-07:22:19 132600 || Kaspersky Lab Network Agent (klnagent) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe
SR - | Auto 28/05/2013-19:58:07 13592 || Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 19/03/2014-14:09:14 239184 || Mobile Broadband HL Service (Mobile Broadband HL Service) . (...) - C:\ProgramData\MobileBrServ\mbbservice.exe
SR - | Auto 28/05/2013-20:01:19 607456 || Intel(R) Capability Licensing Service Interface (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SS - | Demand 03/07/2014-16:05:49 119408 || Mozilla Maintenance Service (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 28/05/2013-20:01:30 161560 || Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 30/08/2013-09:59:20 69632 || OCS INVENTORY SERVICE (OCS INVENTORY) . (.http://www.ocsinventory-ng.org.) - C:\Program Files (x86)\OCS Inventory Agent\ocsservice.exe
SR - | Auto 21/08/2014-07:22:19 132600 || Kaspersky Lab Network Agent (klnagent) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe
SR - | Auto 30/08/2013-11:27:40 245832 || Realtek Audio Service (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SR - | Auto 19/03/2014-14:09:14 239184 || Mobile Broadband HL Service (Mobile Broadband HL Service) . (...) - C:\ProgramData\MobileBrServ\mbbservice.exe
SR - | Auto 10/09/2013-20:01:36 360624 || scpVista (scpVista) . (.Banco Bradesco S.A..) - C:\Program Files (x86)\Scpad\scpVista.exe
SS - | Demand 03/07/2014-16:05:49 119408 || Mozilla Maintenance Service (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 30/08/2013-12:02:18 316992 || Sentinel Keys Server (SentinelKeysServer) . (.SafeNet, Inc..) - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
SR - | Auto 30/08/2013-09:59:20 69632 || OCS INVENTORY SERVICE (OCS INVENTORY) . (.http://www.ocsinventory-ng.org.) - C:\Program Files (x86)\OCS Inventory Agent\ocsservice.exe
SS - | Demand 56/56/64340-30480:123:63620 0 || (SrvHsfHDA) . (...) - C:\Windows\system32\DRIVERS\VSTAZL6.SYS (.not file.)
SR - | Auto 30/08/2013-11:27:40 245832 || Realtek Audio Service (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SS - | Demand 56/56/64340-31200:123:63620 0 || (SrvHsfV92) . (...) - C:\Windows\system32\DRIVERS\VSTDPV6.SYS (.not file.)
SR - | Auto 10/09/2013-20:01:36 360624 || scpVista (scpVista) . (.Banco Bradesco S.A..) - C:\Program Files (x86)\Scpad\scpVista.exe
SS - | Demand 56/56/64340-30840:123:63620 0 || (SrvHsfWinac) . (...) - C:\Windows\system32\DRIVERS\VSTCNXT6.SYS (.not file.)
SR - | Auto 30/08/2013-12:02:18 316992 || Sentinel Keys Server (SentinelKeysServer) . (.SafeNet, Inc..) - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
SR - | Auto 28/05/2013-20:00:53 363800 || Intel(R) Management and Security Application User Notification Service (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Demand 36/36/62924-34016:767:62204 0 || (SrvHsfHDA) . (...) - C:\Windows\system32\DRIVERS\VSTAZL6.SYS (.not file.)
SR - | Auto 29/08/2013-15:18:49 2015968 || uvnc_service (uvnc_service) . (.UltraVNC.) - C:\Program Files (x86)\UltraVNC\WinVNC.exe
SS - | Demand 36/36/62924-36680:767:62204 0 || (SrvHsfV92) . (...) - C:\Windows\system32\DRIVERS\VSTDPV6.SYS (.not file.)
SS - | Auto 08/08/2014-14:13:44 650320 || VIVO INTERNET. OUC (VIVO INTERNET. RunOuc) . (...) - C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe
SS - | Demand 36/36/62924-33944:767:62204 0 || (SrvHsfWinac) . (...) - C:\Windows\system32\DRIVERS\VSTCNXT6.SYS (.not file.)
SS - | Demand 56/56/64340-31056:123:63620 0 || @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) . (...) - C:\Windows\system32\Wat\WatAdminSvc.exe (.not file.)
SR - | Auto 28/05/2013-20:00:53 363800 || Intel(R) Management and Security Application User Notification Service (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 17/09/2013-07:58:01 712704 || VNC Server (winvnc) . (.UltraVNC.) - C:\Arquivos de programas\UltraVNC\WinVNC.exe
~ 30 Services scanned in 1 second(s)

SR - | Auto 29/08/2013-15:18:49 2015968 || uvnc_service (uvnc_service) . (.UltraVNC.) - C:\Program Files (x86)\UltraVNC\WinVNC.exe
SS - | Auto 08/08/2014-14:13:44 650320 || VIVO INTERNET. OUC (VIVO INTERNET. RunOuc) . (...) - C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe
SS - | Demand 36/36/62924-34304:767:62204 0 || @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) . (...) - C:\Windows\system32\Wat\WatAdminSvc.exe (.not file.)
SR - | Auto 17/09/2013-07:58:01 712704 || VNC Server (winvnc) . (.UltraVNC.) - C:\Arquivos de programas\UltraVNC\WinVNC.exe
~ 30 Services scanned in 1 second(s)

---\\ Search of Tracing Keys (O100)
HKLM\SOFTWARE\WOW6432Node\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
~ 1 Search Tracing Keys scanned in 0 second(s)

---\\ Search of Tracing Keys (O100)
HKLM\SOFTWARE\WOW6432Node\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
~ 1 Search Tracing Keys scanned in 0 second(s)

---\\ Scan Additionnel (O88 )
Database Version : 13036 (30/03/2014)
Clés trouvées (Keys found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnal Scan: 112889 Items scanned in 5 seconds

---\\ Cleanup with ZHPFix script
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
HKLM\SOFTWARE\WOW6432Node\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
~ ATTENTION, this script is given by way of indication, it must be validated by an disinfection expert.
~ 9 ZHPFix Script Files found in 0 second(s)

~ End of the scan (0/896 lines) in 48 seconds)---\\ Scan Additionnel (O88 )
Database Version : 13036 (30/03/2014)
Clés trouvées (Keys found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnal Scan: 112889 Items scanned in 5 seconds

---\\ Cleanup with ZHPFix script
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
HKLM\SOFTWARE\WOW6432Node\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
~ ATTENTION, this script is given by way of indication, it must be validated by an disinfection expert.
~ 9 ZHPFix Script Files found in 0 second(s)

~ End of the scan (0/896 lines) in 25 seconds)

por **Power Max** Ter 26 Ago 2014, 11:21

Nada do Baidu foi encontrado neste escaneamento.

