[Resolvido] Computador entrando em sites estranhos

carol2906 · Março 24, 2015

Boa tarde,

Estou desesperada, não consigo fazer nada no meu computador sem ser redirecionada pra sites estranhos.

Começou a ficar assim depois que meu marido instalou uns programas no computador no Domingo, ontem estava mais ou menos ainda, mas hoje está impossível de mexer.

Segue o log do hijackthis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:44:17, on 24/03/2015

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\SiS VGA Utilities\SiSTray.exe

C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\lg_fwupdate\fwupdate.exe

C:\Program Files\CCleaner\CCleaner.exe

C:\Windows\System32\C2MP\UpdateChecker.exe

C:\Users\Not\AppData\Local\Microsoft\OneDrive\OneDrive.exe

C:\Windows\System32\C2MP\TrayMenu.exe

C:\ProgramData\{57d51851-15dc-2e26-57d5-5185115d6144}\Adobe Illustrator CS6 Serial Number Keygen, Crack 32 64 bit.exe

C:\Users\Not\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1427037150&from=wpc&uid=WDCXWD3200BEVT-00ZCT0_WD-WXE409JR7164R7164

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.coolsearches.info/?pid=22147&r=2015/03/22&hid=17850545162899052553&lg=EN&cc=BR&unqvl=85

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1427037150&from=wpc&uid=WDCXWD3200BEVT-00ZCT0_WD-WXE409JR7164R7164

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1427037150&from=wpc&uid=WDCXWD3200BEVT-00ZCT0_WD-WXE409JR7164R7164&q={searchTerms}

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1427037150&from=wpc&uid=WDCXWD3200BEVT-00ZCT0_WD-WXE409JR7164R7164&q={searchTerms}

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.coolsearches.info/?pid=22147&r=2015/03/22&hid=17850545162899052553&lg=EN&cc=BR&unqvl=85

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SalePlus - {32fec9c6-92f9-4d13-b67d-3358a72dbe73} - C:\Program Files\SalePlus\8JVbSVWLLRzslo.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [siSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"

O4 - HKLM\..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\lgfw.exe blrun

O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"

O4 - HKLM\..\Run: [Codec Settings UAC Manager] "C:\Windows\system32\C2MP\CodecUACManager.exe"

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

O4 - HKCU\..\Run: [EPSON TX133 TX135 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHJB.EXE /FU "C:\Windows\TEMP\E_S11B.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR

O4 - HKCU\..\Run: [Codec Pack Update Checker] "C:\Windows\system32\C2MP\UpdateChecker.exe"

O4 - HKCU\..\Run: [OneDrive] "C:\Users\Not\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background

O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_4D013C93135F825B6C898CEE188794F1] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Startup: Adobe Illustrator CS6 Serial Number Keygen, Crack 32 64 bit.lnk = C:\ProgramData\{57d51851-15dc-2e26-57d5-5185115d6144}\Adobe Illustrator CS6 Serial Number Keygen, Crack 32 64 bit.exe

O4 - Startup: Dropbox.lnk = Not\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Global Startup: CodecPackTrayMenu.lnk = C:\Windows\System32\C2MP\TrayMenu.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL

O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE

O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Sentinel HASP License Manager (hasplms) - SafeNet Inc. - C:\Windows\system32\hasplms.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--

End of file - 8397 bytes

carol2906 · Março 24, 2015

Boa tarde, Seguem logs:

# AdwCleaner v4.113 - Logfile created 24/03/2015 at 14:55:53

# Updated 22/03/2015 by Xplode

# Database : 2015-03-23.1 [server]

# Operating system : Windows 7 Ultimate Service Pack 1 (x86)

# Username : Not - NOT-PC

# Running from : C:\Users\Not\Desktop\adwcleaner_4.113.exe

# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn

Folder Deleted : C:\ProgramData\32b0c61d00007563

Folder Deleted : C:\Program Files\SaallePlus

Folder Deleted : C:\Program Files\SAilePLus

Folder Deleted : C:\Program Files\SalePlus

Folder Deleted : C:\Users\Not\AppData\Roaming\EZDownloader

Folder Deleted : C:\ProgramData\infbobjjjfejdlmgnoedlbmpmjabioaa

Folder Deleted : C:\ProgramData\nhalfonlolajbjebddaniicmfdmelbdm

File Deleted : C:\Users\Not\AppData\Roaming\Mozilla\Firefox\Profiles\nnlpqfcd.default\searchplugins\WebSearch.xml

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd

Key Deleted : HKLM\SOFTWARE\Classes\P92185047_c772_4c8e_be49_f29e731e34b8_.P92185047_c772_4c8e_be49_f29e731e34b8_