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve-o no Desktop (Área de Trabalho)

Obs: Ao acessar o link acima, clique no botão Download Now 64-Bit Version

Execute o Farbar seguindo as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt

Poste estes dois relatórios em sua próxima resposta. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).

por suportevam Ter 26 Ago 2014, 11:48

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2014
Ran by Administrador at 2014-08-26 11:37:15
Running from C:\Users\Administrador\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Endpoint Security 10 para Windows (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Endpoint Security 10 para Windows (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM-x32\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version: 15.4.5722.2 - Microsoft Corporation)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.3.5010 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.3.5010 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{7DA9DD7F-F4D9-40FB-BD27-69B7731DEDD9}) (Version: 5.1.3 - Hewlett-Packard)
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
Freedom Scientific Braille (Version: 14.0.5420.0 - Freedom Scientific) Hidden
Freedom Scientific Document Server (Version: 15.0.9023.400 - Freedom Scientific) Hidden
Freedom Scientific Elevation (Version: 14.0.5420.0 - Freedom Scientific) Hidden
Freedom Scientific FSRibbonSrv 1.0 (Version: 14.0.5420.0 - Freedom Scientific) Hidden
Freedom Scientific Synth (Version: 14.0.5420.0 - Freedom Scientific) Hidden
Freedom Scientific Synthesizer Eloquence (x32 Version: 6.1.004 - Freedom Scientific) Hidden
Freedom Scientific UIAHooks 1.0 (Version: 14.0.5420.0 - Freedom Scientific) Hidden
Freedom Scientific Utilities (Version: 15.0.9023.400 - Freedom Scientific) Hidden
Freedom Scientific WOW64 Proxy (Version: 14.0.5420.0 - Freedom Scientific) Hidden
Freedom Scientific XQilla 2.0 (Version: 14.0.5420.0 - Freedom Scientific) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{4FAC8FE6-7EB2-47FF-A1FE-572E00EDB340}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
HP Security Assistant (HKLM\...\{42719DC3-4982-47DD-B025-B21C4BDD504D}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{FEDCBEE7-EB9D-42F6-939C-20781814ECFB}) (Version: 4.5.6.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{C43602FE-988C-47BA-9F9F-B95FDDAFB624}) (Version: 11.50.0031 - Hewlett-Packard Company)
Instalação do DivX (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
IP Office Admin Suite (HKLM-x32\...\{87D14E59-B662-41AF-8D46-A70B44B00177}) (Version: 8.1.63 - Avaya)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Kaspersky Endpoint Security 10 para Windows (HKLM\...\{04CF7FBD-E56C-446D-8FC9-DD444BDBEE8E}) (Version: 10.2.1.23 - Kaspersky Lab)
Kaspersky Security Center Network Agent (HKLM-x32\...\InstallWIX_{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5}) (Version: 10.1.249 - Kaspersky Lab)
Kaspersky Security Center Network Agent (x32 Version: 10.1.249 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware versão 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2013 - pt-br (HKLM\...\HomeBusinessRetail - pt-br) (Version: 15.0.4631.1004 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 pt-BR)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4.0 redistributable (HKLM-x32\...\{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}) (Version: 4.0.0.0 - SAP)
OCS Inventory Agent 4.0.5.4 (HKLM-x32\...\OCS Inventory Agent) (Version: 4.0.5.4 - OCS Inventory NG Team)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29011 - Realtek Semiconductor Corp.)
SAP GUI for Windows 7.20 (HKLM-x32\...\SAPGUI710) (Version: 7.20 Compilation 1 - SAP)
Softphone (HKLM-x32\...\{355F7877-5D18-40D8-AD5E-966516A82A63}) (Version: 32.6.7009 - Avaya)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
UltraVnc (HKLM-x32\...\Ultravnc2_is1) (Version: 1.0.9.62 - uvnc bvba)
UltraVNC v1.0.2 (HKLM-x32\...\{A8AD990E-355A-4413-8647-A9B168978423}_is1) (Version: 1.1.0.2 - UltraVNC)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
vcredist_x86 (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 1.0.0 - SAP)
VIVO INTERNET (HKLM-x32\...\VIVO INTERNET) (Version: 23.009.19.00.149 - Huawei Technologies Co.,Ltd)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WorldUnlock Codes Calculator (HKLM-x32\...\WorldUnlock Codes Calculator) (Version: - )
ZHPDiag 2014 (HKLM-x32\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

22-08-2014 11:21:19 zoek.exe restore point
25-08-2014 10:27:51 Backup do Windows
25-08-2014 10:32:30 OTM Restore Point
26-08-2014 10:15:00 zoek.exe restore point
26-08-2014 11:36:12 Installed HP Support Solutions Framework
26-08-2014 13:26:22 ZHPFix Restore System Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:34 - 2014-08-22 08:21 - 00000840 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2E62B249-56FD-4D9F-9919-F18E42BFBADC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {3D97790A-D6C6-4223-9B11-4DB87119BD3A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {4DA0FE66-0BC7-42E1-85E3-D66DF80A9521} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-02-10] (CyberLink)
Task: {6D740421-E577-45BD-A33A-D93610083995} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {96e3b6c1-cb58-49ad-979a-67a7f07d4c79} DDNBK001.delga.com.br => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-07-14] (Microsoft Corporation)
Task: {C9A1AE0F-DDE1-414E-9757-229683A83B8E} - System32\Tasks\HPCeeScheduleForgabriela.richter => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {DD202BAA-6C99-48E0-891D-7F2A71BAD290} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: {E6B02776-3BC0-4007-9FE4-2368A8169CB3} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2012-02-17] ()
Task: {F9B5D214-542E-4D49-8D55-D846D54F95A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForgabriela.richter.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-08-29 14:47 - 2009-11-05 07:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2014-07-14 11:14 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-02-06 03:10 - 2013-02-06 03:10 - 00351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-03-06 11:41 - 2013-01-27 23:49 - 00239184 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2014-08-07 14:52 - 2013-08-13 23:02 - 00650320 _____ () C:\ProgramData\VIVO INTERNET\OnlineUpdate\ouc.exe
2012-02-14 14:53 - 2012-02-14 14:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-12-19 23:34 - 2011-12-19 23:34 - 00108880 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2014-08-07 14:52 - 2012-10-31 06:11 - 02417152 _____ () C:\ProgramData\VIVO INTERNET\OnlineUpdate\QtCore4.dll
2014-08-07 14:52 - 2009-01-10 15:32 - 00011362 _____ () C:\ProgramData\VIVO INTERNET\OnlineUpdate\mingwm10.dll
2014-08-07 14:52 - 2009-06-22 23:42 - 00043008 _____ () C:\ProgramData\VIVO INTERNET\OnlineUpdate\libgcc_s_dw2-1.dll
2014-08-07 14:52 - 2012-10-31 06:14 - 01148416 _____ () C:\ProgramData\VIVO INTERNET\OnlineUpdate\QtNetwork4.dll
2013-11-27 21:21 - 2013-11-27 21:21 - 01309888 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\kpcengine.2.2.dll
2013-09-04 12:37 - 2013-09-04 12:37 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\991a8d378a3e64b31c0f4770ba9ae071\IsdiInterop.ni.dll
2013-05-28 19:58 - 2011-11-30 01:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-05-28 20:00 - 2012-01-10 18:42 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/26/2014 10:45:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2014 09:53:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Erro no arquivo de manifesto ou de diretiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", na linhaC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/26/2014 07:45:10 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Erro no arquivo de manifesto ou de diretiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", na linhaC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/26/2014 07:45:10 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Erro no arquivo de manifesto ou de diretiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", na linhaC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/26/2014 07:25:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/25/2014 07:40:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/25/2014 07:32:31 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..