Key Deleted : HKLM\SOFTWARE\Classes\P92185047_c772_4c8e_be49_f29e731e34b8_.P92185047_c772_4c8e_be49_f29e731e34b8_.9

Key Deleted : HKLM\SOFTWARE\Classes\Pf6e821d1_207c_4395_af9d_965e0f13d4de_.Pf6e821d1_207c_4395_af9d_965e0f13d4de_

Key Deleted : HKLM\SOFTWARE\Classes\Pf6e821d1_207c_4395_af9d_965e0f13d4de_.Pf6e821d1_207c_4395_af9d_965e0f13d4de_.9

Key Deleted : HKLM\SOFTWARE\409221db-f320-ecdb-d142-f2b324fbb67b

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{92185047-c772-4c8e-be49-f29e731e34b8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{f6e821d1-207c-4395-af9d-965e0f13d4de}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0B55F99-F893-4F84-AE82-CAE0E70DFDFA}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92185047-c772-4c8e-be49-f29e731e34b8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{92185047-c772-4c8e-be49-f29e731e34b8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f6e821d1-207c-4395-af9d-965e0f13d4de}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\HomeTab

Key Deleted : HKCU\Software\simplytech

Key Deleted : HKCU\Software\TNT2

Key Deleted : HKCU\Software\WajIntEnhance

Key Deleted : HKCU\Software\SearchProtectWS

Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}

Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}

Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork

Key Deleted : HKLM\SOFTWARE\SearchProtect

Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}

Key Deleted : HKLM\SOFTWARE\WajIntEnhance

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2D81E70-2A98-4A08-A628-94388B063C5E}

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16421

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [secondary Start Pages]

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]

-\\ Mozilla Firefox v

[nnlpqfcd.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.coolsearches.info/?pid=22147&r=2015/03/22&hid=17850545162899052553&lg=EN&cc=BR&unqvl=85");

-\\ Google Chrome v41.0.2272.101

*************************

AdwCleaner[R0].txt - [5711 bytes] - [24/03/2015 14:52:27]

AdwCleaner[s0].txt - [5008 bytes] - [24/03/2015 14:55:53]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5067 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.6 (03.22.2015:1)

OS: Windows 7 Ultimate x86

Ran by Not on 24/03/2015 at 15:00:26,08

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 24/03/2015 at 15:04:11,81

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

carol2906 · Março 24, 2015

Boa tarde,

O relatório está no seguinte link: http://www.cjoint.com/15ma/ECyujDe0v6P.htm

Abraço

carol2906 · Março 25, 2015

Bom dia segue relatório...

Rapport de ZHPFix 2015.3.18.4 par Nicolas Coolman, Update du 18/03/2015

Fichier d'export Registre :

Run by Not at 25/03/2015 08:30:14

High Elevated Privileges : OK

Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 03s)

Prefetcher vazio

========== Chaves do Registo ==========

ELIMINÉ: HKCU\Software\Baixaki

ELIMINÉ CLSID MPSK: {afccec1b-89e5-11e4-9639-00030dd8fd88}

========== Valores do Registo ==========

ELIMINÉ RunValue: AdobeBridge

Ausente Valor Perfil Padrão: FirewallRaz :

Ausente Valor Perfil Domínio FirewallRaz :

ELIMINÉ: FirewallRaz (None) : {B65F794C-3D7D-401D-B876-1DD92E68352C}

========== Pastas ==========

Nenhuma pasta CLSID local utilizador vazia

ELIMINÉ Temporários windows (26)

ELIMINÉ Flash Cookies (0)

========== Ficheiros ==========

ELIMINÉ: c:\windows\prefetch\browserextensionssetup.exe-49479a68.pf

ELIMINÉ Temporários windows (131) (13.350.454 octets)

ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========

Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========

2 : Chaves do Registo

4 : Valores do Registo

3 : Pastas

3 : Ficheiros

1 : Restauração Sistema

End of clean in 00mn 27s

========== Caminho do ficheiro do relatório ==========

C:\Users\Not\AppData\Roaming\ZHP\ZHPFix[R1].txt - 25/03/2015 08:30:18 [1309]

carol2906 · Março 25, 2015

carol2906 · Março 25, 2015

Acho que é esse:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015

Ran by Not at 2015-03-25 10:25:12

Running from C:\Users\Not\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1918045531-4293645944-74723622-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)

Add or Remove Adobe Creative Suite 3 Design Premium (HKLM\...\Adobe_c14ac4070fd9614ffe63f4bb533db2c) (Version: 1.0 - Adobe Systems Incorporated)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)

Adobe Flash Player 9 ActiveX (HKLM\...\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}) (Version: 9.0.45.0 - Adobe Systems, Inc.)