Details:
AddLegacyDriverFiles: Unable to back up image of binary Baidu Protect.

System Error:
O sistema não pode encontrar o arquivo especificado.
.

Error: (08/25/2014 07:18:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2014 08:45:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2014 08:11:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (08/26/2014 11:23:48 AM) (Source: iaStor) (EventID: 9) (User: )
Description: O dispositivo, \Device\Ide\iaStor0, não respondeu dentro do tempo limite.

Error: (08/26/2014 11:23:44 AM) (Source: iaStor) (EventID: 9) (User: )
Description: O dispositivo, \Device\Ide\iaStor0, não respondeu dentro do tempo limite.

Error: (08/26/2014 11:23:42 AM) (Source: iaStor) (EventID: 9) (User: )
Description: O dispositivo, \Device\Ide\iaStor0, não respondeu dentro do tempo limite.

Error: (08/26/2014 11:23:23 AM) (Source: iaStor) (EventID: 9) (User: )
Description: O dispositivo, \Device\Ide\iaStor0, não respondeu dentro do tempo limite.

Error: (08/26/2014 11:23:19 AM) (Source: iaStor) (EventID: 9) (User: )
Description: O dispositivo, \Device\Ide\iaStor0, não respondeu dentro do tempo limite.

Error: (08/26/2014 11:23:15 AM) (Source: iaStor) (EventID: 9) (User: )
Description: O dispositivo, \Device\Ide\iaStor0, não respondeu dentro do tempo limite.

Error: (08/26/2014 10:55:15 AM) (Source: iaStor) (EventID: 9) (User: )
Description: O dispositivo, \Device\Ide\iaStor0, não respondeu dentro do tempo limite.

Error: (08/26/2014 10:55:13 AM) (Source: iaStor) (EventID: 9) (User: )
Description: O dispositivo, \Device\Ide\iaStor0, não respondeu dentro do tempo limite.

Error: (08/26/2014 10:54:51 AM) (Source: iaStor) (EventID: 9) (User: )
Description: O dispositivo, \Device\Ide\iaStor0, não respondeu dentro do tempo limite.

Error: (08/26/2014 10:54:49 AM) (Source: iaStor) (EventID: 9) (User: )
Description: O dispositivo, \Device\Ide\iaStor0, não respondeu dentro do tempo limite.

Microsoft Office Sessions:
=========================
Error: (08/26/2014 10:45:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2014 09:53:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (08/26/2014 07:45:10 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Administrador\Downloads\esetsmartinstaller_ptg.exe

Error: (08/26/2014 07:45:10 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Administrador\Downloads\esetsmartinstaller_ptg.exe

Error: (08/26/2014 07:25:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/25/2014 07:40:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/25/2014 07:32:31 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Baidu Protect.

System Error:
O sistema não pode encontrar o arquivo especificado.

Error: (08/25/2014 07:18:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2014 08:45:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2014 08:11:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
Date: 2014-08-26 09:52:55.140
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-26 09:52:55.138
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-26 09:52:55.135
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-26 09:52:46.231
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-26 09:52:46.228
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-26 09:52:46.225
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-20 07:36:05.111
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-20 07:36:05.107
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-20 07:36:05.104
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-20 07:35:59.254
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2328M CPU @ 2.20GHz
Percentage of memory in use: 39%
Total physical RAM: 3989.36 MB
Available physical RAM: 2433.32 MB
Total Pagefile: 7976.9 MB
Available Pagefile: 6341.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:122.34 GB) (Free:79.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:14.29 GB) (Free:1.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (Dados) (Fixed) (Total:328.83 GB) (Free:251.15 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

por suportevam Ter 26 Ago 2014, 11:49

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by Administrador (administrator) on DDNBK001 on 26-08-2014 11:36:23
Running from C:\Users\Administrador\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Português (Brasil)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link for 64-Bit Version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(http://www.ocsinventory-ng.org) C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe
(Banco Bradesco S.A.) C:\Program Files (x86)\Scpad\scpVista.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(UltraVNC) C:\Program Files (x86)\UltraVNC\winvnc.exe
() C:\ProgramData\VIVO INTERNET\OnlineUpdate\ouc.exe
(UltraVNC) C:\Program Files\UltraVNC\winvnc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe
(UltraVNC) C:\Program Files (x86)\UltraVNC\winvnc.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WinVNC] => C:\Arquivos de programas\UltraVNC\WinVNC.exe [712704 2006-06-18] (UltraVNC)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe [741360 2013-11-27] (Kaspersky Lab ZAO)
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\gabriela.richter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk
ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
SSODL-x32: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll (Banco Bradesco S.A.)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: ssh2 Class -> {2E3C3651-B19C-4DD9-A979-901EC3E930AF} -> C:\Program Files (x86)\Scpad\scpsssh2.dll (Banco Bradesco S.A.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - No File
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.23 192.168.0.10