Adobe Flash Player 9 Plugin (HKLM\...\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}) (Version: 9.0.45.0 - Adobe Systems, Inc.)

Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)

Adobe Illustrator CS6 (HKLM\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)

Adobe Reader XI - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)

AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden

AMP Font Viewer (HKLM\...\AMP Font Viewer) (Version: - )

Arquivo do WinRAR (HKLM\...\WinRAR archiver) (Version: - )

aTube Catcher versão 3.8 (HKLM\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)

CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)

Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

Corel Graphics - Windows Shell Extension (HKLM\...\_{761B6C00-A23A-4F17-9D23-CB7E48307314}) (Version: 16.1.0.843 - Corel Corporation)

Corel Graphics - Windows Shell Extension (Version: 16.1.843 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X4 - Capture (Version: 14.2 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X4 - Content (Version: 14.2 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X4 - Draw (Version: 14.2 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X4 - Filters (Version: 14.2 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X4 - FontNav (Version: 14.2 - Corel Corporation) Hidden

CorelDRAW Graphics SUite X4 - ICA (Version: 14.2 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X4 - IPM (Version: 14.2 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X4 - Lang BR (Version: 14.2 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X4 - Lang DE (Version: 14.2 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X4 - Lang EN (Version: 14.2 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X4 - Lang ES (Version: 14.2 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X4 - Lang FR (Version: 14.2 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X4 - Lang IT (Version: 14.2 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X4 - PP (Version: 14.2 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X4 - VBA (Version: 14.2 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X4 (Version: 14.2 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - BR (Version: 16.1 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - Capture (Version: 16.1 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - Common (Version: 16.1 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - Connect (Version: 16.1 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - Custom Data (Version: 16.1 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - Draw (Version: 16.1 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - Filters (Version: 16.1 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - FontNav (Version: 16.1 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - IPM (Version: 16.1 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - PHOTO-PAINT (Version: 16.1 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - Photozoom Plugin (Version: 16.1 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - Redist (Version: 16.1 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - Setup Files (Version: 16.1 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - VBA (Version: 16.1 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - VideoBrowser (Version: 16.1 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - VSTA (Version: 16.1 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 - Writing Tools (Version: 16.1 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X6 (HKLM\...\_{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}) (Version: 16.1.0.843 - Corel Corporation)

CorelDRAW Graphics Suite X6 (Version: 16.1 - Corel Corporation) Hidden

CorelDRAW® Graphics Suite X4 (HKLM\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version: - Corel Corporation)

CyberLink Media Suite 10 (HKLM\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)

Desinstalar impressora EPSON TX133 TX135 Series (HKLM\...\EPSON TX133 TX135 Series) (Version: - SEIKO EPSON Corporation)

Dropbox (HKU\S-1-5-21-1918045531-4293645944-74723622-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)

Epson Event Manager (HKLM\...\{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}) (Version: 2.40.0009 - SEIKO EPSON CORPORATION)

EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)

GBBD Caixa Economica Federal (HKLM\...\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1) (Version: 3.12.0.2 - )

Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)

Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden

HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)

JP (Version: 14.2 - Corel Corporation) Hidden

K-Lite Codec Pack 10.9.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.9.0 - )

LG ODD Auto Firmware Update (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )

Media Player Codec Pack 4.3.5 (HKLM\...\Media Player - Codec Pack) (Version: 4.3.5 - Media Player Codec Pack)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1918045531-4293645944-74723622-1000\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)

Microsoft SQL Server Native Client (HKLM\...\{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}) (Version: 9.00.4035.00 - Microsoft Corporation)

Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{56B4002F-671C-49F4-984C-C760FE3806B5}) (Version: 9.00.4035.00 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)

Módulo de Proteção - Banco Santander (Brasil) S.A. (HKLM\...\{83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1) (Version: 3.11.0.1 - )

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Extended PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden

PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden

PE-DESIGN NEXT (HKLM\...\{041EDAC5-853E-4A10-A0C8-ED0CF7769306}) (Version: 9.01.0000 - Brother Industries, Ltd.)

REALTEK Wireless LAN Driver (HKLM\...\{D4EEC21C-04F0-4CF4-8078-82C11E38EF11}) (Version: 1.00.0168 - REALTEK Semiconductor Corp.)

Sentinel HASP Run-time (HKLM\...\{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}) (Version: 5.10.1.17163 - SafeNet Inc.)

SiS VGA Utilities (HKLM\...\SiS VGA Utilities) (Version: 5.23 - Silicon Integrated Systems Corporation)

Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)

Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)

Warsaw 1.5.1.8886 32 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.5.1.8886 - GAS Tecnologia)

Wilcom EmbroideryStudio (HKLM\...\{83D9307A-2024-4E4A-969E-8B65A1D1BC9A}) (Version: 12.0.0075 - Wilcom)

Wilcom EmbroideryStudio (Version: 12.0.0061 - Wilcom) Hidden

ZHPDiag 2015 (HKLM\...\ZHPDiag_is1) (Version: 2015 - Nicolas Coolman)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Not\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0001}\InprocServer32 -> C:\Users\Not\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll (GAS Tecnologia)

CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> C:\Users\Not\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia)

CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0001}\InprocServer32 -> C:\Users\Not\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll (GAS Tecnologia)

CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\Not\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia)

CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Not\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Not\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Not\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Not\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Not\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Not\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Not\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Not\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Not\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Not\AppData\Local\Temp\4FA8\temp\Adobe Illustrator CS6 Serial Number Keygen, Crack 32 64 bi (the data entry has 13 more characters).

CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Not\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncApi.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Not\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Not\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Not\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Not\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Not\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Not\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Not\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1918045531-4293645944-74723622-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Not\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

10-03-2015 09:13:10 Ponto de Verificação Agendado

17-03-2015 08:04:13 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501

24-03-2015 13:42:56 Installed HiJackThis

24-03-2015 14:10:56 Avira Free Antivirus - 24/03/2015 14:10

25-03-2015 08:29:55 ZHPFix Restore System Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:04 - 2009-06-10 18:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2B13F00D-92F9-4A38-BF63-6F4F1E535E46} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-12-12] ()

Task: {63A1CF74-CB34-4952-B499-93A481BEE3BC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-22] (Google Inc.)

Task: {6ECCDFE7-54CD-407E-B2BB-9667D2FE32D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-22] (Google Inc.)

Task: {DB48CC89-1FE2-4E6E-9F36-D8F043D7E9E3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2011-03-09 13:21 - 2011-03-09 13:21 - 00619816 _____ () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll

2011-03-09 13:21 - 2011-03-09 13:21 - 00013096 _____ () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll

2014-12-12 19:25 - 2014-12-12 19:25 - 00050688 _____ () C:\Program Files\CCleaner\lang\lang-1046.dll

2014-12-21 02:55 - 2014-12-21 02:55 - 00055992 _____ () C:\Windows\System32\C2MP\UpdateChecker.exe

2015-03-25 08:25 - 2015-03-25 08:25 - 00011264 _____ () C:\Users\Not\AppData\Local\Temp\nsv93A9.tmp\System.dll

2014-12-20 23:07 - 2014-12-20 23:07 - 00208415 _____ () C:\Windows\System32\C2MP\TrayMenu.exe

2015-03-04 19:08 - 2015-03-04 19:08 - 00750080 _____ () C:\Users\Not\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-03-25 08:26 - 2015-03-25 08:26 - 00043008 _____ () c:\users\not\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpegotyd.dll

2015-03-04 19:08 - 2015-03-04 19:08 - 00047616 _____ () C:\Users\Not\AppData\Roaming\Dropbox\bin\libEGL.dll

2015-03-04 19:08 - 2015-03-04 19:08 - 00865280 _____ () C:\Users\Not\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2015-03-04 19:07 - 2015-03-04 19:07 - 00200704 _____ () C:\Users\Not\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2014-12-22 12:44 - 2014-12-22 12:44 - 00261120 _____ () C:\EMBIRD32\EMBIRDIH.DLL

2015-03-19 19:58 - 2015-03-14 07:12 - 09278792 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.101\pdf.dll

2014-12-22 13:43 - 2014-02-10 11:44 - 04592128 _____ () C:\Users\Not\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll

2014-12-22 13:43 - 2014-02-10 11:44 - 00112128 _____ () C:\Users\Not\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1918045531-4293645944-74723622-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Not\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.25.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrador (S-1-5-21-1918045531-4293645944-74723622-500 - Administrator - Disabled)

Convidado (S-1-5-21-1918045531-4293645944-74723622-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1918045531-4293645944-74723622-1002 - Limited - Enabled)

Not (S-1-5-21-1918045531-4293645944-74723622-1000 - Administrator - Enabled) => C:\Users\Not

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (03/25/2015 08:29:55 AM) (Source: VSS) (EventID: 8194) (User: )

Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.

.

Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.