FireFox:
========
FF ProfilePath: C:\Users\Administrador\AppData\Roaming\Mozilla\Firefox\Profiles\mgfhn8kg.default
FF NewTab: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF Keyword.URL: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-br.xml
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Administrador\AppData\Roaming\Mozilla\Firefox\Profiles\mgfhn8kg.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-08-18]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe [741360 2013-11-27] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356912 2014-07-19] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [72992 2014-07-07] (Hewlett-Packard Company)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-02-06] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-01-10] (Intel Corporation)
R2 klnagent; C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe [132600 2013-11-19] (Kaspersky Lab ZAO)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2013-01-27] ()
R2 OCS INVENTORY; C:\Program Files (x86)\OCS Inventory Agent\ocsservice.exe [69632 2009-04-16] (http://www.ocsinventory-ng.org) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-06-06] (Realtek Semiconductor)
R2 scpVista; C:\Program Files (x86)\Scpad\scpVista.exe [360624 2012-10-24] (Banco Bradesco S.A.)
R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [316992 2007-04-27] (SafeNet, Inc.)
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2007-04-27] (SafeNet, Inc)
R2 uvnc_service; C:\Program Files (x86)\UltraVNC\WinVNC.exe [2015968 2012-02-14] (UltraVNC)
S2 VIVO INTERNET. RunOuc; C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe [650320 2013-08-13] ()
R2 winvnc; C:\Arquivos de programas\UltraVNC\WinVNC.exe [712704 2006-06-18] (UltraVNC) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-07] (Disc Soft Ltd)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [246272 2013-06-29] (Huawei Technologies Co., Ltd.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-09-05] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [98400 2014-08-21] (Kaspersky Lab ZAO)
R1 KLFLTDEV; C:\Windows\System32\DRIVERS\klfltdev.sys [30816 2013-07-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [661600 2014-08-21] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-07-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2012-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177760 2013-07-01] (Kaspersky Lab ZAO)
S3 PortTalk; C:\Windows\SysWOW64\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] [File not signed]
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [260712 2012-01-30] (Realtek Semiconductor Corp.)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-02-24] (Synaptics Incorporated)
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-26 11:36 - 2014-08-26 11:36 - 00015353 _____ () C:\Users\Administrador\Desktop\FRST.txt
2014-08-26 11:36 - 2014-08-26 11:36 - 00000000 ____D () C:\FRST
2014-08-26 11:35 - 2014-08-26 11:33 - 02103296 _____ (Farbar) C:\Users\Administrador\Desktop\FRST64.exe
2014-08-26 10:55 - 2014-08-26 10:55 - 00105514 _____ () C:\Users\Administrador\Desktop\NCDiag.txt
2014-08-26 10:55 - 2014-08-26 10:55 - 00000885 _____ () C:\Users\Administrador\Desktop\NCScript.txt
2014-08-26 10:54 - 2014-08-26 10:53 - 01234944 _____ (Nicolas Coolman) C:\Users\Administrador\Desktop\NCDiag.exe
2014-08-26 10:42 - 2014-08-26 10:42 - 00003196 _____ () C:\Windows\System32\Tasks\{D2961CB4-503D-4B22-A44B-E9DE77BEB569}
2014-08-26 10:42 - 2014-08-26 10:26 - 00001698 _____ () C:\Users\Administrador\Desktop\ZHPFixReport.txt
2014-08-26 09:29 - 2014-08-26 09:29 - 00031936 _____ () C:\Users\Administrador\Desktop\ZHPDiag.txt
2014-08-26 09:26 - 2014-08-26 10:55 - 00000000 ____D () C:\Users\Administrador\AppData\Roaming\ZHP
2014-08-26 09:26 - 2014-08-26 09:26 - 00001947 _____ () C:\Users\Administrador\Desktop\ZHPFix.lnk
2014-08-26 09:26 - 2014-08-26 09:26 - 00001820 _____ () C:\Users\Administrador\Desktop\ZHPDiag.lnk
2014-08-26 09:26 - 2014-08-26 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-08-26 09:26 - 2014-08-26 09:26 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-08-26 09:25 - 2014-08-26 09:22 - 06860246 _____ (Nicolas Coolman ) C:\Users\Administrador\Desktop\ZHPDiag2.exe
2014-08-26 08:36 - 2014-08-26 08:36 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-08-26 07:14 - 2014-08-25 09:57 - 00001332 _____ () C:\zoek-results2014-08-25-125750.log
2014-08-25 09:56 - 2014-08-22 09:02 - 00007322 _____ () C:\zoek-results2014-08-22-120202.log
2014-08-25 07:31 - 2014-08-25 07:31 - 00000000 ____D () C:\_OTM
2014-08-25 07:30 - 2014-08-25 07:28 - 00007188 _____ () C:\Users\Administrador\Desktop\otm2.txt
2014-08-25 07:29 - 2014-08-25 07:27 - 00522240 _____ (OldTimer Tools) C:\Users\Administrador\Desktop\OTM.exe
2014-08-22 09:00 - 2014-08-22 08:45 - 00050792 _____ () C:\zoek-results2014-08-22-114552.log
2014-08-22 08:21 - 2014-08-26 07:16 - 00002113 _____ () C:\zoek-results.log
2014-08-22 08:19 - 2014-08-22 08:34 - 00000000 ____D () C:\zoek_backup
2014-08-22 08:15 - 2014-08-22 08:16 - 01288704 _____ () C:\Users\Administrador\Desktop\zoek.exe
2014-08-21 14:34 - 2014-08-21 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Endpoint Security 10 para Windows
2014-08-21 13:31 - 2014-08-21 13:31 - 00001107 _____ () C:\Users\Administrador\Desktop\JRT.txt
2014-08-21 13:22 - 2014-08-21 13:22 - 00000000 ____D () C:\Windows\ERUNT
2014-08-21 13:21 - 2014-08-21 13:21 - 01016261 _____ (Thisisu) C:\Users\Administrador\Desktop\JRT.exe
2014-08-21 11:21 - 2014-08-21 11:21 - 00000000 ____D () C:\Users\Administrador\AppData\Roaming\Macromedia
2014-08-21 07:25 - 2014-08-21 07:25 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-08-21 07:24 - 2014-08-26 10:45 - 00000000 ____D () C:\Users\Todos os Usuários\Kaspersky Lab
2014-08-21 07:24 - 2014-08-26 10:45 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-21 07:24 - 2014-08-21 07:24 - 00661600 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-08-21 07:24 - 2014-08-21 07:24 - 00098400 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-08-21 07:22 - 2014-08-21 07:24 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-08-20 13:57 - 2014-08-20 13:57 - 00000000 ____D () C:\Users\Todos os Usuários\KasperskyLab
2014-08-20 13:57 - 2014-08-20 13:57 - 00000000 ____D () C:\ProgramData\KasperskyLab
2014-08-18 13:36 - 2014-08-18 13:36 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-18 13:33 - 2014-08-18 13:34 - 02347384 _____ (ESET) C:\Users\Administrador\Downloads\esetsmartinstaller_ptg.exe
2014-08-18 13:17 - 2014-08-18 13:17 - 00000000 ____D () C:\Users\Administrador\AppData\Roaming\Malwarebytes
2014-08-18 11:54 - 2014-08-26 10:44 - 00002018 _____ () C:\Windows\setupact.log
2014-08-18 11:54 - 2014-08-26 10:43 - 00008152 _____ () C:\Windows\PFRO.log
2014-08-18 11:54 - 2014-08-18 11:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-18 11:51 - 2014-08-18 11:51 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-18 11:51 - 2014-08-18 11:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-18 11:37 - 2014-08-18 11:37 - 00000000 ____D () C:\Users\Administrador\AppData\Roaming\Mozilla
2014-08-18 11:37 - 2014-08-18 11:37 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Mozilla
2014-08-18 11:36 - 2014-08-18 11:36 - 00011450 _____ () C:\Users\Administrador\Desktop\hijackthis.log
2014-08-18 11:36 - 2014-08-18 11:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\Administrador\Desktop\HijackThis.exe
2014-08-18 11:34 - 2014-08-18 11:35 - 00001644 _____ () C:\Users\Administrador\Desktop\rede_geral (192.168.0.20).lnk
2014-08-18 09:42 - 2014-08-26 10:46 - 00073608 _____ () C:\Users\Administrador\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-18 09:42 - 2014-08-26 09:32 - 00003974 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6A930B94-AE00-4427-A1E1-CADC50B6EBA0}
2014-08-18 09:42 - 2014-08-18 09:42 - 00001389 _____ () C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-18 09:42 - 2014-08-18 09:42 - 00000000 ____D () C:\Users\Administrador\AppData\Roaming\WinRAR
2014-08-18 09:42 - 2014-08-18 09:42 - 00000000 ____D () C:\Users\Administrador\AppData\Roaming\Synaptics
2014-08-18 09:42 - 2014-08-18 09:42 - 00000000 ____D () C:\Users\Administrador\AppData\Roaming\Intel Corporation
2014-08-18 09:42 - 2014-08-18 09:42 - 00000000 ____D () C:\Users\Administrador\AppData\Roaming\Adobe
2014-08-18 09:41 - 2014-08-25 07:43 - 00000000 ____D () C:\Users\Administrador
2014-08-18 09:41 - 2014-08-18 09:42 - 00000000 ___RD () C:\Users\Administrador\Virtual Machines
2014-08-18 09:41 - 2014-08-18 09:41 - 00000020 ___SH () C:\Users\Administrador\ntuser.ini
2014-08-18 09:41 - 2014-08-18 09:41 - 00000000 _SHDL () C:\Users\Administrador\Modelos
2014-08-18 09:41 - 2014-08-18 09:41 - 00000000 _SHDL () C:\Users\Administrador\Meus documentos
2014-08-18 09:41 - 2014-08-18 09:41 - 00000000 _SHDL () C:\Users\Administrador\Menu Iniciar
2014-08-18 09:41 - 2014-08-18 09:41 - 00000000 _SHDL () C:\Users\Administrador\Documents\Minhas músicas
2014-08-18 09:41 - 2014-08-18 09:41 - 00000000 _SHDL () C:\Users\Administrador\Documents\Minhas imagens
2014-08-18 09:41 - 2014-08-18 09:41 - 00000000 _SHDL () C:\Users\Administrador\Documents\Meus vídeos
2014-08-18 09:41 - 2014-08-18 09:41 - 00000000 _SHDL () C:\Users\Administrador\Dados de aplicativos
2014-08-18 09:41 - 2014-08-18 09:41 - 00000000 _SHDL () C:\Users\Administrador\Configurações locais
2014-08-18 09:41 - 2014-08-18 09:41 - 00000000 _SHDL () C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2014-08-18 09:41 - 2014-08-18 09:41 - 00000000 _SHDL () C:\Users\Administrador\AppData\Local\Histórico
2014-08-18 09:41 - 2014-08-18 09:41 - 00000000 _SHDL () C:\Users\Administrador\AppData\Local\Dados de aplicativos
2014-08-18 09:41 - 2014-08-18 09:41 - 00000000 _SHDL () C:\Users\Administrador\Ambiente de rede
2014-08-18 09:41 - 2014-08-18 09:41 - 00000000 _SHDL () C:\Users\Administrador\Ambiente de impressão
2014-08-18 09:41 - 2013-08-30 08:30 - 00002110 _____ () C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-08-18 09:41 - 2009-07-14 01:54 - 00000000 ___RD () C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-18 09:41 - 2009-07-14 01:49 - 00000000 ___RD () C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-18 09:35 - 2014-08-18 09:25 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Administrador\Desktop\tdsskiller.exe
2014-08-18 09:32 - 2014-08-21 11:07 - 00000000 ____D () C:\AdwCleaner
2014-08-18 09:31 - 2014-08-12 08:39 - 01366203 _____ () C:\Users\Administrador\Desktop\AdwCleaner.exe
2014-08-08 14:15 - 2014-08-08 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIVO INTERNET
2014-08-08 14:14 - 2013-08-21 23:33 - 00375040 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_wwanecm.sys
2014-08-08 14:14 - 2013-08-21 23:32 - 00121728 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_cdcacm.sys
2014-08-08 14:14 - 2013-06-30 21:29 - 00455680 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys
2014-08-08 14:14 - 2013-06-29 06:17 - 00246272 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2014-08-08 14:14 - 2013-03-04 05:32 - 00110592 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2014-08-08 14:14 - 2013-03-04 05:32 - 00091648 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2014-08-08 14:14 - 2013-03-04 05:32 - 00077312 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2014-08-08 14:14 - 2013-03-04 05:32 - 00030720 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2014-08-08 14:14 - 2013-03-04 05:21 - 00226048 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2014-08-08 14:14 - 2013-01-24 22:16 - 00109568 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2014-08-08 14:14 - 2012-12-21 22:46 - 00014976 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2014-08-08 14:14 - 2010-10-08 05:59 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2014-08-08 14:14 - 2010-09-26 07:09 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
2014-08-08 14:14 - 2010-08-05 20:43 - 01001472 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2014-08-08 14:12 - 2014-08-08 14:15 - 00000000 ____D () C:\Program Files (x86)\VIVO INTERNET
2014-08-08 13:40 - 2014-08-08 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-07 14:57 - 2014-08-07 14:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\Users\Todos os Usuários\VIVO INTERNET
2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\ProgramData\VIVO INTERNET
2014-08-05 10:43 - 2014-08-05 10:43 - 00007006 _____ () C:\Users\gabriela.richter\Downloads\Bradesco_04082014_155815.html
2014-07-30 08:03 - 2014-07-30 08:03 - 00001304 _____ () C:\Users\gabriela.richter\Desktop\Celular VIVO -.lnk
2014-07-30 08:03 - 2014-07-30 08:03 - 00001266 _____ () C:\Users\gabriela.richter\Desktop\Controle Req. Ped.lnk
2014-07-28 11:42 - 2014-07-28 11:42 - 00000044 _____ () C:\Users\gabriela.richter\AppData\Roaming\WB.CFG