Operação:

Obtendo Dados do Gravador

Contexto:

Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}

Nome do Gravador: System Writer

ID de Instância de Gravador: {01bf0042-c945-40bd-8417-c8c45021e22b}

Error: (03/25/2015 08:26:43 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:

=============

Microsoft Office Sessions:

=========================

==================== Memory info ===========================

Processor: Intel® Core2 Duo CPU T5800 @ 2.00GHz

Percentage of memory in use: 44%

Total physical RAM: 3055.17 MB

Available physical RAM: 1691.54 MB

Total Pagefile: 6108.63 MB

Available Pagefile: 4387.4 MB

Total Virtual: 2047.88 MB

Available Virtual: 1876.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:99.08 GB) (Free:47.75 GB) NTFS

Drive d: (Backup) (Fixed) (Total:198.91 GB) (Free:167.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9E0E9E0E)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=99.1 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=198.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

carol2906 · Março 25, 2015

Boa tarde, obrigada pela ajuda...

O pc continua entrando em sites esquisitos, em todas as páginas que abro aparecem muitas propagandas piscando e pulando de um canto a outro das páginas.

Até aqui no fórum está difícil de postar pois quando entro alguns segundos depois sou redirecionada pra outras páginas e o fórum fecha, algumas páginas pedem para que eu faça download de programas.

Tenho que digitar tudo antes no bloco de notas pra colar aqui, pois senão não dá nem tempo de escrever e já vai pra outra página.

Um dos sites para os quais sou redirecionada é um tal de reduxmedia,esse é o que mais aparece pra mim :-(

Até mais

carol2906 · Março 25, 2015

Boa tarde!

N~~ao consigo desinstalar o Google Chrome, dá um aviso de que tenho que fechar as janelas do navegador porém n~~ao tem nada aberto. Quando clico no ícone do Chrome para executá-lo ele n~~ao abre.

Estou entrando pelo internet explorer, por ele está normal aparentemente, mas queria muito voltar o Chrome, acho ele melhor hehe. Sabe como devo fazer?

Desculpe esses acentos errados, n~~ao sei o que houve aqui, segue o relatório.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Not at 2015-03-25 16:24:43 Run:1
Running from C:\Users\Not\Desktop
Loaded Profiles: Not (Available profiles: Not)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1918045531-4293645944-74723622-1000 -> {8331CA8A-5318-4DFE-A835-B8FB3ECB6EF7} URL = https://br.search.ya...p={searchTerms}
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HomePage: Default ->
CHR StartupUrls: Default -> "https://br.search.ya...96&fr=yo-yhp-ch", "hxxp://www.mystartsearch.com/?type=hp&ts=1427037150&from=wpc&uid=WDCXWD3200BEVT-00ZCT0_WD-WXE409JR7164R7164"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Not\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpegotyd.dll

Folder: C:\EMBI¼“ù¼“ù¼“ù¼“ù¼“ù¼“

CreateRestorePoint:
EmptyTemp:
end
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1918045531-4293645944-74723622-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8331CA8A-5318-4DFE-A835-B8FB3ECB6EF7}" => Key deleted successfully.
HKCR\CLSID\{8331CA8A-5318-4DFE-A835-B8FB3ECB6EF7} => Key not found.
C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => not found.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
VGPU => Service deleted successfully.
C:\Users\Not\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpegotyd.dll => Moved successfully.

========================= Folder: C:\EMBI¼“ù¼“ù¼“ù¼“ù¼“ù¼“ ========================

The path is not a directory.
Restore point was successfully created.
EmptyTemp: => Removed 443.1 MB temporary data.

The system needed a reboot.

==== End of Fixlog 16:25:29 ====

carol2906 · Março 25, 2015

Oie,

Depois que eu reiniciei o computador eu consegui instalar o chrome, não sei se o anterior foi removido, mas aparentemente está tudo ok agora, já não tenho os mesmos problemas :-)

Devo rodar mais alguma coisa?

Até mais

carol2906 · Março 26, 2015

Bom dia,

Segue o relatório do zoek:

Zoek.exe v5.0.0.0 Updated 25-March-2015

Tool run by Not on 26/03/2015 at 9:48:49,92.

Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Not\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

26/03/2015 09:50:00 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Program Files\SoftwareUp deleted successfully

C:\PROGRA~2\ALM deleted successfully

C:\PROGRA~2\CorelDRAW Graphics Suite X6 deleted successfully

C:\Users\Not\AppData\Local\VirtualStore deleted successfully

==== Running Processes ======================

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Common Files\EPSON\EPW3 SSRP\E_S50ST7.EXE

C:\Program Files\Common Files\EPSON\EPW3 SSRP\E_S50RP7.EXE

C:\Windows\Explorer.EXE

C:\Windows\system32\hasplms.exe

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\SiS VGA Utilities\SiSTray.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Diebold\Warsaw\core.exe