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-26 11:36 - 2014-08-26 11:36 - 00015353 _____ () C:\Users\Administrador\Desktop\FRST.txt
2014-08-26 11:36 - 2014-08-26 11:36 - 00000000 ____D () C:\FRST
2014-08-26 11:33 - 2014-08-26 11:35 - 02103296 _____ (Farbar) C:\Users\Administrador\Desktop\FRST64.exe
2014-08-26 11:32 - 2014-06-06 09:41 - 01694390 _____ () C:\Windows\WindowsUpdate.log
2014-08-26 11:10 - 2012-05-22 17:20 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-26 11:10 - 2012-05-22 17:20 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-26 11:00 - 2009-07-14 01:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-26 11:00 - 2009-07-14 01:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-26 10:55 - 2014-08-26 10:55 - 00105514 _____ () C:\Users\Administrador\Desktop\NCDiag.txt
2014-08-26 10:55 - 2014-08-26 10:55 - 00000885 _____ () C:\Users\Administrador\Desktop\NCScript.txt
2014-08-26 10:55 - 2014-08-26 09:26 - 00000000 ____D () C:\Users\Administrador\AppData\Roaming\ZHP
2014-08-26 10:53 - 2014-08-26 10:54 - 01234944 _____ (Nicolas Coolman) C:\Users\Administrador\Desktop\NCDiag.exe
2014-08-26 10:46 - 2014-08-18 09:42 - 00073608 _____ () C:\Users\Administrador\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-26 10:45 - 2014-08-21 07:24 - 00000000 ____D () C:\Users\Todos os Usuários\Kaspersky Lab
2014-08-26 10:45 - 2014-08-21 07:24 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-26 10:44 - 2014-08-18 11:54 - 00002018 _____ () C:\Windows\setupact.log
2014-08-26 10:44 - 2013-08-30 09:55 - 00000136 _____ () C:\Windows\system32\config\netlogon.ftl
2014-08-26 10:44 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-26 10:43 - 2014-08-18 11:54 - 00008152 _____ () C:\Windows\PFRO.log
2014-08-26 10:43 - 2009-07-14 01:45 - 00343240 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-26 10:42 - 2014-08-26 10:42 - 00003196 _____ () C:\Windows\System32\Tasks\{D2961CB4-503D-4B22-A44B-E9DE77BEB569}
2014-08-26 10:26 - 2014-08-26 10:42 - 00001698 _____ () C:\Users\Administrador\Desktop\ZHPFixReport.txt
2014-08-26 09:32 - 2014-08-18 09:42 - 00003974 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6A930B94-AE00-4427-A1E1-CADC50B6EBA0}
2014-08-26 09:29 - 2014-08-26 09:29 - 00031936 _____ () C:\Users\Administrador\Desktop\ZHPDiag.txt
2014-08-26 09:26 - 2014-08-26 09:26 - 00001947 _____ () C:\Users\Administrador\Desktop\ZHPFix.lnk
2014-08-26 09:26 - 2014-08-26 09:26 - 00001820 _____ () C:\Users\Administrador\Desktop\ZHPDiag.lnk
2014-08-26 09:26 - 2014-08-26 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-08-26 09:26 - 2014-08-26 09:26 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-08-26 09:22 - 2014-08-26 09:25 - 06860246 _____ (Nicolas Coolman ) C:\Users\Administrador\Desktop\ZHPDiag2.exe
2014-08-26 08:50 - 2013-09-13 11:35 - 00000376 _____ () C:\Windows\Tasks\HPCeeScheduleForgabriela.richter.job
2014-08-26 08:36 - 2014-08-26 08:36 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-08-26 08:36 - 2012-05-22 17:16 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-08-26 07:16 - 2014-08-22 08:21 - 00002113 _____ () C:\zoek-results.log
2014-08-25 09:57 - 2014-08-26 07:14 - 00001332 _____ () C:\zoek-results2014-08-25-125750.log
2014-08-25 07:43 - 2014-08-18 09:41 - 00000000 ____D () C:\Users\Administrador
2014-08-25 07:31 - 2014-08-25 07:31 - 00000000 ____D () C:\_OTM
2014-08-25 07:28 - 2014-08-25 07:30 - 00007188 _____ () C:\Users\Administrador\Desktop\otm2.txt
2014-08-25 07:27 - 2014-08-25 07:29 - 00522240 _____ (OldTimer Tools) C:\Users\Administrador\Desktop\OTM.exe
2014-08-22 09:02 - 2014-08-25 09:56 - 00007322 _____ () C:\zoek-results2014-08-22-120202.log
2014-08-22 08:45 - 2014-08-22 09:00 - 00050792 _____ () C:\zoek-results2014-08-22-114552.log
2014-08-22 08:35 - 2013-09-02 10:57 - 00000000 ____D () C:\Users\gabriela.richter
2014-08-22 08:34 - 2014-08-22 08:19 - 00000000 ____D () C:\zoek_backup
2014-08-22 08:16 - 2014-08-22 08:15 - 01288704 _____ () C:\Users\Administrador\Desktop\zoek.exe
2014-08-21 14:34 - 2014-08-21 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Endpoint Security 10 para Windows
2014-08-21 13:31 - 2014-08-21 13:31 - 00001107 _____ () C:\Users\Administrador\Desktop\JRT.txt
2014-08-21 13:22 - 2014-08-21 13:22 - 00000000 ____D () C:\Windows\ERUNT
2014-08-21 13:21 - 2014-08-21 13:21 - 01016261 _____ (Thisisu) C:\Users\Administrador\Desktop\JRT.exe
2014-08-21 13:20 - 2013-08-30 09:59 - 00000000 ____D () C:\Program Files (x86)\OCS Inventory Agent
2014-08-21 11:21 - 2014-08-21 11:21 - 00000000 ____D () C:\Users\Administrador\AppData\Roaming\Macromedia
2014-08-21 11:07 - 2014-08-18 09:32 - 00000000 ____D () C:\AdwCleaner
2014-08-21 07:25 - 2014-08-21 07:25 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-08-21 07:24 - 2014-08-21 07:24 - 00661600 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-08-21 07:24 - 2014-08-21 07:24 - 00098400 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-08-21 07:24 - 2014-08-21 07:22 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-08-20 13:57 - 2014-08-20 13:57 - 00000000 ____D () C:\Users\Todos os Usuários\KasperskyLab
2014-08-20 13:57 - 2014-08-20 13:57 - 00000000 ____D () C:\ProgramData\KasperskyLab
2014-08-20 13:28 - 2012-05-22 21:23 - 00664342 _____ () C:\Windows\system32\prfh0416.dat
2014-08-20 13:28 - 2012-05-22 21:23 - 00128632 _____ () C:\Windows\system32\prfc0416.dat
2014-08-20 13:28 - 2009-07-14 02:13 - 01517030 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-19 09:02 - 2013-09-17 13:54 - 00000498 _____ () C:\Users\gabriela.richter\address.ser
2014-08-19 08:59 - 2014-01-20 08:12 - 00005076 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {96e3b6c1-cb58-49ad-979a-67a7f07d4c79} DDNBK001.delga.com.br
2014-08-19 08:38 - 2013-09-02 14:26 - 04196406 _____ () C:\Users\gabriela.richter\BGInfo.bmp
2014-08-18 13:36 - 2014-08-18 13:36 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-18 13:34 - 2014-08-18 13:33 - 02347384 _____ (ESET) C:\Users\Administrador\Downloads\esetsmartinstaller_ptg.exe
2014-08-18 13:17 - 2014-08-18 13:17 - 00000000 ____D () C:\Users\Administrador\AppData\Roaming\Malwarebytes
2014-08-18 11:54 - 2014-08-18 11:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-18 11:54 - 2014-01-23 13:57 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-08-18 11:53 - 2014-01-23 13:57 - 00000000 ____D () C:\Users\gabriela.richter\Documents\Anti-Malware