C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\lg_fwupdate\fwupdate.exe

C:\Program Files\Diebold\Warsaw\core.exe

C:\Program Files\CCleaner\CCleaner.exe

C:\Users\Not\AppData\Local\Microsoft\OneDrive\OneDrive.exe

C:\Windows\System32\C2MP\TrayMenu.exe

C:\Users\Not\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\Not\Desktop\zoek.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k swprv

==== System Specs ======================

Windows: Windows 7 Ultimate Edition Service Pack 1 (Build 7601)

Memory (RAM): 3056 MB

CPU Info: Intel® Core2 Duo CPU T5800 @ 2.00GHz

CPU Speed: 1999,7 MHz

Sound Card: Alto-falantes (Dispositivo de H |

Display Adapters: SiS Mirage 3 Graphics | SiS Mirage 3 Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 1x; Monitor Genérico PnP | Monitor Genérico PnP |

Screen Resolution: 1920 X 1080 - 32 bit

Network: Network Present

Network Adapters: Placa de rede sem fios PCIE Realtek RTL8187SE 802.11b/g | Controlador Ethernet SiS191

CD / DVD Drives: 1x (E: | ) E: TSSTcorpCDDVDW TS-L633A

Ports: COM3 LPT Port NOT Present.

Mouse: 3 Button Wheel Mouse Present

Hard Disks: C: 99,1GB | D: 198,9GB

Hard Disks - Free: C: 49,2GB | D: 167,3GB

Manufacturer *: OEM

BIOS Info: AT/AT COMPATIBLE | 07/01/09 | ACRSYS - 6040000

Time Zone: Hora oficial do Brasil

Motherboard *: OEM N/A

Country: Brasil

Language: PTB

==== System Specs (Software) ======================

Anti-Spyware: Windows Defender disabled (Outdated)

Default Browser: Google Chrome 41.0.2272.101

Internet Explorer Version: 9.0.8112.16421

Google Chrome version: 41.0.2272.101

Adobe Reader version: 11.0.0.379

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\Not\AppData\Local\Temp ====

2015-03-26 12:15:15 12C0789B30AD2425D9F5B63FFFAAEEA6 43008 ----a-w- C:\Users\Not\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn0sedy.dll

2015-03-25 19:48:19 FFF2C9BA6AB0C6F3A290CD3FBCBDF3C0 165704 ----atw- C:\Users\Not\AppData\Local\Temp\{0742994C-185F-422E-AD84-1B85132E6A31}\psmachine.dll

2015-03-25 19:48:19 FD98434B6A06FE31A35E4BFBC827B290 52040 ----atw- C:\Users\Not\AppData\Local\Temp\{0742994C-185F-422E-AD84-1B85132E6A31}\GoogleUpdateOnDemand.exe

2015-03-25 19:48:19 F3B6470DA7CE34E559D3BA7365CC909C 115528 ----atw- C:\Users\Not\AppData\Local\Temp\{0742994C-185F-422E-AD84-1B85132E6A31}\GoogleUpdateComRegisterShell64.exe

2015-03-25 19:48:19 E1B44A75947137F4143308D566889837 107848 ----atw- C:\Users\Not\AppData\Local\Temp\{0742994C-185F-422E-AD84-1B85132E6A31}\GoogleUpdate.exe

2015-03-25 19:48:19 C51C9B677C0BF6651B4D0AEE60E005A7 188232 ----atw- C:\Users\Not\AppData\Local\Temp\{0742994C-185F-422E-AD84-1B85132E6A31}\psmachine_64.dll

2015-03-25 19:48:19 98137411B9C632095F919E2CE70B288A 599368 ----atw- C:\Users\Not\AppData\Local\Temp\{0742994C-185F-422E-AD84-1B85132E6A31}\npGoogleUpdate3.dll

2015-03-25 19:48:19 83BB030C71C9727DCFB2737005772C4E 232264 ----atw- C:\Users\Not\AppData\Local\Temp\{0742994C-185F-422E-AD84-1B85132E6A31}\GoogleCrashHandler.exe

2015-03-25 19:48:19 821CC209D61D0ED1F4C86ABE0C8A1319 188232 ----atw- C:\Users\Not\AppData\Local\Temp\{0742994C-185F-422E-AD84-1B85132E6A31}\psuser_64.dll

2015-03-25 19:48:19 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Users\Not\AppData\Local\Temp\{0742994C-185F-422E-AD84-1B85132E6A31}\GoogleUpdateSetup.exe

2015-03-25 19:48:19 7502515B2447293E7239840134391CE0 28160 ----atw- C:\Users\Not\AppData\Local\Temp\{0742994C-185F-422E-AD84-1B85132E6A31}\GoogleUpdateHelper.msi

2015-03-25 19:48:19 5F0A3AA68785C49454F56C9F2DDA0237 52040 ----atw- C:\Users\Not\AppData\Local\Temp\{0742994C-185F-422E-AD84-1B85132E6A31}\GoogleUpdateWebPlugin.exe

2015-03-25 19:48:19 5C2593649CF4FE6B9ED6F9A734DBF344 1683272 ----atw- C:\Users\Not\AppData\Local\Temp\{0742994C-185F-422E-AD84-1B85132E6A31}\goopdate.dll

2015-03-25 19:48:19 580930FD62744F10FCDD5375E201BEEA 165704 ----atw- C:\Users\Not\AppData\Local\Temp\{0742994C-185F-422E-AD84-1B85132E6A31}\psuser.dll

2015-03-25 19:48:19 4C02536F4CA35911FB3EA5715F300C57 52040 ----atw- C:\Users\Not\AppData\Local\Temp\{0742994C-185F-422E-AD84-1B85132E6A31}\GoogleUpdateBroker.exe

2015-03-25 19:48:19 323CFFFDAF253AC65CD194A101BE6231 287048 ----atw- C:\Users\Not\AppData\Local\Temp\{0742994C-185F-422E-AD84-1B85132E6A31}\GoogleCrashHandler64.exe

2015-03-25 19:42:49 FFF2C9BA6AB0C6F3A290CD3FBCBDF3C0 165704 ----atw- C:\Users\Not\AppData\Local\Temp\{539B392E-A37B-418C-9F26-5A13F52998B1}\psmachine.dll

2015-03-25 19:42:49 C51C9B677C0BF6651B4D0AEE60E005A7 188232 ----atw- C:\Users\Not\AppData\Local\Temp\{539B392E-A37B-418C-9F26-5A13F52998B1}\psmachine_64.dll

2015-03-25 19:42:49 98137411B9C632095F919E2CE70B288A 599368 ----atw- C:\Users\Not\AppData\Local\Temp\{539B392E-A37B-418C-9F26-5A13F52998B1}\npGoogleUpdate3.dll

2015-03-25 19:42:49 821CC209D61D0ED1F4C86ABE0C8A1319 188232 ----atw- C:\Users\Not\AppData\Local\Temp\{539B392E-A37B-418C-9F26-5A13F52998B1}\psuser_64.dll

2015-03-25 19:42:49 580930FD62744F10FCDD5375E201BEEA 165704 ----atw- C:\Users\Not\AppData\Local\Temp\{539B392E-A37B-418C-9F26-5A13F52998B1}\psuser.dll

2015-03-25 19:42:48 FD98434B6A06FE31A35E4BFBC827B290 52040 ----atw- C:\Users\Not\AppData\Local\Temp\{539B392E-A37B-418C-9F26-5A13F52998B1}\GoogleUpdateOnDemand.exe

2015-03-25 19:42:48 F3B6470DA7CE34E559D3BA7365CC909C 115528 ----atw- C:\Users\Not\AppData\Local\Temp\{539B392E-A37B-418C-9F26-5A13F52998B1}\GoogleUpdateComRegisterShell64.exe

2015-03-25 19:42:48 E1B44A75947137F4143308D566889837 107848 ----atw- C:\Users\Not\AppData\Local\Temp\{539B392E-A37B-418C-9F26-5A13F52998B1}\GoogleUpdate.exe

2015-03-25 19:42:48 83BB030C71C9727DCFB2737005772C4E 232264 ----atw- C:\Users\Not\AppData\Local\Temp\{539B392E-A37B-418C-9F26-5A13F52998B1}\GoogleCrashHandler.exe

2015-03-25 19:42:48 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Users\Not\AppData\Local\Temp\{539B392E-A37B-418C-9F26-5A13F52998B1}\GoogleUpdateSetup.exe

2015-03-25 19:42:48 7502515B2447293E7239840134391CE0 28160 ----atw- C:\Users\Not\AppData\Local\Temp\{539B392E-A37B-418C-9F26-5A13F52998B1}\GoogleUpdateHelper.msi

2015-03-25 19:42:48 5F0A3AA68785C49454F56C9F2DDA0237 52040 ----atw- C:\Users\Not\AppData\Local\Temp\{539B392E-A37B-418C-9F26-5A13F52998B1}\GoogleUpdateWebPlugin.exe

2015-03-25 19:42:48 5C2593649CF4FE6B9ED6F9A734DBF344 1683272 ----atw- C:\Users\Not\AppData\Local\Temp\{539B392E-A37B-418C-9F26-5A13F52998B1}\goopdate.dll