2014-08-18 11:52 - 2014-04-14 07:27 - 00000000 ____D () C:\Windows\Minidump
2014-08-18 11:51 - 2014-08-18 11:51 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-18 11:51 - 2014-08-18 11:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-18 11:51 - 2013-12-17 07:47 - 00002788 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-18 11:51 - 2013-12-17 07:47 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-18 11:37 - 2014-08-18 11:37 - 00000000 ____D () C:\Users\Administrador\AppData\Roaming\Mozilla
2014-08-18 11:37 - 2014-08-18 11:37 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Mozilla
2014-08-18 11:36 - 2014-08-18 11:36 - 00011450 _____ () C:\Users\Administrador\Desktop\hijackthis.log
2014-08-18 11:35 - 2014-08-18 11:34 - 00001644 _____ () C:\Users\Administrador\Desktop\rede_geral (192.168.0.20).lnk
2014-08-18 11:32 - 2014-08-18 11:36 - 00388608 _____ (Trend Micro Inc.) C:\Users\Administrador\Desktop\HijackThis.exe
2014-08-18 09:42 - 2014-08-18 09:42 - 00001389 _____ () C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-18 09:42 - 2014-08-18 09:42 - 00000000 ____D () C:\Users\Administrador\AppData\Roaming\WinRAR
2014-08-18 09:42 - 2014-08-18 09:42 - 00000000 ____D () C:\Users\Administrador\AppData\Roaming\Synaptics
2014-08-18 09:42 - 2014-08-18 09:42 - 00000000 ____D () C:\Users\Administrador\AppData\Roaming\Intel Corporation
2014-08-18 09:42 - 2014-08-18 09:42 - 00000000 ____D () C:\Users\Administrador\AppData\Roaming\Adobe
2014-08-18 09:42 - 2014-08-18 09:41 - 00000000 ___RD () C:\Users\Administrador\Virtual Machines
2014-08-18 09:42 - 2009-07-14 01:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-08-18 09:41 - 2014-08-18 09:41 - 00000020 ___SH () C:\Users\Administrador\ntuser.ini
2014-08-18 09:41 - 2014-08-18 09:41 - 00000000 _SHDL () C:\Users\Administrador\Modelos
2014-08-18 09:41 - 2014-08-18 09:41 - 00000000 _SHDL () C:\Users\Administrador\Meus documentos
2014-08-18 09:41 - 2014-08-18 09:41 - 00000000 _SHDL () C:\Users\Administrador\Menu Iniciar
2014-08-18 09:41 - 2014-08-18 09:41 - 00000000 _SHDL () C:\Users\Administrador\Documents\Minhas músicas
2014-08-18 09:41 - 2014-08-18 09:41 - 00000000 _SHDL () C:\Users\Administrador\Documents\Minhas imagens
2014-08-18 09:41 - 2014-08-18 09:41 - 00000000 _SHDL () C:\Users\Administrador\Documents\Meus vídeos
2014-08-18 09:41 - 2014-08-18 09:41 - 00000000 _SHDL () C:\Users\Administrador\Dados de aplicativos
2014-08-18 09:41 - 2014-08-18 09:41 - 00000000 _SHDL () C:\Users\Administrador\Configurações locais
2014-08-18 09:41 - 2014-08-18 09:41 - 00000000 _SHDL () C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2014-08-18 09:41 - 2014-08-18 09:41 - 00000000 _SHDL () C:\Users\Administrador\AppData\Local\Histórico
2014-08-18 09:41 - 2014-08-18 09:41 - 00000000 _SHDL () C:\Users\Administrador\AppData\Local\Dados de aplicativos
2014-08-18 09:41 - 2014-08-18 09:41 - 00000000 _SHDL () C:\Users\Administrador\Ambiente de rede
2014-08-18 09:41 - 2014-08-18 09:41 - 00000000 _SHDL () C:\Users\Administrador\Ambiente de impressão
2014-08-18 09:25 - 2014-08-18 09:35 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Administrador\Desktop\tdsskiller.exe
2014-08-18 08:36 - 2013-09-03 10:55 - 00000000 ____D () C:\Users\gabriela.richter\Documents\SAP
2014-08-18 08:36 - 2013-09-03 10:55 - 00000000 ____D () C:\Users\gabriela.richter\AppData\Roaming\SAP
2014-08-18 08:36 - 2013-09-03 10:55 - 00000000 ____D () C:\Users\gabriela.richter\AppData\Local\SAP
2014-08-15 14:50 - 2013-09-13 11:35 - 00003252 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForgabriela.richter
2014-08-14 13:30 - 2013-09-04 15:50 - 00000000 ____D () C:\Users\gabriela.richter\AppData\Local\CrashDumps
2014-08-12 08:39 - 2014-08-18 09:31 - 01366203 _____ () C:\Users\Administrador\Desktop\AdwCleaner.exe
2014-08-08 14:16 - 2013-10-02 15:24 - 00000000 ____D () C:\Users\Todos os Usuários\DatacardService
2014-08-08 14:16 - 2013-10-02 15:24 - 00000000 ____D () C:\ProgramData\DatacardService
2014-08-08 14:15 - 2014-08-08 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIVO INTERNET
2014-08-08 14:15 - 2014-08-08 14:12 - 00000000 ____D () C:\Program Files (x86)\VIVO INTERNET
2014-08-08 14:09 - 2013-10-18 11:22 - 00000000 ____D () C:\Users\gabriela.richter\AppData\Roaming\Samsung
2014-08-08 14:08 - 2013-10-18 11:19 - 00000000 ____D () C:\Users\Todos os Usuários\Samsung
2014-08-08 14:08 - 2013-10-18 11:19 - 00000000 ____D () C:\ProgramData\Samsung
2014-08-08 14:07 - 2012-05-22 17:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-08 13:51 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-08 13:49 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-08-08 13:45 - 2014-03-07 16:54 - 00000000 ____D () C:\Users\Todos os Usuários\Rosetta Stone
2014-08-08 13:45 - 2014-03-07 16:54 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2014-08-08 13:43 - 2012-05-22 17:21 - 00000000 ____D () C:\Program Files (x86)\HP Games
2014-08-08 13:40 - 2014-08-08 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-08 13:40 - 2013-09-14 20:39 - 00000000 ____D () C:\Users\gabriela.richter\AppData\Roaming\WildTangent
2014-08-08 13:40 - 2012-05-22 17:21 - 00000000 ____D () C:\Users\Todos os Usuários\WildTangent
2014-08-08 13:40 - 2012-05-22 17:21 - 00000000 ____D () C:\ProgramData\WildTangent
2014-08-08 13:39 - 2013-09-05 09:06 - 00000000 ____D () C:\Program Files (x86)\InstallAffixationInfo
2014-08-07 14:57 - 2014-08-07 14:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2014-08-07 14:57 - 2013-09-02 10:59 - 00000000 ____D () C:\Users\gabriela.richter\AppData\Local\VirtualStore
2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\Users\Todos os Usuários\VIVO INTERNET
2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\ProgramData\VIVO INTERNET
2014-08-05 10:43 - 2014-08-05 10:43 - 00007006 _____ () C:\Users\gabriela.richter\Downloads\Bradesco_04082014_155815.html
2014-08-04 07:34 - 2014-07-14 11:14 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-30 08:03 - 2014-07-30 08:03 - 00001304 _____ () C:\Users\gabriela.richter\Desktop\Celular VIVO -.lnk
2014-07-30 08:03 - 2014-07-30 08:03 - 00001266 _____ () C:\Users\gabriela.richter\Desktop\Controle Req. Ped.lnk
2014-07-28 11:42 - 2014-07-28 11:42 - 00000044 _____ () C:\Users\gabriela.richter\AppData\Roaming\WB.CFG