2015-03-25 19:42:48 4C02536F4CA35911FB3EA5715F300C57 52040 ----atw- C:\Users\Not\AppData\Local\Temp\{539B392E-A37B-418C-9F26-5A13F52998B1}\GoogleUpdateBroker.exe

2015-03-25 19:42:48 323CFFFDAF253AC65CD194A101BE6231 287048 ----atw- C:\Users\Not\AppData\Local\Temp\{539B392E-A37B-418C-9F26-5A13F52998B1}\GoogleCrashHandler64.exe

====== Java Cache =====

====== C:\Windows\system32 =====

2015-03-25 11:27:24 21D6348D855E5DE8AC6F826E4221CB76 30936 ----a-w- C:\Windows\System32\WinDivert32.sys

2015-03-25 11:27:24 06777CD52B776FFCEE548C82BFA86451 30520 ----a-w- C:\Windows\System32\WinDivert.dll

====== C:\Windows\system32\drivers =====

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2015-03-25 11:27:23 -------- d--h--w- C:\Program Files\GAS Tecnologia

2015-03-25 11:27:23 -------- d-----w- C:\Program Files\Diebold

2015-03-24 18:41:04 -------- d-----w- C:\Program Files\ZHPDiag

2015-03-22 15:11:05 -------- d-----w- C:\Program Files\Facebook Quick Share

2015-03-22 12:35:42 -------- d-----w- C:\Program Files\Common Files\Protexis

======= C: =====

2015-03-24 18:44:08 A1A5B272D8B9A72C5FE4D4E2CC39B697 512 ----a-w- C:\PhysicalDisk0_MBR.bin

2015-03-24 18:39:16 07368C9133736A235D7CA1B3033A312F 6877279 ----a-w- C:\ZHPDiag2.exe

2015-03-17 11:05:13 A0B0E0655270E1B831DF5509D93B4C44 1024 ----a-w- C:\.rnd

2015-03-12 01:14:18 9F953C26E87BD03CAD185352DC68A10E 3262 ----a-w- C:\EMBI¼“ù¼“ù¼“ù¼“ù¼“ù¼“

====== C:\Users\Not\AppData\Roaming ======

2015-03-24 18:41:04 -------- d-----w- C:\Users\Not\AppData\Roaming\ZHP

2015-03-11 22:02:58 -------- d-----w- C:\Users\Not\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome

====== C:\Users\Not ======

2015-03-25 13:22:28 67D890E8DA0A5DB2846B6366172D15A0 1135104 ----a-w- C:\Users\Not\Desktop\FRST.exe

2015-03-24 18:41:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP

2015-03-24 17:45:50 F3B1380390D250D2ED638A3A246C10D4 1388782 ----a-w- C:\Users\Not\Desktop\JRT.exe

2015-03-24 17:45:28 E55CCE4E4A0153A3122E76A3DA23B288 2168320 ----a-w- C:\Users\Not\Desktop\adwcleaner_4.113.exe

2015-03-24 16:57:31 81472308A99AAF0F7F0A64A170E8A2AD 4515896 ----a-w- C:\Users\Not\Desktop\avira_ptbr_av_5511975f7d367__ws.exe

2015-03-23 11:24:22 -------- d-----w- C:\Users\TODOSO~1\{68bee0ec-3c16-5c66-68be-ee0ec3c183b0}

2015-03-23 11:24:22 -------- d-----w- C:\ProgramData\{68bee0ec-3c16-5c66-68be-ee0ec3c183b0}

2015-03-22 15:09:52 -------- d-----w- C:\Users\TODOSO~1\4909606385963357649

2015-03-22 15:09:52 -------- d-----w- C:\ProgramData\4909606385963357649

2015-03-22 15:08:06 -------- d-----w- C:\Users\TODOSO~1\{57d51851-15dc-2e26-57d5-5185115d6144}

2015-03-22 15:08:06 -------- d-----w- C:\ProgramData\{57d51851-15dc-2e26-57d5-5185115d6144}

2015-03-22 12:31:16 -------- d-----w- C:\Users\Public\Documents\Corel

2015-03-22 12:30:03 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6

2015-03-17 11:04:34 -------- d-----w- C:\Users\TODOSO~1\Package Cache

2015-03-17 11:04:34 -------- d-----w- C:\ProgramData\Package Cache

====== C: exe-files ==

2015-03-25 19:48:24 A08A0CAD85CAB9E10E1E91D028F1B209 41472592 ----a-w- C:\Program Files\Google\Update\Install\{E33C104F-4E31-4522-A9B6-2E8B8000B570}\41.0.2272.101_chrome_installer.exe