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-19 08:01

==================== End Of Log ============================

por **Power Max** Ter 26 Ago 2014, 12:39

Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o no desktop (área de trabalho).

Clique com o botão direito do mouse sobre o FRST64, depois clique em [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem].

Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta.

por suportevam Ter 26 Ago 2014, 13:09

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-08-2014
Ran by Administrador at 2014-08-26 13:07:26 Run:1
Running from C:\Users\Administrador\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
end
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog ====

por suportevam Ter 26 Ago 2014, 13:16

esse baidu n saiu ainda Crying or Very sad

por **Power Max** Ter 26 Ago 2014, 13:35

O Farbar removeu outros problemas, mas nada referente ao Baidu foi encontrado.
__________________________________________

Na verdade os itens ativos do Baidu já foram removidos, o que sobrou foram apenas alguns poucos restos dele que não interferem no PC.

por suportevam Ter 26 Ago 2014, 13:57

não vou correr o risco de ter senhas copiadas com o q restou do baidu?

por **Power Max** Ter 26 Ago 2014, 14:06

O Baidu não copia senhas, mesmo se ele estivesse completo.

por **Power Max** Ter 26 Ago 2014, 14:55

Seu PC está seguro.

computador - computador com malware baidu e outros - Página 2 772309

Só para finalizar siga estes tutoriais abaixo, por gentileza:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

computador - computador com malware baidu e outros - Página 2 772309

Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________

computador - computador com malware baidu e outros - Página 2 648673379

computador - computador com malware baidu e outros - Página 2 648673379

Foi um prazer ajudar. Conte sempre conosco!

por suportevam Qua 27 Ago 2014, 07:37

Afinal o que esse baidu faz no computador?

por **Power Max** Qua 27 Ago 2014, 09:30

suportevam escreveu:Afinal o que esse baidu faz no computador?

O Baidu é um antivirus que se instala normalmente embutido em outros programas sem a vontade da pessoa.

por **Power Max** Qua 27 Ago 2014, 13:49

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.

por Conteúdo patrocinado

computador com malware baidu e outros

(RESOLVIDO) computador com malware baidu e outros

(RESOLVIDO) computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Re: computador com malware baidu e outros

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30